package org.aperteworkflow.gui.auth;

import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import pl.net.bluesoft.rnd.processtool.plugins.PermissionFilter;
import pl.net.bluesoft.rnd.processtool.plugins.TokenInfo;

/* loaded from: input_file:WEB-INF/classes/org/aperteworkflow/gui/auth/GenerateTokenServlet.class */
public class GenerateTokenServlet extends HttpServlet {
    private static final String LAST_TOKEN = "__APERTE__LAST_TOKEN";
    private static final String TOKEN_MAP = "__APERTE__TOKEN_MAP";

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HashMap<String, TokenInfo> tokenMap = getTokenMap(httpServletRequest.getSession().getServletContext());
        cleanupTokens(tokenMap);
        if (httpServletRequest.getParameter("token") == null && httpServletRequest.getParameter("returl") != null) {
            try {
                String hex = toHex(MessageDigest.getInstance("SHA-1").digest(((Math.random() * System.nanoTime()) + httpServletRequest.toString()).getBytes()));
                httpServletRequest.getSession().setAttribute(LAST_TOKEN, hex);
                httpServletResponse.sendRedirect(httpServletRequest.getParameter("returl") + hex);
                tokenMap.put(hex, new TokenInfo(hex, (String) httpServletRequest.getSession().getAttribute(PermissionFilter.AUTHORIZED), new Date(), 1));
                return;
            } catch (NoSuchAlgorithmException e) {
                throw new ServletException(e);
            }
        }
        if (httpServletRequest.getParameter("token") == null || httpServletRequest.getParameter("returl") != null) {
            httpServletResponse.getWriter().print("invalid syntax, please consult source code for org.aperteworkflow.gui.auth.GenerateTokenServlet");
            return;
        }
        httpServletResponse.setContentType("text/plain");
        TokenInfo tokenInfo = tokenMap.get(httpServletRequest.getParameter("token"));
        if (tokenInfo != null && tokenInfo.getUserLogin() != null) {
            httpServletResponse.getWriter().print(tokenInfo.getUserLogin());
        } else {
            httpServletResponse.setStatus(401);
            httpServletResponse.getWriter().print("Invalid token");
        }
    }

    private static synchronized HashMap<String, TokenInfo> getTokenMap(ServletContext servletContext) {
        HashMap<String, TokenInfo> hashMap = (HashMap) servletContext.getAttribute(TOKEN_MAP);
        if (hashMap == null) {
            hashMap = new HashMap<>();
            servletContext.setAttribute(TOKEN_MAP, hashMap);
        }
        return hashMap;
    }

    private static synchronized void cleanupTokens(HashMap<String, TokenInfo> hashMap) {
        for (String str : new HashSet(hashMap.keySet())) {
            TokenInfo tokenInfo = hashMap.get(str);
            if (tokenInfo != null) {
                int validityTime = tokenInfo.getValidityTime();
                Date creationDate = tokenInfo.getCreationDate();
                Calendar calendar = Calendar.getInstance();
                calendar.setTime(creationDate);
                calendar.add(12, validityTime);
                if (new Date().after(calendar.getTime())) {
                    hashMap.remove(str);
                }
            } else {
                hashMap.remove(str);
            }
        }
    }

    public static String toHex(byte[] bArr) {
        return String.format("%0" + (bArr.length << 1) + "X", new BigInteger(1, bArr));
    }
}
