package com.ibm.isclite.runtime.action;

import com.ibm.isclite.common.util.SessionUtil;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.Action;

/* loaded from: input_file:com/ibm/isclite/runtime/action/MyAction.class */
public class MyAction extends Action {
    private static Logger logger = Logger.getLogger(MyAction.class.getName());
    private static String CLASSNAME = "MyAction";

    public boolean isActionValid(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("XSS");
        String id = httpServletRequest.getSession().getId();
        if (parameter == null || parameter.equals("undefined")) {
            logger.logp(Level.SEVERE, CLASSNAME, "validateAction", "bad xrfid:" + parameter + " for:" + httpServletRequest.getRequestURI());
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str = (String) parameterNames.nextElement();
                String parameter2 = httpServletRequest.getParameter(str);
                if (logger.isLoggable(Level.FINE)) {
                    logger.logp(Level.FINE, CLASSNAME, "validateAction", str + "=" + parameter2);
                }
            }
            return false;
        }
        logger.logp(Level.FINE, CLASSNAME, "validateAction", "xrfid:" + parameter + ", sessionid:" + id + " for " + httpServletRequest.getRequestURI());
        String str2 = (String) httpServletRequest.getSession().getAttribute("sessionHash");
        if ((str2 != null && parameter.equals(str2)) || parameter.equals(SessionUtil.generateSessionHash(httpServletRequest.getSession()))) {
            return true;
        }
        logger.logp(Level.SEVERE, CLASSNAME, "validateAction", "mismatch xrfid for:" + httpServletRequest.getRequestURI());
        return false;
    }
}
