package com.ibm.commerce.browseradapter;

import com.ibm.as400.access.Job;
import com.ibm.commerce.adapter.AbstractHttpAdapter;
import com.ibm.commerce.adapter.HttpAdapter;
import com.ibm.commerce.adapter.HttpAdapterDesc;
import com.ibm.commerce.adapter.SessionContext;
import com.ibm.commerce.command.CommandContext;
import com.ibm.commerce.command.CommandFactory;
import com.ibm.commerce.config.client.CMDefinitions;
import com.ibm.commerce.context.base.BaseContext;
import com.ibm.commerce.context.globalization.GlobalizationContext;
import com.ibm.commerce.datatype.TypedProperty;
import com.ibm.commerce.dynacache.CacheConstants;
import com.ibm.commerce.event.accesslogging.AccessLogging;
import com.ibm.commerce.exception.ECApplicationException;
import com.ibm.commerce.exception.ECException;
import com.ibm.commerce.performance.monitor.PerfMonitor;
import com.ibm.commerce.ras.ECMessage;
import com.ibm.commerce.ras.ECMessageLog;
import com.ibm.commerce.ras.ECTrace;
import com.ibm.commerce.security.commands.VerifyCredentialsCmd;
import com.ibm.commerce.server.ServletHelper;
import com.ibm.commerce.server.SessionHelper;
import com.ibm.commerce.server.WcsApp;
import com.ibm.commerce.user.objects.UserRegistryAccessBean;
import com.ibm.commerce.usermanagement.commands.ECUserConstants;
import com.ibm.commerce.util.URLUTF8Encoder;
import com.ibm.commerce.util.nc_hash;
import com.ibm.commerce.utils.TimestampHelper;
import com.ibm.commerce.webcontroller.HttpControllerRequestObject;
import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.w3c.dom.Element;

/* JADX WARN: Classes with same name are omitted:
  input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.cm.client/update.jar:/lib/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/browseradapter/HttpBrowserAdapter.class
  input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.cm/update.jar:/lib/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/browseradapter/HttpBrowserAdapter.class
  input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.server/update.jar:/wc.ear/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/browseradapter/HttpBrowserAdapter.class
 */
/* loaded from: input_file:wc56PRO_fp3_zlinux.jar:ptfs/wc56PRO_fp3_zlinux/components/commerce.server.was/update.jar:/Enablement-BaseComponentsLogic.jarcom/ibm/commerce/browseradapter/HttpBrowserAdapter.class */
public class HttpBrowserAdapter extends AbstractHttpAdapter {
    public static final String COPYRIGHT = "(c) Copyright International Business Machines Corporation 2000,2001,2003";
    private static HttpBrowserAdapter singleton = new HttpBrowserAdapter();
    private static int nCounterSessionIdentifier = 0;

    public HttpBrowserAdapter() {
        this.desc = new HttpAdapterDesc();
        this.desc.setDeviceFormatName("Browser");
        this.desc.setDeviceFormatId(HttpAdapter.DEVFMTID_BROWSER);
        this.desc.setDeviceFormatType("Browser");
        this.desc.setDeviceFormatTypeId(HttpAdapter.DEVFMTTYPID_BROWSER);
        this.desc.setDeviceFormatClass(getClass());
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public boolean checkDeviceFormat(HttpServletRequest httpServletRequest, TypedProperty typedProperty) {
        return true;
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public HttpAdapter createAdapter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, TypedProperty typedProperty) {
        HttpAdapter httpBrowserAdapter = getInstance();
        httpBrowserAdapter.setRequest(httpServletRequest);
        httpBrowserAdapter.setResponse(httpServletResponse);
        httpBrowserAdapter.setRequestProperties(typedProperty);
        httpBrowserAdapter.setAdapterDesc(this.desc);
        return httpBrowserAdapter;
    }

    protected HttpAdapter getInstance() {
        return new HttpBrowserAdapter();
    }

    public HttpSessionContext createSessionContext() throws ECException {
        return new HttpSessionContext(this.req, this.resp, this.requestProperties);
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public String getDocumentPathName(String str) {
        return str;
    }

    private String getRequestInformation() {
        String str = new String("");
        String property = System.getProperty(CacheConstants.LINE_SEPARATOR, "\r\n");
        String str2 = new String("********");
        String stringBuffer = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(str)).append(property).toString())).append("-----------Attributes").append(property).toString();
        Enumeration attributeNames = this.req.getAttributeNames();
        if (attributeNames != null) {
            while (attributeNames.hasMoreElements()) {
                String str3 = (String) attributeNames.nextElement();
                stringBuffer = new StringBuffer(String.valueOf((WcsApp.protectedParameters == null || !WcsApp.protectedParameters.containsKey(str3)) ? new StringBuffer(String.valueOf(stringBuffer)).append(str3).append(" : ").append(this.req.getAttribute(str3)).append(property).toString() : new StringBuffer(String.valueOf(stringBuffer)).append(str3).append(" : ").append(str2).append(property).toString())).append("-----------").append(property).toString();
