package com.google.code.plsqlgateway.dad;

import com.google.code.eforceconfig.EntityConfig;
import com.google.code.plsqlgateway.servlet.SQLInjectionException;
import java.io.IOException;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import oracle.jdbc.OracleCallableStatement;
import oracle.sql.BFILE;
import oracle.sql.BLOB;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/google/code/plsqlgateway/dad/DADProcedureCaller.class */
public class DADProcedureCaller {
    private static final HashMap<String, Integer> EMPTY_DESCRIBE_MAP = new HashMap<>();
    private static final String[][] EMPTY_PARAMETER_MAP = {new String[]{""}, new String[]{""}};
    private static Logger logger = Logger.getLogger(DADProcedureCaller.class);
    private EntityConfig intconfig;
    private boolean isdocument;
    private String[] lines;
    private HttpServletRequest request;
    private Map parameterMap;
    private EntityConfig dadConfig;
    private String pathInfo;
    private String calledProc;
    private Object[] values;
    private int[] types;
    private String[][] cgienv;

    public DADProcedureCaller(String str, Map map, HttpServletRequest httpServletRequest, EntityConfig entityConfig, String[][] strArr, EntityConfig entityConfig2) {
        this.parameterMap = map;
        this.request = httpServletRequest;
        this.dadConfig = entityConfig;
        this.pathInfo = str;
        this.cgienv = strArr;
        this.intconfig = entityConfig2;
    }

    private void setVcArr(OracleCallableStatement oracleCallableStatement, int i, String[] strArr) throws Exception {
        oracleCallableStatement.setPlsqlIndexTable(i, strArr, strArr.length, strArr.length, 12, 32767);
    }

    public void call(Connection connection) throws Exception {
        boolean startsWith = this.pathInfo.startsWith("/!");
        OracleCallableStatement oracleCallableStatement = (OracleCallableStatement) connection.prepareCall(getSQL(startsWith, connection));
        int i = 1 + 1;
        oracleCallableStatement.setInt(1, this.cgienv[0].length);
        int i2 = i + 1;
        setVcArr(oracleCallableStatement, i, this.cgienv[0]);
        int i3 = i2 + 1;
        setVcArr(oracleCallableStatement, i2, this.cgienv[1]);
        if (startsWith) {
            String[][] parameters = getParameters();
            int i4 = i3 + 1;
            setVcArr(oracleCallableStatement, i3, parameters[0]);
            i3 = i4 + 1;
            setVcArr(oracleCallableStatement, i4, parameters[1]);
        } else {
            int i5 = 0;
            for (Object obj : this.values) {
                if (obj instanceof String[]) {
                    String[] strArr = (String[]) obj;
                    if (this.types[i5] == 1111) {
                        int i6 = i3;
                        i3++;
                        setVcArr(oracleCallableStatement, i6, strArr);
                    } else {
                        int i7 = i3;
                        i3++;
                        oracleCallableStatement.setString(i7, strArr[0]);
                    }
                } else {
                    int i8 = i3;
                    i3++;
                    oracleCallableStatement.setString(i8, (String) obj);
                }
                i5++;
            }
        }
        int i9 = i3;
        int i10 = i3 + 1;
        oracleCallableStatement.registerOutParameter(i9, 12);
        int i11 = i10 + 1;
        oracleCallableStatement.registerOutParameter(i10, 4);
        long currentTimeMillis = System.currentTimeMillis();
        try {
            oracleCallableStatement.execute();
            long currentTimeMillis2 = System.currentTimeMillis();
            if (this.dadConfig.getBooleanParameter("timed-statistics")) {
                logger.fatal((currentTimeMillis2 - currentTimeMillis) + "ms: " + this.request.getPathInfo());
            }
            if (oracleCallableStatement.getInt(i10) == 1) {
                this.isdocument = true;
            }
            oracleCallableStatement.close();
        } catch (Exception e) {
            dumpCgiEnv(this.cgienv);
            throw e;
        }
    }

    public int fetch(Connection connection) throws Exception {
        OracleCallableStatement prepareCall = connection.prepareCall(this.intconfig.getSQLstmt("OWA_FETCH"));
        prepareCall.setInt(1, 50);
        prepareCall.registerOutParameter(1, 4);
        prepareCall.registerIndexTableOutParameter(2, 50, 12, 256);
        prepareCall.execute();
        this.lines = (String[]) prepareCall.getPlsqlIndexTable(2);
        int i = prepareCall.getInt(1);
        prepareCall.close();
        return i;
    }

