package org.jboss.portal.core.cms.ui.admin;

import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.naming.InitialContext;
import javax.portlet.PortletConfig;
import javax.portlet.PortletException;
import javax.portlet.PortletRequest;
import javax.portlet.PortletRequestDispatcher;
import javax.portlet.UnavailableException;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.portlet.PortletFileUpload;
import org.jboss.portal.cms.CMS;
import org.jboss.portal.cms.CMSException;
import org.jboss.portal.cms.CMSMimeMappings;
import org.jboss.portal.cms.Command;
import org.jboss.portal.cms.impl.ContentImpl;
import org.jboss.portal.cms.impl.FileImpl;
import org.jboss.portal.cms.impl.FolderImpl;
import org.jboss.portal.cms.impl.jcr.JCRCMS;
import org.jboss.portal.cms.model.Content;
import org.jboss.portal.cms.model.File;
import org.jboss.portal.cms.model.Folder;
import org.jboss.portal.cms.security.AuthorizationManager;
import org.jboss.portal.cms.security.CMSPermission;
import org.jboss.portal.cms.security.Criteria;
import org.jboss.portal.cms.security.Permission;
import org.jboss.portal.cms.security.PortalCMSSecurityContext;
import org.jboss.portal.cms.util.FileUtil;
import org.jboss.portal.cms.util.NodeUtil;
import org.jboss.portal.cms.workflow.ApprovePublish;
import org.jboss.portal.cms.workflow.CMSWorkflowUtil;
import org.jboss.portal.core.cms.CMSConstants;
import org.jboss.portal.core.cms.command.StreamContentCommand;
import org.jboss.portal.identity.AnonymousRole;
import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.MembershipModule;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.RoleModule;
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.UserModule;
import org.jboss.portal.search.FederatedQuery;
import org.jboss.portal.search.QueryConversionException;
import org.jboss.portal.search.impl.jcr.JCRQueryConverter;
import org.jboss.portal.server.ParameterSanitizer;
import org.jboss.portal.server.request.URLContext;
import org.jboss.portal.server.request.URLFormat;
import org.jboss.portal.workflow.WorkflowException;
import org.jboss.portlet.JBossActionRequest;
import org.jboss.portlet.JBossActionResponse;
import org.jboss.portlet.JBossPortlet;
import org.jboss.portlet.JBossRenderRequest;
import org.jboss.portlet.JBossRenderResponse;

/* loaded from: input_file:org/jboss/portal/core/cms/ui/admin/CMSAdminPortlet.class */
public class CMSAdminPortlet extends JBossPortlet {
    private CMS CMSService;
    private UserModule userModule;
    private RoleModule roleModule;
    private MembershipModule membershipModule;
    private ApprovePublish approvePublish;
    private AuthorizationManager authorizationManager;
    private ResourceBundle resources = null;
    private static final String SLASH = "/";
    private static final Pattern CHECK_FOR_XSS_PATTERN = Pattern.compile("[^<>\\(\\)=]*");
    static final URLContext NON_SECURE_NON_AUTH_URL_CONTEXT = URLContext.newInstance(false, false);
    static final URLFormat RELATIVE_SERVLET_ENCODED_URL_FORMAT = URLFormat.newInstance(true, true);

    public void init() throws PortletException {
        this.CMSService = (CMS) getPortletContext().getAttribute(CMSConstants.SEARCH_ID);
        this.userModule = (UserModule) getPortletContext().getAttribute("UserModule");
        this.roleModule = (RoleModule) getPortletContext().getAttribute("RoleModule");
        this.membershipModule = (MembershipModule) getPortletContext().getAttribute("MembershipModule");
        initializeAuthorizationManager();
        if (this.CMSService == null) {
            throw new PortletException("Cannot start CMSAdmin portlet due to service unavailability");
        }
        if (this.userModule == null) {
            throw new PortletException("No user module");
        }
        if (this.roleModule == null) {
            throw new PortletException("No role module");
        }
        if (this.membershipModule == null) {
            throw new PortletException("No membership module");
        }
        if (this.authorizationManager == null) {
            throw new PortletException("Authorization Service not found");
        }
        initializeApprovePublishWorkflow();
    }

    public void init(PortletConfig portletConfig) throws PortletException {
        super.init(portletConfig);
        this.resources = portletConfig.getResourceBundle(Locale.getDefault());
    }

    protected void doView(JBossRenderRequest jBossRenderRequest, JBossRenderResponse jBossRenderResponse) throws PortletException, IOException, UnavailableException {
        jBossRenderRequest.setAttribute(CMSAdminConstants.DATE_FORMAT, new SimpleDateFormat(getPortletConfig().getResourceBundle(jBossRenderRequest.getLocale()).getString(CMSAdminConstants.CMS_DATE_PATTERN), jBossRenderRequest.getLocale()));
        if (!isPortletAccessible(jBossRenderRequest)) {
            showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        String parameter = jBossRenderRequest.getParameter("op");
        if (parameter != null && CMSAdminConstants.OP_CONFIRMSECURE.equals(parameter) && !isSecurityConsoleAccessible(jBossRenderRequest)) {
            showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        try {
            if (jBossRenderRequest.getParameter("accessDenied") != null) {
                showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
            } else {
                internalDoView(jBossRenderRequest, jBossRenderResponse);
            }
        } catch (CMSException e) {
            if (e.toString().indexOf("Access to this resource is denied") == -1) {
                throw new PortletException(e);
            }
            showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
        }
    }

    private void showAccessDeniedScreen(JBossRenderRequest jBossRenderRequest, JBossRenderResponse jBossRenderResponse) throws IOException, PortletException {
        try {
            String parameter = jBossRenderRequest.getParameter("path");
            String parameter2 = jBossRenderRequest.getParameter("returnOp");
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("path", parameter);
            jBossRenderRequest.setAttribute("returnOp", parameter2);
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/accessdenied.jsp").include(jBossRenderRequest, jBossRenderResponse);
        } catch (Exception e) {
            throw new PortletException(e);
        }
    }

