package org.apache.jetspeed.layout.impl;

import groovy.util.FactoryBuilderSupport;
import java.io.ByteArrayInputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.jetspeed.JetspeedActions;
import org.apache.jetspeed.ajax.AJAXException;
import org.apache.jetspeed.ajax.AjaxAction;
import org.apache.jetspeed.ajax.AjaxBuilder;
import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
import org.apache.jetspeed.om.common.SecurityConstraint;
import org.apache.jetspeed.om.page.PageSecurity;
import org.apache.jetspeed.om.page.SecurityConstraintsDef;
import org.apache.jetspeed.page.PageManager;
import org.apache.jetspeed.request.RequestContext;
import org.apache.portals.bridges.frameworks.ForwardConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-portal-2.2.1.jar:org/apache/jetspeed/layout/impl/SecurityConstraintsAction.class */
public class SecurityConstraintsAction extends BasePortletAction implements AjaxAction, AjaxBuilder, Constants {
    protected static final Logger log = LoggerFactory.getLogger(SecurityConstraintsAction.class);

    public SecurityConstraintsAction(String str, String str2, PageManager pageManager, PortletActionSecurityBehavior portletActionSecurityBehavior) {
        super(str, str2, pageManager, portletActionSecurityBehavior);
    }

    public SecurityConstraintsAction(String str, String str2, PageManager pageManager) {
        this(str, str2, pageManager, null);
    }

    @Override // org.apache.jetspeed.ajax.AjaxAction
    public boolean run(RequestContext requestContext, Map map) throws AJAXException {
        String actionParameter;
        int updateConstraintDefinition;
        System.out.println("SecurityConstraintsAction run");
        boolean z = true;
        try {
            map.put("action", "constraints");
            actionParameter = getActionParameter(requestContext, "method");
        } catch (Exception e) {
            System.out.println("SecurityConstraintsAction run failure caused by " + e.getClass().getName() + " " + e.getMessage());
            e.printStackTrace();
            log.error("exception administering portal permissions", (Throwable) e);
            map.put(Constants.REASON, e.toString());
            z = false;
        }
        if (actionParameter == null) {
            throw new RuntimeException("Method not provided");
        }
        map.put("method", actionParameter);
        if (false == checkAccess(requestContext, JetspeedActions.EDIT)) {
            map.put(Constants.REASON, "Insufficient access to administer portal permissions");
            return false;
        }
        if (actionParameter.equals("add-def") || actionParameter.equals("update-def")) {
            updateConstraintDefinition = updateConstraintDefinition(requestContext, map);
        } else if (actionParameter.equals("remove-def")) {
            updateConstraintDefinition = removeConstraintDefinition(requestContext, map);
        } else if (actionParameter.equals("add-global")) {
            updateConstraintDefinition = addGlobal(requestContext, map);
        } else {
            if (!actionParameter.equals("remove-global")) {
                map.put(Constants.REASON, "Unsupported portal constraints method: " + actionParameter);
                return false;
            }
            updateConstraintDefinition = removeGlobal(requestContext, map);
        }
        map.put("count", Integer.toString(updateConstraintDefinition));
        map.put("status", ForwardConstants.SUCCESS);
        System.out.println("SecurityConstraintsAction complete " + map.toString());
        return z;
    }

    protected int removeConstraintDefinition(RequestContext requestContext, Map map) throws AJAXException {
        String actionParameter = getActionParameter(requestContext, "name");
        if (actionParameter == null) {
            throw new AJAXException("Missing 'name' parameter");
        }
        try {
            PageSecurity pageSecurity = this.pageManager.getPageSecurity();
            SecurityConstraintsDef securityConstraintsDef = pageSecurity.getSecurityConstraintsDef(actionParameter);
            if (securityConstraintsDef == null) {
                return 0;
            }
            List securityConstraintsDefs = pageSecurity.getSecurityConstraintsDefs();
            securityConstraintsDefs.remove(securityConstraintsDef);
            pageSecurity.setSecurityConstraintsDefs(securityConstraintsDefs);
            this.pageManager.updatePageSecurity(pageSecurity);
            return 1;
        } catch (Exception e) {
            throw new AJAXException(e);
        }
    }

