package org.kawanfw.sql.servlet.sql;

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.io.IOUtils;
import org.kawanfw.commons.api.server.CommonsConfigurator;
import org.kawanfw.commons.server.util.ServerLogger;
import org.kawanfw.commons.util.FrameworkDebug;
import org.kawanfw.commons.util.FrameworkFileUtil;
import org.kawanfw.commons.util.Tag;
import org.kawanfw.file.api.server.FileConfigurator;
import org.kawanfw.sql.api.server.SqlConfigurator;
import org.kawanfw.sql.json.StatementHolder;
import org.kawanfw.sql.servlet.SqlConfiguratorCall;

/* loaded from: input_file:org/kawanfw/sql/servlet/sql/ServerStatement.class */
public class ServerStatement {
    private static boolean DEBUG = FrameworkDebug.isSet(ServerStatement.class);
    public static String CR_LF = System.getProperty("line.separator");
    private CommonsConfigurator commonsConfigurator;
    private FileConfigurator fileConfigurator;
    private SqlConfigurator sqlConfigurator;
    private Connection connection;
    private String username;
    private StatementHolder statementHolder;
    private HttpServletRequest request;

    public ServerStatement(HttpServletRequest httpServletRequest, CommonsConfigurator commonsConfigurator, FileConfigurator fileConfigurator, SqlConfigurator sqlConfigurator, Connection connection, String str, StatementHolder statementHolder) throws SQLException {
        this.commonsConfigurator = null;
        this.fileConfigurator = null;
        if (commonsConfigurator == null) {
            throw new IllegalArgumentException(String.valueOf(Tag.PRODUCT_PRODUCT_FAIL) + "commonsConfigurator can not be null!");
        }
        if (sqlConfigurator == null) {
            throw new IllegalArgumentException(String.valueOf(Tag.PRODUCT_PRODUCT_FAIL) + "sqlConfigurator can not be null!");
        }
        if (connection == null) {
            throw new IllegalArgumentException(String.valueOf(Tag.PRODUCT_PRODUCT_FAIL) + "SQL Connection can not be null!");
        }
        if (str == null) {
            throw new IllegalArgumentException(String.valueOf(Tag.PRODUCT_PRODUCT_FAIL) + "username can not be null!");
        }
        if (statementHolder == null) {
            throw new IllegalArgumentException(String.valueOf(Tag.PRODUCT_PRODUCT_FAIL) + "statementHolder can not be null!");
        }
        this.commonsConfigurator = commonsConfigurator;
        this.fileConfigurator = fileConfigurator;
        this.sqlConfigurator = sqlConfigurator;
        this.connection = connection;
        this.username = str;
        this.statementHolder = statementHolder;
        this.request = httpServletRequest;
    }

    public File executeQueryOrUpdate(File file) throws SQLException, IOException {
        try {
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
            if (this.statementHolder.isPreparedStatement()) {
                executeQueryOrUpdatePrepStatement(bufferedWriter);
            } else {
                executeQueryOrUpdateStatement(bufferedWriter);
            }
            IOUtils.closeQuietly(bufferedWriter);
            return file;
        } catch (Throwable th) {
            IOUtils.closeQuietly((Writer) null);
            throw th;
        }
    }

    public String executeQueryOrUpdate() throws SQLException, IOException {
        StringWriter stringWriter = new StringWriter();
        if (this.statementHolder.isPreparedStatement()) {
            executeQueryOrUpdatePrepStatement(stringWriter);
        } else {
            executeQueryOrUpdateStatement(stringWriter);
        }
        return stringWriter.toString();
    }

