package de.superx.servlet;

import de.memtext.baseobjects.NamedIdObject;
import de.memtext.baseobjects.coll.NamedIdObjectSet;
import de.memtext.db.NichtAngemeldetException;
import de.memtext.tree.KeyParentEqualException;
import de.memtext.util.ServletHelper;
import de.memtext.util.StringUtils;
import de.superx.common.DBServletException;
import de.superx.common.SxResultRow;
import de.superx.common.SxResultSet;
import de.superx.common.SxUser;
import de.superx.saiku.SuperxSaikuSessionService;
import de.superx.util.SqlStringUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.text.ParseException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.log4j.Logger;
import org.dom4j.DocumentException;
import org.xml.sax.SAXException;

/* loaded from: input_file:de/superx/servlet/SuperXmlAnmeldung.class */
public class SuperXmlAnmeldung extends AbstractSuperXServlet {
    Logger logger = Logger.getLogger(SuperXmlAnmeldung.class);
    private Hashtable hinweisCollections = new Hashtable();
    private static final long serialVersionUID = 1;
    public static boolean isRemoteLoginUsed = false;
    private static String failinfo = "Anmeldung fehlgeschlagen. Der eingegebene Benutzername oder das Passwort ist falsch.";
    private static Set<String> allowedRedirectUrls = new HashSet();
    private static Set<String> allowedRequestedServlets = new HashSet();
    public static boolean waitForPoolInit = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/superx/servlet/SuperXmlAnmeldung$MenuCreator.class */
    public class MenuCreator extends SuperXServletHelper {
        Logger logger;
        private String hinweisSql;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:de/superx/servlet/SuperXmlAnmeldung$MenuCreator$Hinweis.class */
        public class Hinweis extends NamedIdObject {
            private boolean isBestaetigen;
            private String url;
            private String html;
            private String bestaetigungsSatz;
            private String ueberschrift;
            private static final long serialVersionUID = 1;

            public Hinweis(Object obj, String str) {
                super(obj, str.trim());
                this.isBestaetigen = false;
                this.bestaetigungsSatz = "Ich habe den Hinweis zur Kenntnis genommen";
            }

            public boolean isBestaetigen() {
                return this.isBestaetigen;
            }

            public void setBestaetigen(boolean z) {
                this.isBestaetigen = z;
            }

            public String getUrl() {
                return this.url;
            }

            public void setUrl(String str) {
                if (str != null) {
                    str = str.trim();
                }
                this.url = str;
            }

            public String getHtml() {
                return this.html;
            }

            public void setHtml(String str) {
                this.html = str;
            }

            public String getBestaetigungsSatz() {
                return this.bestaetigungsSatz;
            }

            public void setBestaetigungsSatz(String str) {
                if (str != null) {
                    str = str.trim();
                }
                this.bestaetigungsSatz = str;
            }

            public String getUeberschrift() {
                return this.ueberschrift;
            }

            public void setUeberschrift(String str) {
                if (str != null) {
                    str = str.trim();
                }
                this.ueberschrift = str;
            }
        }

        public MenuCreator(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            super(httpServletRequest, httpServletResponse);
            this.logger = Logger.getLogger(MenuCreator.class);
            this.hinweisSql = "";
            this.hinweisSql = "SELECT id \nFROM user_dialog \nWHERE (valid_from IS NULL OR valid_from <= TODAY ()) \nAND   (valid_till IS NULL OR valid_till >= TODAY ()) \nAND   (id IN (SELECT hinweise_id FROM user_hinweis WHERE userinfo_id = <<USERID>>) OR id IN (SELECT hinweise_id \n                                                                                      FROM group_hinweis \n                                                                                      WHERE groupinfo_id IN (SELECT groupinfo_id FROM user_group_bez WHERE  userinfo_id = <<USERID>>)))and id not in (select user_dialog_id from user_dialog_accept where userinfo_id=<<USERID>>)";
        }