    private void internalDoView(JBossRenderRequest jBossRenderRequest, JBossRenderResponse jBossRenderResponse) throws CMSException, PortletException, IOException {
        PortletRequestDispatcher requestDispatcher;
        Collection arrayList;
        String parameter = jBossRenderRequest.getParameter("op");
        String parameter2 = jBossRenderRequest.getParameter("path");
        if (parameter2 != null) {
            parameter2 = ParameterSanitizer.sanitizeFromPattern(parameter2, CHECK_FOR_XSS_PATTERN, SLASH);
        }
        String parameter3 = jBossRenderRequest.getParameter("navpath");
        if (parameter3 != null) {
            parameter3 = ParameterSanitizer.sanitizeFromPattern(parameter3, CHECK_FOR_XSS_PATTERN, SLASH);
        }
        if (parameter == null) {
            parameter = CMSAdminConstants.OP_MAIN;
        }
        if (CMSAdminConstants.OP_MAIN.equals(parameter)) {
            if (parameter2 == null) {
                parameter2 = SLASH;
            }
            JCRCMS.enableUISecurityFilter();
            Folder folder = (Folder) this.CMSService.execute(this.CMSService.getCommandFactory().createFolderGetListCommand(parameter2));
            Collection arrayList2 = new ArrayList();
            Collection arrayList3 = new ArrayList();
            if (folder != null) {
                arrayList2 = folder.getFolders();
                arrayList3 = folder.getFiles();
            } else {
                Object attribute = jBossRenderRequest.getPortletSession().getAttribute("messages");
                if (attribute == null) {
                    attribute = new ArrayList();
                    jBossRenderRequest.getPortletSession().setAttribute("messages", attribute);
                }
                ((List) attribute).add(this.resources.getObject("CMS_MISSING_RESOURCE"));
            }
            JCRCMS.disableUISecurityFilter();
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("folders", arrayList2);
            jBossRenderRequest.setAttribute("files", arrayList3);
            jBossRenderRequest.setAttribute("currpath", parameter2);
            boolean isWorkflowManagementAccessible = isWorkflowManagementAccessible(jBossRenderRequest);
            boolean isWorkflowActivated = this.CMSService.isWorkflowActivated();
            if (isWorkflowManagementAccessible && isWorkflowActivated) {
                jBossRenderRequest.setAttribute("manageWorkflowAccessible", new Boolean(true));
            } else {
                jBossRenderRequest.setAttribute("manageWorkflowAccessible", new Boolean(false));
            }
            if (jBossRenderRequest.getPortletSession().getAttribute("messages") != null) {
                Object attribute2 = jBossRenderRequest.getPortletSession().getAttribute("messages");
                jBossRenderRequest.getPortletSession().removeAttribute("messages");
                jBossRenderRequest.setAttribute("messages", attribute2);
            }
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/main.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_CONFIRM_CREATE_COLLECTION.equals(parameter) || CMSAdminConstants.OP_CONFIRM_CREATE_COLLECTION_VALIDATION_ERROR.equals(parameter)) {
            try {
                List folderList = getFolderList(parameter3);
                if ((folderList == null || folderList.isEmpty()) && parameter3 != null && !parameter3.equals(SLASH)) {
                    parameter3 = NodeUtil.getParentPath(parameter3);
                    folderList = getFolderList(parameter3);
                }
                jBossRenderRequest.setAttribute("folders", folderList);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("navpath", parameter3);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("createpath", parameter2);
                String parameter4 = jBossRenderRequest.getParameter("error:message");
                if (parameter4 != null) {
                    jBossRenderRequest.setAttribute("error:message", parameter4);
                }
                String parameter5 = jBossRenderRequest.getParameter("error:newcollectionname");
                if (parameter5 != null) {
                    jBossRenderRequest.setAttribute("error:newcollectionname", parameter5);
                }
                String parameter6 = jBossRenderRequest.getParameter("error:newcollectiondescription");
                if (parameter6 != null) {
                    jBossRenderRequest.setAttribute("error:newcollectiondescription", parameter6);
                }
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/confirmcreatecollection.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (Exception e) {
                throw new PortletException(e);
            }
        }
        if (CMSAdminConstants.OP_UPLOADCONFIRM.equals(parameter)) {
            try {
                List folderList2 = getFolderList(parameter3);
                if ((folderList2 == null || folderList2.isEmpty()) && parameter3 != null && !parameter3.equals(SLASH)) {
                    parameter3 = NodeUtil.getParentPath(parameter3);
                    folderList2 = getFolderList(parameter3);
                }
                jBossRenderRequest.setAttribute("folders", folderList2);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("currpath", parameter2);
                jBossRenderRequest.setAttribute("navpath", parameter3);
                jBossRenderRequest.setAttribute("defaultlocale", this.CMSService.getDefaultLocale());
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/upload.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (Exception e2) {
                throw new PortletException(e2);
            }
        }
        if (CMSAdminConstants.OP_VIEWFILE.equals(parameter)) {
            List list = (List) this.CMSService.execute(this.CMSService.getCommandFactory().createFileGetListCommand(parameter2));
            Vector vector = new Vector();
            for (int i = 0; i < list.size(); i++) {
                vector.add((List) this.CMSService.execute(this.CMSService.getCommandFactory().createContentGetVersionsCommand(((Content) list.get(i)).getBasePath())));
            }
            if (getApprovePublish() != null) {
                try {
                    jBossRenderRequest.setAttribute("pendingQueue", getApprovePublish().getPendingQueue(parameter2));
                } catch (WorkflowException e3) {
                    jBossRenderRequest.setAttribute("pendingQueue", (Object) null);
                }
            }
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            jBossRenderRequest.setAttribute("contents", vector);
            boolean isWorkflowManagementAccessible2 = isWorkflowManagementAccessible(jBossRenderRequest);
            boolean isWorkflowActivated2 = this.CMSService.isWorkflowActivated();
            if (isWorkflowManagementAccessible2 && isWorkflowActivated2) {
                jBossRenderRequest.setAttribute("manageWorkflowAccessible", new Boolean(true));
            } else {
                jBossRenderRequest.setAttribute("manageWorkflowAccessible", new Boolean(false));
            }
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/viewfile.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_VIEWSEARCHRESULTS.equals(parameter)) {
            jBossRenderResponse.setContentType("text/html");
            String parameter7 = jBossRenderRequest.getParameter("search");
            try {
                arrayList = (List) this.CMSService.execute(this.CMSService.getCommandFactory().createSearchCommand(new JCRQueryConverter().convert(new FederatedQuery(parameter7))));
            } catch (CMSException e4) {
                e4.printStackTrace();
                arrayList = new ArrayList();
            } catch (QueryConversionException e5) {
                arrayList = new ArrayList();
                jBossRenderRequest.setAttribute("conversionError", Boolean.TRUE);
            }
            jBossRenderRequest.setAttribute("files", arrayList);
            jBossRenderRequest.setAttribute("textQuery", parameter7);
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/searchResults.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_UPLOADARCHIVECONFIRM.equals(parameter)) {
            try {
                List folderList3 = getFolderList(parameter3);
                if ((folderList3 == null || folderList3.isEmpty()) && parameter3 != null && !parameter3.equals(SLASH)) {
                    parameter3 = NodeUtil.getParentPath(parameter3);
                    folderList3 = getFolderList(parameter3);
                }
                jBossRenderRequest.setAttribute("folders", folderList3);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("currpath", parameter2);
                jBossRenderRequest.setAttribute("navpath", parameter3);
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/uploadarchive.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (Exception e6) {
                throw new PortletException(e6);
            }
        }
        if (CMSAdminConstants.OP_CONFIRMCOPY.equals(parameter)) {
            try {
                String parameter8 = jBossRenderRequest.getParameter("type");
                List folderList4 = getFolderList(parameter3);
                if ((folderList4 == null || folderList4.isEmpty()) && parameter3 != null && !parameter3.equals(SLASH)) {
                    parameter3 = NodeUtil.getParentPath(parameter3);
                    folderList4 = getFolderList(parameter3);
                }
                jBossRenderRequest.setAttribute("folders", folderList4);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("currpath", parameter2);
                jBossRenderRequest.setAttribute("navpath", parameter3);
                jBossRenderRequest.setAttribute("type", parameter8);
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/confirmcopy.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (Exception e7) {
                throw new PortletException(e7);
            }
        }
        if (CMSAdminConstants.OP_CONFIRMMOVE.equals(parameter)) {
            try {
                String parameter9 = jBossRenderRequest.getParameter("type");
                List folderList5 = getFolderList(parameter3);
                if ((folderList5 == null || folderList5.isEmpty()) && parameter3 != null && !parameter3.equals(SLASH)) {
                    parameter3 = NodeUtil.getParentPath(parameter3);
                    folderList5 = getFolderList(parameter3);
                }
                jBossRenderRequest.setAttribute("folders", folderList5);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("currpath", parameter2);
                jBossRenderRequest.setAttribute("navpath", parameter3);
                jBossRenderRequest.setAttribute("type", parameter9);
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/confirmmove.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (Exception e8) {
                throw new PortletException(e8);
            }
        }
        if (CMSAdminConstants.OP_CONFIRMDELETE.equals(parameter)) {
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/confirmdelete.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_EDIT_BINARY.equals(parameter)) {
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            String parameter10 = jBossRenderRequest.getParameter("language");
