package com.ibm.ws.console.core.servlet;

import com.ibm.isclite.runtime.Constants;
import com.ibm.ws.security.core.SecurityContext;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/ws/console/core/servlet/SecureCleanupServlet.class */
public class SecureCleanupServlet extends HttpServlet {
    private static final long serialVersionUID = -5253878571333266738L;

    public void init() throws ServletException {
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest.getAttribute("CSRF_original_request_uri") != null) {
            httpServletRequest.getRequestDispatcher("/unsecure/invalidSession.jsp").forward(httpServletRequest, httpServletResponse);
            return;
        }
        boolean z = false;
        Enumeration headers = httpServletRequest.getHeaders("Referer");
        while (true) {
            if (!headers.hasMoreElements()) {
                break;
            } else if (((String) headers.nextElement()).endsWith("/logon.jsp")) {
                z = true;
                break;
            }
        }
        boolean z2 = httpServletRequest.getSession().getAttribute("loginForward") != null;
        boolean z3 = httpServletRequest.getSession().getAttribute(Constants.USER_KEY) != null;
        if (z && SecurityContext.isSecurityEnabled() && !z2) {
            httpServletRequest.getSession().setAttribute("loginForward", Boolean.TRUE);
            httpServletRequest.getRequestDispatcher("/login.do?action=secure").forward(httpServletRequest, httpServletResponse);
        } else {
            httpServletRequest.getSession().removeAttribute("loginForward");
            httpServletRequest.getRequestDispatcher(z3 ? "ibm_security_logout?logoutExitPage=logon.jsp" : "/logon.jsp").forward(httpServletRequest, httpServletResponse);
        }
    }
}
