package org.eclnt.jsfserver.starter;

import com.veracode.annotation.XSSCleanser;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclnt.jsfserver.configuration.CCConfigurationObject;
import org.eclnt.jsfserver.elements.ComponentRepository;
import org.eclnt.jsfserver.elements.ThreadData;
import org.eclnt.jsfserver.elements.impl.ROWINCLUDEComponent;
import org.eclnt.jsfserver.managedbean.HotDeployManager;
import org.eclnt.jsfserver.session.SessionInfo;
import org.eclnt.jsfserver.util.CCServletBase;
import org.eclnt.jsfserver.util.ICCServerConstants;
import org.eclnt.jsfserver.util.ServletUtil;
import org.eclnt.jsfserver.util.SystemXml;
import org.eclnt.jsfserver.util.ThreadContextInitializerFilter;
import org.eclnt.jsfserver.util.ThreadingFilter;
import org.eclnt.jsfserver.util.TypeOfSessionMgmt;
import org.eclnt.jsfserver.util.VersionXml;
import org.eclnt.jsfserver.util.WebResourceClassloaderReader;
import org.eclnt.jsfserver.util.WebResourceReader;
import org.eclnt.jsfserver.util.buffermgmt.CCResetBuffers;
import org.eclnt.util.file.ClassloaderReader;
import org.eclnt.util.file.ConfigFileReader;
import org.eclnt.util.log.CLog;
import org.eclnt.util.mitigation.CCMitigation;
import org.eclnt.util.valuemgmt.ValueManager;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:org/eclnt/jsfserver/starter/RISCStarter.class */
public class RISCStarter extends CCServletBase implements ICCServerConstants {
    static CCConfigurationObject<IVersionStamp> s_versionStamp = null;
    static CCConfigurationObject<IStartPageChecker> s_startPageChecker = null;
    static final String COMMENT_writeTemplateToRepsone = "The content that is written into the response is an HTML text that is created from a template, in which certain placeholders are replaced with actual values. The template must be part of the resources of the application, i.e. it is not possible to e.g. reference a template from outside by URL. Replacements that are based on parameters of the .risc-request are explicitly encoded with ESAPI.encoder().encodeForHTMLAttribute(). Any other replacements are only based on the system configuration,that is part of the local application.";

    /* loaded from: input_file:org/eclnt/jsfserver/starter/RISCStarter$SecurityException.class */
    public class SecurityException extends Exception {
        public SecurityException(String str) {
            super(str);
        }
    }