            ParameterSanitizer.sanitizeFromPattern(parameter10, CHECK_FOR_XSS_PATTERN, "en");
            jBossRenderRequest.setAttribute("language", parameter10);
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/editbinary.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_CREATENEWTEXT.equals(parameter) || CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR.equals(parameter)) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(jBossRenderRequest.getScheme());
            stringBuffer.append("://");
            stringBuffer.append(jBossRenderRequest.getServerName());
            if ((jBossRenderRequest.getScheme().equals("http") && jBossRenderRequest.getServerPort() != 80) || (jBossRenderRequest.getScheme().equals("https") && jBossRenderRequest.getServerPort() != 443)) {
                stringBuffer.append(':');
                stringBuffer.append(jBossRenderRequest.getServerPort());
            }
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            jBossRenderRequest.setAttribute("document_base_url", stringBuffer.toString() + buildURL(jBossRenderRequest, SLASH));
            String parameter11 = jBossRenderRequest.getParameter("error:content");
            if (parameter11 != null) {
                jBossRenderRequest.setAttribute("error:content", parameter11);
            }
            String parameter12 = jBossRenderRequest.getParameter("error:description");
            if (parameter12 != null) {
                jBossRenderRequest.setAttribute("error:description", parameter12);
            }
            String parameter13 = jBossRenderRequest.getParameter("error:title");
            if (parameter13 != null) {
                jBossRenderRequest.setAttribute("error:title", parameter13);
            }
            String parameter14 = jBossRenderRequest.getParameter("error:language");
            if (parameter14 != null) {
                jBossRenderRequest.setAttribute("error:language", parameter14);
            }
            String parameter15 = jBossRenderRequest.getParameter("error:filename");
            if (parameter15 != null) {
                jBossRenderRequest.setAttribute("error:filename", parameter15);
            }
            String parameter16 = jBossRenderRequest.getParameter("error:message");
            if (parameter16 != null) {
                jBossRenderRequest.setAttribute("error:message", parameter16);
            }
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/create.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_EDIT.equals(parameter)) {
            String parameter17 = jBossRenderRequest.getParameter("language");
            ParameterSanitizer.sanitizeFromPattern(parameter17, CHECK_FOR_XSS_PATTERN, "en");
            String parameter18 = jBossRenderRequest.getParameter(CMSAdminConstants.OP_VERSION);
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append(jBossRenderRequest.getScheme());
            stringBuffer2.append("://");
            stringBuffer2.append(jBossRenderRequest.getServerName());
            if ((jBossRenderRequest.getScheme().equals("http") && jBossRenderRequest.getServerPort() != 80) || (jBossRenderRequest.getScheme().equals("https") && jBossRenderRequest.getServerPort() != 443)) {
                stringBuffer2.append(':');
                stringBuffer2.append(jBossRenderRequest.getServerPort());
            }
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            jBossRenderRequest.setAttribute("document_base_url", stringBuffer2.toString() + buildURL(jBossRenderRequest, SLASH));
            File file = (File) this.CMSService.execute(parameter18 != null ? this.CMSService.getCommandFactory().createFileGetCommand(parameter2, parameter18, new Locale(parameter17)) : this.CMSService.getCommandFactory().createFileGetCommand(parameter2, new Locale(parameter17)));
            jBossRenderRequest.setAttribute(CMSAdminConstants.OP_VERSION, file.getContent().getVersionNumber());
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            jBossRenderRequest.setAttribute("content", file.getContent().getContentAsString());
            jBossRenderRequest.setAttribute("language", parameter17);
            jBossRenderRequest.setAttribute("title", file.getContent().getTitle());
            jBossRenderRequest.setAttribute("description", file.getContent().getDescription());
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/edit.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_EXPORTARCHIVE.equals(parameter)) {
            try {
                List folderList6 = getFolderList(parameter3);
                if ((folderList6 == null || folderList6.isEmpty()) && parameter3 != null && !parameter3.equals(SLASH)) {
                    parameter3 = NodeUtil.getParentPath(parameter3);
                    folderList6 = getFolderList(parameter3);
                }
                jBossRenderRequest.setAttribute("folders", folderList6);
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("currpath", parameter2);
                jBossRenderRequest.setAttribute("navpath", parameter3);
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/exportarchive.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (Exception e9) {
                throw new PortletException(e9);
            }
        }
        if (CMSAdminConstants.OP_EXPORTARCHIVE_PICKUP.equals(parameter)) {
            String parameter19 = jBossRenderRequest.getParameter("filepath");
            ParameterSanitizer.sanitizeFromPattern(parameter19, CHECK_FOR_XSS_PATTERN, SLASH);
            jBossRenderResponse.setContentType("text/html");
            if (parameter19 != null) {
                jBossRenderRequest.getPortletSession().setAttribute("pickupfile", parameter19, 1);
                requestDispatcher = getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/exportarchive_pickup.jsp");
            } else {
                requestDispatcher = getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/exportarchive_pickup_error.jsp");
            }
            jBossRenderRequest.setAttribute("currpath", parameter2);
            requestDispatcher.include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_CONFIRMSECURE.equals(parameter)) {
            String parameter20 = jBossRenderRequest.getParameter("confirm");
            String parameter21 = jBossRenderRequest.getParameter("returnOp");
            try {
                Set findRoles = this.roleModule.findRoles();
                Set findUsers = this.userModule.findUsers(0, 1000);
                Set securityBindings = this.authorizationManager.getProvider().getSecurityBindings(this.authorizationManager.getProvider().getCriteriaURI("path", parameter2));
                Set processRolePermissions = processRolePermissions(securityBindings, "read");
                Set processUserPermissions = processUserPermissions(securityBindings, "read");
                Set processRolePermissions2 = processRolePermissions(securityBindings, "write");
                Set processUserPermissions2 = processUserPermissions(securityBindings, "write");
                Set processRolePermissions3 = processRolePermissions(securityBindings, "manage");
                Set processUserPermissions3 = processUserPermissions(securityBindings, "manage");
                jBossRenderResponse.setContentType("text/html");
                jBossRenderRequest.setAttribute("currpath", parameter2);
                jBossRenderRequest.setAttribute("roles", findRoles);
                jBossRenderRequest.setAttribute("users", findUsers);
                jBossRenderRequest.setAttribute("readRoleSet", processRolePermissions);
                jBossRenderRequest.setAttribute("readUserSet", processUserPermissions);
                jBossRenderRequest.setAttribute("writeRoleSet", processRolePermissions2);
                jBossRenderRequest.setAttribute("writeUserSet", processUserPermissions2);
                jBossRenderRequest.setAttribute("manageRoleSet", processRolePermissions3);
                jBossRenderRequest.setAttribute("manageUserSet", processUserPermissions3);
                jBossRenderRequest.setAttribute("returnOp", parameter21);
                if (parameter20 != null) {
                    jBossRenderRequest.setAttribute("confirm", parameter20);
                }
                getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/securenode.jsp").include(jBossRenderRequest, jBossRenderResponse);
                return;
            } catch (IdentityException e10) {
                throw new PortletException(e10);
            }
        }
        if (CMSAdminConstants.OP_VIEWPENDING.equals(parameter)) {
            if (!isWorkflowManagementAccessible(jBossRenderRequest)) {
                showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
                return;
            }
            if (getApprovePublish() != null) {
                try {
                    jBossRenderRequest.setAttribute("pendingQueue", getApprovePublish().getAllPendingInQueue());
                } catch (WorkflowException e11) {
                    jBossRenderRequest.setAttribute("pendingQueue", (Object) null);
                }
            }
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/pending_items.jsp").include(jBossRenderRequest, jBossRenderResponse);
            return;
        }
        if (CMSAdminConstants.OP_VIEWPENDINGPREVIEW.equals(parameter)) {
            String parameter22 = jBossRenderRequest.getParameter("pid");
            String parameter23 = jBossRenderRequest.getParameter("contentPath");
            if (!isWorkflowManagementAccessible(jBossRenderRequest)) {
                showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
                return;
            }
            if (!hasWriteAccess(jBossRenderRequest, parameter2)) {
                showAccessDeniedScreen(jBossRenderRequest, jBossRenderResponse);
                return;
            }
            if (getApprovePublish() != null) {
                try {
                    jBossRenderRequest.setAttribute("pendingQueue", getApprovePublish().getAllPendingInQueue());
                } catch (WorkflowException e12) {
                    jBossRenderRequest.setAttribute("pendingQueue", (Object) null);
                }
            }
            jBossRenderRequest.setAttribute("pendingPreviewContent", CMSWorkflowUtil.getPendingContent(Long.parseLong(parameter22), parameter23).getContentAsString());
            StringBuffer stringBuffer3 = new StringBuffer();
            stringBuffer3.append(jBossRenderRequest.getScheme());
            stringBuffer3.append("://");
            stringBuffer3.append(jBossRenderRequest.getServerName());
            if ((jBossRenderRequest.getScheme().equals("http") && jBossRenderRequest.getServerPort() != 80) || (jBossRenderRequest.getScheme().equals("https") && jBossRenderRequest.getServerPort() != 443)) {
                stringBuffer3.append(':');
                stringBuffer3.append(jBossRenderRequest.getServerPort());
            }
            jBossRenderResponse.setContentType("text/html");
            jBossRenderRequest.setAttribute("currpath", parameter2);
            jBossRenderRequest.setAttribute("document_base_url", stringBuffer3.toString() + buildURL(jBossRenderRequest, SLASH));
            getPortletContext().getRequestDispatcher("/WEB-INF/jsp/cms/admin/pending_items.jsp").include(jBossRenderRequest, jBossRenderResponse);
        }
    }

