package org.kawanfw.sql.servlet.sql.batch;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStream;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.kawanfw.sql.api.server.DatabaseConfigurator;
import org.kawanfw.sql.api.server.SqlEvent;
import org.kawanfw.sql.api.server.SqlEventWrapper;
import org.kawanfw.sql.api.server.firewall.SqlFirewallManager;
import org.kawanfw.sql.api.server.listener.UpdateListener;
import org.kawanfw.sql.api.util.firewall.LearningModeExecutor;
import org.kawanfw.sql.api.util.firewall.SqlFirewallTriggerWrapper;
import org.kawanfw.sql.metadata.util.GsonWsUtil;
import org.kawanfw.sql.servlet.HttpParameter;
import org.kawanfw.sql.servlet.ServerSqlManager;
import org.kawanfw.sql.servlet.connection.RollbackUtil;
import org.kawanfw.sql.servlet.injection.classes.InjectedClassesStore;
import org.kawanfw.sql.servlet.injection.properties.ConfPropertiesStore;
import org.kawanfw.sql.servlet.injection.properties.OperationalMode;
import org.kawanfw.sql.servlet.sql.LoggerUtil;
import org.kawanfw.sql.servlet.sql.ServerStatementUtil;
import org.kawanfw.sql.servlet.sql.StatementFailure;
import org.kawanfw.sql.servlet.sql.UpdateListenersCaller;
import org.kawanfw.sql.servlet.sql.dto.PrepStatementParamsHolder;
import org.kawanfw.sql.servlet.sql.dto.UpdateCountsArrayDto;
import org.kawanfw.sql.servlet.sql.json_return.JsonErrorReturn;
import org.kawanfw.sql.servlet.sql.json_return.JsonSecurityMessage;
import org.kawanfw.sql.servlet.sql.parameters.ServerPreparedStatementParameters;
import org.kawanfw.sql.servlet.sql.parameters.ServerPreparedStatementParametersUtil;
import org.kawanfw.sql.util.FrameworkDebug;
import org.kawanfw.sql.util.IpUtil;

/* loaded from: input_file:org/kawanfw/sql/servlet/sql/batch/ServerPreparedStatementBatch.class */
public class ServerPreparedStatementBatch {
    private static boolean DEBUG = FrameworkDebug.isSet(ServerPreparedStatementBatch.class);
    public static String CR_LF = System.getProperty("line.separator");
    private Connection connection;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private Boolean doPrettyPrinting = true;
    private Set<SqlFirewallManager> sqlFirewallManagers;
    private DatabaseConfigurator databaseConfigurator;
    private Set<UpdateListener> updateListeners;

    public ServerPreparedStatementBatch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Set<SqlFirewallManager> set, Connection connection, DatabaseConfigurator databaseConfigurator) throws SQLException {
        this.connection = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.sqlFirewallManagers = set;
        this.connection = connection;
        this.databaseConfigurator = databaseConfigurator;
        this.updateListeners = InjectedClassesStore.get().getUpdateListenerMap().get(httpServletRequest.getParameter(HttpParameter.DATABASE));
    }