            }
        }
        String stringBuffer2 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer)).append("-----------End of attributes").append(property).toString())).append("-----------Parameters").append(property).toString();
        Enumeration parameterNames = this.req.getParameterNames();
        if (parameterNames != null) {
            while (parameterNames.hasMoreElements()) {
                String str4 = (String) parameterNames.nextElement();
                stringBuffer2 = new StringBuffer(String.valueOf((WcsApp.protectedParameters == null || !WcsApp.protectedParameters.containsKey(str4)) ? new StringBuffer(String.valueOf(stringBuffer2)).append(str4).append(" : ").append(this.req.getParameter(str4)).append(property).toString() : new StringBuffer(String.valueOf(stringBuffer2)).append(str4).append(" : ").append(str2).append(property).toString())).append("-----------").append(property).toString();
            }
        }
        String stringBuffer3 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer2)).append("-----------End of parameters").append(property).toString())).append("-----------Headers").append(property).toString();
        Enumeration headerNames = this.req.getHeaderNames();
        if (headerNames != null) {
            while (headerNames.hasMoreElements()) {
                String str5 = (String) headerNames.nextElement();
                stringBuffer3 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer3)).append(str5).append(" : ").append(this.req.getHeader(str5)).append(property).toString())).append("-----------").append(property).toString();
            }
        }
        String stringBuffer4 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer3)).append("-----------End of headers").append(property).toString())).append("-----------Cookies").append(property).toString();
        Cookie[] cookies = this.req.getCookies();
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                stringBuffer4 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer4)).append("Name : ").append(cookies[i].getName()).append(property).toString())).append("Comment : ").append(cookies[i].getComment()).append(property).toString())).append("Domain : ").append(cookies[i].getDomain()).append(property).toString())).append("Age : ").append(cookies[i].getMaxAge()).append(property).toString())).append("Path : ").append(cookies[i].getPath()).append(property).toString())).append("Secure : ").append(String.valueOf(cookies[i].getSecure())).append(property).toString())).append("Version : ").append(cookies[i].getVersion()).append(property).toString())).append("Value : ").append(cookies[i].getValue()).append(property).toString())).append("-----------").append(property).toString();
            }
        }
        String stringBuffer5 = new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer4)).append("-----------End of cookies").append(property).toString())).append("Authentication scheme : ").append(this.req.getAuthType()).append(property).toString())).append("Character encoding : ").append(this.req.getCharacterEncoding()).append(property).toString())).append("Content length : ").append(String.valueOf(this.req.getContentLength())).append(property).toString())).append("Content type : ").append(this.req.getContentType()).append(property).toString())).append("Http method : ").append(this.req.getMethod()).append(property).toString())).append("Path information : ").append(this.req.getPathInfo()).append(property).toString())).append("Translated(real) path : ").append(this.req.getPathTranslated()).append(property).toString())).append("Protocol : ").append(this.req.getProtocol()).append(property).toString();
        this.req.getQueryString();
        return new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(new StringBuffer(String.valueOf(stringBuffer5)).append("Remote client address : ").append(this.req.getRemoteAddr()).append(property).toString())).append("Remote client host name : ").append(this.req.getRemoteHost()).append(property).toString())).append("Remote client user : ").append(this.req.getRemoteUser()).append(property).toString())).append("Session ID specified in request : ").append(this.req.getRequestedSessionId()).append(property).toString())).append("Request URI : ").append(this.req.getRequestURI()).append(property).toString())).append("Request scheme : ").append(this.req.getScheme()).append(property).toString())).append("Server name : ").append(this.req.getServerName()).append(property).toString())).append("Server port : ").append(String.valueOf(this.req.getServerPort())).append(property).toString())).append("Servlet path : ").append(this.req.getServletPath()).append(property).toString();
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public SessionContext getSessionContext() throws ECException {
