package org.kawanfw.sql.servlet.sql.batch;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStream;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.kawanfw.sql.api.server.DatabaseConfigurator;
import org.kawanfw.sql.api.server.SqlEventWrapper;
import org.kawanfw.sql.api.server.firewall.SqlFirewallManager;
import org.kawanfw.sql.metadata.util.GsonWsUtil;
import org.kawanfw.sql.servlet.HttpParameter;
import org.kawanfw.sql.servlet.ServerSqlManager;
import org.kawanfw.sql.servlet.connection.RollbackUtil;
import org.kawanfw.sql.servlet.sql.LoggerUtil;
import org.kawanfw.sql.servlet.sql.ServerStatementUtil;
import org.kawanfw.sql.servlet.sql.StatementFailure;
import org.kawanfw.sql.servlet.sql.dto.UpdateCountsArrayDto;
import org.kawanfw.sql.servlet.sql.json_return.JsonErrorReturn;
import org.kawanfw.sql.servlet.sql.json_return.JsonSecurityMessage;
import org.kawanfw.sql.servlet.sql.parameters.ServerPreparedStatementParameters;
import org.kawanfw.sql.util.FrameworkDebug;

/* loaded from: input_file:org/kawanfw/sql/servlet/sql/batch/ServerStatementBatch.class */
public class ServerStatementBatch {
    private static boolean DEBUG = FrameworkDebug.isSet(ServerStatementBatch.class);
    public static String CR_LF = System.getProperty("line.separator");
    private Connection connection;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private Boolean doPrettyPrinting = true;
    private List<SqlFirewallManager> sqlFirewallManagers;
    private DatabaseConfigurator databaseConfigurator;

    public ServerStatementBatch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<SqlFirewallManager> list, Connection connection, DatabaseConfigurator databaseConfigurator) throws SQLException {
        this.connection = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.sqlFirewallManagers = list;
        this.connection = connection;
        this.databaseConfigurator = databaseConfigurator;
    }

    public void executeBatch(OutputStream outputStream) throws FileNotFoundException, IOException, SQLException {
        try {
            try {
                executeStatement(outputStream);
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Throwable th) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (SecurityException e3) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 403, 3, e3.getMessage()).build());
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e4) {
                }
            }
        } catch (SQLException e5) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 400, 1, e5.getMessage()).build());
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e6) {
                }
            }
        } catch (Exception e7) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 500, 4, e7.getMessage(), ExceptionUtils.getStackTrace(e7)).build());
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e8) {
                }
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    private void executeStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.DATABASE);
        String parameter3 = this.request.getParameter(HttpParameter.BLOB_ID);
        debug("blobId: " + parameter3);
        Statement statement = null;
        File file = null;
        try {
            if (parameter3 != null) {
                try {
                    if (!parameter3.isEmpty()) {
                        File file2 = new File(String.valueOf(this.databaseConfigurator.getBlobsDirectory(parameter).toString()) + File.separator + parameter3);
                        if (!file2.exists()) {
                            throw new FileNotFoundException("Cannot find file of batch SQL statement for Id: " + parameter3);
                        }
                        String remoteAddr = this.request.getRemoteAddr();
                        Statement createStatement = this.connection.createStatement();
                        debug("before statement.addBatch() loop");
                        Throwable th = null;
                        try {
                            BufferedReader bufferedReader = new BufferedReader(new FileReader(file2));
                            while (true) {
                                try {
                                    String readLine = bufferedReader.readLine();
                                    if (readLine == null) {
                                        break;
                                    }
                                    String trim = readLine.trim();
                                    debug("before new SqlSecurityChecker()");
                                    checkFirewallGeneral(parameter, parameter2, trim, remoteAddr);
                                    checkFirewallExecute(parameter, parameter2, trim, remoteAddr);
                                    createStatement.addBatch(trim);
                                } catch (Throwable th2) {
                                    if (bufferedReader != null) {
                                        bufferedReader.close();
                                    }
                                    throw th2;
                                }
                            }
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            debug("before statement.executeBatch()");
                            ServerSqlManager.writeLine(outputStream, GsonWsUtil.getJSonString(new UpdateCountsArrayDto(createStatement.executeBatch())));
                            if (createStatement != null) {
                                createStatement.close();
                            }
                            if (file2 != null) {
                                file2.delete();
                                return;
                            }
                            return;
                        } catch (Throwable th3) {
                            if (0 == 0) {
                                th = th3;
                            } else if (null != th3) {
                                th.addSuppressed(th3);
                            }
                            throw th;
                        }
                    }
                } catch (SQLException e) {
                    RollbackUtil.rollback(this.connection);
                    LoggerUtil.log(this.request, e, StatementFailure.statementFailureBuild(parameter3, e.toString(), this.doPrettyPrinting.booleanValue()));
                    throw e;
                }
            }
            throw new SQLException("blobId cannnot be null!.");
        } catch (Throwable th4) {
            if (0 != 0) {
                statement.close();
            }
            if (0 != 0) {
                file.delete();
            }
            throw th4;
        }
    }

    private void checkFirewallForExecuteUpdate(String str, String str2, String str3, ServerPreparedStatementParameters serverPreparedStatementParameters, String str4) throws IOException, SQLException, SecurityException {
        for (SqlFirewallManager sqlFirewallManager : this.sqlFirewallManagers) {
            if (!sqlFirewallManager.allowExecuteUpdate(str, str2, this.connection)) {
                sqlFirewallManager.runIfStatementRefused(SqlEventWrapper.sqlEventBuild(str, str2, str4, str3, ServerStatementUtil.isPreparedStatement(this.request), serverPreparedStatementParameters.getParameterValues(), false), this.connection);
                throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(str3, "Prepared Statement not allowed for executeUpdate", serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
            }
        }
    }

    private void checkFirewallExecute(String str, String str2, String str3, String str4) throws IOException, SQLException, SecurityException {
        for (SqlFirewallManager sqlFirewallManager : this.sqlFirewallManagers) {
            if (!sqlFirewallManager.allowExecuteUpdate(str, str2, this.connection)) {
                sqlFirewallManager.runIfStatementRefused(SqlEventWrapper.sqlEventBuild(str, str2, str4, str3, ServerStatementUtil.isPreparedStatement(this.request), new ArrayList(), false), this.connection);
                throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(str3, "Statement not allowed for for executeUpdate", this.doPrettyPrinting.booleanValue()));
            }
        }
    }

    private void checkFirewallGeneral(String str, String str2, String str3, String str4) throws IOException, SQLException, SecurityException {
        SqlFirewallManager sqlFirewallManager = null;
        boolean z = true;
        for (SqlFirewallManager sqlFirewallManager2 : this.sqlFirewallManagers) {
            sqlFirewallManager = sqlFirewallManager2;
            z = sqlFirewallManager2.allowStatementClass(str, str2, this.connection);
            if (!z) {
                break;
            }
            z = sqlFirewallManager2.allowSqlRunAfterAnalysis(SqlEventWrapper.sqlEventBuild(str, str2, str4, str3, ServerStatementUtil.isPreparedStatement(this.request), new Vector(), false), this.connection);
            if (!z) {
                break;
            }
        }
        if (z) {
            return;
        }
        sqlFirewallManager.runIfStatementRefused(SqlEventWrapper.sqlEventBuild(str, str2, str4, str3, ServerStatementUtil.isPreparedStatement(this.request), new ArrayList(), false), this.connection);
        throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(str3, "Statement not allowed", this.doPrettyPrinting.booleanValue()));
    }

    protected void debug(String str) {
        if (DEBUG) {
            System.out.println(new Date() + " " + str);
        }
    }
}
