package org.kawanfw.sql.servlet.sql;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Date;
import java.util.Vector;
import java.util.zip.GZIPOutputStream;
import javax.json.stream.JsonGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.kawanfw.sql.api.server.DatabaseConfigurator;
import org.kawanfw.sql.servlet.DatabaseConfiguratorCall;
import org.kawanfw.sql.servlet.HttpParameter;
import org.kawanfw.sql.servlet.ServerSqlManager;
import org.kawanfw.sql.servlet.sql.json_return.JsonErrorReturn;
import org.kawanfw.sql.servlet.sql.json_return.JsonSecurityMessage;
import org.kawanfw.sql.servlet.sql.json_return.JsonUtil;
import org.kawanfw.sql.util.FrameworkDebug;

/* loaded from: input_file:org/kawanfw/sql/servlet/sql/ServerStatement.class */
public class ServerStatement {
    private static boolean DEBUG = FrameworkDebug.isSet(ServerStatement.class);
    public static String CR_LF = System.getProperty("line.separator");
    private Connection connection;
    private HttpServletRequest request;
    private DatabaseConfigurator databaseConfigurator;
    private HttpServletResponse response;
    private Boolean doPrettyPrinting;

    public ServerStatement(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, DatabaseConfigurator databaseConfigurator, Connection connection) throws SQLException {
        this.connection = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.databaseConfigurator = databaseConfigurator;
        this.connection = connection;
        this.doPrettyPrinting = Boolean.valueOf(httpServletRequest.getParameter(HttpParameter.PRETTY_PRINTING));
    }

    public void executeQueryOrUpdate(OutputStream outputStream) throws FileNotFoundException, IOException, SQLException {
        OutputStream outputStream2 = null;
        try {
            try {
                try {
                    try {
                        OutputStream finalOutputStream = getFinalOutputStream(outputStream);
                        if (isPreparedStatement()) {
                            executePrepStatement(finalOutputStream);
                        } else {
                            executeStatement(finalOutputStream);
                        }
                        if (finalOutputStream != null) {
                            try {
                                finalOutputStream.close();
                            } catch (Exception e) {
                            }
                        }
                    } catch (SQLException e2) {
                        ServerSqlManager.writeLine(null, new JsonErrorReturn(this.response, 400, 1, e2.getMessage()).build());
                        if (0 != 0) {
                            try {
                                outputStream2.close();
                            } catch (Exception e3) {
                            }
                        }
                    }
                } catch (Exception e4) {
                    ServerSqlManager.writeLine(null, new JsonErrorReturn(this.response, 500, 4, e4.getMessage(), ExceptionUtils.getStackTrace(e4)).build());
                    if (0 != 0) {
                        try {
                            outputStream2.close();
                        } catch (Exception e5) {
                        }
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        outputStream2.close();
                    } catch (Exception e6) {
                    }
                }
                throw th;
            }
        } catch (SecurityException e7) {
            ServerSqlManager.writeLine(null, new JsonErrorReturn(this.response, 401, 3, e7.getMessage()).build());
            if (0 != 0) {
                try {
                    outputStream2.close();
                } catch (Exception e8) {
                }
            }
        }
    }

    private OutputStream getFinalOutputStream(OutputStream outputStream) throws FileNotFoundException, IOException {
        boolean parseBoolean = Boolean.parseBoolean(this.request.getParameter(HttpParameter.GZIP_RESULT));
        if (isExecuteUpdate()) {
            parseBoolean = false;
        }
        return parseBoolean ? new GZIPOutputStream(outputStream) : outputStream;
    }

    private boolean isPreparedStatement() {
        return Boolean.parseBoolean(this.request.getParameter(HttpParameter.PREPARED_STATEMENT));
    }