    public void processAction(JBossActionRequest jBossActionRequest, JBossActionResponse jBossActionResponse) throws PortletException {
        String parameter = jBossActionRequest.getParameter("op");
        if (parameter != null && CMSAdminConstants.OP_SECURE.equals(parameter) && !isSecurityConsoleAccessible(jBossActionRequest)) {
            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_CONFIRMSECURE);
            jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
            jBossActionResponse.setRenderParameter("confirm", "Access to the Security Console was Denied");
        } else {
            try {
                internalProcessAction(jBossActionRequest, jBossActionResponse);
            } catch (CMSException e) {
                if (e.toString().indexOf("Access to this resource is denied") == -1) {
                    throw new PortletException(e);
                }
                jBossActionResponse.setRenderParameter("accessDenied", "true");
            }
        }
    }

    private void internalProcessAction(JBossActionRequest jBossActionRequest, JBossActionResponse jBossActionResponse) throws CMSException, PortletException {
        String str;
        boolean z;
        String parameter = jBossActionRequest.getParameter("op");
        if (jBossActionRequest.getParameter("dispatch") != null) {
            jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
            jBossActionResponse.setRenderParameter("type", jBossActionRequest.getParameter("type"));
            jBossActionResponse.setRenderParameter("op", parameter);
            return;
        }
        if (CMSAdminConstants.OP_CREATE_COLLECTION.equals(parameter)) {
            String parameter2 = jBossActionRequest.getParameter("destination");
            String parameter3 = jBossActionRequest.getParameter("newcollectionname");
            String parameter4 = jBossActionRequest.getParameter("newcollectiondescription");
            if ("".equals(parameter2) || "".equals(parameter3)) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_CONFIRM_CREATE_COLLECTION_VALIDATION_ERROR);
                jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("destination"));
                jBossActionResponse.setRenderParameter("error:message", CMSAdminConstants.CMS_FOLDERNAME_INVALID);
                jBossActionResponse.setRenderParameter("error:newcollectionname", jBossActionRequest.getParameter("newcollectionname"));
                jBossActionResponse.setRenderParameter("error:newcollectiondescription", jBossActionRequest.getParameter("newcollectiondescription"));
                return;
            }
            String cleanDoubleSlashes = FileUtil.cleanDoubleSlashes(parameter2 + SLASH + parameter3);
            FolderImpl folderImpl = new FolderImpl();
            folderImpl.setCreationDate(new Date());
            folderImpl.setDescription(parameter4);
            folderImpl.setTitle(parameter3);
            folderImpl.setLastModified(new Date());
            folderImpl.setName(parameter3);
            folderImpl.setBasePath(cleanDoubleSlashes);
            try {
                this.CMSService.execute(this.CMSService.getCommandFactory().createFolderSaveCommand(folderImpl));
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
                jBossActionResponse.setRenderParameter("path", cleanDoubleSlashes);
                return;
            } catch (CMSException e) {
                if (!e.hasPathFormatFailure()) {
                    throw e;
                }
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_CONFIRM_CREATE_COLLECTION_VALIDATION_ERROR);
                jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("destination"));
                jBossActionResponse.setRenderParameter("error:message", CMSAdminConstants.CMS_FOLDERNAME_INVALID);
                jBossActionResponse.setRenderParameter("error:newcollectionname", jBossActionRequest.getParameter("newcollectionname"));
                jBossActionResponse.setRenderParameter("error:newcollectiondescription", jBossActionRequest.getParameter("newcollectiondescription"));
                return;
            }
        }
        if (CMSAdminConstants.OP_UPLOADCONTENT.equals(parameter)) {
            try {
                String str2 = "";
                String str3 = "";
                String str4 = "";
                String str5 = "";
                for (FileItem fileItem : new PortletFileUpload(new DiskFileItemFactory()).parseRequest(jBossActionRequest)) {
                    if (fileItem.isFormField()) {
                        String fieldName = fileItem.getFieldName();
                        String sanitizeFromPattern = ParameterSanitizer.sanitizeFromPattern(fileItem.getString(jBossActionRequest.getCharacterEncoding()), CHECK_FOR_XSS_PATTERN, "");
                        if ("destination".equals(fieldName)) {
                            str2 = sanitizeFromPattern;
                        } else if ("description".equals(fieldName)) {
                            str3 = sanitizeFromPattern;
                        } else if ("title".equals(fieldName)) {
                            str4 = sanitizeFromPattern;
                        } else if ("language".equals(fieldName)) {
                            str5 = sanitizeFromPattern;
                        }
                    } else {
                        String sanitizeFromPattern2 = ParameterSanitizer.sanitizeFromPattern(fileItem.getName(), CHECK_FOR_XSS_PATTERN, "");
                        if ("".equals(sanitizeFromPattern2)) {
                            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_UPLOADCONFIRM);
                            jBossActionResponse.setRenderParameter("path", str2);
                            return;
                        }
                        int lastIndexOf = sanitizeFromPattern2.lastIndexOf("\\");
                        String substring = lastIndexOf > -1 ? sanitizeFromPattern2.substring(lastIndexOf + 1) : sanitizeFromPattern2.substring(sanitizeFromPattern2.lastIndexOf(SLASH) + 1);
                        FileImpl fileImpl = new FileImpl();
                        ContentImpl contentImpl = new ContentImpl();
                        String substring2 = substring.substring(substring.lastIndexOf(".") + 1, substring.length());
                        CMSMimeMappings cMSMimeMappings = new CMSMimeMappings();
                        if (cMSMimeMappings.getMimeType(substring2) != null) {
                            contentImpl.setMimeType(cMSMimeMappings.getMimeType(substring2));
                        } else {
                            contentImpl.setMimeType("application/octet-stream");
                        }
                        String cleanDoubleSlashes2 = FileUtil.cleanDoubleSlashes(str2 + SLASH + substring);
                        fileImpl.setBasePath(cleanDoubleSlashes2);
                        contentImpl.setTitle(str4);
                        contentImpl.setDescription(str3);
                        contentImpl.setBasePath(cleanDoubleSlashes2 + SLASH + new Locale(str5));
                        contentImpl.setBytes(fileItem.get());
                        fileImpl.setContent(new Locale(str5), contentImpl);
                        if (((Boolean) this.CMSService.execute(this.CMSService.getCommandFactory().createItemExistsCommand(contentImpl.getBasePath()))).booleanValue()) {
                            this.CMSService.execute(this.CMSService.getCommandFactory().createUpdateFileCommand(fileImpl, contentImpl, true));
                        } else {
                            this.CMSService.execute(this.CMSService.getCommandFactory().createNewFileCommand(fileImpl, contentImpl));
                        }
                        jBossActionResponse.setRenderParameter("path", cleanDoubleSlashes2);
                    }
                }
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
                return;
            } catch (Exception e2) {
                throw new PortletException(e2);
            }
        }
        if (CMSAdminConstants.OP_DOSEARCH.equals(parameter)) {
            jBossActionResponse.setRenderParameter("search", jBossActionRequest.getParameter("search"));
            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWSEARCHRESULTS);
            return;
        }
        if (CMSAdminConstants.OP_UPLOADARCHIVE.equals(parameter)) {
            try {
                String str6 = "";
                String str7 = "";
                for (FileItem fileItem2 : new PortletFileUpload(new DiskFileItemFactory()).parseRequest(jBossActionRequest)) {
                    if (fileItem2.isFormField()) {
                        String fieldName2 = fileItem2.getFieldName();
                        if ("destination".equals(fieldName2)) {
                            str6 = fileItem2.getString(jBossActionRequest.getCharacterEncoding());
                        } else if ("language".equals(fieldName2)) {
                            str7 = fileItem2.getString(jBossActionRequest.getCharacterEncoding());
                        }
                    } else {
                        Command createAsyncStoreArchiveCommand = this.CMSService.getCommandFactory().createAsyncStoreArchiveCommand(str6, fileItem2.get(), str7);
                        ArrayList arrayList = new ArrayList();
                        try {
                            this.CMSService.execute(createAsyncStoreArchiveCommand);
                            arrayList.add(this.resources.getObject("CMS_MSG_UPLOADARCHIVE_ASYNC"));
                        } catch (CMSException e3) {
                            String messageKey = e3.getMessageKey();
                            if (messageKey != null && messageKey.trim().length() > 0) {
                                arrayList.add(this.resources.getObject(messageKey));
                            }
                        }
                        jBossActionRequest.getPortletSession().setAttribute("messages", arrayList);
                        jBossActionResponse.setRenderParameter("path", FileUtil.cleanDoubleSlashes(str6));
                    }
                }
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
                return;
            } catch (Exception e4) {
                throw new PortletException("CMS_ERROR_UPLOADARCHIVE_ASYNC");
            }
        }
        if (CMSAdminConstants.OP_COPY.equals(parameter)) {
            String parameter5 = jBossActionRequest.getParameter("destination");
            String parameter6 = jBossActionRequest.getParameter("source");
            String parameter7 = jBossActionRequest.getParameter("type");