    public static void initialize(ServletContext servletContext) {
        try {
            String versionstampclassname = SystemXml.getRiscStarter().getVersionstampclassname();
            if (versionstampclassname != null) {
                s_versionStamp = new CCConfigurationObject<>(versionstampclassname, null);
            } else {
                s_versionStamp = new CCConfigurationObject<>(null);
            }
        } catch (Throwable th) {
            CLog.L.log(CLog.LL_ERR, "Problem creating instance of IVersionStamp", th);
        }
        try {
            String startpagecheckerclassname = SystemXml.getRiscStarter().getStartpagecheckerclassname();
            if (startpagecheckerclassname != null) {
                s_startPageChecker = new CCConfigurationObject<>(startpagecheckerclassname, null);
            } else {
                s_startPageChecker = new CCConfigurationObject<>(new DefaultStartPageChecker());
            }
        } catch (Throwable th2) {
            CLog.L.log(CLog.LL_ERR, "Problem creating instance of IStartPageChecker", th2);
            throw new Error("Problem creating instance of IStartPageChecker", th2);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            try {
                checkAvailabilityOfSystem();
                TypeOfSessionMgmt.associateRISCClientWithCurrentThread(this);
                httpServletRequest.getMethod();
                CLog.L.log(CLog.LL_INF, "RISC request is started");
                String requestURI = httpServletRequest.getRequestURI();
                boolean z = false;
                int indexOf = requestURI.indexOf(";jsessionid=");
                if (indexOf >= 0) {
                    requestURI = requestURI.substring(0, indexOf);
                    z = true;
                }
                String findPageNameInURI = findPageNameInURI(requestURI);
                checkIfPageCanBeDirectlyStarted(httpServletRequest, findPageNameInURI);
                String str = findPageNameInURI;
                if (!str.contains("zz_cceditoraround.jsp")) {
                    str = "eclntjsfserver/includes/ccaround.jsp?ccaroundoutestpage=" + str;
                }
                HttpSession session = httpServletRequest.getSession();
                CLog.L.log(CLog.LL_INF, "The http session id is: " + session.getId());
                TypeOfSessionMgmt.associateRISCClientWithSession(session);
                if (!TypeOfSessionMgmt.getSessionMgmtViaCookie(false)) {
                    if (((String) session.getAttribute(getClass().getName() + "_touched")) == null) {
                        CLog.L.log(CLog.LL_INF, "Session was not used so far - now mark as touched!");
                        session.setAttribute(getClass().getName() + "_touched", "touched");
                    } else if (!z) {
                        CLog.L.log(CLog.LL_INF, "Session was already used - invalidated!");
                        session.invalidate();
                    }
                }
                manageHeaderParametersIframeEmbedding(httpServletRequest, findPageNameInURI, httpServletResponse);
                ServletUtil.setResponseHeader(httpServletResponse, ICCServerConstants.HEADER_RESPONSE_ATTRIBUTE_HTTPSESSIONID, session.getId());
                String encodeForJavaScript = ESAPI.encoder().encodeForJavaScript(httpServletRequest.getParameter("ccstyle"));
                String encodeIntoValidXMLString = ValueManager.encodeIntoValidXMLString(httpServletRequest.getParameter("cctitle"));
                String encodeIntoValidXMLString2 = ValueManager.encodeIntoValidXMLString(httpServletRequest.getParameter("ccpageicon"));
                String encodeForJavaScript2 = ESAPI.encoder().encodeForJavaScript(httpServletRequest.getParameter("ccexttitles"));
                String encodeForJavaScript3 = ESAPI.encoder().encodeForJavaScript(httpServletRequest.getParameter("ccscale"));
                String encodeForJavaScript4 = ESAPI.encoder().encodeForJavaScript(httpServletRequest.getParameter("ccdw"));
                String parameter = httpServletRequest.getParameter(ThreadingFilter.SESSION_ATTRIBUTE_PREVIEW);
                String parameter2 = httpServletRequest.getParameter("ccnowelcome");
                resetBuffers(httpServletRequest);
                String str2 = encodeForJavaScript;
                if (str2 == null) {
                    str2 = SessionInfo.getSessionDefaultStyleForRISCClient();
                }
                String title = SystemXml.getRiscStarter().getTitle();
                if (encodeIntoValidXMLString != null) {
                    title = encodeIntoValidXMLString;
                }
                String str3 = "true".equals(encodeForJavaScript2) ? "true" : "false";
                String pageicon = SystemXml.getRiscStarter().getPageicon();
                if (encodeIntoValidXMLString2 != null) {
                    pageicon = encodeIntoValidXMLString2;
                }
                String str4 = ROWINCLUDEComponent.INCLUDE_SEPARATOR;
                String str5 = "0";
                if (!"true".equals(parameter) && !"true".equals(parameter2)) {
                    str4 = buildWelcomeStyle();
                    if (SystemXml.getRiscStarter().getWelcomeduration() > 0) {
                        str5 = ROWINCLUDEComponent.INCLUDE_SEPARATOR + SystemXml.getRiscStarter().getWelcomeduration();
                    }
                }
                String encodeIntoValidURL = ValueManager.encodeIntoValidURL(findePageFolderPrefix() + str);
                String buildIncludeList = buildIncludeList(ESAPI.encoder().encodeForJavaScript(str2));
                String str6 = encodeForJavaScript3;
                if ((str6 == null || ValueManager.decodeFloat(str6, 0.0f) == 0.0f) && !"auto".equals(str6)) {
                    str6 = "1";
                }
                String str7 = encodeForJavaScript4 != null ? encodeForJavaScript4 : "800";
                ServletUtil.setResponseContentType(httpServletResponse, ICCServerConstants.TEXTPANE_CONTENTTYPE_HTML);
                String readUTF8File = new ClassloaderReader(HotDeployManager.currentClassLoader()).readUTF8File(SystemXml.getStarttemplateCcRisc(), true);
                String queryString = httpServletRequest.getQueryString();
                if (queryString != null && queryString.indexOf("ccstyle=") < 0) {
                    queryString = queryString + "&ccstyle=" + str2;
                } else if (queryString == null) {
                    queryString = "ccstyle=" + str2;
                }
                String str8 = !encodeIntoValidURL.contains("?") ? encodeIntoValidURL + "?" + queryString : encodeIntoValidURL + "&" + queryString;
                if (!TypeOfSessionMgmt.getSessionMgmtViaCookie(false)) {
                    str8 = httpServletResponse.encodeRedirectURL(str8);
                }
                try {
                    String replace = readUTF8File.replace("@@pagename@@", ESAPI.encoder().encodeForURL(str8)).replace("@@eclntIncludes@@", buildIncludeList).replace("@@ccmetaaddons@@", buildMetaAddons()).replace("@@cclinkaddons@@", buildLinkAddons(findPageNameInURI)).replace("@@ccfontaccess@@", ROWINCLUDEComponent.INCLUDE_SEPARATOR).replace("@@devicewidth@@", ESAPI.encoder().encodeForHTMLAttribute(str7)).replace("@@scale@@", ESAPI.encoder().encodeForHTMLAttribute(str6)).replace("@@cctitle@@", ESAPI.encoder().encodeForHTMLAttribute(title)).replace("@@pageicon@@", ESAPI.encoder().encodeForHTMLAttribute(pageicon)).replace("@@riscwelcomestyle@@", ESAPI.encoder().encodeForHTMLAttribute(str4)).replace("@@welcomeDuration@@", ESAPI.encoder().encodeForHTMLAttribute(str5)).replace("@@switchExtendedTitlesOn@@", ESAPI.encoder().encodeForHTMLAttribute(str3)).replace("@versionStamp@", buildVersionStamp()).replace("@@styleName@@", ESAPI.encoder().encodeForHTMLAttribute(str2));
                    CLog.L.log(CLog.LL_DBG, "HTML for RISC:\n\n" + replace + "\n\n");
                    writeTemplateToResponse(httpServletResponse, replace);
                    TypeOfSessionMgmt.clearCurrentThread(this);
                } catch (Throwable th) {
                    throw new Error("Could not encode URL: " + str8, th);
                }
            } catch (Throwable th2) {
                TypeOfSessionMgmt.clearCurrentThread(this);
                throw th2;
            }
        } catch (IOException e) {
            throw e;
        }
    }