        if (this.sessionContext == null) {
            this.sessionContext = createSessionContext();
        }
        return this.sessionContext;
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public boolean httpsRedirection() {
        return true;
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public void postInvokeCommand(CommandContext commandContext) {
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public boolean preInvokeCommand(CommandContext commandContext) {
        String string;
        PerfMonitor.register(((HttpControllerRequestObject) commandContext.getRequest()).getHttpRequest(), commandContext.getCommandName(), commandContext.getStoreId());
        handleLoginTimeout(null, commandContext);
        validatePasswordForPasswordProtectedRequest(commandContext);
        String value = WcsApp.configProperties.getValue("XSiteScriptingProtection/enabled");
        if (value == null || !value.equals("true") || (string = this.requestProperties.getString(CMDefinitions.SCRIPTING_PROTECTION, null)) == null || string.length() <= 0) {
            return true;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("ACTION", string);
        hashtable.put("RESOURCE", "");
        hashtable.put("RESULT", "Cross site scripting protection violation");
        AccessLogging.singleton().createLoggingRecord(commandContext, hashtable);
        return true;
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public HttpControllerRequestObject preprocessRequest() {
        HttpControllerRequestObject preprocessRequest = super.preprocessRequest();
        processCrossSiteScriptingProtection(preprocessRequest);
        handleLoginTimeout(preprocessRequest, null);
        handlePasswordInvalidation(preprocessRequest);
        handlePasswordRerequestSupport(preprocessRequest);
        return preprocessRequest;
    }

    public static HttpBrowserAdapter singleton() {
        return singleton;
    }

    protected HttpControllerRequestObject processCrossSiteScriptingProtection(HttpControllerRequestObject httpControllerRequestObject) {
        String value = WcsApp.configProperties.getValue("XSiteScriptingProtection/enabled");
        if (value != null && value.equals("true")) {
            ECTrace.entry(0L, getClass().getName(), "processCrossSiteScriptingProtection");
            String requestName = httpControllerRequestObject.getRequestName();
            for (int i = 0; i < WcsApp.prohibitedCharacters.size(); i++) {
                if (requestName.toUpperCase().indexOf(((String) WcsApp.prohibitedCharacters.elementAt(i)).toUpperCase()) != -1) {
                    this.requestProperties.put(CMDefinitions.SCRIPTING_PROTECTION, URLEncoder.encode(new StringBuffer(String.valueOf(httpControllerRequestObject.getRequestName())).append("?").append(this.requestProperties.getQueryString()).toString()));
                    httpControllerRequestObject.setRequestName("ProhibitedCharacterErrorView");
                    ECMessageLog.out(ECMessage._ERR_REJCTED_REQUEST_PROHIB_CHARS, "HttpBrowserAdapter", "preprocessRequest");
                }
            }
            Enumeration keys = this.requestProperties.keys();
            if (keys != null) {
                while (true) {
                    if (!keys.hasMoreElements()) {
                        break;
                    }
                    String str = (String) keys.nextElement();
                    if (str != null) {
                        if (WcsApp.prohibitedAttributes.size() <= 0 || !WcsApp.prohibitedAttributes.contains(str)) {
                            String string = this.requestProperties.getString(str, null);
                            if (string != null) {
                                boolean z = false;
                                int i2 = 0;
                                while (i2 < WcsApp.prohibitedCharacters.size()) {
                                    if (string.toUpperCase().indexOf(((String) WcsApp.prohibitedCharacters.elementAt(i2)).toUpperCase()) != -1) {
                                        z = true;
                                        i2 = WcsApp.prohibitedCharacters.size();
                                    }
                                    i2++;
                                }
                                if (!z) {
                                    continue;
                                } else {
                                    if (WcsApp.cmdAttrsAcceptingEncodedChars == null || WcsApp.cmdAttrsAcceptingEncodedChars.size() <= 0) {
                                        break;
                                    }
                                    if (!WcsApp.cmdAttrsAcceptingEncodedChars.containsKey(httpControllerRequestObject.getRequestName())) {
                                        if (!this.requestProperties.containsKey(CMDefinitions.SCRIPTING_PROTECTION)) {