            if ("".equals(parameter5) || "".equals(parameter6) || "".equals(parameter7)) {
                return;
            }
            String cleanDoubleSlashes3 = FileUtil.cleanDoubleSlashes(parameter5 + SLASH + parameter6.substring(parameter6.lastIndexOf(SLASH) + 1, parameter6.length()));
            if (((Boolean) this.CMSService.execute(this.CMSService.getCommandFactory().createItemExistsCommand(cleanDoubleSlashes3))).booleanValue()) {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
                jBossActionRequest.getPortletSession().setAttribute("messages", arrayList2);
                try {
                    jBossActionResponse.setRenderParameter("path", NodeUtil.getParentPath(parameter6));
                    return;
                } catch (Exception e5) {
                    return;
                }
            }
            this.CMSService.execute(this.CMSService.getCommandFactory().createCopyCommand(parameter6, cleanDoubleSlashes3));
            if ("fo".equalsIgnoreCase(parameter7)) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
            } else if ("fi".equalsIgnoreCase(parameter7)) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
            }
            jBossActionResponse.setRenderParameter("path", cleanDoubleSlashes3);
            return;
        }
        if (CMSAdminConstants.OP_MOVE.equals(parameter)) {
            String parameter8 = jBossActionRequest.getParameter("destination");
            String parameter9 = jBossActionRequest.getParameter("source");
            String parameter10 = jBossActionRequest.getParameter("type");
            if (parameter8.startsWith(parameter9)) {
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(this.resources.getObject("CMS_CANT_MOVE_SAME_DESTINATION"));
                jBossActionRequest.getPortletSession().setAttribute("messages", arrayList3);
                try {
                    jBossActionResponse.setRenderParameter("path", NodeUtil.getParentPath(parameter9));
                    return;
                } catch (Exception e6) {
                    return;
                }
            }
            if ("".equals(parameter8) || "".equals(parameter9) || "".equals(parameter10)) {
                return;
            }
            String cleanDoubleSlashes4 = FileUtil.cleanDoubleSlashes(parameter8 + SLASH + parameter9.substring(parameter9.lastIndexOf(SLASH) + 1, parameter9.length()));
            if (((Boolean) this.CMSService.execute(this.CMSService.getCommandFactory().createItemExistsCommand(cleanDoubleSlashes4))).booleanValue()) {
                ArrayList arrayList4 = new ArrayList();
                arrayList4.add(this.resources.getObject("CMS_MSG_DESTINATION_ALREADY_EXISTS"));
                jBossActionRequest.getPortletSession().setAttribute("messages", arrayList4);
                try {
                    jBossActionResponse.setRenderParameter("path", NodeUtil.getParentPath(parameter9));
                    return;
                } catch (Exception e7) {
                    return;
                }
            }
            this.CMSService.execute(this.CMSService.getCommandFactory().createMoveCommand(parameter9, cleanDoubleSlashes4));
            if ("fo".equalsIgnoreCase(parameter10)) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
            } else if ("fi".equalsIgnoreCase(parameter10)) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
            }
            jBossActionResponse.setRenderParameter("path", cleanDoubleSlashes4);
            return;
        }
        if (CMSAdminConstants.OP_DELETE.equals(parameter)) {
            String parameter11 = jBossActionRequest.getParameter("path");
            if (!"".equals(parameter11)) {
                this.CMSService.execute(this.CMSService.getCommandFactory().createDeleteCommand(parameter11));
                try {
                    jBossActionResponse.setRenderParameter("path", NodeUtil.getParentPath(parameter11));
                } catch (Exception e8) {
                }
            }
            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
            return;
        }
        if (CMSAdminConstants.OP_EDIT_BINARY.equals(parameter)) {
            try {
                String str8 = "";
                String str9 = "";
                String str10 = "";
                String str11 = "";
                String str12 = "";
                for (FileItem fileItem3 : new PortletFileUpload(new DiskFileItemFactory()).parseRequest(jBossActionRequest)) {
                    if (fileItem3.isFormField()) {
                        String fieldName3 = fileItem3.getFieldName();
                        if ("destination".equals(fieldName3)) {
                            str8 = fileItem3.getString(jBossActionRequest.getCharacterEncoding());
                        } else if ("description".equals(fieldName3)) {
                            str9 = fileItem3.getString(jBossActionRequest.getCharacterEncoding());
                        } else if (CMSAdminConstants.OP_MAKELIVE.equals(fieldName3)) {
                            str12 = fileItem3.getString(jBossActionRequest.getCharacterEncoding());
                        } else if ("title".equals(fieldName3)) {
                            str10 = fileItem3.getString(jBossActionRequest.getCharacterEncoding());
                        } else if ("language".equals(fieldName3)) {
                            str11 = fileItem3.getString(jBossActionRequest.getCharacterEncoding());
                        }
                    } else {
                        String name = fileItem3.getName();
                        int lastIndexOf2 = name.lastIndexOf("\\");
                        String substring3 = lastIndexOf2 > -1 ? name.substring(lastIndexOf2 + 1) : name.substring(name.lastIndexOf(SLASH) + 1);
                        FileImpl fileImpl2 = new FileImpl();
                        String cleanDoubleSlashes5 = FileUtil.cleanDoubleSlashes(str8);
                        fileImpl2.setBasePath(cleanDoubleSlashes5);
                        ContentImpl contentImpl2 = new ContentImpl();
                        String substring4 = substring3.substring(substring3.lastIndexOf(".") + 1, substring3.length());
                        CMSMimeMappings cMSMimeMappings2 = new CMSMimeMappings();
                        if (cMSMimeMappings2.getMimeType(substring4) != null) {
                            contentImpl2.setMimeType(cMSMimeMappings2.getMimeType(substring4));
                        } else {
                            contentImpl2.setMimeType("");
                        }
                        contentImpl2.setTitle(str10);
                        contentImpl2.setDescription(str9);
                        contentImpl2.setBasePath(cleanDoubleSlashes5 + SLASH + str11);
                        contentImpl2.setBytes(fileItem3.get());
                        fileImpl2.setContent(new Locale(str11), contentImpl2);
                        this.CMSService.execute(this.CMSService.getCommandFactory().createUpdateFileCommand(fileImpl2, contentImpl2, "on".equalsIgnoreCase(str12)));
                        jBossActionResponse.setRenderParameter("path", cleanDoubleSlashes5);
                    }
                }
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
                return;
            } catch (Exception e9) {
                throw new PortletException(e9);
            }
        }
        if (CMSAdminConstants.OP_SAVENEWTEXT.equals(parameter)) {
            String parameter12 = jBossActionRequest.getParameter("filename");
            String parameter13 = jBossActionRequest.getParameter("savetopath");
            String parameter14 = jBossActionRequest.getParameter("title");
            String parameter15 = jBossActionRequest.getParameter("description");
            String parameter16 = jBossActionRequest.getParameter("language");
            if (parameter12 == null || parameter12.trim().length() == 0) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR);
                jBossActionResponse.setRenderParameter("path", parameter13);
                jBossActionResponse.setRenderParameter("error:content", jBossActionRequest.getParameter("elm1"));
                jBossActionResponse.setRenderParameter("error:description", jBossActionRequest.getParameter("description"));
                jBossActionResponse.setRenderParameter("error:title", jBossActionRequest.getParameter("title"));
                jBossActionResponse.setRenderParameter("error:language", jBossActionRequest.getParameter("language"));
                return;
            }
            if (!"".equals(parameter12) && !"".equals(parameter13)) {
                String parameter17 = jBossActionRequest.getParameter("elm1");
                String cleanDoubleSlashes6 = FileUtil.cleanDoubleSlashes(parameter13 + SLASH + parameter12);
                FileImpl fileImpl3 = new FileImpl();
                ContentImpl contentImpl3 = new ContentImpl();
                String substring5 = parameter12.substring(parameter12.lastIndexOf(".") + 1, parameter12.length());
                CMSMimeMappings cMSMimeMappings3 = new CMSMimeMappings();
                if (cMSMimeMappings3.getMimeType(substring5) != null) {
                    contentImpl3.setMimeType(cMSMimeMappings3.getMimeType(substring5));
                } else {
                    contentImpl3.setMimeType("text/plain");
                }
                String cleanDoubleSlashes7 = FileUtil.cleanDoubleSlashes(cleanDoubleSlashes6);
                fileImpl3.setBasePath(cleanDoubleSlashes7);
                contentImpl3.setTitle(parameter14);
                contentImpl3.setDescription(parameter15);
                contentImpl3.setBasePath(cleanDoubleSlashes7 + SLASH + new Locale(parameter16));
                contentImpl3.setBytes(parameter17.getBytes());
                fileImpl3.setContent(new Locale(parameter16), contentImpl3);
                Command createItemExistsCommand = this.CMSService.getCommandFactory().createItemExistsCommand(contentImpl3.getBasePath());
                try {
                    if (!CHECK_FOR_XSS_PATTERN.matcher(contentImpl3.getBasePath()).matches()) {
                        throw new CMSException(contentImpl3.getBasePath() + " is not a legal path element");
                    }
                    if (((Boolean) this.CMSService.execute(createItemExistsCommand)).booleanValue()) {
                        this.CMSService.execute(this.CMSService.getCommandFactory().createUpdateFileCommand(fileImpl3, contentImpl3, true));
                    } else {
