package org.kawanfw.sql.servlet.sql;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import java.util.zip.GZIPOutputStream;
import javax.json.stream.JsonGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.kawanfw.sql.api.server.DatabaseConfigurator;
import org.kawanfw.sql.api.server.firewall.SqlFirewallManager;
import org.kawanfw.sql.servlet.HttpParameter;
import org.kawanfw.sql.servlet.ServerSqlManager;
import org.kawanfw.sql.servlet.connection.RollbackUtil;
import org.kawanfw.sql.servlet.sql.json_return.JsonErrorReturn;
import org.kawanfw.sql.servlet.sql.json_return.JsonSecurityMessage;
import org.kawanfw.sql.servlet.sql.json_return.JsonUtil;
import org.kawanfw.sql.util.FrameworkDebug;

/* loaded from: input_file:org/kawanfw/sql/servlet/sql/ServerStatement.class */
public class ServerStatement {
    private static boolean DEBUG = FrameworkDebug.isSet(ServerStatement.class);
    public static String CR_LF = System.getProperty("line.separator");
    private Connection connection;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private Boolean doPrettyPrinting = true;
    private List<SqlFirewallManager> sqlFirewallManagers;

    public ServerStatement(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<SqlFirewallManager> list, Connection connection) throws SQLException {
        this.connection = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.sqlFirewallManagers = list;
        this.connection = connection;
    }

    public void executeQueryOrUpdate(OutputStream outputStream) throws FileNotFoundException, IOException, SQLException {
        OutputStream outputStream2 = null;
        try {
            try {
                try {
                    OutputStream finalOutputStream = !isExecuteUpdate() ? getFinalOutputStream(outputStream, Boolean.parseBoolean(this.request.getParameter(HttpParameter.GZIP_RESULT))) : outputStream;
                    if (ServerStatementUtil.isPreparedStatement(this.request)) {
                        executePrepStatement(finalOutputStream);
                    } else {
                        executeStatement(finalOutputStream);
                    }
                    if (finalOutputStream != null) {
                        try {
                            finalOutputStream.close();
                        } catch (Exception e) {
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            outputStream2.close();
                        } catch (Exception e2) {
                        }
                    }
                    throw th;
                }
            } catch (SecurityException e3) {
                ServerSqlManager.writeLine(null, new JsonErrorReturn(this.response, 403, 3, e3.getMessage()).build());
                if (0 != 0) {
                    try {
                        outputStream2.close();
                    } catch (Exception e4) {
                    }
                }
            }
        } catch (SQLException e5) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(null, new JsonErrorReturn(this.response, 400, 1, e5.getMessage()).build());
            if (0 != 0) {
                try {
                    outputStream2.close();
                } catch (Exception e6) {
                }
            }
        } catch (Exception e7) {
            ServerSqlManager.writeLine(null, new JsonErrorReturn(this.response, 500, 4, e7.getMessage(), ExceptionUtils.getStackTrace(e7)).build());
            if (0 != 0) {
                try {
                    outputStream2.close();
                } catch (Exception e8) {
                }
            }
        }
    }

    private OutputStream getFinalOutputStream(OutputStream outputStream, boolean z) throws FileNotFoundException, IOException {
        return z ? new GZIPOutputStream(outputStream) : outputStream;
    }

    private boolean isExecuteUpdate() {
        return this.request.getParameter(HttpParameter.ACTION).equals(HttpParameter.EXECUTE_UPDATE);
    }

    private void executePrepStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.DATABASE);
        String parameter3 = this.request.getParameter(HttpParameter.SQL);
        DatabaseConfigurator databaseConfigurator = ServerSqlManager.getDatabaseConfigurator(parameter2);
        PreparedStatement preparedStatement = null;
        ServerPreparedStatementParameters serverPreparedStatementParameters = null;
        try {
            if (parameter3 != null) {
                try {
                    if (!parameter3.isEmpty()) {
                        PreparedStatement prepareStatement = this.connection.prepareStatement(parameter3);
                        debug("before ServerPreparedStatementParameters");
                        ServerPreparedStatementParameters serverPreparedStatementParameters2 = new ServerPreparedStatementParameters(prepareStatement, this.request);
                        try {
                            serverPreparedStatementParameters2.setParameters();
                            debug("before new SqlSecurityChecker()");
                            String checkFirewallGeneral = checkFirewallGeneral(parameter, parameter2, parameter3, serverPreparedStatementParameters2);
                            debug("before executeQuery() / executeUpdate()");
                            if (isExecuteUpdate()) {
                                doExecuteUpdate(outputStream, parameter, parameter2, parameter3, prepareStatement, serverPreparedStatementParameters2, checkFirewallGeneral);
                            } else {
                                doSelect(outputStream, parameter, parameter2, parameter3, prepareStatement, databaseConfigurator);
                            }
                            if (serverPreparedStatementParameters2 != null) {
                                serverPreparedStatementParameters2.close();
                            }
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            return;
                        } catch (IllegalArgumentException e) {
                            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 400, 2, e.getMessage()).build());
                            if (serverPreparedStatementParameters2 != null) {
                                serverPreparedStatementParameters2.close();
                            }
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            return;
                        }
                    }
                } catch (SQLException e2) {
                    RollbackUtil.rollback(this.connection);
                    LoggerUtil.log(this.request, e2, StatementFailure.prepStatementFailureBuild(parameter3, e2.toString(), serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
                    throw e2;
                }
            }
            throw new SQLException("A 'sql' statement is required.");
        } catch (Throwable th) {
            if (0 != 0) {
                serverPreparedStatementParameters.close();
            }
            if (0 != 0) {
                preparedStatement.close();
            }
            throw th;
        }
    }