        @Override // de.superx.servlet.SuperXServletHelper, de.memtext.util.ServletHelper
        protected void perform() throws KeyParentEqualException, NichtAngemeldetException, IOException, ParseException, ParserConfigurationException, FactoryConfigurationError, SAXException, DocumentException, IllegalArgumentException, SecurityException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, SQLException, DBServletException, TransformerException, IOException, ServletException {
            SxUser user;
            String html;
            this.logger.debug("Running MenuCreator.perform()");
            HttpSession session = this.request.getSession(false);
            this.logger.debug("Request.session: " + session);
            String parameter = getParameter(this.request, "kennung");
            this.logger.debug("Request.kennung: " + parameter);
            UserInitializer userInitializer = new UserInitializer(this.request, false);
            try {
                String parameter2 = getParameter(this.request, "token");
                this.logger.debug("Request.token: " + parameter2);
                TokenChecker tokenChecker = null;
                Map<String, Map<String, String>> map = null;
                if (parameter2 != null && !parameter2.isEmpty()) {
                    SuperXmlAnmeldung.isRemoteLoginUsed = true;
                    String unused = SuperXmlAnmeldung.failinfo = "Anmeldung fehlgeschlagen: Beim Single Sign-on ist ein Fehler aufgetreten.";
                    try {
                        tokenChecker = new TokenChecker(parameter2);
                    } catch (NichtAngemeldetException e) {
                        if (!SuperXmlAnmeldung.this.hasProperSession(this.request)) {
                            throw e;
                        }
                        SuperXmlAnmeldung.this.log("Token no longer valid. Using existing session.");
                    }
                    if (tokenChecker != null) {
                        map = UserAndRightsStreamliner.streamline(getMandantenID(), tokenChecker);
                    }
                }
                String parameter3 = getParameter(this.request, "contenttype");
                if (parameter3 == null) {
                    parameter3 = "text/html";
                }
                if (SuperXmlAnmeldung.this.hasProperSession(this.request)) {
                    user = (SxUser) session.getAttribute("user");
                    String str = (String) session.getAttribute("rights");
                    if (user == null) {
                        throw new IllegalStateException("In der Session wurde kein User gefunden - beheben Sie etwaige Fehler und lassen Sie den Admin den Webserver neu starten");
                    }
                    if ((parameter != null && !parameter.equals(user.getName())) || (tokenChecker != null && !tokenChecker.getRights().equals(str))) {
                        userInitializer.perform();
                        user = userInitializer.getUser();
                    }
                } else {
                    userInitializer.perform();
                    user = userInitializer.getUser();
                }
                if (map != null) {
                    user.setRights(map, tokenChecker.getRole());
                } else if (!SuperXmlAnmeldung.isRemoteLoginUsed) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(SuperxSaikuSessionService.VIEW_OLAP_RIGHT, new HashMap());
                    if (tokenChecker == null) {
                        user.setRights(hashMap, null);
                    } else {
                        user.setRights(hashMap, tokenChecker.getRole());
                    }
                }
                if (tokenChecker != null && this.request.getSession() != null) {
                    this.request.getSession().setAttribute("rights", tokenChecker.getRights());
                }
                if (getParameter(this.request, "alt_redirect_url") != null && this.request.getSession() != null) {
                    String parameter4 = getParameter(this.request, "alt_redirect_url");
