package pro.taskana.common.internal.configuration;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import javax.sql.DataSource;
import org.apache.ibatis.jdbc.SqlRunner;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.Conversions;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pro.taskana.common.api.exceptions.SystemException;
import pro.taskana.common.internal.logging.LoggingAspect;
import spinjar.com.fasterxml.jackson.annotation.JsonProperty;

/* loaded from: input_file:WEB-INF/lib/taskana-common-4.7.0.jar:pro/taskana/common/internal/configuration/SecurityVerifier.class */
public class SecurityVerifier {
    private static final Logger LOGGER;
    private static final String SECURITY_FLAG_COLUMN_NAME = "ENFORCE_SECURITY";
    private static final String INSERT_SECURITY_FLAG = "INSERT INTO %s.CONFIGURATION VALUES (%b)";
    private static final String SELECT_SECURITY_FLAG = "SELECT %s FROM %s.CONFIGURATION";
    private final String schemaName;
    private final DataSource dataSource;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;

    static {
        ajc$preClinit();
        LOGGER = LoggerFactory.getLogger((Class<?>) SecurityVerifier.class);
    }

    public SecurityVerifier(DataSource dataSource, String str) {
        this.dataSource = dataSource;
        this.schemaName = str;
    }

    /* JADX WARN: Finally extract failed */
    public void checkSecureAccess(boolean z) {
        Connection connection;
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, Conversions.booleanObject(z));
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Throwable th = null;
        try {
            try {
                connection = this.dataSource.getConnection();
            } catch (Throwable th2) {
                if (0 == 0) {
                    th = th2;
                } else if (null != th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (SQLException unused) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(String.format("Security-mode is not yet set. Setting security flag to %b", Boolean.valueOf(z)));
            }
            setInitialSecurityMode(z);
        }
        try {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(connection.getMetaData().toString());
            }
            if (((Boolean) new SqlRunner(connection).selectOne(String.format(SELECT_SECURITY_FLAG, SECURITY_FLAG_COLUMN_NAME, this.schemaName), new Object[0]).get(SECURITY_FLAG_COLUMN_NAME)).booleanValue() && !z) {
                LOGGER.error("Tried to start TASKANA in unsecured mode while secured mode is enforced!");
                throw new SystemException("Secured TASKANA mode is enforced, can't start in unsecured mode");
            }
            if (connection != null) {
                connection.close();
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Security-mode is enabled");
            }
            LoggingAspect.aspectOf().afterMethodExecuted(makeJP, null);
        } catch (Throwable th3) {
            if (connection != null) {
                connection.close();
            }
            throw th3;
        }
    }

    /* JADX WARN: Finally extract failed */
    private void setInitialSecurityMode(boolean z) {
        Throwable th;
        Connection connection;
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, Conversions.booleanObject(z));
        LoggingAspect.aspectOf().beforeMethodExecuted(makeJP);
        Throwable th2 = null;
        try {
            try {
                connection = this.dataSource.getConnection();
                try {
                    th2 = null;
                } catch (Throwable th3) {
                    if (connection != null) {
                        connection.close();
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (SQLException e) {
            LOGGER.error("Caught exception while trying to retrieve connection from datasource ", (Throwable) e);
        }
        try {
            try {
                PreparedStatement prepareStatement = connection.prepareStatement(String.format(INSERT_SECURITY_FLAG, this.schemaName, Boolean.valueOf(z)));
                try {
                    prepareStatement.execute();
                    if (!connection.getAutoCommit()) {
                        connection.commit();
                    }
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug(String.format("Successfully set security-mode to %b", Boolean.valueOf(z)));
                    }
                    if (prepareStatement != null) {
                        prepareStatement.close();
                    }
                    if (connection != null) {
                        connection.close();
                    }
                    LoggingAspect.aspectOf().afterMethodExecuted(makeJP, null);
                } catch (Throwable th4) {
                    if (prepareStatement != null) {
                        prepareStatement.close();
                    }
                    throw th4;
                }
            } catch (SQLException e2) {
                LOGGER.error("Caught exception while trying to set the initial TASKANA security mode. Aborting start-up process!", (Throwable) e2);
                throw new SystemException("Couldn't set initial TASKANA security mode. Aborting start-up process!");
            }
        } finally {
        }
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("SecurityVerifier.java", SecurityVerifier.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "checkSecureAccess", "pro.taskana.common.internal.configuration.SecurityVerifier", "boolean", "securityEnabled", JsonProperty.USE_DEFAULT_NAME, "void"), 28);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "setInitialSecurityMode", "pro.taskana.common.internal.configuration.SecurityVerifier", "boolean", "securityEnabled", JsonProperty.USE_DEFAULT_NAME, "void"), 64);
    }
}