                        this.CMSService.execute(this.CMSService.getCommandFactory().createNewFileCommand(fileImpl3, contentImpl3));
                    }
                    jBossActionResponse.setRenderParameter("path", cleanDoubleSlashes6);
                } catch (CMSException e10) {
                    if (!e10.hasPathFormatFailure()) {
                        throw e10;
                    }
                    jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_CREATEFILE_VALIDATION_ERROR);
                    jBossActionResponse.setRenderParameter("path", parameter13);
                    jBossActionResponse.setRenderParameter("error:message", CMSAdminConstants.CMS_FILENAME_INVALID);
                    jBossActionResponse.setRenderParameter("error:filename", jBossActionRequest.getParameter("filename"));
                    jBossActionResponse.setRenderParameter("error:content", jBossActionRequest.getParameter("elm1"));
                    jBossActionResponse.setRenderParameter("error:description", jBossActionRequest.getParameter("description"));
                    jBossActionResponse.setRenderParameter("error:title", jBossActionRequest.getParameter("title"));
                    jBossActionResponse.setRenderParameter("error:language", jBossActionRequest.getParameter("language"));
                    return;
                }
            }
            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
            return;
        }
        if (CMSAdminConstants.OP_SAVETEXT.equals(parameter)) {
            String parameter18 = jBossActionRequest.getParameter("savetopath");
            String parameter19 = jBossActionRequest.getParameter("title");
            String parameter20 = jBossActionRequest.getParameter("description");
            String parameter21 = jBossActionRequest.getParameter("language");
            String str13 = jBossActionRequest.getParameterValues(CMSAdminConstants.OP_MAKELIVE) != null ? "on" : "off";
            if (!"".equals(parameter18) && CHECK_FOR_XSS_PATTERN.matcher(parameter18).matches()) {
                String parameter22 = jBossActionRequest.getParameter("elm1");
                FileImpl fileImpl4 = new FileImpl();
                ContentImpl contentImpl4 = new ContentImpl();
                String substring6 = parameter18.substring(parameter18.lastIndexOf(".") + 1, parameter18.length());
                CMSMimeMappings cMSMimeMappings4 = new CMSMimeMappings();
                if (cMSMimeMappings4.getMimeType(substring6) != null) {
                    contentImpl4.setMimeType(cMSMimeMappings4.getMimeType(substring6));
                } else {
                    contentImpl4.setMimeType("text/plain");
                }
                fileImpl4.setBasePath(parameter18);
                contentImpl4.setTitle(parameter19);
                contentImpl4.setDescription(parameter20);
                contentImpl4.setBasePath(parameter18 + SLASH + new Locale(parameter21).getLanguage());
                contentImpl4.setBytes(parameter22.getBytes());
                fileImpl4.setContent(new Locale(parameter21), contentImpl4);
                boolean z2 = "on".equalsIgnoreCase(str13);
                if (((Boolean) this.CMSService.execute(this.CMSService.getCommandFactory().createItemExistsCommand(contentImpl4.getBasePath()))).booleanValue()) {
                    this.CMSService.execute(this.CMSService.getCommandFactory().createUpdateFileCommand(fileImpl4, contentImpl4, z2));
                } else {
                    this.CMSService.execute(this.CMSService.getCommandFactory().createNewFileCommand(fileImpl4, contentImpl4));
                }
                jBossActionResponse.setRenderParameter("path", parameter18);
            }
            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
            return;
        }
        if (CMSAdminConstants.OP_EXPORTARCHIVE.equals(parameter)) {
            String parameter23 = jBossActionRequest.getParameter("destination");
            String parameter24 = jBossActionRequest.getParameter("language");
            if (parameter23 != null) {
                java.io.File file = (java.io.File) this.CMSService.execute(this.CMSService.getCommandFactory().createGetArchiveCommand(parameter23, parameter24));
                jBossActionResponse.setRenderParameter("path", parameter23);
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_EXPORTARCHIVE_PICKUP);
                if (file != null) {
                    try {
                        jBossActionResponse.setRenderParameter("filepath", file.getCanonicalPath());
                    } catch (IOException e11) {
                        e11.printStackTrace();
                        return;
                    }
                }
                return;
            }
            return;
        }
        if (CMSAdminConstants.OP_SECURE.equals(parameter)) {
            try {
                storePermissions(jBossActionRequest);
                z = true;
            } catch (Exception e12) {
                jBossActionResponse.setRenderParameter("confirm", "An error occurred while setting the permissions.(" + e12.toString() + ")");
                z = false;
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_CONFIRMSECURE);
            }
            if (z) {
                jBossActionResponse.setRenderParameter("confirm", "Security settings updated successfully.");
                jBossActionResponse.setRenderParameter("op", jBossActionRequest.getParameter("returnOp"));
            }
            jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
            jBossActionResponse.setRenderParameter("returnOp", jBossActionRequest.getParameter("returnOp"));
            return;
        }
        if (CMSAdminConstants.OP_APPROVE.equals(parameter)) {
            if (!hasWriteAccess(jBossActionRequest, jBossActionRequest.getParameter("path"))) {
                throw new CMSException("Access to this resource is denied");
            }
            try {
                getApprovePublish().processManagerResponse(Long.parseLong(jBossActionRequest.getParameter("pid")), jBossActionRequest.getUser().getUserName(), true);
                jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
                return;
            } catch (Exception e13) {
                jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
                jBossActionResponse.setRenderParameter("exception", e13.getMessage());
                String parameter25 = jBossActionRequest.getParameter("from");
                if (parameter25 == null || parameter25.trim().length() == 0) {
                    jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWPENDING);
                    return;
                } else {
                    jBossActionResponse.setRenderParameter("op", parameter25);
                    return;
                }
            }
        }
        if (CMSAdminConstants.OP_DENY.equals(parameter)) {
            if (!hasWriteAccess(jBossActionRequest, jBossActionRequest.getParameter("path"))) {
                throw new CMSException("Access to this resource is denied");
            }
            try {
                getApprovePublish().processManagerResponse(Long.parseLong(jBossActionRequest.getParameter("pid")), jBossActionRequest.getUser().getUserName(), false);
                String parameter26 = jBossActionRequest.getParameter("path");
                try {
                    str = NodeUtil.getParentPath(parameter26);
                } catch (Exception e14) {
                    str = SLASH;
                }
                if (((Boolean) this.CMSService.execute(this.CMSService.getCommandFactory().createItemExistsCommand(parameter26))).booleanValue()) {
                    jBossActionResponse.setRenderParameter("path", parameter26);
                    jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
                    return;
                } else {
                    jBossActionResponse.setRenderParameter("path", str);
                    jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_MAIN);
                    return;
                }
            } catch (Exception e15) {
                jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
                jBossActionResponse.setRenderParameter("exception", e15.getMessage());
                String parameter27 = jBossActionRequest.getParameter("from");
                if (parameter27 == null || parameter27.trim().length() == 0) {
                    jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWPENDING);
                    return;
                } else {
                    jBossActionResponse.setRenderParameter("op", parameter27);
                    return;
                }
            }
        }
        if (!CMSAdminConstants.OP_MODIFYANDAPPROVE.equals(parameter)) {
            if (CMSAdminConstants.OP_MAKELIVE.equals(parameter)) {
                String parameter28 = jBossActionRequest.getParameter("path");
                this.CMSService.execute(this.CMSService.getCommandFactory().createMakeLiveVersionCommand(parameter28, jBossActionRequest.getParameter("language"), jBossActionRequest.getParameter(CMSAdminConstants.OP_VERSION)));
                jBossActionResponse.setRenderParameter("path", parameter28);
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
                return;
            }
            return;
        }
        if (!hasWriteAccess(jBossActionRequest, jBossActionRequest.getParameter("path"))) {
            throw new CMSException("Access to this resource is denied");
        }
        String parameter29 = jBossActionRequest.getParameter("elm1");
        String parameter30 = jBossActionRequest.getParameter("pid");
        String parameter31 = jBossActionRequest.getParameter("path");
        try {
            getApprovePublish().processManagerResponse(Long.parseLong(parameter30), jBossActionRequest.getUser().getUserName(), parameter29);
            jBossActionResponse.setRenderParameter("path", parameter31);
            jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWFILE);
        } catch (Exception e16) {
            jBossActionResponse.setRenderParameter("path", jBossActionRequest.getParameter("path"));
            jBossActionResponse.setRenderParameter("exception", e16.getMessage());
            String parameter32 = jBossActionRequest.getParameter("from");
            if (parameter32 == null || parameter32.trim().length() == 0) {
                jBossActionResponse.setRenderParameter("op", CMSAdminConstants.OP_VIEWPENDING);
            } else {
                jBossActionResponse.setRenderParameter("op", parameter32);
            }
        }
    }