    /* JADX WARN: Finally extract failed */
    private void executeQueryOrUpdatePrepStatement(Writer writer) throws SQLException, IOException {
        PreparedStatement prepareStatement;
        String sqlOrder = this.statementHolder.getSqlOrder();
        debug("statementHolder: " + this.statementHolder.getSqlOrder());
        debug("sqlOrder       : " + sqlOrder);
        if (this.statementHolder.isDoExtractResultSetMetaData()) {
            sqlOrder = DbVendorManager.addLimit1(sqlOrder, this.connection);
        }
        boolean z = false;
        if (this.statementHolder.getAutoGeneratedKeys() != -1) {
            prepareStatement = this.connection.prepareStatement(sqlOrder, this.statementHolder.getAutoGeneratedKeys());
            z = true;
        } else if (this.statementHolder.getColumnIndexesAutogenerateKeys().length != 0) {
            prepareStatement = this.connection.prepareStatement(sqlOrder, this.statementHolder.getColumnIndexesAutogenerateKeys());
            z = true;
        } else if (this.statementHolder.getColumnNamesAutogenerateKeys().length != 0) {
            prepareStatement = this.connection.prepareStatement(sqlOrder, this.statementHolder.getColumnNamesAutogenerateKeys());
            z = true;
        } else {
            prepareStatement = this.connection.prepareStatement(sqlOrder);
        }
        ServerPreparedStatementParameters serverPreparedStatementParameters = null;
        try {
            try {
                ServerSqlUtil.setStatementProperties(prepareStatement, this.statementHolder);
                Map<Integer, Integer> parameterTypes = this.statementHolder.getParameterTypes();
                Map<Integer, String> parameterStringValues = this.statementHolder.getParameterStringValues();
                debug("before ServerPreparedStatementParameters");
                ServerPreparedStatementParameters serverPreparedStatementParameters2 = new ServerPreparedStatementParameters(this.request, this.username, this.fileConfigurator, prepareStatement, this.statementHolder);
                serverPreparedStatementParameters2.setParameters();
                debug("before new SqlSecurityChecker()");
                if (!this.sqlConfigurator.allowStatementAfterAnalysis(this.username, this.connection, sqlOrder, serverPreparedStatementParameters2.getParameterValues())) {
                    String remoteAddr = this.request.getRemoteAddr();
                    SqlConfiguratorCall.runIfStatementRefused(this.sqlConfigurator, this.username, this.connection, remoteAddr, sqlOrder, serverPreparedStatementParameters2.getParameterValues());
                    debug("Before SqlConfiguratorCall.runIfStatementRefused");
                    SqlConfiguratorCall.runIfStatementRefused(this.sqlConfigurator, remoteAddr, this.connection, remoteAddr, sqlOrder, serverPreparedStatementParameters2.getParameterValues());
                    debug("After  SqlConfiguratorCall.runIfStatementRefused");
                    throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " [{Prepared Statement not authorized}{sql order : " + sqlOrder + "}{sql parms : " + parameterTypes + "}{sql values: " + parameterStringValues + "}]");
                }
                boolean allowResultSetGetMetaData = SqlConfiguratorCall.allowResultSetGetMetaData(this.sqlConfigurator, this.username, this.connection);
                if (this.statementHolder.isDoExtractResultSetMetaData() && !allowResultSetGetMetaData) {
                    throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " ResultSet.getMetaData() Query not authorized.");
                }
                debug("before executeQuery() / executeUpdate()");
                if (!this.statementHolder.isExecuteUpdate()) {
                    ResultSet resultSet = null;