                                            this.requestProperties.put(CMDefinitions.SCRIPTING_PROTECTION, new StringBuffer(String.valueOf(httpControllerRequestObject.getRequestName())).append("?").append(this.requestProperties.getQueryString()).toString());
                                        }
                                        httpControllerRequestObject.setRequestName("ProhibitedCharacterErrorView");
                                        ECMessageLog.out(ECMessage._ERR_REJCTED_REQUEST_PROHIB_CHARS, "HttpBrowserAdapter", "preprocessRequest");
                                    } else if (((Vector) WcsApp.cmdAttrsAcceptingEncodedChars.get(httpControllerRequestObject.getRequestName())).contains(str)) {
                                        StringBuffer stringBuffer = new StringBuffer(string);
                                        int i3 = 0;
                                        while (i3 < stringBuffer.length()) {
                                            char charAt = stringBuffer.charAt(i3);
                                            if (!Character.isLetterOrDigit(charAt)) {
                                                String stringBuffer2 = new StringBuffer("&#").append(Integer.toString(charAt)).append(";").toString();
                                                stringBuffer.replace(i3, i3 + 1, stringBuffer2);
                                                i3 += stringBuffer2.length() - 1;
                                            }
                                            i3++;
                                        }
                                        String stringBuffer3 = stringBuffer.toString();
                                        ECTrace.trace(0L, getClass().getName(), "processCrossSiteScriptingProtection", new StringBuffer("Encoded value of attribute ").append(str).append(" to ").append(stringBuffer3).toString());
                                        this.requestProperties.remove(str);
                                        this.requestProperties.put(str, stringBuffer3);
                                    } else {
                                        if (!this.requestProperties.containsKey(CMDefinitions.SCRIPTING_PROTECTION)) {
                                            this.requestProperties.put(CMDefinitions.SCRIPTING_PROTECTION, new StringBuffer(String.valueOf(httpControllerRequestObject.getRequestName())).append("?").append(this.requestProperties.getQueryString()).toString());
                                        }
                                        httpControllerRequestObject.setRequestName("ProhibCharEncodingErrorView");
                                        ECMessageLog.out(ECMessage._ERR_REJCTED_REQUEST_PROHIB_CHARS, "HttpBrowserAdapter", "preprocessRequest");
                                    }
                                }
                            } else {
                                continue;
                            }
                        } else {
                            if (!this.requestProperties.containsKey(CMDefinitions.SCRIPTING_PROTECTION)) {
                                this.requestProperties.put(CMDefinitions.SCRIPTING_PROTECTION, new StringBuffer(String.valueOf(httpControllerRequestObject.getRequestName())).append("?").append(this.requestProperties.getQueryString()).toString());
                            }
                            httpControllerRequestObject.setRequestName("ProhibitedAttrsErrorView");
                            ECMessageLog.out(ECMessage._ERR_REJCTED_REQUEST_PROHIB_ATTRS, "HttpBrowserAdapter", "preprocessRequest");
                        }
                    }
                }
                if (!this.requestProperties.containsKey(CMDefinitions.SCRIPTING_PROTECTION)) {
                    this.requestProperties.put(CMDefinitions.SCRIPTING_PROTECTION, new StringBuffer(String.valueOf(httpControllerRequestObject.getRequestName())).append("?").append(this.requestProperties.getQueryString()).toString());
                }
                httpControllerRequestObject.setRequestName("ProhibitedCharacterErrorView");
                ECMessageLog.out(ECMessage._ERR_REJCTED_REQUEST_PROHIB_CHARS, "HttpBrowserAdapter", "preprocessRequest");
            }
            ECTrace.exit(0L, getClass().getName(), "processCrossSiteScriptingProtection");
        }
        return httpControllerRequestObject;
    }

    protected HttpControllerRequestObject handleLoginTimeout(HttpControllerRequestObject httpControllerRequestObject, CommandContext commandContext) {
        String logonTime;
        TypedProperty requestProperties;
        SessionContext sessionContext;
        String value = WcsApp.configProperties.getValue("LoginTimeout/enabled");
        if (value != null && value.equals("true")) {
            if (httpControllerRequestObject != null && commandContext == null) {
                try {
                    long j = 0;
                    long j2 = 0;
                    WCUserSession userSession = getSessionContext().getUserSession();
                    if (userSession != null) {