    private List getFolderList(String str) throws CMSException {
        if (str == null) {
            str = SLASH;
        }
        return ((Folder) this.CMSService.execute(this.CMSService.getCommandFactory().createFolderGetListCommand(str))).getFolders();
    }

    public String buildURL(JBossRenderRequest jBossRenderRequest, String str) {
        return jBossRenderRequest.getControllerContext().renderURL(new StreamContentCommand(str), NON_SECURE_NON_AUTH_URL_CONTEXT, RELATIVE_SERVLET_ENCODED_URL_FORMAT);
    }

    private void storePermissions(JBossActionRequest jBossActionRequest) throws Exception {
        String parameter = jBossActionRequest.getParameter("path");
        String[] parameterValues = jBossActionRequest.getParameterValues("secureroles:read");
        String[] parameterValues2 = jBossActionRequest.getParameterValues("secureusers:read");
        String[] parameterValues3 = jBossActionRequest.getParameterValues("secureroles:write");
        String[] parameterValues4 = jBossActionRequest.getParameterValues("secureusers:write");
        String[] parameterValues5 = jBossActionRequest.getParameterValues("secureroles:manage");
        String[] parameterValues6 = jBossActionRequest.getParameterValues("secureusers:manage");
        if ((parameterValues == null || parameterValues.length == 0) && ((parameterValues2 == null || parameterValues2.length == 0) && ((parameterValues3 == null || parameterValues3.length == 0) && ((parameterValues4 == null || parameterValues4.length == 0) && ((parameterValues5 == null || parameterValues5.length == 0) && (parameterValues6 == null || parameterValues6.length == 0)))))) {
            this.authorizationManager.getProvider().removeSecurityBindings(this.authorizationManager.getProvider().getCriteriaURI("path", parameter));
            return;
        }
        this.authorizationManager.getProvider().removeSecurityBindings(this.authorizationManager.getProvider().getCriteriaURI("path", parameter));
        storePermission("read", parameter, parameterValues, parameterValues2);
        storePermission("write", parameter, parameterValues3, parameterValues4);
        storePermission("manage", parameter, parameterValues5, parameterValues6);
    }