                    try {
                        if (this.statementHolder.isDoExtractResultSetMetaData()) {
                            prepareStatement.setMaxRows(1);
                        } else {
                            ServerSqlUtil.setMaxRowsToReturn(prepareStatement, this.sqlConfigurator);
                        }
                        ResultSet executeQuery = prepareStatement.executeQuery();
                        writer.write("SEND_OK" + CR_LF);
                        if (this.statementHolder.isDoExtractResultSetMetaData()) {
                            new ResultSetMetaDataWriter(writer, this.commonsConfigurator, this.sqlConfigurator).write(executeQuery);
                        } else {
                            new ResultSetWriter(this.request, writer, this.commonsConfigurator, this.fileConfigurator, this.sqlConfigurator, this.username, sqlOrder, this.statementHolder).write(executeQuery);
                        }
                        if (executeQuery != null) {
                            executeQuery.close();
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            resultSet.close();
                        }
                        throw th;
                    }
                } else {
                    if (!SqlConfiguratorCall.allowExecuteUpdate(this.sqlConfigurator, this.username, this.connection)) {
                        SqlConfiguratorCall.runIfStatementRefused(this.sqlConfigurator, this.username, this.connection, this.request.getRemoteAddr(), sqlOrder, serverPreparedStatementParameters2.getParameterValues());
                        throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " [{Prepared Statement not authorized for executeUpdate}{sql order : " + sqlOrder + "}{sql parms : " + parameterTypes + "}{sql values: " + parameterStringValues + "}]");
                    }
                    int executeUpdate = prepareStatement.executeUpdate();
                    writer.write("SEND_OK" + CR_LF);
                    writer.write(String.valueOf(executeUpdate) + CR_LF);
                    if (z) {
                        ResultSet resultSet2 = null;
                        try {
                            resultSet2 = prepareStatement.getGeneratedKeys();
                            new ResultSetWriter(this.request, writer, this.commonsConfigurator, this.fileConfigurator, this.sqlConfigurator, this.username, sqlOrder, this.statementHolder).write(resultSet2);
                            if (resultSet2 != null) {
                                resultSet2.close();
                            }
                        } catch (Throwable th2) {
                            if (resultSet2 != null) {
                                resultSet2.close();
                            }
                            throw th2;
                        }
                    }
                }
                if (serverPreparedStatementParameters2 != null) {
                    serverPreparedStatementParameters2.close();
                }
                if (prepareStatement != null) {
                    prepareStatement.close();
                }
            } catch (SQLException e) {
                ServerLogger.getLogger().log(Level.WARNING, String.valueOf(Tag.PRODUCT_EXCEPTION_RAISED) + CR_LF + "Prepared statement: " + sqlOrder + CR_LF + "- sql order : " + sqlOrder + CR_LF + "- sql parms : " + ((Object) null) + CR_LF + "- sql values: " + ((Object) null) + CR_LF + "- exception : " + e.toString());
                throw e;
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                serverPreparedStatementParameters.close();
            }
            if (prepareStatement != null) {
                prepareStatement.close();
            }
            throw th3;
        }
    }