    private void executePrepStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.SQL);
        debug("sqlOrder        : " + parameter2);
        PreparedStatement preparedStatement = null;
        ServerPreparedStatementParameters serverPreparedStatementParameters = null;
        try {
            if (parameter2 != null) {
                try {
                    if (!parameter2.isEmpty()) {
                        PreparedStatement prepareStatement = this.connection.prepareStatement(parameter2);
                        debug("before ServerPreparedStatementParameters");
                        ServerPreparedStatementParameters serverPreparedStatementParameters2 = new ServerPreparedStatementParameters(prepareStatement, this.request);
                        try {
                            serverPreparedStatementParameters2.setParameters();
                            debug("before new SqlSecurityChecker()");
                            boolean z = true;
                            String remoteAddr = this.request.getRemoteAddr();
                            if (!this.databaseConfigurator.allowStatementAfterAnalysis(parameter, this.connection, remoteAddr, parameter2, isPreparedStatement(), serverPreparedStatementParameters2.getParameterValues())) {
                                z = false;
                            }
                            if (!z) {
                                debug("Before DatabaseConfiguratorCall.runIfStatementRefused");
                                DatabaseConfiguratorCall.runIfStatementRefused(this.databaseConfigurator, remoteAddr, this.connection, remoteAddr, parameter2, serverPreparedStatementParameters2.getParameterValues());
                                debug("After  DatabaseConfiguratorCall.runIfStatementRefused");
                                throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(parameter2, "Prepared Statement not allowed", serverPreparedStatementParameters2.getParameterTypes(), serverPreparedStatementParameters2.getParameterValues(), this.doPrettyPrinting.booleanValue()));
                            }
                            debug("before executeQuery() / executeUpdate()");
                            if (!isExecuteUpdate()) {
                                ResultSet resultSet = null;
                                try {
                                    resultSet = prepareStatement.executeQuery();
                                    JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(this.doPrettyPrinting.booleanValue()).createGenerator(outputStream);
                                    createGenerator.writeStartObject().write("status", "OK");
                                    new ResultSetWriter(this.request, outputStream, parameter, parameter2, createGenerator).write(resultSet);
                                    createGenerator.writeEnd();
                                    createGenerator.flush();
                                    createGenerator.close();
                                    if (resultSet != null) {
                                        resultSet.close();
                                    }
                                } catch (Throwable th) {
                                    if (resultSet != null) {
                                        resultSet.close();
                                    }
                                    throw th;
                                }
                            } else {
                                if (!DatabaseConfiguratorCall.allowExecuteUpdate(this.databaseConfigurator, parameter, this.connection)) {
                                    DatabaseConfiguratorCall.runIfStatementRefused(this.databaseConfigurator, parameter, this.connection, remoteAddr, parameter2, serverPreparedStatementParameters2.getParameterValues());
                                    throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(parameter2, "Prepared Statement not allowed for executeUpdate", serverPreparedStatementParameters2.getParameterTypes(), serverPreparedStatementParameters2.getParameterValues(), this.doPrettyPrinting.booleanValue()));
                                }
                                int executeUpdate = prepareStatement.executeUpdate();
                                StringWriter stringWriter = new StringWriter();
                                JsonGenerator createGenerator2 = JsonUtil.getJsonGeneratorFactory(JsonUtil.DEFAULT_PRETTY_PRINTING).createGenerator(stringWriter);
                                createGenerator2.writeStartObject().write("status", "OK").write("row_count", executeUpdate).writeEnd();
                                createGenerator2.close();
                                ServerSqlManager.write(outputStream, stringWriter.toString());
                            }
                            if (serverPreparedStatementParameters2 != null) {
                                serverPreparedStatementParameters2.close();
                            }
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            return;
                        } catch (IllegalArgumentException e) {
                            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 400, 2, e.getMessage()).build());
                            if (serverPreparedStatementParameters2 != null) {
                                serverPreparedStatementParameters2.close();
                            }
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            return;
                        }
                    }
                } catch (SQLException e2) {
                    LoggerUtil.log(this.request, e2, StatementFailure.prepStatementFailureBuild(parameter2, e2.toString(), serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
                    throw e2;
                }
            }
            throw new SQLException("A 'sql' statement is required.");
        } catch (Throwable th2) {
            if (0 != 0) {
                serverPreparedStatementParameters.close();
            }
            if (0 != 0) {
                preparedStatement.close();
            }
            throw th2;
        }
    }