    public boolean isDocument() {
        return this.isdocument;
    }

    public InputStream getDocument(Connection connection) throws Exception {
        final OracleCallableStatement prepareCall = connection.prepareCall(this.intconfig.getSQLstmt("OWA_BLOB"));
        prepareCall.registerOutParameter(1, 2004);
        prepareCall.execute();
        final BLOB blob = prepareCall.getBLOB(1);
        if (blob != null) {
            blob.open(0);
            final InputStream binaryStream = blob.getBinaryStream(1L);
            return new InputStream() { // from class: com.google.code.plsqlgateway.dad.DADProcedureCaller.1
                @Override // java.io.InputStream
                public int read() throws IOException {
                    return binaryStream.read();
                }

                @Override // java.io.InputStream
                public int read(byte[] bArr) throws IOException {
                    return binaryStream.read(bArr);
                }

                @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
                public void close() throws IOException {
                    try {
                        binaryStream.close();
                        blob.close();
                    } catch (Exception e) {
                    }
                    try {
                        prepareCall.close();
                    } catch (Exception e2) {
                        throw new RuntimeException(e2);
                    }
                }
            };
        }
        try {
            prepareCall.close();
            final OracleCallableStatement prepareCall2 = connection.prepareCall(this.intconfig.getSQLstmt("OWA_BFILE"));
            prepareCall2.registerOutParameter(1, -13);
            prepareCall2.execute();
            final BFILE bfile = prepareCall2.getBFILE(1);
            bfile.open(0);
            final InputStream binaryStream2 = bfile.getBinaryStream(1L);
            return new InputStream() { // from class: com.google.code.plsqlgateway.dad.DADProcedureCaller.2
                @Override // java.io.InputStream
                public int read() throws IOException {
                    return binaryStream2.read();
                }

                @Override // java.io.InputStream
                public int read(byte[] bArr) throws IOException {
                    return binaryStream2.read(bArr);
                }

                @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
                public void close() throws IOException {
                    try {
                        binaryStream2.close();
                        bfile.close();
                    } catch (Exception e) {
                    }
                    try {
                        prepareCall2.close();
                    } catch (Exception e2) {
                        throw new RuntimeException(e2);
                    }
                }
            };
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String[] getLines() {
        return this.lines;
    }

    private String getSQL(boolean z, Connection connection) throws Exception {
        String sqlInjectionIdentifier;
        String sQLstmt = this.intconfig.getSQLstmt("OWA_CALL");
        if (z) {
            this.calledProc = sqlInjectionIdentifier(this.pathInfo.substring(2));
            sqlInjectionIdentifier = this.calledProc + "(?,?)";
        } else {
            sqlInjectionIdentifier = sqlInjectionIdentifier(this.pathInfo.substring(1));
            this.calledProc = sqlInjectionIdentifier;
            Map<String, Integer> describeProcedure = describeProcedure(this.calledProc, connection);
            String str = "";
            Set<Map.Entry> entrySet = this.parameterMap.entrySet();
            this.values = new Object[entrySet.size()];
            this.types = new int[entrySet.size()];
            int i = 0;
            for (Map.Entry entry : entrySet) {
                this.values[i] = entry.getValue();
                Integer num = describeProcedure.get(((String) entry.getKey()).toUpperCase());
                this.types[i] = num == null ? 12 : num.intValue();
                str = str + ", " + sqlInjectionIdentifier((String) entry.getKey()) + " => ?";
                i++;
            }
            if (str.length() > 2) {
                sqlInjectionIdentifier = sqlInjectionIdentifier + "(" + str.substring(2) + ")";
            }
        }
        String replaceFirst = sQLstmt.replaceFirst("#procedure#", sqlInjectionIdentifier);
        String parameter = this.dadConfig.getParameter("request-validation-function");
        String replaceFirst2 = replaceFirst.replaceFirst("#request-validation-function#", parameter != null ? parameter + "('" + this.calledProc + "')" : "true");
        String parameter2 = this.dadConfig.getParameter("before-procedure");
        String replaceFirst3 = replaceFirst2.replaceFirst("#before-procedure#", parameter2 != null ? parameter2 : "null");
        String parameter3 = this.dadConfig.getParameter("after-procedure");
        return replaceFirst3.replaceFirst("#after-procedure#", parameter3 != null ? parameter3 : "null");
    }