    private void storePermission(String str, String str2, String[] strArr, String[] strArr2) throws Exception {
        Permission permission = new Permission("cms", str);
        permission.addCriteria(new Criteria("path", str2));
        HashSet hashSet = null;
        if (strArr != null && strArr.length > 0) {
            hashSet = new HashSet();
            for (String str3 : strArr) {
                hashSet.add(!str3.equals("Anonymous") ? this.roleModule.findRoleByName(str3) : new AnonymousRole());
            }
        }
        HashSet hashSet2 = null;
        if (strArr2 != null && strArr2.length > 0) {
            hashSet2 = new HashSet();
            for (String str4 : strArr2) {
                hashSet2.add(this.userModule.findUserByUserName(str4));
            }
        }
        permission.setRoles(hashSet);
        permission.setUsers(hashSet2);
        HashSet hashSet3 = new HashSet();
        hashSet3.add(permission);
        this.authorizationManager.getProvider().setSecurityBindings((String) null, hashSet3);
    }

    private Set processRolePermissions(Collection collection, String str) {
        HashSet hashSet = new HashSet();
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Permission permission = (Permission) it.next();
                if (permission.getService().equals("cms") && permission.getAction().equals(str)) {
                    hashSet.addAll(permission.getRoleAssocIds());
                }
            }
        }
        return hashSet;
    }

    private Set processUserPermissions(Collection collection, String str) {
        HashSet hashSet = new HashSet();
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Permission permission = (Permission) it.next();
                if (permission.getService().equals("cms") && permission.getAction().equals(str)) {
                    hashSet.addAll(permission.getUserAssocIds());
                }
            }
        }
        return hashSet;
    }

    private boolean isPortletAccessible(PortletRequest portletRequest) {
        try {
            boolean z = false;
            if (portletRequest.getUserPrincipal() == null) {
                Set<Permission> securityBindings = this.authorizationManager.getProvider().getSecurityBindings(this.authorizationManager.getProvider().getRoleURI("Anonymous"));
                if (securityBindings != null) {
                    for (Permission permission : securityBindings) {
                        if (permission.getService().equals("cms") && (permission.getAction().equals("write") || permission.getAction().equals("manage"))) {
                            z = true;
                        }
                    }
                }
            } else {
                if (portletRequest.getUserPrincipal().getName().equals(this.authorizationManager.getProvider().getRoot().getUserName())) {
                    return true;
                }
                Set<Permission> securityBindings2 = this.authorizationManager.getProvider().getSecurityBindings(this.authorizationManager.getProvider().getUserURI(this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName()).getUserName()));
                if (securityBindings2 != null) {
                    for (Permission permission2 : securityBindings2) {
                        if (permission2.getService().equals("cms") && (permission2.getAction().equals("write") || permission2.getAction().equals("manage"))) {
                            z = true;
                        }
                    }
                }
            }
            return z;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean isSecurityConsoleAccessible(PortletRequest portletRequest) {
        try {
            boolean z = false;
            if (portletRequest.getUserPrincipal() != null) {
                User findUserByUserName = this.userModule.findUserByUserName(portletRequest.getUserPrincipal().getName());
                Set roles = this.membershipModule.getRoles(findUserByUserName);
                String defaultAdminRole = this.authorizationManager.getProvider().getDefaultAdminRole();
                User root = this.authorizationManager.getProvider().getRoot();
                if (roles != null) {
                    Iterator it = roles.iterator();
                    while (it.hasNext()) {
                        if (((Role) it.next()).getName().equalsIgnoreCase(defaultAdminRole) || findUserByUserName.getUserName().equals(root.getUserName())) {
                            z = true;
                            break;
                        }
                    }
                }
            }
            return z;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean isWorkflowManagementAccessible(JBossRenderRequest jBossRenderRequest) {
        try {
            PortalCMSSecurityContext portalCMSSecurityContext = new PortalCMSSecurityContext(this.userModule.findUserById(jBossRenderRequest.getUser().getId()));
            portalCMSSecurityContext.setAttribute("manageWorkflow", "true");
            portalCMSSecurityContext.setAttribute("approvePublish", getApprovePublish());
            return this.authorizationManager.checkPermission(new CMSPermission(portalCMSSecurityContext));
        } catch (Exception e) {
            return false;
        }
    }

    private void initializeApprovePublishWorkflow() {
        try {
            setApprovePublish((ApprovePublish) new InitialContext().lookup("java:portal/ApprovePublishWorkflow"));
        } catch (Exception e) {
            setApprovePublish(null);
        }
    }

    public ApprovePublish getApprovePublish() {
        if (this.approvePublish == null) {
            initializeApprovePublishWorkflow();
        }
        return this.approvePublish;
    }

    public void setApprovePublish(ApprovePublish approvePublish) {
        this.approvePublish = approvePublish;
    }

    private void initializeAuthorizationManager() {
        try {
            this.authorizationManager = (AuthorizationManager) new InitialContext().lookup("java:portal/cms/AuthorizationManager");
        } catch (Exception e) {
            setApprovePublish(null);
        }
    }

    private void filterResourceBySecurity(List list, PortalCMSSecurityContext portalCMSSecurityContext) {
    }

    private boolean hasWriteAccess(PortletRequest portletRequest, String str) {
        User user = null;
        if (portletRequest instanceof JBossRenderRequest) {
            user = ((JBossRenderRequest) portletRequest).getUser();
        } else if (portletRequest instanceof JBossActionRequest) {
            user = ((JBossActionRequest) portletRequest).getUser();
        }
        try {
            PortalCMSSecurityContext portalCMSSecurityContext = new PortalCMSSecurityContext(this.userModule.findUserById(user.getId()));
            FileImpl fileImpl = new FileImpl();
            fileImpl.setBasePath(str);
            portalCMSSecurityContext.setAttribute("command", this.CMSService.getCommandFactory().createFileUpdateCommand(fileImpl));
            return this.authorizationManager.checkPermission(new CMSPermission(portalCMSSecurityContext));
        } catch (Exception e) {
            return false;
        }
    }
}
