package org.mycore.frontend.export;

import jakarta.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mycore.common.content.MCRJDOMContent;
import org.mycore.frontend.basket.MCRBasketManager;
import org.mycore.frontend.servlets.MCRServlet;
import org.mycore.frontend.servlets.MCRServletJob;

/* loaded from: input_file:org/mycore/frontend/export/MCRExportServlet.class */
public class MCRExportServlet extends MCRServlet {
    private static final Logger LOGGER = LogManager.getLogger(MCRExportServlet.class);
    private static final String[] FORBIDDEN_URIS = {"file", "webapp", "resource"};

    @Override // org.mycore.frontend.servlets.MCRServlet
    public void doGetPost(MCRServletJob mCRServletJob) throws Exception {
        MCRExportCollection createCollection = createCollection(mCRServletJob.getRequest());
        fillCollection(mCRServletJob.getRequest(), createCollection);
        MCRJDOMContent content = createCollection.getContent();
        String property = getProperty(mCRServletJob.getRequest(), "filename");
        if (property == null) {
            property = "export-" + System.currentTimeMillis();
        }
        mCRServletJob.getResponse().setHeader("Content-Disposition", "inline;filename=\"" + property + "\"");
        mCRServletJob.getRequest().setAttribute("XSL.Transformer", mCRServletJob.getRequest().getParameter("transformer"));
        getLayoutService().doLayout(mCRServletJob.getRequest(), mCRServletJob.getResponse(), content);
    }

    private void fillCollection(HttpServletRequest httpServletRequest, MCRExportCollection mCRExportCollection) throws Exception {
        String parameter = httpServletRequest.getParameter("basket");
        if (parameter != null) {
            mCRExportCollection.add(MCRBasketManager.getOrCreateBasketInSession(parameter));
            LOGGER.info("exporting basket {} via {}", parameter, httpServletRequest.getParameter("transformer"));
        }
        if (httpServletRequest.getParameter("uri") != null) {
            for (String str : httpServletRequest.getParameterValues("uri")) {
                if (isAllowed(str)) {
                    mCRExportCollection.add(str);
                    LOGGER.info("exporting {} via {}", str, httpServletRequest.getParameter("transformer"));
                }
            }
        }
    }

    private boolean isAllowed(String str) {
        for (String str2 : FORBIDDEN_URIS) {
            if (str.startsWith(str2)) {
                LOGGER.warn("URI {} is not allowed for security reasons", str);
                return false;
            }
        }
        return true;
    }

    private MCRExportCollection createCollection(HttpServletRequest httpServletRequest) {
        MCRExportCollection mCRExportCollection = new MCRExportCollection();
        String parameter = httpServletRequest.getParameter("root");
        String parameter2 = httpServletRequest.getParameter("ns");
        if (parameter != null && !parameter.isEmpty()) {
            mCRExportCollection.setRootElement(parameter, parameter2);
        }
        return mCRExportCollection;
    }
}