    private Map<String, Integer> describeProcedure(String str, Connection connection) throws Exception {
        if (!this.dadConfig.getBooleanParameter("describe-procedure")) {
            return EMPTY_DESCRIBE_MAP;
        }
        logger.fatal("describeProcedure: " + str);
        String[] split = str.split("\\.");
        ResultSet resultSet = null;
        if (split.length == 1) {
            String upperCase = split[0].toUpperCase();
            ResultSet procedures = connection.getMetaData().getProcedures("", "", upperCase);
            if (!procedures.next()) {
                procedures.close();
                return describeProcedure(translateSynonym(connection, split), connection);
            }
            procedures.close();
            resultSet = connection.getMetaData().getProcedureColumns("", "", upperCase, "%");
        } else if (split.length == 2) {
            ResultSet procedures2 = connection.getMetaData().getProcedures(split[0].toUpperCase(), "", split[1].toUpperCase());
            if (procedures2.next()) {
                procedures2.close();
                resultSet = connection.getMetaData().getProcedureColumns(split[0].toUpperCase(), "", split[1].toUpperCase(), "%");
            } else {
                procedures2.close();
                ResultSet procedures3 = connection.getMetaData().getProcedures("", split[0].toUpperCase(), split[1].toUpperCase());
                if (!procedures3.next()) {
                    procedures3.close();
                    return describeProcedure(translateSynonym(connection, split), connection);
                }
                procedures3.close();
                resultSet = connection.getMetaData().getProcedureColumns("", split[0].toUpperCase(), split[1].toUpperCase(), "%");
            }
        } else if (split.length == 3) {
            ResultSet procedures4 = connection.getMetaData().getProcedures(split[1].toUpperCase(), split[0].toUpperCase(), split[2].toUpperCase());
            if (!procedures4.next()) {
                procedures4.close();
                return describeProcedure(translateSynonym(connection, split), connection);
            }
            procedures4.close();
            resultSet = connection.getMetaData().getProcedureColumns(split[1].toUpperCase(), split[0].toUpperCase(), split[2].toUpperCase(), "%");
        }
        HashMap hashMap = new HashMap();
        while (resultSet.next()) {
            hashMap.put(resultSet.getString("COLUMN_NAME"), Integer.valueOf(resultSet.getInt("DATA_TYPE")));
        }
        return hashMap;
    }

    private String[] toupper(String[] strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr2.length; i++) {
            strArr2[i] = strArr[i].toUpperCase();
        }
        return strArr2;
    }

    private String translateSynonym(Connection connection, String[] strArr) throws Exception {
        OracleCallableStatement oracleCallableStatement = (OracleCallableStatement) connection.prepareCall(this.intconfig.getSQLstmt("TRANSLATE_SYNONYM"));
        setVcArr(oracleCallableStatement, 1, toupper(strArr));
        oracleCallableStatement.registerOutParameter(2, 12);
        oracleCallableStatement.execute();
        return oracleCallableStatement.getString(2);
    }

    private String[][] getParameters() throws Exception {
        Map map = this.parameterMap;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Map.Entry entry : map.entrySet()) {
            Object value = entry.getValue();
            if (value instanceof String[]) {
                for (String str : (String[]) value) {
                    arrayList.add((String) entry.getKey());
                    arrayList2.add(str);
                }
            } else {
                arrayList.add((String) entry.getKey());
                arrayList2.add((String) value);
            }
        }
        String[][] strArr = {(String[]) arrayList.toArray(new String[0]), (String[]) arrayList2.toArray(new String[0])};
        if (strArr[0].length == 0) {
            strArr = EMPTY_PARAMETER_MAP;
        }
        return strArr;
    }

    private void dumpCgiEnv(String[][] strArr) {
        logger.error("CGI ENV:");
        for (int i = 0; i < strArr[0].length; i++) {
            logger.error("    " + strArr[0][i] + ": " + strArr[1][i]);
        }
    }

    private String sqlInjectionIdentifier(String str) throws SQLInjectionException {
        String lowerCase = str.toLowerCase();
        if (!lowerCase.matches(this.intconfig.getParameter("sql-injection-regexp"))) {
            throw new SQLInjectionException(str);
        }
        Iterator it = this.dadConfig.getListParameter("exclusion-list").iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (lowerCase.matches(str2)) {
                throw new SQLInjectionException(str + " matches exclusion regexp /" + str2 + "/");
            }
        }
        return str;
    }
}