                    SuperXmlAnmeldung.this.checkAltRedirect(parameter4);
                    this.request.getSession().setAttribute("alt_redirect_url", parameter4);
                }
                if (userInitializer.isPasswordChangeDemanded()) {
                    sendBackHtml(UserInitializer.getPwChangeHtml("<input type=\"hidden\" name=\"showlogin\" value=\"true\"><font color=red>Sie m&uuml;ssen Ihr Passwort &auml;ndern</font>"));
                } else if (!displayHinweis(user) && !userSpecificStart(user)) {
                    String parameter5 = getParameter(this.request, "start_applet");
                    if (parameter5 == null || parameter5.equalsIgnoreCase("false")) {
                        String parameter6 = getParameter(this.request, "redirect");
                        if (parameter6 == null || parameter6.isEmpty()) {
                            if (parameter3.equalsIgnoreCase("text/xml")) {
                                java.util.logging.Logger.getLogger("superx_" + getMandantenID() + "_xml").log(Level.FINEST, "Themenbaum nach XML");
                                html = "<?xml version=\"1.0\" encoding=\"" + SqlStringUtils.getEncoding() + "\" ?>" + user.getThemenbaum().toXml(getDesiredLocale());
                                this.response.setContentType("text/xml; charset=" + SqlStringUtils.getEncoding());
                            } else {
                                java.util.logging.Logger.getLogger("superx_" + getMandantenID() + "_xml").log(Level.FINEST, "Themenbaum nach HTML");
                                html = user.getThemenbaum().toHtml(getDesiredLocale());
                                this.response.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
                            }
                            sendBack(html);
                        } else {
                            if (SuperXmlAnmeldung.allowedRequestedServlets.contains(parameter6)) {
                                System.out.println("Param redirect  " + parameter6 + " nicht erlaubt");
                                throw new IllegalArgumentException("Param redirect  " + parameter6 + " nicht erlaubt");
                            }
                            this.response.sendRedirect(parameter6);
                        }
                    } else if (parameter5.equalsIgnoreCase("true")) {
                        this.response.sendRedirect("../applet/index.jsp");
                    } else {
                        this.response.sendRedirect(parameter5);
                    }
                }
            } catch (Exception e2) {
                System.out.println(e2.toString());
                if (parameter == null || parameter.equals("")) {
                    userInitializer.getUsername();
                }
                PrintWriter writer = this.response.getWriter();
                this.response.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
                String str2 = SuperXmlAnmeldung.failinfo + (e2.toString().indexOf(UserInitializer.f3MAXIMALE_LOGIN_VERSUCHE_BERSCHRITTEN) > 1 ? UserInitializer.f3MAXIMALE_LOGIN_VERSUCHE_BERSCHRITTEN : "");
                if (e2.toString().indexOf("Parameter") > -1) {
                    str2 = "Parameterproblem - Hinweis für Admins in catalina.out";
                }
                if (e2.getMessage().indexOf("Keine Berechtigungen für Berichte gefunden") > -1) {
                    str2 = "Keine Berechtigung für Berichte gefunden";
                    SuperXServletHelper.removeCookie(this.request, this.response);
                    if (this.request.getSession(false) != null) {
                        this.request.getSession(false).invalidate();
                    }
                }
                String str3 = SuperXManager.htmlPageHead("Problem") + "\n<p class=\"errmsg\">" + str2 + "</p>";
                if (!SuperXManager.his1_refapp.isEmpty()) {
                    str3 = str3 + "<p><a href=\"/" + SuperXManager.his1_refapp + "\">Zurück</a>";
                }
                writer.write(str3 + "</body></html>");
                writer.close();
            }
        }

