package org.owasp.webgoat.session;

import java.io.File;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Iterator;
import org.owasp.webgoat.Catcher;

/* loaded from: input_file:org/owasp/webgoat/session/UserDatabase.class */
class UserDatabase {
    private Connection userDB;
    private final String USER_DB_URI = "jdbc:h2:" + System.getProperty("user.dir") + File.separator + "UserDatabase";
    private final String CREATE_USERS_TABLE = "CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTO_INCREMENT, username VARCHAR(255) NOT NULL UNIQUE);";
    private final String CREATE_ROLES_TABLE = "CREATE TABLE IF NOT EXISTS roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, rolename VARCHAR(255) NOT NULL UNIQUE);";
    private final String CREATE_USER_ROLES_TABLE = "CREATE TABLE IF NOT EXISTS user_roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, user_id INTEGER NOT NULL, role_id INTEGER NOT NULL, FOREIGN KEY (user_id) REFERENCES users(id), FOREIGN KEY (role_id) REFERENCES roles(id));";
    private final String ADD_DEFAULT_USERS = "INSERT INTO users (username) VALUES ('webgoat'),('basic'),('guest');";
    private final String ADD_DEFAULT_ROLES = "INSERT INTO roles (rolename) VALUES ('webgoat_basic'),('webgoat_admin'),('webgoat_user');";
    private final String ADD_ROLE_TO_USER = "INSERT INTO user_roles (user_id, role_id) SELECT users.id, roles.id FROM users, roles WHERE users.username = ? AND roles.rolename = ?;";
    private final String QUERY_ALL_USERS = "SELECT username FROM users;";
    private final String QUERY_ALL_ROLES_FOR_USERNAME = "SELECT rolename FROM roles, user_roles, users WHERE roles.id = user_roles.role_id AND user_roles.user_id = users.id AND users.username = ?;";
    private final String QUERY_TABLE_COUNT = "SELECT count(id) AS count FROM table;";
    private final String DELETE_ALL_ROLES_FOR_USER = "DELETE FROM user_roles WHERE user_id IN (SELECT id FROM users WHERE username = ?);";
    private final String DELETE_USER = "DELETE FROM users WHERE username = ?;";

    public UserDatabase() {
        createDefaultTables();
        if (getTableCount("users") <= 0) {
            createDefaultUsers();
        }
        if (getTableCount("roles") <= 0) {
            createDefaultRoles();
        }
        if (getTableCount("user_roles") <= 0) {
            addDefaultRolesToDefaultUsers();
        }
    }

    public boolean open() {
        try {
            if (this.userDB == null || this.userDB.isClosed()) {
                Class.forName("org.h2.Driver");
                this.userDB = DriverManager.getConnection(this.USER_DB_URI, "webgoat_admin", Catcher.EMPTY_STRING);
            }
            return true;
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            return false;
        } catch (SQLException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public boolean close() {
        try {
            if (this.userDB != null && !this.userDB.isClosed()) {
                this.userDB.close();
            }
            return true;
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }

    public int getTableCount(String str) {
        int i = 0;
        try {
            open();
            Statement createStatement = this.userDB.createStatement();
            ResultSet executeQuery = createStatement.executeQuery("SELECT count(id) AS count FROM table;".replace("table", str));
            if (executeQuery.next()) {
                i = executeQuery.getInt("count");
            }
            executeQuery.close();
            createStatement.close();
            close();
        } catch (SQLException e) {
            e.printStackTrace();
            i = -1;
        }
        return i;
    }

    public Iterator<User> getUsers() {
        ArrayList arrayList = new ArrayList();
        try {
            open();
            Statement createStatement = this.userDB.createStatement();
            PreparedStatement prepareStatement = this.userDB.prepareStatement("SELECT rolename FROM roles, user_roles, users WHERE roles.id = user_roles.role_id AND user_roles.user_id = users.id AND users.username = ?;");
            ResultSet executeQuery = createStatement.executeQuery("SELECT username FROM users;");
            while (executeQuery.next()) {
                User user = new User(executeQuery.getString("username"));
                prepareStatement.setString(1, user.getUsername());
                ResultSet executeQuery2 = prepareStatement.executeQuery();
                while (executeQuery2.next()) {
                    user.addRole(executeQuery2.getString("rolename"));
                }
                executeQuery2.close();
            }
            prepareStatement.close();
            executeQuery.close();
            close();
        } catch (SQLException e) {
            e.printStackTrace();
            arrayList = new ArrayList();
        }
        return arrayList.iterator();
    }

    public boolean addRoleToUser(String str, String str2) {
        try {
            open();
            PreparedStatement prepareStatement = this.userDB.prepareStatement("INSERT INTO user_roles (user_id, role_id) SELECT users.id, roles.id FROM users, roles WHERE users.username = ? AND roles.rolename = ?;");
            prepareStatement.setString(1, str);
            prepareStatement.setString(2, str2);
            prepareStatement.execute();
            prepareStatement.close();
            close();
            return true;
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }

    public boolean removeUser(User user) {
        return removeUser(user.getUsername());
    }

    public boolean removeUser(String str) {
        try {
            open();
            PreparedStatement prepareStatement = this.userDB.prepareStatement("DELETE FROM user_roles WHERE user_id IN (SELECT id FROM users WHERE username = ?);");
            PreparedStatement prepareStatement2 = this.userDB.prepareStatement("DELETE FROM users WHERE username = ?;");
            prepareStatement.setString(1, str);
            prepareStatement2.setString(1, str);
            prepareStatement.execute();
            prepareStatement2.execute();
            prepareStatement.close();
            prepareStatement2.close();
            close();
            return true;
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }

    private boolean createDefaultTables() {
        try {
            open();
            Statement createStatement = this.userDB.createStatement();
            createStatement.execute("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTO_INCREMENT, username VARCHAR(255) NOT NULL UNIQUE);");
            createStatement.execute("CREATE TABLE IF NOT EXISTS roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, rolename VARCHAR(255) NOT NULL UNIQUE);");
            createStatement.execute("CREATE TABLE IF NOT EXISTS user_roles (id INTEGER PRIMARY KEY AUTO_INCREMENT, user_id INTEGER NOT NULL, role_id INTEGER NOT NULL, FOREIGN KEY (user_id) REFERENCES users(id), FOREIGN KEY (role_id) REFERENCES roles(id));");
            createStatement.close();
            close();
            return true;
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }

    private boolean createDefaultUsers() {
        try {
            open();
            Statement createStatement = this.userDB.createStatement();
            createStatement.execute("INSERT INTO users (username) VALUES ('webgoat'),('basic'),('guest');");
            createStatement.close();
            close();
            return true;
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }

    private boolean createDefaultRoles() {
        try {
            open();
            Statement createStatement = this.userDB.createStatement();
            createStatement.execute("INSERT INTO roles (rolename) VALUES ('webgoat_basic'),('webgoat_admin'),('webgoat_user');");
            createStatement.close();
            close();
            return true;
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }

    private void addDefaultRolesToDefaultUsers() {
        addRoleToUser("webgoat", "webgoat_admin");
        addRoleToUser("basic", "webgoat_user");
        addRoleToUser("basic", "webgoat_basic");
        addRoleToUser("guest", "webgoat_user");
    }
}
