package org.kawanfw.sql.servlet.sql.callable;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringWriter;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.zip.GZIPOutputStream;
import javax.json.stream.JsonGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.kawanfw.sql.api.server.firewall.SqlFirewallManager;
import org.kawanfw.sql.servlet.HttpParameter;
import org.kawanfw.sql.servlet.ServerSqlManager;
import org.kawanfw.sql.servlet.sql.AceQLParameter;
import org.kawanfw.sql.servlet.sql.LoggerUtil;
import org.kawanfw.sql.servlet.sql.ResultSetWriter;
import org.kawanfw.sql.servlet.sql.ServerPreparedStatementParameters;
import org.kawanfw.sql.servlet.sql.StatementFailure;
import org.kawanfw.sql.servlet.sql.json_return.JsonErrorReturn;
import org.kawanfw.sql.servlet.sql.json_return.JsonSecurityMessage;
import org.kawanfw.sql.servlet.sql.json_return.JsonUtil;
import org.kawanfw.sql.util.FrameworkDebug;

/* loaded from: input_file:org/kawanfw/sql/servlet/sql/callable/ServerCallableStatement.class */
public class ServerCallableStatement {
    private static boolean DEBUG = FrameworkDebug.isSet(ServerCallableStatement.class);
    public static String CR_LF = System.getProperty("line.separator");
    private Connection connection;
    private HttpServletRequest request;
    private List<SqlFirewallManager> sqlFirewallManagers = new ArrayList();
    private HttpServletResponse response;
    private Boolean doPrettyPrinting;

    public ServerCallableStatement(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<SqlFirewallManager> list, Connection connection) throws SQLException {
        this.connection = null;
        this.request = null;
        this.response = null;
        this.doPrettyPrinting = false;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.connection = connection;
        this.doPrettyPrinting = true;
    }

    public void executeOrExecuteQuery(OutputStream outputStream) throws FileNotFoundException, IOException, SQLException {
        OutputStream outputStream2 = null;
        try {
            try {
                try {
                    try {
                        outputStream2 = getFinalOutputStream(outputStream);
                        executePrepStatement(outputStream2);
                        if (outputStream2 != null) {
                            try {
                                outputStream2.close();
                            } catch (Exception e) {
                            }
                        }
                    } catch (Throwable th) {
                        if (outputStream2 != null) {
                            try {
                                outputStream2.close();
                            } catch (Exception e2) {
                            }
                        }
                        throw th;
                    }
                } catch (Exception e3) {
                    ServerSqlManager.writeLine(outputStream2, new JsonErrorReturn(this.response, 500, 4, e3.getMessage(), ExceptionUtils.getStackTrace(e3)).build());
                    if (outputStream2 != null) {
                        try {
                            outputStream2.close();
                        } catch (Exception e4) {
                        }
                    }
                }
            } catch (SQLException e5) {
                ServerSqlManager.writeLine(outputStream2, new JsonErrorReturn(this.response, 400, 1, e5.getMessage()).build());
                if (outputStream2 != null) {
                    try {
                        outputStream2.close();
                    } catch (Exception e6) {
                    }
                }
            }
        } catch (SecurityException e7) {
            ServerSqlManager.writeLine(outputStream2, new JsonErrorReturn(this.response, 403, 3, e7.getMessage()).build());
            if (outputStream2 != null) {
                try {
                    outputStream2.close();
                } catch (Exception e8) {
                }
            }
        }
    }

    private OutputStream getFinalOutputStream(OutputStream outputStream) throws FileNotFoundException, IOException {
        boolean parseBoolean = Boolean.parseBoolean(this.request.getParameter(HttpParameter.GZIP_RESULT));
        if (!isExecuteQuery()) {
            parseBoolean = false;
        }
        return parseBoolean ? new GZIPOutputStream(outputStream) : outputStream;
    }