        private boolean displayHinweis(SxUser sxUser) throws SQLException {
            Connection connection = SxPools.getConnection(getMandantenID());
            Statement createStatement = connection.createStatement();
            Integer num = (Integer) this.request.getSession().getAttribute("current_hinweis");
            String parameter = ServletHelper.getParameter(this.request, "accepted");
            if (num != null && parameter != null && parameter.equals("on")) {
                if (createStatement.executeUpdate("insert into user_dialog_accept (userinfo_id,user_dialog_id,timestamp,ip_address,client_name)values (" + sxUser.getId() + "," + num + "," + (SxPools.get(getMandantenID()).getSqlDialect().equals("Postgres") ? "now()" : "current") + ",'" + this.request.getRemoteAddr() + "','" + this.request.getRemoteHost() + "')") != 1) {
                    throw new RuntimeException("Speichern der Hinweis-Akzeptanz fehlgeschlagen");
                }
                this.request.getSession().setAttribute("current_hinweis", (Object) null);
            }
            boolean z = false;
            try {
                SxResultSet execute = ServletUtils.execute("mögliche Hinweise für User " + sxUser + "suchen", StringUtils.replace(this.hinweisSql, "<<USERID>>", sxUser.getId().toString()), getMandantenID());
                if (execute.size() > 0) {
                    Object obj = (Integer) ((SxResultRow) execute.first()).get(0);
                    NamedIdObjectSet namedIdObjectSet = (NamedIdObjectSet) SuperXmlAnmeldung.this.hinweisCollections.get(getMandantenID());
                    NamedIdObjectSet namedIdObjectSet2 = namedIdObjectSet;
                    if (namedIdObjectSet == null) {
                        NamedIdObjectSet namedIdObjectSet3 = new NamedIdObjectSet();
                        ResultSet executeQuery = createStatement.executeQuery("select id,identifier,headline,url,confirm,confirm_prompt from user_dialog WHERE (valid_from IS NULL OR valid_from <= TODAY ()) \nAND   (valid_till IS NULL OR valid_till >= TODAY ()) ");
                        while (executeQuery.next()) {
                            Hinweis hinweis = new Hinweis(new Integer(executeQuery.getInt("id")), executeQuery.getString("identifier"));
                            hinweis.setUeberschrift(executeQuery.getString("headline"));
                            hinweis.setUrl(executeQuery.getString("url"));
                            hinweis.setBestaetigen(executeQuery.getInt("confirm") == 1);
                            String string = executeQuery.getString("confirm_prompt");
                            if (string != null) {
                                hinweis.setBestaetigungsSatz(string);
                            }
                            namedIdObjectSet3.add(hinweis);
                        }
                        SuperXmlAnmeldung.this.hinweisCollections.put(getMandantenID(), namedIdObjectSet3);
                        namedIdObjectSet2 = namedIdObjectSet3;
                    }
                    Hinweis hinweis2 = (Hinweis) namedIdObjectSet2.getById(obj);
                    z = true;
                    StringBuffer stringBuffer = new StringBuffer("<html>\n<head><titel>" + hinweis2.getName() + "</titel>\n<script language=\"Javascript\">var oldcols=parent.document.all('superxframes').cols;function maxLeftFrame(){parent.document.all('superxframes').cols='100%,*'} ; function resize(){parent.document.all('superxframes').cols=oldcols;}</script>\n</head>\n<body onload=\"maxLeftFrame()\">\n");
                    stringBuffer.append(hinweis2.getUeberschrift() + "<br>");
                    stringBuffer.append("<IFRAME SRC=\"" + hinweis2.getUrl() + "\" TITLE=\"" + hinweis2.getName() + "\" width=\"90%\" height=\"60%\">");
                    stringBuffer.append("<a href=\"" + hinweis2.getUrl() + "\">" + hinweis2.getName() + "</a>");
                    stringBuffer.append("\n</IFRAME><br>\n");
                    stringBuffer.append("<form method=\"post\" action=\"/superx/servlet/SuperXmlAnmeldung\" onsubmit=\"resize()\">\n");
                    this.request.getSession().setAttribute("current_hinweis", hinweis2.getId());
                    if (hinweis2.isBestaetigen()) {
                        stringBuffer.append("<p align=\"center\"><input type=\"checkbox\" name=\"accepted\">" + hinweis2.getBestaetigungsSatz() + "</p>\n");
                    } else {
                        stringBuffer.append("<input type=\"hidden\" name=\"accepted\" value=\"on\">\n<p align=\"center\">" + hinweis2.getBestaetigungsSatz() + "</p>\n");
                    }
                    stringBuffer.append("\n<p align=\"center\"><input type=\"submit\" value=\"OK\"></p>\n");
                    stringBuffer.append("</form></body></html>");
                    sendBackHtml(stringBuffer.toString());
                }
            } catch (Exception e) {
                System.out.println("Fehler beim Lesen von Hinweisen");
                e.printStackTrace();
            }
            createStatement.close();
            connection.close();
            return z;
        }