    /* JADX WARN: Finally extract failed */
    private void executeQueryOrUpdateStatement(Writer writer) throws SQLException, IOException {
        int executeUpdate;
        String sqlOrder = this.statementHolder.getSqlOrder();
        debug("statementHolder: " + this.statementHolder.getSqlOrder());
        debug("sqlOrder       : " + sqlOrder);
        if (this.statementHolder.isDoExtractResultSetMetaData()) {
            sqlOrder = DbVendorManager.addLimit1(sqlOrder, this.connection);
        }
        Statement statement = null;
        try {
            try {
                if (!SqlConfiguratorCall.allowStatementClass(this.sqlConfigurator, this.username, this.connection)) {
                    SqlConfiguratorCall.runIfStatementRefused(this.sqlConfigurator, this.username, this.connection, this.request.getRemoteAddr(), sqlOrder, new Vector());
                    throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " [{Statement not authorized}{sql order: " + sqlOrder + "}]");
                }
                Statement createStatement = this.connection.createStatement();
                ServerSqlUtil.setStatementProperties(createStatement, this.statementHolder);
                debug("before ServerPreparedStatementParameters");
                if (!this.sqlConfigurator.allowStatementAfterAnalysis(this.username, this.connection, sqlOrder, new Vector())) {
                    SqlConfiguratorCall.runIfStatementRefused(this.sqlConfigurator, this.username, this.connection, this.request.getRemoteAddr(), sqlOrder, new Vector());
                    throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " [{Statement not authorized}{sql order: " + sqlOrder + "}]");
                }
                boolean allowResultSetGetMetaData = SqlConfiguratorCall.allowResultSetGetMetaData(this.sqlConfigurator, this.username, this.connection);
                if (this.statementHolder.isDoExtractResultSetMetaData() && !allowResultSetGetMetaData) {
                    throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " ResultSet.getMetaData() Query not authorized.");
                }
                debug("before executeQuery() / executeUpdate(sqlOrder)");
                if (!this.statementHolder.isExecuteUpdate()) {
                    ResultSet resultSet = null;
                    try {
                        if (this.statementHolder.isDoExtractResultSetMetaData()) {
                            createStatement.setMaxRows(1);
                        } else {
                            ServerSqlUtil.setMaxRowsToReturn(createStatement, this.sqlConfigurator);
                        }
                        ResultSet executeQuery = createStatement.executeQuery(sqlOrder);
                        writer.write("SEND_OK" + CR_LF);
                        if (this.statementHolder.isDoExtractResultSetMetaData()) {
                            new ResultSetMetaDataWriter(writer, this.commonsConfigurator, this.sqlConfigurator).write(executeQuery);
                        } else {
                            new ResultSetWriter(this.request, writer, this.commonsConfigurator, this.fileConfigurator, this.sqlConfigurator, this.username, sqlOrder, this.statementHolder).write(executeQuery);
                        }
                        if (executeQuery != null) {
                            executeQuery.close();
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            resultSet.close();
                        }
                        throw th;
                    }
                } else {
                    if (!SqlConfiguratorCall.allowExecuteUpdate(this.sqlConfigurator, this.username, this.connection)) {
                        SqlConfiguratorCall.runIfStatementRefused(this.sqlConfigurator, this.username, this.connection, this.request.getRemoteAddr(), sqlOrder, new Vector());
                        throw new SecurityException(String.valueOf(Tag.PRODUCT_SECURITY) + " [{Statement not authorized for ExecuteUpdate}{sql order: " + sqlOrder + "}]");
                    }
                    boolean z = false;
                    if (this.statementHolder.getAutoGeneratedKeys() != -1) {
                        executeUpdate = createStatement.executeUpdate(sqlOrder, this.statementHolder.getAutoGeneratedKeys());
                        z = true;
                    } else if (this.statementHolder.getColumnIndexesAutogenerateKeys().length != 0) {
                        executeUpdate = createStatement.executeUpdate(sqlOrder, this.statementHolder.getColumnIndexesAutogenerateKeys());
                        z = true;
                    } else if (this.statementHolder.getColumnNamesAutogenerateKeys().length != 0) {
                        executeUpdate = createStatement.executeUpdate(sqlOrder, this.statementHolder.getColumnNamesAutogenerateKeys());
                        z = true;
                    } else {
                        executeUpdate = createStatement.executeUpdate(sqlOrder);
                    }
                    writer.write("SEND_OK" + CR_LF);
                    writer.write(String.valueOf(executeUpdate) + CR_LF);
                    if (z) {
                        ResultSet resultSet2 = null;
                        try {
                            resultSet2 = createStatement.getGeneratedKeys();
                            new ResultSetWriter(this.request, writer, this.commonsConfigurator, this.fileConfigurator, this.sqlConfigurator, this.username, sqlOrder, this.statementHolder).write(resultSet2);
                            if (resultSet2 != null) {
                                resultSet2.close();
                            }
                        } catch (Throwable th2) {
                            if (resultSet2 != null) {
                                resultSet2.close();
                            }
                            throw th2;
                        }
                    }
                }
                IOUtils.closeQuietly(writer);
                if (createStatement != null) {
                    createStatement.close();
                }
            } catch (SQLException e) {
                ServerLogger.getLogger().log(Level.WARNING, String.valueOf(Tag.PRODUCT_EXCEPTION_RAISED) + CR_LF + "Statement: " + sqlOrder + CR_LF + "- sql order: " + sqlOrder + CR_LF + "- exception: " + e.toString());
                throw e;
            }
        } catch (Throwable th3) {
            IOUtils.closeQuietly(writer);
            if (0 != 0) {
                statement.close();
            }
            throw th3;
        }
    }

    public static synchronized File createTempFileForResultSet() {
        return new File(String.valueOf(FrameworkFileUtil.getKawansoftTempDir()) + File.separator + "result-set-" + FrameworkFileUtil.getUniqueId() + ".tmp");
    }

    protected void debug(String str) {
        if (DEBUG) {
            ServerLogger.getLogger().log(Level.WARNING, str);
        }
    }
}