    private void executePrepStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.DATABASE);
        String parameter3 = this.request.getParameter(HttpParameter.SQL);
        debug("sqlOrder        : " + parameter3);
        CallableStatement callableStatement = null;
        ServerPreparedStatementParameters serverPreparedStatementParameters = null;
        try {
            if (parameter3 != null) {
                try {
                    if (!parameter3.isEmpty()) {
                        CallableStatement prepareCall = this.connection.prepareCall(parameter3);
                        debug("before ServerPreparedStatementParameters");
                        ServerPreparedStatementParameters serverPreparedStatementParameters2 = new ServerPreparedStatementParameters(prepareCall, this.request);
                        try {
                            serverPreparedStatementParameters2.setParameters();
                            debug("before new SqlSecurityChecker()");
                            boolean z = true;
                            String remoteAddr = this.request.getRemoteAddr();
                            SqlFirewallManager sqlFirewallManager = null;
                            for (SqlFirewallManager sqlFirewallManager2 : this.sqlFirewallManagers) {
                                sqlFirewallManager = sqlFirewallManager2;
                                z = sqlFirewallManager2.allowSqlRunAfterAnalysis(parameter, parameter2, this.connection, remoteAddr, parameter3, true, serverPreparedStatementParameters2.getParameterValues());
                                if (!z) {
                                    break;
                                }
                            }
                            if (!z) {
                                sqlFirewallManager.runIfStatementRefused(parameter, parameter2, this.connection, remoteAddr, false, parameter3, serverPreparedStatementParameters2.getParameterValues());
                                throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(parameter3, "Callable Statement not allowed", serverPreparedStatementParameters2.getParameterTypes(), serverPreparedStatementParameters2.getParameterValues(), this.doPrettyPrinting.booleanValue()));
                            }
                            debug("before executeQuery() / execute()");
                            if (isExecuteQuery()) {
                                ResultSet resultSet = null;
                                try {
                                    resultSet = prepareCall.executeQuery();
                                    JsonGenerator createGenerator = JsonUtil.getJsonGeneratorFactory(this.doPrettyPrinting.booleanValue()).createGenerator(outputStream);
                                    createGenerator.writeStartObject().write("status", "OK");
                                    new ResultSetWriter(this.request, parameter, parameter3, createGenerator).write(resultSet);
                                    ServerSqlManager.writeLine(outputStream);
                                    addToJsonOutParameters(prepareCall, serverPreparedStatementParameters2, createGenerator);
                                    createGenerator.writeEnd();
                                    createGenerator.flush();
                                    createGenerator.close();
                                    if (resultSet != null) {
                                        resultSet.close();
                                    }
                                } catch (Throwable th) {
                                    if (resultSet != null) {
                                        resultSet.close();
                                    }
                                    throw th;
                                }
                            } else {
                                for (SqlFirewallManager sqlFirewallManager3 : this.sqlFirewallManagers) {
                                    if (!sqlFirewallManager3.allowExecuteUpdate(parameter, parameter2, this.connection)) {
                                        sqlFirewallManager3.runIfStatementRefused(parameter, parameter2, this.connection, remoteAddr, false, parameter3, serverPreparedStatementParameters2.getParameterValues());
                                        throw new SecurityException(JsonSecurityMessage.statementNotAllowedBuild(parameter3, "Statement not allowed for for executeUpdate", this.doPrettyPrinting.booleanValue()));
                                    }
                                }
                                prepareCall.execute();
                                StringWriter stringWriter = new StringWriter();
                                JsonGenerator createGenerator2 = JsonUtil.getJsonGeneratorFactory(true).createGenerator(stringWriter);
                                createGenerator2.writeStartObject().write("status", "OK");
                                addToJsonOutParameters(prepareCall, serverPreparedStatementParameters2, createGenerator2);
                                createGenerator2.write("row_count", 0);
                                createGenerator2.writeEnd();
                                createGenerator2.flush();
                                createGenerator2.close();
                                ServerSqlManager.write(outputStream, stringWriter.toString());
                            }
                            if (serverPreparedStatementParameters2 != null) {
                                serverPreparedStatementParameters2.close();
                            }
                            if (prepareCall != null) {
                                prepareCall.close();
                            }
                            return;
                        } catch (IllegalArgumentException e) {
                            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 400, 2, e.getMessage()).build());
                            if (serverPreparedStatementParameters2 != null) {
                                serverPreparedStatementParameters2.close();
                            }
                            if (prepareCall != null) {
                                prepareCall.close();
                            }
                            return;
                        }
                    }
                } catch (SQLException e2) {
                    LoggerUtil.log(this.request, e2, StatementFailure.prepStatementFailureBuild(parameter3, e2.toString(), serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
                    throw e2;
                }
            }
            throw new SQLException("A 'sql' statement is required.");
        } catch (Throwable th2) {
            if (0 != 0) {
                serverPreparedStatementParameters.close();
            }
            if (0 != 0) {
                callableStatement.close();
            }
            throw th2;
        }
    }

    private void addToJsonOutParameters(CallableStatement callableStatement, ServerPreparedStatementParameters serverPreparedStatementParameters, JsonGenerator jsonGenerator) throws SQLException {
        String outParameterName;
        Map<Integer, AceQLParameter> inOutStatementParameters = serverPreparedStatementParameters.getInOutStatementParameters();
        jsonGenerator.writeStartObject("parameters_out_per_index");
        for (Map.Entry<Integer, AceQLParameter> entry : inOutStatementParameters.entrySet()) {
            int intValue = entry.getKey().intValue();
            AceQLParameter value = entry.getValue();
            String parameterType = value.getParameterType();
            if (value.isOutParameter()) {
                String callableStatementGetStringValue = ServerCallableUtil.callableStatementGetStringValue(callableStatement, intValue, parameterType);
                if (callableStatementGetStringValue == null) {
                    callableStatementGetStringValue = "NULL";
                }
                jsonGenerator.write(new StringBuilder().append(intValue).toString(), callableStatementGetStringValue);
            }
        }
        jsonGenerator.writeEnd();
        jsonGenerator.writeStartObject("parameters_out_per_name");
        Iterator<Map.Entry<Integer, AceQLParameter>> it = inOutStatementParameters.entrySet().iterator();
        while (it.hasNext()) {
            AceQLParameter value2 = it.next().getValue();
            int parameterIndex = value2.getParameterIndex();
            String parameterType2 = value2.getParameterType();
            if (value2.isOutParameter() && (outParameterName = value2.getOutParameterName()) != null) {
                jsonGenerator.write(outParameterName, ServerCallableUtil.callableStatementGetStringValue(callableStatement, parameterIndex, parameterType2));
            }
        }
        jsonGenerator.writeEnd();
    }

    private boolean isExecuteQuery() {
        return this.request.getParameter(HttpParameter.ACTION).equals(HttpParameter.EXECUTE_QUERY);
    }

    protected void debug(String str) {
        if (DEBUG) {
            System.out.println(new Date() + " " + str);
        }
    }
}