    private void doExecuteUpdate(OutputStream outputStream, String str, String str2, String str3, PreparedStatement preparedStatement, ServerPreparedStatementParameters serverPreparedStatementParameters, String str4) throws IOException, SQLException, SecurityException {
        checkFirewallForExecuteUpdate(str, str2, str3, serverPreparedStatementParameters, str4);
        int executeUpdate = preparedStatement.executeUpdate();
        StringWriter stringWriter = new StringWriter();
        JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(true).createGenerator(stringWriter);
        createGenerator.writeStartObject().write("status", "OK").write("row_count", executeUpdate).writeEnd();
        createGenerator.close();
        ServerSqlManager.write(outputStream, stringWriter.toString());
    }

    private void checkFirewallForExecuteUpdate(String str, String str2, String str3, ServerPreparedStatementParameters serverPreparedStatementParameters, String str4) throws IOException, SQLException, SecurityException {
        for (SqlFirewallManager sqlFirewallManager : this.sqlFirewallManagers) {
            if (!sqlFirewallManager.allowExecuteUpdate(str, str2, this.connection)) {
                sqlFirewallManager.runIfStatementRefused(str, str2, this.connection, str4, false, str3, new ArrayList());
                throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(str3, "Prepared Statement not allowed for executeUpdate", serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
            }
        }
    }

    private String checkFirewallGeneral(String str, String str2, String str3, ServerPreparedStatementParameters serverPreparedStatementParameters) throws IOException, SQLException, SecurityException {
        String remoteAddr = this.request.getRemoteAddr();
        boolean z = false;
        Iterator<SqlFirewallManager> it = this.sqlFirewallManagers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SqlFirewallManager next = it.next();
            z = next.allowSqlRunAfterAnalysis(str, str2, this.connection, remoteAddr, str3, ServerStatementUtil.isPreparedStatement(this.request), serverPreparedStatementParameters.getParameterValues());
            if (!z) {
                next.runIfStatementRefused(str, str2, this.connection, remoteAddr, false, str3, new ArrayList());
                break;
            }
        }
        if (z) {
            return remoteAddr;
        }
        throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(str3, "Prepared Statement not allowed", serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
    }

    private void executeStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.DATABASE);
        String parameter3 = this.request.getParameter(HttpParameter.SQL);
        debug("sqlOrder   : " + parameter3);
        Statement statement = null;
        DatabaseConfigurator databaseConfigurator = ServerSqlManager.getDatabaseConfigurator(parameter2);
        try {
            if (parameter3 != null) {
                try {
                    if (!parameter3.isEmpty()) {
                        this.connection.createStatement();
                        debug("before new SqlSecurityChecker()");
                        String remoteAddr = this.request.getRemoteAddr();
                        checkFirewallGeneral(parameter, parameter2, parameter3, remoteAddr);
                        Statement createStatement = this.connection.createStatement();
                        debug("before executeQuery() / executeUpdate(sqlOrder)");
                        if (isExecuteUpdate()) {
                            doExecuteUpdate(outputStream, parameter, parameter2, parameter3, createStatement, remoteAddr);
                        } else {
                            doSelect(outputStream, parameter, parameter2, parameter3, createStatement, databaseConfigurator);
                        }
                        if (createStatement != null) {
                            createStatement.close();
                            return;
                        }
                        return;
                    }
                } catch (SQLException e) {
                    RollbackUtil.rollback(this.connection);
                    LoggerUtil.log(this.request, e, StatementFailure.statementFailureBuild(parameter3, e.toString(), this.doPrettyPrinting.booleanValue()));
                    throw e;
                }
            }
            throw new SQLException("A 'sql' statement is required.");
        } catch (Throwable th) {
            if (0 != 0) {
                statement.close();
            }
            throw th;
        }
    }