                        String logonTime2 = userSession.getLogonTime();
                        String expiryTime = userSession.getExpiryTime();
                        if (logonTime2 != null) {
                            try {
                                j = Long.parseLong(logonTime2);
                            } catch (NumberFormatException e) {
                            }
                        }
                        if (expiryTime != null) {
                            try {
                                j2 = Long.parseLong(expiryTime);
                            } catch (NumberFormatException e2) {
                            }
                        }
                    }
                    try {
                        sessionContext = getSessionContext();
                    } catch (ECException e3) {
                        sessionContext = null;
                    }
                    if (sessionContext != null && j > 0) {
                        if (sessionContext.getSessionData().getUserId() == null || sessionContext.getSessionData().getUserId().equals(new Long(BaseContext.GENERIC_USER_ID))) {
                            httpControllerRequestObject.setRequestName("LoginTimeoutErrorView");
                            this.requestProperties.put("MessageCode", "2");
                        } else if (j2 == 0) {
                            httpControllerRequestObject.setRequestName("LoginTimeoutErrorView");
                            this.requestProperties.put("MessageCode", "1");
                        } else if (j >= j2) {
                            httpControllerRequestObject.setRequestName("LoginTimeoutErrorView");
                            this.requestProperties.put("MessageCode", "3");
                        } else if (j2 < TimestampHelper.systemCurrentTimestamp().getTime()) {
                            try {
                                userSession.setLogonTime("-1");
                                userSession.setExpiredUserId(userSession.getUserId().toString());
                                userSession.setPreExpiryURL(ServletHelper.buildRedirectUrl(getRequest().getRequestURI(), this.requestProperties, this.resp, false, this.encoding));
                                String requestURI = getRequest().getRequestURI();
                                String stringBuffer = new StringBuffer(String.valueOf(requestURI.substring(0, requestURI.lastIndexOf("/") + 1))).append("ReLogonFormView").toString();
                                TypedProperty typedProperty = new TypedProperty();
                                if (sessionContext.getSessionData().getStoreId() != null) {
                                    ECTrace.trace(0L, getClass().getName(), "handleLoginTimeout", new StringBuffer("Setting redirect storeid=").append(sessionContext.getSessionData().getStoreId()).toString());
                                    typedProperty.put("storeId", sessionContext.getSessionData().getStoreId());
                                }
                                if (sessionContext.getSessionData().getLanguageId() != null) {
                                    ECTrace.trace(0L, getClass().getName(), "handleLoginTimeout", new StringBuffer("Setting redirect language id=").append(sessionContext.getSessionData().getLanguageId()).toString());
                                    typedProperty.put(GlobalizationContext.KEY_LANG_ID, sessionContext.getSessionData().getLanguageId());
                                }
                                String buildHttpsRedirectUrl = ServletHelper.buildHttpsRedirectUrl(stringBuffer, typedProperty, this.resp, this.encoding);
                                this.requestProperties = new TypedProperty();
                                this.requestProperties.put("URL", buildHttpsRedirectUrl);
                                httpControllerRequestObject.setRequestName("Logoff");
                                httpControllerRequestObject.setRequestParameters(this.requestProperties);
                            } catch (ECApplicationException e4) {
                            }
                        }
                    }
                } catch (ECException e5) {
                }
            } else if (httpControllerRequestObject == null && commandContext != null) {
                try {
                    if (commandContext.getCommandName().equalsIgnoreCase("Logon") && commandContext.isStoreCommand() && (logonTime = getSessionContext().getUserSession().getLogonTime()) != null && logonTime.equals("-1") && (requestProperties = commandContext.getRequestProperties()) != null) {
                        String expiredUserId = getSessionContext().getUserSession().getExpiredUserId();
                        String preExpiryURL = getSessionContext().getUserSession().getPreExpiryURL();
                        if (expiredUserId != null && preExpiryURL != null) {
                            requestProperties.put("TIMED_OUT_USER_ID", expiredUserId);