    protected String buildWelcomeStyle() {
        String str = ROWINCLUDEComponent.INCLUDE_SEPARATOR;
        if (SystemXml.getRiscStarter().getWelcomeimage() != null) {
            String welcomeimage = SystemXml.getRiscStarter().getWelcomeimage();
            if (welcomeimage.startsWith("/")) {
                welcomeimage = welcomeimage.substring(1);
            }
            String welcomewaitingimage = SystemXml.getRiscStarter().getWelcomewaitingimage();
            if (welcomewaitingimage != null) {
                if (welcomewaitingimage.startsWith("/")) {
                    welcomewaitingimage = welcomewaitingimage.substring(1);
                }
                str = str + ";background-image:url(" + welcomewaitingimage + "),url(" + welcomeimage + ");background-repeat:no-repeat,no-repeat;background-position:bottom 50px center,center";
            } else {
                str = str + ";background-image:url(eclntjsfserver/images/waiting/waiting.gif),url(" + welcomeimage + ");background-repeat:no-repeat,no-repeat;background-position:bottom 50px center,center;background-size:40px 40px,auto";
            }
        }
        if (SystemXml.getRiscStarter().getWelcomebackgroundcolor() != null) {
            str = str + ";background-color:" + SystemXml.getRiscStarter().getWelcomebackgroundcolor();
        }
        if (str.length() > 0) {
            str = str + ";box-sizing:border-box;position:absolute;overflow:hidden;z-index:100;left:0px;top:0px;width:100%;height:100%;";
        }
        return str;
    }