        private boolean userSpecificStart(SxUser sxUser) throws ServletException, FactoryConfigurationError, IOException, ParserConfigurationException, TransformerException {
            boolean z = false;
            String parameter = ServletHelper.getParameter(this.request, "user_specific");
            if (parameter == null || parameter.equalsIgnoreCase("true")) {
                try {
                    SxResultSet execute = ServletUtils.execute("möglich Startpage für User " + sxUser + "suchen", "select startmask,starturl,notolderthan,alturl,stylesheet,encrypted from user_startpage where userid=" + sxUser.getId() + " and active=1", getMandantenID());
                    if (execute.size() > 0) {
                        java.util.logging.Logger.getLogger("superx_" + getMandantenID()).log(Level.INFO, "Userspezifischer Start für User " + sxUser.getId());
                        z = true;
                        SxResultRow sxResultRow = (SxResultRow) execute.first();
                        Integer num = (Integer) sxResultRow.get(0);
                        String str = (String) sxResultRow.get(1);
                        Integer num2 = (Integer) sxResultRow.get(2);
                        String str2 = (String) sxResultRow.get(4);
                        Object obj = sxResultRow.get(5);
                        if (str == null || !str.endsWith(".xml")) {
                            gotoStartUrl(sxUser, num, str, str2);
                        } else {
                            PreparedXmlProcessor preparedXmlProcessor = new PreparedXmlProcessor(SuperXmlAnmeldung.this.getServletConfig(), this.request, this.response, getMandantenID(), getBrowser());
                            if (!preparedXmlProcessor.isFileOk(str, num2)) {
                                java.util.logging.Logger.getLogger("superx_" + getMandantenID()).log(Level.INFO, "File " + str + " nicht gefunden oder zu alt, versuche Startmaske aufzurufen");
                                gotoStartUrl(sxUser, num, null, str2);
                            } else if (!preparedXmlProcessor.process(str, str2, ServletHelper.getParameter(this.request, "contenttype"), obj)) {
                                java.util.logging.Logger.getLogger("superx_" + getMandantenID()).log(Level.INFO, "File " + str + " enthielt keine XML-Daten oder XML-Transformationsfehler, versuche startmaske direkt aufzurufen");
                                gotoStartUrl(sxUser, num, null, str2);
                            }
                        }
                    }
                } catch (DBServletException e) {
                } catch (SQLException e2) {
                }
            }
            String parameter2 = ServletHelper.getParameter(this.request, "requestedServlet");
            if (parameter2 != null) {
                SuperXmlAnmeldung.this.checkRequestedServlet(parameter2);
                SuperXmlAnmeldung.this.forward(this.request, this.response, parameter2);
                z = true;
            }
            return z;
        }