                            requestProperties.put("TIMED_OUT_USER_URL", preExpiryURL);
                        }
                    }
                } catch (Exception e6) {
                }
            }
        }
        return httpControllerRequestObject;
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected HttpControllerRequestObject handlePasswordRerequestSupport(HttpControllerRequestObject httpControllerRequestObject) {
        String stringBuffer;
        String value = WcsApp.configProperties.getValue("PasswordProtectedCmds/enabled");
        if (value != null && value.equalsIgnoreCase("true")) {
            ECTrace.entry(0L, getClass().getName(), "handlePasswordRerequestSupport");
            String requestName = httpControllerRequestObject.getRequestName();
            if (WcsApp.passwdProtectedCmds != null && WcsApp.passwdProtectedCmds.contains(requestName)) {
                try {
                    ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", new StringBuffer("Password protection enabled for ").append(requestName).toString());
                    boolean z = false;
                    int i = 0;
                    int i2 = 3;
                    int i3 = 0;
                    boolean z2 = false;
                    WCUserSession userSession = getSessionContext().getUserSession();
                    String str = null;
                    if (userSession != null) {
                        str = userSession.getAttemptedPasswordProtectedCmds();
                    }
                    ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", new StringBuffer("Password protection string from session : ").append(str).toString());
                    int i4 = -1;
                    if (str != null) {
                        i4 = str.indexOf(requestName);
                    }
                    int i5 = 0;
                    if (str == null || i4 < 0) {
                        z = true;
                        i3 = 1;
                        z2 = true;
                        ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Request hasn't been redirected to password reentry view yet.");
                    } else {
                        i5 = str.indexOf(Job.TIME_SEPARATOR_COLON, i4);
                        if (i5 == -1) {
                            i5 = str.length();
                        }
                        String substring = str.substring(i4 + requestName.length(), i5);
                        String value2 = WcsApp.configProperties.getValue("PasswordProtectedCmds/retries");
                        if (value2 != null) {
                            try {
                                i2 = Integer.parseInt(value2);
                            } catch (NumberFormatException e) {
                            }
                        }
                        if (substring != null) {
                            try {
                                i3 = Integer.parseInt(substring);
                            } catch (NumberFormatException e2) {
                            }
                        }
                        ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", new StringBuffer("Password protection retries limit : ").append(i2).toString());
                        ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", new StringBuffer("Number of attempted executions  : ").append(i3).toString());
                        if (i3 <= i2) {
                            String string = this.requestProperties.getString("CurrentPassword1", null);
                            String string2 = this.requestProperties.getString("CurrentPassword2", null);
                            if (string == null || string2 == null) {
                                z = true;
                                i = 0;
                                i3--;
                                ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Password not provided.");
                            } else if (!string.equals(string2)) {
                                z = true;
                                i = 1;
                                ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Provided passwords do not match.");
                            }
                            i3++;
                            if (i3 > i2) {
                                this.requestProperties.put("CSSLastRequest", "1");
                                z2 = -1;
                                ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Number of allowed retries reached.");
                            }
                        } else {
                            z = true;
                            ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Number of allowed retries exceeded.");
                        }
                    }
                    if (z) {
                        if (i3 <= i2) {
                            if (i > 0) {