    @CCMitigation(cweIds = {"80", "201"}, comment = COMMENT_writeTemplateToRepsone)
    @XSSCleanser(userComment = COMMENT_writeTemplateToRepsone)
    private void writeTemplateToResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.getWriter().write(str);
    }

    private void checkAvailabilityOfSystem() {
        if (ThreadData.getInstance().getHttpRequest() == null) {
            throw new Error("No thread context available.\nThis typically is an indicator that the filter " + ThreadContextInitializerFilter.class.getName() + " is not proecessed. By default this filter is registered automatically.\nWhat could have happened?\n1. you may still use the web.xml based configuration of filters and servlets. In this caseyou have to add the filter with mapping \"*\" to your web.xml to be processed as first filter of the filter chain:  <filter>\r\n    <filter-name>org.eclnt.jsfserver.util.ThreadContextInitializerFilter</filter-name>\r\n    <filter-class>org.eclnt.jsfserver.util.ThreadContextInitializerFilter</filter-class>\r\n  </filter>\r\n  <filter-mapping>\r\n    <filter-name>org.eclnt.jsfserver.util.ThreadContextInitializerFilter</filter-name>\r\n    <url-pattern>*</url-pattern>\r\n  </filter-mapping>\r\n\nWE RECOMMEND TO SWITCH TO THE AUTOMATED REGISTRATION OF FILTERS, LISTENERS AND SERVLETS!\n2. as any filter you can switch off the filter in system.xml. Do not do this with this filter! This one is obligatory!\n");
        }
    }

    private void checkIfPageCanBeDirectlyStarted(HttpServletRequest httpServletRequest, String str) {
        if (s_startPageChecker == null || s_startPageChecker.instance() == null) {
            return;
        }
        if (!str.startsWith("/")) {
            str = "/" + str;
        }
        if (s_startPageChecker.instance().checkIfPageCanBeDirectlyStarted(httpServletRequest, str)) {
            return;
        }
        CLog.L.log(CLog.LL_WAR, "It is not allowed to directly start page: " + str);
        throw new Error("It is not allowed to directly start page: " + str);
    }