        private void gotoStartUrl(SxUser sxUser, Integer num, String str, String str2) throws SQLException, DBServletException, ServletException, IOException {
            if (num == null) {
                throw new IllegalArgumentException("Versuche eine userspezifische Startmaske aufzurufen, aber startmask war null");
            }
            if (str == null || str.trim().equals("")) {
                StringBuffer stringBuffer = new StringBuffer("/servlet/SuperXmlTabelle?tid=" + num);
                Iterator it = ServletUtils.execute("Startfields für User " + sxUser + "suchen", "select fieldname,value from user_startfields where userid=" + sxUser.getId() + "and active=1", getMandantenID()).iterator();
                while (it.hasNext()) {
                    SxResultRow sxResultRow = (SxResultRow) it.next();
                    stringBuffer.append("&" + sxResultRow.get(0) + "=" + sxResultRow.get(1));
                }
                if (str2 != null) {
                    stringBuffer.append("&stylesheet=" + str2);
                }
                String stringBuffer2 = stringBuffer.toString();
                java.util.logging.Logger.getLogger("superx_" + getMandantenID()).log(Level.INFO, "going to starturl:" + stringBuffer2);
                SuperXmlAnmeldung.this.getServletContext().getRequestDispatcher(stringBuffer2).forward(this.request, this.response);
            }
        }