    private void doSelect(OutputStream outputStream, String str, String str2, String str3, Statement statement, DatabaseConfigurator databaseConfigurator) throws SQLException, IOException {
        ResultSet resultSet = null;
        try {
            ServerSqlUtil.setMaxRowsToReturn(this.request, str, str2, statement, databaseConfigurator);
            debug("sqlorder: " + str3);
            resultSet = statement.executeQuery(str3);
            JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(this.doPrettyPrinting.booleanValue()).createGenerator(outputStream);
            createGenerator.writeStartObject().write("status", "OK");
            new ResultSetWriter(this.request, str3, createGenerator, Boolean.parseBoolean(this.request.getParameter(HttpParameter.FILL_RESULT_SET_META_DATA))).write(resultSet);
            ServerSqlManager.writeLine(outputStream);
            createGenerator.writeEnd();
            createGenerator.flush();
            createGenerator.close();
            if (resultSet != null) {
                resultSet.close();
            }
        } catch (Throwable th) {
            if (resultSet != null) {
                resultSet.close();
            }
            throw th;
        }
    }

    private void doSelect(OutputStream outputStream, String str, String str2, String str3, PreparedStatement preparedStatement, DatabaseConfigurator databaseConfigurator) throws SQLException, IOException {
        ResultSet resultSet = null;
        try {
            ServerSqlUtil.setMaxRowsToReturn(this.request, str, str2, preparedStatement, databaseConfigurator);
            debug("sqlorder: " + str3);
            resultSet = preparedStatement.executeQuery();
            JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(this.doPrettyPrinting.booleanValue()).createGenerator(outputStream);
            createGenerator.writeStartObject().write("status", "OK");
            new ResultSetWriter(this.request, str3, createGenerator, Boolean.parseBoolean(this.request.getParameter(HttpParameter.FILL_RESULT_SET_META_DATA))).write(resultSet);
            ServerSqlManager.writeLine(outputStream);
            createGenerator.writeEnd();
            createGenerator.flush();
            createGenerator.close();
            if (resultSet != null) {
                resultSet.close();
            }
        } catch (Throwable th) {
            if (resultSet != null) {
                resultSet.close();
            }
            throw th;
        }
    }

    private void doExecuteUpdate(OutputStream outputStream, String str, String str2, String str3, Statement statement, String str4) throws IOException, SQLException, SecurityException {
        checkFirewallExecuteUpdate(str, str2, str3, str4);
        int executeUpdate = statement.executeUpdate(str3);
        StringWriter stringWriter = new StringWriter();
        JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(true).createGenerator(stringWriter);
        createGenerator.writeStartObject().write("status", "OK").write("row_count", executeUpdate).writeEnd();
        createGenerator.close();
        ServerSqlManager.write(outputStream, stringWriter.toString());
    }

    private void checkFirewallExecuteUpdate(String str, String str2, String str3, String str4) throws IOException, SQLException, SecurityException {
        for (SqlFirewallManager sqlFirewallManager : this.sqlFirewallManagers) {
            if (!sqlFirewallManager.allowExecuteUpdate(str, str2, this.connection)) {
                sqlFirewallManager.runIfStatementRefused(str, str2, this.connection, str4, false, str3, new ArrayList());
                throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(str3, "Statement not allowed for for executeUpdate", this.doPrettyPrinting.booleanValue()));
            }
        }
    }

    private void checkFirewallGeneral(String str, String str2, String str3, String str4) throws IOException, SQLException, SecurityException {
        SqlFirewallManager sqlFirewallManager = null;
        boolean z = true;
        for (SqlFirewallManager sqlFirewallManager2 : this.sqlFirewallManagers) {
            sqlFirewallManager = sqlFirewallManager2;
            z = sqlFirewallManager2.allowStatementClass(str, str2, this.connection);
            if (!z) {
                break;
            }
            z = sqlFirewallManager2.allowSqlRunAfterAnalysis(str, str2, this.connection, str4, str3, ServerStatementUtil.isPreparedStatement(this.request), new Vector());
            if (!z) {
                break;
            }
        }
        if (z) {
            return;
        }
        sqlFirewallManager.runIfStatementRefused(str, str2, this.connection, str4, false, str3, new ArrayList());
        throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(str3, "Statement not allowed", this.doPrettyPrinting.booleanValue()));
    }

    protected void debug(String str) {
        if (DEBUG) {
            System.out.println(new Date() + " " + str);
        }
    }
}