    private String buildLinkAddons(String str) {
        String buildVersionStamp = buildVersionStamp();
        StringBuffer stringBuffer = new StringBuffer();
        for (SystemXml.RISCClientStyle rISCClientStyle : SystemXml.getRISCClientStyles()) {
            if (rISCClientStyle.getSrc() != null && rISCClientStyle.getSrc().trim().length() > 0) {
                stringBuffer.append("<link rel=\"stylesheet\" href=\"" + rISCClientStyle.getSrc() + buildVersionStamp + "\"/>\n");
            }
        }
        Iterator<ComponentRepository.TLDInfo> it = ComponentRepository.readCCControllibrariesFromClassLoader().iterator();
        while (it.hasNext()) {
            String findCSSResourcePathForControlLibary = ComponentRepository.findCSSResourcePathForControlLibary(it.next());
            if (findCSSResourcePathForControlLibary != null) {
                stringBuffer.append("<link rel=\"stylesheet\" href=\"" + findCSSResourcePathForControlLibary + buildVersionStamp + "\"/>\n");
            }
        }
        boolean z = false;
        try {
            List<String> readConfigFiles = ConfigFileReader.readConfigFiles("ccmanifest.json", false, false);
            if (readConfigFiles.size() >= 1) {
                readConfigFiles.get(0);
                stringBuffer.append("<link rel=\"manifest\" href=\"ccmanifest.json\"/>\n");
                z = true;
                if (readConfigFiles.size() > 1) {
                    CLog.L.log(CLog.LL_WAR, "Several occurances of file ccmanifest.json detected - one of them will be chosen. Please make sure that the file only occurs one time.");
                    Iterator<URL> it2 = new ClassloaderReader(true).readResourcePaths("ccmanifest.json", false).iterator();
                    while (it2.hasNext()) {
                        CLog.L.log(CLog.LL_WAR, "....." + it2.next().toString());
                    }
                    if (WebResourceReader.checkIfFileExists("ccmanifest.json")) {
                        CLog.L.log(CLog.LL_WAR, ".....webcontent/ccmanifest.json");
                    }
                }
            }
        } catch (Throwable th) {
        }
        for (SystemXml.RISCClientLink rISCClientLink : SystemXml.getRISCClientLinks()) {
            if (!"manifest".equals(rISCClientLink.getRel()) || !z) {
                stringBuffer.append("<link ");
                if (rISCClientLink.getRel() != null) {
                    stringBuffer.append("rel=\"" + rISCClientLink.getRel() + "\" ");
                }
                if (rISCClientLink.getHref() != null) {
                    stringBuffer.append("href=\"" + rISCClientLink.getHref() + "\" ");
                }
                if (rISCClientLink.getHreflang() != null) {
                    stringBuffer.append("hreflang=\"" + rISCClientLink.getHreflang() + "\" ");
                }
                if (rISCClientLink.getType() != null) {
                    stringBuffer.append("type=\"" + rISCClientLink.getType() + "\" ");
                }
                if (rISCClientLink.getCrossorigin() != null) {
                    stringBuffer.append("crossorigin=\"" + rISCClientLink.getCrossorigin() + "\" ");
                }
                stringBuffer.append("/>\n");
            }
        }
        return stringBuffer.toString();
    }

    private String buildMetaAddons() {
        StringBuffer stringBuffer = new StringBuffer();
        for (SystemXml.RISCClientMetaTag rISCClientMetaTag : SystemXml.getRISCClientMetaTags()) {
            stringBuffer.append("<meta ");
            if (rISCClientMetaTag.getName() != null) {
                stringBuffer.append("name=\"");
                stringBuffer.append(ESAPI.encoder().encodeForHTMLAttribute(rISCClientMetaTag.getName()));
                stringBuffer.append("\" ");
            }
            if (rISCClientMetaTag.getHttpequiv() != null) {
                stringBuffer.append("http-equiv=\"");
                stringBuffer.append(ESAPI.encoder().encodeForHTMLAttribute(rISCClientMetaTag.getHttpequiv()));
                stringBuffer.append("\" ");
            }
            if (rISCClientMetaTag.getContent() != null) {
                stringBuffer.append("content=\"");
                stringBuffer.append(ESAPI.encoder().encodeForHTMLAttribute(rISCClientMetaTag.getContent()));
                stringBuffer.append("\" ");
            }
            stringBuffer.append("/>\n");
        }
        return stringBuffer.toString();
    }

    private String findPageNameInURI(String str) {
        if (!str.endsWith(findRiscExtension())) {
            throw new Error("Could not interpret URI: " + str);
        }
        String substring = str.substring(0, str.length() - findRiscExtension().length());
        String replace = substring.substring(substring.lastIndexOf(47), substring.length()).replace(".", "/");
        for (String str2 : findPageExtensions()) {
            String str3 = replace + str2;
            if (WebResourceClassloaderReader.checkIfFileExists(str3)) {
                return str3;
            }
        }
        return replace + ICCServerConstants.LAYOUTEXTENSION_JSP;
    }