                                this.requestProperties.put("MessageCode", String.valueOf(i));
                            }
                            try {
                                this.requestProperties.put("PASSWORD_REREQUEST_URL", ServletHelper.buildHttpsRedirectUrl(getRequest().getRequestURI(), this.requestProperties, this.resp, this.encoding));
                            } catch (ECApplicationException e3) {
                            }
                            httpControllerRequestObject.setRequestName("PasswordReEnterFormView");
                            ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Request is being redirected to password reentry view.");
                        } else {
                            httpControllerRequestObject.setRequestName("Logoff");
                            this.requestProperties.put("URL", "PasswordReEnterErrorView");
                            this.requestProperties.put("MessageCode", String.valueOf(i));
                            z2 = -1;
                            ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", "Logoff will be executed.");
                        }
                    }
                    if (userSession != null) {
                        if (z2 == -1) {
                            StringBuffer stringBuffer2 = new StringBuffer(str);
                            stringBuffer2.delete(i4, i5);
                            stringBuffer = stringBuffer2.toString();
                        } else if (z2) {
                            stringBuffer = new StringBuffer(String.valueOf(str == null ? "" : new StringBuffer(String.valueOf(str)).append(Job.TIME_SEPARATOR_COLON).toString())).append(requestName).append(i3).toString();
                        } else {
                            StringBuffer stringBuffer3 = new StringBuffer(str);
                            stringBuffer3.replace(i4, i5, new StringBuffer(String.valueOf(requestName)).append(i3).toString());
                            stringBuffer = stringBuffer3.toString();
                        }
                        userSession.setAttemptedPasswordProtectedCmds(stringBuffer);
                        ECTrace.trace(0L, getClass().getName(), "handlePasswordRerequestSupport", new StringBuffer("Updated password protection string : ").append(stringBuffer).toString());
                    }
                } catch (Exception e4) {
                }
            }
            ECTrace.exit(0L, getClass().getName(), "handlePasswordRerequestSupport");
        }
        return httpControllerRequestObject;
    }

    protected void validatePasswordForPasswordProtectedRequest(CommandContext commandContext) {
        String value = WcsApp.configProperties.getValue("PasswordProtectedCmds/enabled");
        if (value == null || !value.equalsIgnoreCase("true")) {
            return;
        }
        ECTrace.entry(0L, getClass().getName(), "validatePasswordForPasswordProtectedRequest");
        if (WcsApp.passwdProtectedCmds != null && WcsApp.passwdProtectedCmds.contains(commandContext.getCommandName()) && commandContext.isSecure()) {
            Integer num = new Integer(-1);
            String string = this.requestProperties.getString("CurrentPassword1", null);
            this.requestProperties.remove("CurrentPassword1");
            this.requestProperties.remove("CurrentPassword2");
            try {
                ECTrace.trace(0L, getClass().getName(), "validatePasswordForPasswordProtectedRequest", "Verifying password...");
                UserRegistryAccessBean userRegistryAccessBean = new UserRegistryAccessBean();
                userRegistryAccessBean.setInitKey_UserId(commandContext.getUserId().toString());
                String logonId = userRegistryAccessBean.getLogonId();
                if (logonId != null && string != null) {
                    VerifyCredentialsCmd createCommand = CommandFactory.createCommand("com.ibm.commerce.security.commands.VerifyCredentialsCmd", commandContext.getStoreId());
                    createCommand.setLogonId(logonId);
                    createCommand.setPassword(string);
                    createCommand.setCommandContext(commandContext);
                    createCommand.execute();
                    if (createCommand.isValidCredentials()) {
                        num = new Integer(1);
                        ECTrace.trace(0L, getClass().getName(), "validatePasswordForPasswordProtectedRequest", "Provided password is valid.");
                        WCUserSession userSession = getSessionContext().getUserSession();
                        if (userSession != null) {
                            String attemptedPasswordProtectedCmds = userSession.getAttemptedPasswordProtectedCmds();
                            ECTrace.trace(0L, getClass().getName(), "validatePasswordForPasswordProtectedRequest", new StringBuffer("Password protection string from session : ").append(attemptedPasswordProtectedCmds).toString());
