package org.kawanfw.sql.servlet;

import java.io.IOException;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.kawanfw.sql.api.server.SqlEventWrapper;
import org.kawanfw.sql.api.server.firewall.SqlFirewallManager;
import org.kawanfw.sql.servlet.sql.ServerStatementUtil;
import org.kawanfw.sql.servlet.sql.json_return.JsonSecurityMessage;

/* loaded from: input_file:org/kawanfw/sql/servlet/ServerSqlDispatchUtil.class */
public class ServerSqlDispatchUtil {
    public static boolean isStoredProcedure(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(HttpParameter.STORED_PROCEDURE);
        String parameter2 = httpServletRequest.getParameter(HttpParameter.SQL);
        if (Boolean.parseBoolean(parameter)) {
            return true;
        }
        boolean z = false;
        if (parameter2 != null) {
            String lowerCase = parameter2.trim().toLowerCase();
            if (lowerCase.startsWith("{") && lowerCase.endsWith("}") && lowerCase.contains("call ")) {
                z = true;
            }
        }
        return z;
    }

    public static boolean isActionsSetAutoCommitFalse(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(HttpParameter.ACTION).equals(HttpParameter.SET_AUTO_COMMIT) && !Boolean.parseBoolean(httpServletRequest.getParameter(HttpParameter.ACTION_VALUE));
    }

    public static boolean isSavepointModifier(String str) {
        return str.equals(HttpParameter.SET_SAVEPOINT) || str.equals(HttpParameter.SET_NAMED_SAVEPOINT) || str.equals(HttpParameter.ROLLBACK_SAVEPOINT) || str.equals(HttpParameter.RELEASE_SAVEPOINT);
    }

    public static boolean isConnectionModifier(String str) {
        return str.equals(HttpParameter.SET_AUTO_COMMIT) || str.equals(HttpParameter.COMMIT) || str.equals(HttpParameter.ROLLBACK) || str.equals(HttpParameter.SET_READ_ONLY) || str.equals(HttpParameter.SET_HOLDABILITY) || str.equals(HttpParameter.SET_TRANSACTION_ISOLATION_LEVEL) || str.equals(HttpParameter.CLOSE);
    }

    public static boolean isConnectionReader(String str) {
        return str.equals(HttpParameter.GET_AUTO_COMMIT) || str.equals(HttpParameter.GET_CATALOG) || str.equals(HttpParameter.GET_SCHEMA) || str.equals(HttpParameter.GET_HOLDABILITY) || str.equals(HttpParameter.IS_READ_ONLY) || str.equals(HttpParameter.GET_TRANSACTION_ISOLATION_LEVEL);
    }

    public static boolean isActionForBlob(String str) {
        return str.equals(HttpParameter.BLOB_UPLOAD) || str.equals(HttpParameter.BLOB_DOWNLOAD);
    }

    public static boolean isExecuteQueryOrExecuteUpdate(String str) {
        return str.equals(HttpParameter.EXECUTE_UPDATE) || str.equals(HttpParameter.EXECUTE_QUERY);
    }

    public static boolean isExecute(String str) {
        return str.equals(HttpParameter.EXECUTE);
    }

    public static boolean isStatementExecuteBatch(String str) {
        return str.equals(HttpParameter.STATEMENT_EXECUTE_BATCH);
    }

    public static boolean isPreparedStatementExecuteBatch(String str) {
        return str.equals(HttpParameter.PREPARED_STATEMENT_EXECUTE_BATCH);
    }

    public static void checkMetadataAuthorized(HttpServletRequest httpServletRequest, Connection connection, List<SqlFirewallManager> list) throws IOException, SQLException {
        String parameter = httpServletRequest.getParameter(HttpParameter.USERNAME);
        String parameter2 = httpServletRequest.getParameter(HttpParameter.DATABASE);
        String remoteAddr = httpServletRequest.getRemoteAddr();
        boolean z = false;
        Iterator<SqlFirewallManager> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SqlFirewallManager next = it.next();
            z = next.allowMetadataQuery(parameter, parameter2, connection);
            if (!z) {
                next.runIfStatementRefused(SqlEventWrapper.sqlEventBuild(parameter, parameter2, remoteAddr, "<void>", ServerStatementUtil.isPreparedStatement(httpServletRequest), new ArrayList(), true), connection);
                break;
            }
        }
        if (!z) {
            throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild("<void>", "Metadata Query API calls are not allowed!", new HashMap(), new ArrayList(), true));
        }
    }
}