    private String buildIncludeList(String str) {
        String buildVersionStamp = buildVersionStamp();
        String buildStyleVersionStamp = buildStyleVersionStamp(str);
        if (str == null) {
            str = "defaultrisc";
        }
        StringBuffer stringBuffer = new StringBuffer();
        ArrayList<String> arrayList = new ArrayList(WebResourceClassloaderReader.getFilesInPathDirectory("eclntjsfserver/styles/" + str + "/", ".js"));
        Collections.sort(arrayList);
        for (String str2 : arrayList) {
            if (!str2.equals("riscstyle.js")) {
                stringBuffer.append("\n<script type=\"text/javascript\" src=\"" + ESAPI.encoder().encodeForHTMLAttribute("eclntjsfserver/styles/" + str + "/" + str2 + buildStyleVersionStamp) + "\"></script>");
            }
        }
        stringBuffer.append("\n");
        String readUTF8FileIntoString = WebResourceClassloaderReader.readUTF8FileIntoString("eclnt/risc/includelist.txt.dev", false);
        if (readUTF8FileIntoString == null || readUTF8FileIntoString.equals(ROWINCLUDEComponent.INCLUDE_SEPARATOR)) {
            readUTF8FileIntoString = WebResourceClassloaderReader.readUTF8FileIntoString("eclnt/risc/includelist.txt", true);
        }
        stringBuffer.append(readUTF8FileIntoString.replace("\"></script>", buildVersionStamp + "\"></script>"));
        ArrayList arrayList2 = new ArrayList(WebResourceClassloaderReader.getFilesInPathDirectory("eclnt/risc/plugin/", ".js"));
        Collections.sort(arrayList2);
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            stringBuffer.append("\n<script type=\"text/javascript\" src=\"" + ESAPI.encoder().encodeForHTMLAttribute("eclnt/risc/plugin/" + ((String) it.next()) + buildVersionStamp) + "\"></script>");
        }
        stringBuffer.append("\n");
        for (SystemXml.RISCClientScript rISCClientScript : SystemXml.getRISCClientScripts()) {
            stringBuffer.append("\n<script type=\"" + ESAPI.encoder().encodeForHTMLAttribute(rISCClientScript.getType()) + "\" src=\"" + ESAPI.encoder().encodeForHTMLAttribute(rISCClientScript.getSrc() + buildVersionStamp) + "\"></script>");
        }
        Iterator<ComponentRepository.TLDInfo> it2 = ComponentRepository.readCCControllibrariesFromClassLoader().iterator();
        while (it2.hasNext()) {
            String findJSResourcePathForControlLibary = ComponentRepository.findJSResourcePathForControlLibary(it2.next());
            if (findJSResourcePathForControlLibary != null) {
                stringBuffer.append("\n<script type=\"text/javascript\" src=\"" + ESAPI.encoder().encodeForHTMLAttribute(findJSResourcePathForControlLibary + buildVersionStamp) + "\"></script>");
            }
        }
        return stringBuffer.toString();
    }

    public static void resetBuffers(HttpServletRequest httpServletRequest) {
        String readRequestParameterFromDesignTimeRequest = ServletUtil.readRequestParameterFromDesignTimeRequest(httpServletRequest, "cclogtoconsole");
        String readRequestParameterFromDesignTimeRequest2 = ServletUtil.readRequestParameterFromDesignTimeRequest(httpServletRequest, "ccloglevel");
        if ("true".equals(ServletUtil.readRequestParameterFromDesignTimeRequest(httpServletRequest, "ccresetbuffers"))) {
            CCResetBuffers.resetBuffers();
        }
        try {
            if ("true".equals(readRequestParameterFromDesignTimeRequest)) {
                CLog.addConsoleHandler();
            } else if ("false".equals(readRequestParameterFromDesignTimeRequest)) {
                CLog.removeConsoleHandler();
            }
        } catch (Throwable th) {
            CLog.L.log(CLog.LL_INF, ROWINCLUDEComponent.INCLUDE_SEPARATOR, th);
        }
        if (readRequestParameterFromDesignTimeRequest2 != null) {
            try {
                CLog.updateLogLevel(Level.parse(readRequestParameterFromDesignTimeRequest2));
            } catch (Throwable th2) {
                CLog.L.log(CLog.LL_INF, ROWINCLUDEComponent.INCLUDE_SEPARATOR, th2);
            }
        }
    }