        private void sendMenu(String str) throws IOException, TransformerFactoryConfigurationError {
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.logger.debug("Running SuperXmlAnmeldung.init()");
        ServletUtils.setPath(getServletConfig().getServletContext().getRealPath("/xml"));
        allowedRedirectUrls.add("../index.jsp");
        allowedRedirectUrls.add("../index.jsp?a=b");
        allowedRedirectUrls.add("/superx/xml/index.jsp");
        allowedRedirectUrls.add("/superx/xml/index.jsp?a=b");
        allowedRedirectUrls.add("/superx/index.jsp");
        allowedRequestedServlets.add("../index.jsp");
        allowedRequestedServlets.add("../index.jsp?a=b");
        allowedRequestedServlets.add("/superx/xml/index.jsp");
        allowedRequestedServlets.add("/superx/xml/index.jsp?a=b");
        allowedRequestedServlets.add("/superx/index.jsp");
        for (String str : SxPools.getMandantenIds()) {
            if (!str.contentEquals(SxSQL_Server.DEFAULT_MANDANTEN_ID)) {
                String str2 = str + "/";
                allowedRedirectUrls.add("/superx/" + str2 + "xml/index.jsp");
                allowedRedirectUrls.add("/superx/" + str2 + "xml/index.jsp&MandantenID=" + str);
                allowedRedirectUrls.add("/superx/" + str2 + "xml/index.jsp&MandantID=" + str);
                allowedRedirectUrls.add("/superx/" + str2 + "xml/index.jsp?a=b");
                allowedRedirectUrls.add("/superx/" + str2 + "xml/index.jsp?a=b&MandantenID=" + str);
                allowedRedirectUrls.add("/superx/" + str2 + "xml/index.jsp?a=b&MandantID=" + str);
                allowedRedirectUrls.add("/superx/" + str2 + "index.jsp");
                allowedRedirectUrls.add("/superx/" + str2 + "index.jsp&MandantenID=" + str);
                allowedRedirectUrls.add("/superx/" + str2 + "index.jsp&MandantID=" + str);
                allowedRedirectUrls.add("../index.jsp?MandantenID=" + str);
                allowedRedirectUrls.add("../index.jsp?MandantID=" + str);
                allowedRedirectUrls.add("../index.jsp?a=b&MandantenID=" + str);
                allowedRedirectUrls.add("../index.jsp?a=b&MandantID=" + str);
                allowedRequestedServlets.add("/superx/" + str2 + "xml/index.jsp");
                allowedRequestedServlets.add("/superx/" + str2 + "xml/index.jsp&MandantenID=" + str);
                allowedRequestedServlets.add("/superx/" + str2 + "xml/index.jsp&MandantID=" + str);
                allowedRequestedServlets.add("/superx/" + str2 + "xml/index.jsp?a=b");
                allowedRequestedServlets.add("/superx/" + str2 + "xml/index.jsp?a=b&MandantenID=" + str);
                allowedRequestedServlets.add("/superx/" + str2 + "xml/index.jsp?a=b&MandantID=" + str);
                allowedRequestedServlets.add("/superx/" + str2 + "index.jsp");
                allowedRequestedServlets.add("/superx/" + str2 + "index.jsp&MandantenID=" + str);
                allowedRequestedServlets.add("/superx/" + str2 + "index.jsp&MandantID=" + str);
                allowedRequestedServlets.add("../index.jsp?MandantenID=" + str);
                allowedRequestedServlets.add("../index.jsp?MandantID=" + str);
                allowedRequestedServlets.add("../index.jsp?a=b&MandantenID=" + str);
                allowedRequestedServlets.add("../index.jsp?a=b&MandantID=" + str);
            }
        }
        allowedRedirectUrls.add("/superx/FHLB/xml/easydat/index.jsp");
        allowedRequestedServlets.add("../FHLB/xml/easydat/index.jsp");
        allowedRedirectUrls.add("/superx/FHRV/xml/easydat/index.jsp");
        allowedRequestedServlets.add("../FHRV/xml/easydat/index.jsp");
        allowedRedirectUrls.add("/superx/FHST/xml/easydat/index.jsp?logoff=true");
        allowedRedirectUrls.add("/superx/FHST/xml/easydat/index.jsp");
        allowedRequestedServlets.add("../FHST/xml/easydat/index.jsp");
        allowedRedirectUrls.add("/superx/FHSM/xml/easydat/index.jsp");
        allowedRedirectUrls.add("../index.jsp?a=b&MandantID=FHSM");
        allowedRequestedServlets.add("../FHSM/xml/easydat/index.jsp");
        allowedRedirectUrls.add("../FHHN/xml/management/index.jsp?a=b");
        allowedRequestedServlets.add("../FHHN/xml/management/index.jsp?a=b");
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.logger.debug("Running SuperXmlAnmeldung.doPost()");
        if (waitForPoolInit) {
            httpServletResponse.reset();
            httpServletResponse.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
            PrintWriter writer = httpServletResponse.getWriter();
            String str = SuperXManager.htmlPageHead("Bitte warten") + "<p class=\"errmsg\">Der Server-Cache wird gerade aktualisiert.<br />Bitte versuchen Sie die Anmeldung sp&auml;ter erneut.</p>";
            if (!SuperXManager.his1_refapp.isEmpty()) {
                str = str + "<p><a href=\"/" + SuperXManager.his1_refapp + "\">Zurück</a>";
            }
            writer.print(str + "</body></html>");
            writer.flush();
            writer.close();
            return;
        }
        setEncoding(httpServletRequest);
        ServletUtils.setPath(getServletConfig().getServletContext().getRealPath("/xml"));
        if (ServletBasics.getParameter(httpServletRequest, "MandantenID") == null) {
            httpServletRequest.setAttribute("MandantenID", SxSQL_Server.DEFAULT_MANDANTEN_ID);
        }
        allowedRedirectUrls.add("/superx/" + httpServletRequest.getAttribute("MandantenID") + "/xml/index.jsp");
        if (ServletBasics.getParameter(httpServletRequest, "kennung") == null && ServletBasics.getParameter(httpServletRequest, "requestedServlet") != null && !hasProperSession(httpServletRequest)) {
            this.logger.info("Run presentForwardLogin()");
            presentForwardLogin(httpServletRequest, httpServletResponse);
        } else {
            synchronized (this) {
                this.logger.debug("Create MenuCreator()");
                new MenuCreator(httpServletRequest, httpServletResponse).run(false);
            }
        }
    }