    private void executeStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.SQL);
        debug("sqlOrder   : " + parameter2);
        Statement statement = null;
        DatabaseConfigurator databaseConfigurator = ServerSqlManager.getDatabaseConfigurator(this.request.getParameter(HttpParameter.DATABASE));
        try {
            if (parameter2 != null) {
                try {
                    if (!parameter2.isEmpty()) {
                        this.connection.prepareStatement(parameter2);
                        debug("before new SqlSecurityChecker()");
                        boolean z = true;
                        if (!DatabaseConfiguratorCall.allowStatementClass(databaseConfigurator, parameter, this.connection)) {
                            z = false;
                        }
                        String remoteAddr = this.request.getRemoteAddr();
                        if (!databaseConfigurator.allowStatementAfterAnalysis(parameter, this.connection, remoteAddr, parameter2, isPreparedStatement(), new Vector())) {
                            z = false;
                        }
                        if (!z) {
                            DatabaseConfiguratorCall.runIfStatementRefused(databaseConfigurator, parameter, this.connection, remoteAddr, parameter2, new Vector());
                            throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(parameter2, "Statement not allowed", this.doPrettyPrinting.booleanValue()));
                        }
                        Statement createStatement = this.connection.createStatement();
                        debug("before executeQuery() / executeUpdate(sqlOrder)");
                        if (!isExecuteUpdate()) {
                            ResultSet resultSet = null;
                            try {
                                ServerSqlUtil.setMaxRowsToReturn(createStatement, databaseConfigurator);
                                debug("sqlorder: " + parameter2);
                                resultSet = createStatement.executeQuery(parameter2);
                                JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(this.doPrettyPrinting.booleanValue()).createGenerator(outputStream);
                                createGenerator.writeStartObject().write("status", "OK");
                                new ResultSetWriter(this.request, outputStream, parameter, parameter2, createGenerator).write(resultSet);
                                createGenerator.writeEnd();
                                createGenerator.flush();
                                createGenerator.close();
                                if (resultSet != null) {
                                    resultSet.close();
                                }
                            } catch (Throwable th) {
                                if (resultSet != null) {
                                    resultSet.close();
                                }
                                throw th;
                            }
                        } else {
                            if (!DatabaseConfiguratorCall.allowExecuteUpdate(databaseConfigurator, parameter, this.connection)) {
                                DatabaseConfiguratorCall.runIfStatementRefused(databaseConfigurator, parameter, this.connection, remoteAddr, parameter2, new Vector());
                                throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(parameter2, "Statement not allowed for for executeUpdate", this.doPrettyPrinting.booleanValue()));
                            }
                            int executeUpdate = createStatement.executeUpdate(parameter2);
                            StringWriter stringWriter = new StringWriter();
                            JsonGenerator createGenerator2 = JsonUtil.getJsonGeneratorFactory(JsonUtil.DEFAULT_PRETTY_PRINTING).createGenerator(stringWriter);
                            createGenerator2.writeStartObject().write("status", "OK").write("row_count", executeUpdate).writeEnd();
                            createGenerator2.close();
                            ServerSqlManager.write(outputStream, stringWriter.toString());
                        }
                        if (createStatement != null) {
                            createStatement.close();
                            return;
                        }
                        return;
                    }
                } catch (SQLException e) {
                    LoggerUtil.log(this.request, e, StatementFailure.statementFailureBuild(parameter2, e.toString(), this.doPrettyPrinting.booleanValue()));
                    throw e;
                }
            }
            throw new SQLException("A 'sql' statement is required.");
        } catch (Throwable th2) {
            if (0 != 0) {
                statement.close();
            }
            throw th2;
        }
    }

    private boolean isExecuteUpdate() {
        return this.request.getParameter(HttpParameter.ACTION).equals(HttpParameter.EXECUTE_UPDATE);
    }

    protected void debug(String str) {
        if (DEBUG) {
            System.out.println(new Date() + " " + str);
        }
    }
}