    public static String buildVersionStamp() {
        String buildVersionStamp;
        return (s_versionStamp == null || s_versionStamp.instance() == null || (buildVersionStamp = s_versionStamp.instance().buildVersionStamp()) == null) ? "?version=" + VersionXml.getVersion() : buildVersionStamp;
    }

    public static String buildStyleVersionStamp(String str) {
        String buildStyleVersionStamp;
        if (s_versionStamp != null && s_versionStamp.instance() != null && (buildStyleVersionStamp = s_versionStamp.instance().buildStyleVersionStamp()) != null) {
            return buildStyleVersionStamp;
        }
        String buildVersionStamp = buildVersionStamp();
        if (!str.startsWith("default") && !str.startsWith("cc")) {
            return buildVersionStamp + "_" + System.currentTimeMillis();
        }
        return buildVersionStamp;
    }

    protected String findePageFolderPrefix() {
        return "faces/";
    }

    protected String[] findPageExtensions() {
        return new String[]{ICCServerConstants.LAYOUTEXTENSION_JSP, ICCServerConstants.LAYOUTEXTENSION_XML};
    }

    protected String findRiscExtension() {
        return ".risc";
    }

    protected String unescapeSlashes(String str) {
        if (str == null) {
            return null;
        }
        return str.replace("&#x2f;", "/");
    }

    protected void manageHeaderParametersIframeEmbedding(HttpServletRequest httpServletRequest, String str, HttpServletResponse httpServletResponse) {
        try {
            if (checkIfInEditorPreviewMode(httpServletRequest) || ServletUtil.checkIfRISCUrlStartedInDevelopmentMode(httpServletRequest)) {
                return;
            }
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
            String lowerCaseId = ValueManager.toLowerCaseId(SystemXml.getRiscStarter().getEmbedableasiframe());
            if ("true".equals(lowerCaseId) || checkIfPageIsExplicitlyAllowedToBeEmbedded(str)) {
                return;
            }
            if ("false".equals(lowerCaseId) || "deny".equals(lowerCaseId)) {
                ServletUtil.setResponseHeader(httpServletResponse, ICCServerConstants.HEADER_ATTRIBUTE_XFRAMEOPTIONS, "deny");
            } else {
                ServletUtil.setResponseHeader(httpServletResponse, ICCServerConstants.HEADER_ATTRIBUTE_XFRAMEOPTIONS, "sameorigin");
            }
        } catch (SecurityException e) {
            CLog.L.log(CLog.LL_ERR, "Problem when managing X-Frame-Options", (Throwable) e);
            throw new Error(e);
        } catch (Throwable th) {
            CLog.L.log(CLog.LL_ERR, "Problem when managing X-Frame-Options", th);
        }
    }

    private boolean checkIfPageIsExplicitlyAllowedToBeEmbedded(String str) {
        for (SystemXml.PageInfo pageInfo : SystemXml.getAllowIFrameEmbeddings()) {
            if (pageInfo.getPage() != null) {
                String page = pageInfo.getPage();
                if (!page.startsWith("/")) {
                    page = "/" + page;
                }
                if (ValueManager.checkIfStringMatchesAsteriskExpression(str, page, false)) {
                    return true;
                }
            }
        }
        return false;
    }

    protected boolean checkIfInEditorPreviewMode(HttpServletRequest httpServletRequest) throws SecurityException {
        if (!"true".equals(httpServletRequest.getParameter(ThreadingFilter.SESSION_ATTRIBUTE_PREVIEW))) {
            return false;
        }
        if (httpServletRequest.getRequestURL().toString().contains("zz_cceditoraround.risc")) {
            return true;
        }
        CLog.L.log(CLog.LL_ERR, "Query parameter cc_preview is set to true. But: the page is not called in the context of the layout editor environment!");
        throw new SecurityException("Security alert: preview mode is set, but call is not coming from editing environment!");
    }
}