                            if (attemptedPasswordProtectedCmds != null && attemptedPasswordProtectedCmds.length() > 0) {
                                int indexOf = attemptedPasswordProtectedCmds.indexOf(commandContext.getCommandName());
                                int indexOf2 = attemptedPasswordProtectedCmds.indexOf(Job.TIME_SEPARATOR_COLON, indexOf);
                                if (indexOf2 == -1) {
                                    indexOf2 = attemptedPasswordProtectedCmds.length();
                                }
                                StringBuffer stringBuffer = new StringBuffer(attemptedPasswordProtectedCmds);
                                stringBuffer.delete(indexOf, indexOf2);
                                userSession.setAttemptedPasswordProtectedCmds(stringBuffer.toString());
                                ECTrace.trace(0L, getClass().getName(), "validatePasswordForPasswordProtectedRequest", new StringBuffer("Updated password protection string : ").append(stringBuffer.toString()).toString());
                            }
                        }
                    }
                }
            } catch (Exception e) {
            }
            this.requestProperties.put("PasswordCheckResult", num);
        }
        ECTrace.exit(0L, getClass().getName(), "validatePasswordForPasswordProtectedRequest");
    }

    protected HttpControllerRequestObject handlePasswordInvalidation(HttpControllerRequestObject httpControllerRequestObject) {
        String value = WcsApp.configProperties.getValue("PasswordInvalidation/enabled");
        String value2 = WcsApp.configProperties.getValue(ECUserConstants.EC_USER_AUTHENTICATION_MODE);
        if (value != null && value.equalsIgnoreCase("true") && ((value2 == null || !value2.equalsIgnoreCase("LDAP")) && (httpControllerRequestObject.getSecure() || "false".equalsIgnoreCase(WcsApp.configProperties.getValue("SessionManagement/cookie/sslauth"))))) {
            try {
                WCUserSession userSession = getSessionContext().getUserSession();
                String str = null;
                String str2 = null;
                if (userSession != null) {
                    str = userSession.getPasswordInvalidatedFlag();
                    str2 = userSession.getUserId().toString();
                }
                if (str != null && str.equals("1") && !httpControllerRequestObject.getRequestName().equalsIgnoreCase("ChangePassword") && !httpControllerRequestObject.getRequestName().equalsIgnoreCase("ResetPassword")) {
                    httpControllerRequestObject.setRequestName("ChangePassword");
                    try {
                        this.requestProperties.put("loginReturnUrl", ServletHelper.buildHttpsRedirectUrl(getRequest().getRequestURI(), this.requestProperties, this.resp, this.encoding));
                    } catch (ECApplicationException e) {
                    }
                    String str3 = null;
                    if (str2 != null) {
                        try {
                            UserRegistryAccessBean userRegistryAccessBean = new UserRegistryAccessBean();
                            userRegistryAccessBean.setInitKey_UserId(userSession.getUserId().toString());
                            str3 = userRegistryAccessBean.getLogonId();
                        } catch (Exception e2) {
                            str3 = null;
                        }
                    }
                    this.requestProperties.put("EXPIREDPASSWORD", "1");
                    if (str3 != null) {
                        this.requestProperties.put("logonId", str3);
                    }
                }
            } catch (ECException e3) {
            }
        }
        return httpControllerRequestObject;
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public boolean isDoubleClickHandlerEnabled() {
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v6 */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9 */
    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public String getUniqueIdentifier() {
        String cookieValue = SessionHelper.getCookieValue(getRequest(), "WCS_UNIQUE_ID");
        if (cookieValue == null || cookieValue.length() <= 0) {
            ?? r0 = this;
            synchronized (r0) {
                int i = nCounterSessionIdentifier;
                nCounterSessionIdentifier = i + 1;
                Integer num = new Integer(i);
                r0 = r0;
                cookieValue = URLUTF8Encoder.encode(nc_hash.hash(new StringBuffer(String.valueOf(WcsApp.instanceName)).append(System.currentTimeMillis()).append(num.toString()).toString()));
                Cookie cookie = new Cookie("WCS_UNIQUE_ID", cookieValue);
                cookie.setPath("/");
                getResponse().addCookie(cookie);
            }
        }
        return cookieValue;
    }

    @Override // com.ibm.commerce.adapter.AbstractHttpAdapter
    public void initFactory(Element element) throws Exception {
        super.initFactory(element);
    }
}