    private void presentForwardLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        this.logger.info("Running SuperXmlAnmeldung.presentForwardLogin()");
        httpServletResponse.reset();
        httpServletResponse.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
        PrintWriter writer = httpServletResponse.getWriter();
        String parameter = ServletHelper.getParameter(httpServletRequest, "MandantenID");
        if (parameter == null || parameter.equals("")) {
            parameter = SxSQL_Server.DEFAULT_MANDANTEN_ID;
        }
        if (!SxPools.hasPool(parameter)) {
            throw new IllegalArgumentException("Ungültige MandantenID");
        }
        String str = "Bitte melden Sie sich zun&auml;chst an";
        String str2 = "";
        String str3 = "";
        try {
            str2 = ServletHelper.getParameter(httpServletRequest, "requestedServlet");
            checkRequestedServlet(str2);
            str3 = ServletHelper.getParameter(httpServletRequest, "alt_redirect_url");
            checkAltRedirect(str3);
        } catch (Exception e) {
            str = "Parameter unzulässig";
            e.printStackTrace();
        }
        writer.println(SuperXManager.htmlPageHead(str) + "<h1>" + str + "</h1><p>");
        if (!str.equals("Parameter unzulässig")) {
            if (SxPools.hasMandanten() && (parameter == null || parameter.equals(""))) {
                writer.println("<p> Rufen Sie die Anmeldeseite auf</p>");
            } else {
                StringBuffer stringBuffer = new StringBuffer("<form action=\"de.superx.servlet.SuperXmlAnmeldung\" method=post>Kennung<br><input type=\"text\" name=\"kennung\" maxlength=40 size=20><br><br>Passwort<br><input type=\"password\" name=\"passwort\" maxlength=40 size=20><br>");
                if (parameter != null && !parameter.equals("") && !parameter.equals(SxSQL_Server.DEFAULT_MANDANTEN_ID)) {
                    stringBuffer.append("<br><input type=\"hidden\" name=\"MandantenID\" value=\"" + parameter + "\"><br>");
                }
                stringBuffer.append("<input type=\"hidden\" name=\"requestedServlet\" value=\"" + str2 + "\">\n");
                if (str3 != null && !str3.equals("")) {
                    stringBuffer.append("<input type=\"hidden\" name=\"alt_redirect_url\" value=\"" + str3 + "\">\n");
                }
                stringBuffer.append("<br><input type=submit value=\"Abschicken\"></form>");
                writer.print(stringBuffer);
            }
        }
        writer.println("</body></html>");
        writer.flush();
        writer.close();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkRequestedServlet(String str) {
        if (str != null && !allowedRequestedServlets.contains(str)) {
            throw new IllegalArgumentException("Parameter requestedServlet " + str + " nicht erlaubt (in SuperXmlAnmeldung.java fest definiert)");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkAltRedirect(String str) {
        if (str != null && !allowedRedirectUrls.contains(str)) {
            throw new IllegalArgumentException("Parameter alt_redirect_url " + str + " nicht erlaubt (in SuperXmlAnmeldung.java fest definiert)");
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = ServletHelper.getParameter(httpServletRequest, "showlogin");
        if (parameter == null || !parameter.equals("true")) {
            doPost(httpServletRequest, httpServletResponse);
            return;
        }
        this.logger.debug("Running SuperXmlAnmeldung.doGet()");
        String parameter2 = ServletHelper.getParameter(httpServletRequest, "MandantenID");
        if (httpServletRequest.getSession() != null && httpServletRequest.getSession().getAttribute("MandantenID") != null) {
            parameter2 = (String) httpServletRequest.getSession().getAttribute("MandantenID");
        }
        if (parameter2 == null || parameter2.trim().equals("")) {
            parameter2 = SxSQL_Server.DEFAULT_MANDANTEN_ID;
        }
        String parameter3 = ServletHelper.getParameter(httpServletRequest, "alt_redirect_url");
        if (parameter3 != null && !parameter3.isEmpty()) {
            throw new IllegalArgumentException("Parameter unzulässig");
        }
        String parameter4 = ServletHelper.getParameter(httpServletRequest, "requestedServlet");
        if (parameter4 != null && !parameter4.isEmpty()) {
            throw new IllegalArgumentException("Parameter unzulässig");
        }
        if (!SxPools.hasPool(parameter2)) {
            throw new IllegalArgumentException("Ungültige MandantenID");
        }
        PrintWriter writer = httpServletResponse.getWriter();
        httpServletResponse.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
        writer.write(SuperXManager.htmlPageHead("Anmelden") + "<h3>Anmeldung</h3>       <FORM ACTION=\"/superx/servlet/SuperXmlAnmeldung\" METHOD=\"post\">        <p>Kennung: <br /><INPUT TYPE=\"Text\" NAME=\"kennung\" VALUE=\"\"></p><p>Passwort: <br /><INPUT TYPE=\"Password\" NAME=\"passwort\" value=\"\"><INPUT TYPE=\"hidden\" NAME=\"MandantenID\" value=\"" + parameter2 + "\"><INPUT TYPE=\"hidden\" NAME=\"user_specific\" value=\"false\"></p> <INPUT TYPE=\"Submit\" NAME=\"Abschicken\" VALUE=\"Anmelden\"></body></html>");
        writer.flush();
        writer.close();
    }

    public String getServletInfo() {
        return "<i>SuperXmlAnmeldung-Servlet, v.3.0</i>";
    }
}