    protected int updateConstraintDefinition(RequestContext requestContext, Map map) throws AJAXException {
        System.out.println("SecurityConstraintsAction updateConstraintDefinition started");
        int i = 0;
        boolean z = false;
        String actionParameter = getActionParameter(requestContext, "xml");
        if (actionParameter == null) {
            throw new AJAXException("Missing 'xml' parameter");
        }
        try {
            DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
            String characterEncoding = requestContext.getCharacterEncoding();
            Element documentElement = newDocumentBuilder.parse(new ByteArrayInputStream(characterEncoding != null ? actionParameter.getBytes(characterEncoding) : actionParameter.getBytes())).getDocumentElement();
            String attribute = documentElement.getAttribute("name");
            PageSecurity pageSecurity = this.pageManager.getPageSecurity();
            SecurityConstraintsDef securityConstraintsDef = pageSecurity.getSecurityConstraintsDef(attribute);
            if (securityConstraintsDef == null) {
                securityConstraintsDef = this.pageManager.newSecurityConstraintsDef();
                securityConstraintsDef.setName(attribute);
                z = true;
            }
            NodeList elementsByTagName = documentElement.getElementsByTagName("security-constraint");
            int length = elementsByTagName.getLength();
            int size = z ? 0 : securityConstraintsDef.getSecurityConstraints().size();
            int i2 = length < size ? length : size;
            List securityConstraints = securityConstraintsDef.getSecurityConstraints();
            if (documentElement.getElementsByTagName(FactoryBuilderSupport.OWNER).getLength() == 1) {
            }
            for (int i3 = 0; i3 < i2; i3++) {
                updateConstraintValues((Element) elementsByTagName.item(i3), (SecurityConstraint) securityConstraints.get(i3));
                i++;
            }
            if (length < size) {
                ArrayList arrayList = new ArrayList(size - length);
                for (int i4 = i2; i4 < size; i4++) {
                    arrayList.add(securityConstraints.get(i4));
                }
                for (int i5 = 0; i5 < arrayList.size(); i5++) {
                    securityConstraints.remove(arrayList.get(i5));
                    i++;
                }
            } else if (length > size) {
                for (int i6 = i2; i6 < length; i6++) {
                    Element element = (Element) elementsByTagName.item(i6);
                    SecurityConstraint newPageSecuritySecurityConstraint = this.pageManager.newPageSecuritySecurityConstraint();
                    updateConstraintValues(element, newPageSecuritySecurityConstraint);
                    securityConstraints.add(newPageSecuritySecurityConstraint);
                    i++;
                }
            }
            if (z) {
                pageSecurity.getSecurityConstraintsDefs().add(securityConstraintsDef);
                pageSecurity.setSecurityConstraintsDefs(pageSecurity.getSecurityConstraintsDefs());
            }
            this.pageManager.updatePageSecurity(pageSecurity);
            return i;
        } catch (Exception e) {
            System.out.println("SecurityConstraintsAction updateConstraintDefinition failure caused by " + e.getClass().getName() + " " + e.getMessage());
            e.printStackTrace();
            log.error("SecurityConstraintsAction updateConstraintDefinition failure caused by " + e.getClass().getName() + " " + e.getMessage(), (Throwable) e);
            throw new AJAXException(e);
        }
    }

    protected void updateConstraintValues(Element element, SecurityConstraint securityConstraint) {
        securityConstraint.setRoles(parseCSVList(getChildText(element, "roles")));
        securityConstraint.setGroups(parseCSVList(getChildText(element, "groups")));
        securityConstraint.setPermissions(parseCSVList(getChildText(element, "permissions")));
        securityConstraint.setUsers(parseCSVList(getChildText(element, "users")));
    }

    protected String getChildText(Element element, String str) {
        NodeList elementsByTagName = element.getElementsByTagName(str);
        if (elementsByTagName.getLength() > 0) {
            return ((Element) elementsByTagName.item(0)).getTextContent();
        }
        return null;
    }

    protected List parseCSVList(String str) {
        if (str == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(4);
        if (str.indexOf(44) != -1) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken().trim());
            }
        } else {
            arrayList.add(str);
        }
        return arrayList;
    }

    protected int removeGlobal(RequestContext requestContext, Map map) throws AJAXException {
        String actionParameter = getActionParameter(requestContext, "name");
        if (actionParameter == null) {
            throw new AJAXException("Missing 'name' parameter");
        }
        try {
            PageSecurity pageSecurity = this.pageManager.getPageSecurity();
            List globalSecurityConstraintsRefs = pageSecurity.getGlobalSecurityConstraintsRefs();
            if (!globalSecurityConstraintsRefs.contains(actionParameter)) {
                return 0;
            }
            globalSecurityConstraintsRefs.remove(actionParameter);
            pageSecurity.setGlobalSecurityConstraintsRefs(globalSecurityConstraintsRefs);
            this.pageManager.updatePageSecurity(pageSecurity);
            return 0 + 1;
        } catch (Exception e) {
            throw new AJAXException(e);
        }
    }

    protected int addGlobal(RequestContext requestContext, Map map) throws AJAXException {
        String actionParameter = getActionParameter(requestContext, "name");
        if (actionParameter == null) {
            throw new AJAXException("Missing 'name' parameter");
        }
        try {
            PageSecurity pageSecurity = this.pageManager.getPageSecurity();
            List globalSecurityConstraintsRefs = pageSecurity.getGlobalSecurityConstraintsRefs();
            if (pageSecurity.getSecurityConstraintsDef(actionParameter) == null) {
                throw new AJAXException("global name doesnt exist in definitions");
            }
            if (globalSecurityConstraintsRefs.contains(actionParameter)) {
                return 0;
            }
            globalSecurityConstraintsRefs.add(actionParameter);
            pageSecurity.setGlobalSecurityConstraintsRefs(globalSecurityConstraintsRefs);
            this.pageManager.updatePageSecurity(pageSecurity);
            return 0 + 1;
        } catch (Exception e) {
            throw new AJAXException(e);
        }
    }
}