    public void executeBatch(OutputStream outputStream) throws FileNotFoundException, IOException, SQLException {
        try {
            try {
                executeStatement(outputStream);
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Throwable th) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (SecurityException e3) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 403, 3, e3.getMessage()).build());
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e4) {
                }
            }
        } catch (SQLException e5) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 400, 1, e5.getMessage()).build());
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e6) {
                }
            }
        } catch (Exception e7) {
            RollbackUtil.rollback(this.connection);
            ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 500, 4, e7.getMessage(), ExceptionUtils.getStackTrace(e7)).build());
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Exception e8) {
                }
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    private void executeStatement(OutputStream outputStream) throws SQLException, IOException {
        String parameter = this.request.getParameter(HttpParameter.USERNAME);
        String parameter2 = this.request.getParameter(HttpParameter.DATABASE);
        String parameter3 = this.request.getParameter(HttpParameter.SQL);
        String parameter4 = this.request.getParameter(HttpParameter.BLOB_ID);
        String parameter5 = this.request.getParameter(HttpParameter.HTML_ENCODING);
        debug("sqlOrder             : " + parameter3);
        debug("blobId: " + parameter4);
        PreparedStatement preparedStatement = null;
        try {
            if (parameter4 != null) {
                try {
                    if (!parameter4.isEmpty()) {
                        File file = new File(String.valueOf(this.databaseConfigurator.getBlobsDirectory(parameter).toString()) + File.separator + parameter4);
                        if (!file.exists()) {
                            throw new FileNotFoundException("Cannot find file of batch SQL prepared statement parameters for Id: " + parameter4);
                        }
                        PreparedStatement prepareStatement = this.connection.prepareStatement(parameter3);
                        debug("before PreparedStatement.addBatch() loop & executeBatch() ");
                        ArrayList arrayList = new ArrayList();
                        Throwable th = null;
                        try {
                            BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
                            while (true) {
                                try {
                                    String readLine = bufferedReader.readLine();
                                    if (readLine == null) {
                                        break;
                                    }
                                    if (DEBUG) {
                                        ServerPreparedStatementParametersUtil.dump("line: " + readLine);
                                    }
                                    ServerPreparedStatementParameters serverPreparedStatementParameters = new ServerPreparedStatementParameters(parameter, parameter2, parameter3, prepareStatement, ServerPreparedStatementParametersUtil.buildParametersFromHolder((PrepStatementParamsHolder) GsonWsUtil.fromJson(readLine.trim(), PrepStatementParamsHolder.class)), parameter5);
                                    try {
                                        serverPreparedStatementParameters.setParameters();
                                        debug("before new SqlSecurityChecker()");
                                        checkFirewallGeneral(parameter, parameter2, parameter3, serverPreparedStatementParameters);
                                        prepareStatement.addBatch();
                                        arrayList.add(serverPreparedStatementParameters.getParameterValues());
                                    } catch (IllegalArgumentException e) {
                                        ServerSqlManager.writeLine(outputStream, new JsonErrorReturn(this.response, 400, 2, e.getMessage()).build());
                                        if (bufferedReader != null) {
                                            bufferedReader.close();
                                        }
                                        if (prepareStatement != null) {
                                            prepareStatement.close();
                                            return;
                                        }
                                        return;
                                    }
                                } catch (Throwable th2) {
                                    if (bufferedReader != null) {
                                        bufferedReader.close();
                                    }
                                    throw th2;
                                }
                            }
                            if (bufferedReader != null) {
                                bufferedReader.close();
                            }
                            int[] executeBatch = prepareStatement.executeBatch();
                            callUpdateListenersInThread(parameter3, arrayList, parameter, parameter2, IpUtil.getRemoteAddr(this.request));
                            ServerSqlManager.writeLine(outputStream, GsonWsUtil.getJSonString(new UpdateCountsArrayDto(executeBatch)));
                            if (prepareStatement != null) {
                                prepareStatement.close();
                                return;
                            }
                            return;
                        } catch (Throwable th3) {
                            if (0 == 0) {
                                th = th3;
                            } else if (null != th3) {
                                th.addSuppressed(th3);
                            }
                            throw th;
                        }
                    }
                } catch (SQLException e2) {
                    RollbackUtil.rollback(this.connection);
                    LoggerUtil.log(this.request, e2, StatementFailure.statementFailureBuild(parameter3, e2.toString(), this.doPrettyPrinting.booleanValue()));
                    throw e2;
                }
            }
            throw new SQLException("blob_id cannnot be null!.");
        } catch (Throwable th4) {
            if (0 != 0) {
                preparedStatement.close();
            }
            throw th4;
        }
    }

    private void checkFirewallGeneral(String str, String str2, String str3, ServerPreparedStatementParameters serverPreparedStatementParameters) throws IOException, SQLException, SecurityException {
        String remoteAddr = IpUtil.getRemoteAddr(this.request);
        OperationalMode operationalModeMap = ConfPropertiesStore.get().getOperationalModeMap(str2);
        if (operationalModeMap.equals(OperationalMode.off)) {
            return;
        }
        if (operationalModeMap.equals(OperationalMode.learning)) {
            LearningModeExecutor.learn(str3, str2);
            return;
        }
        boolean z = true;
        Iterator<SqlFirewallManager> it = this.sqlFirewallManagers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SqlFirewallManager next = it.next();
            SqlEvent sqlEventBuild = SqlEventWrapper.sqlEventBuild(str, str2, remoteAddr, str3, ServerStatementUtil.isPreparedStatement(this.request), serverPreparedStatementParameters.getParameterValues(), false);
            z = next.allowSqlRunAfterAnalysis(sqlEventBuild, this.connection);
            if (!z) {
                SqlFirewallTriggerWrapper.runIfStatementRefused(sqlEventBuild, next, this.connection);
                break;
            }
        }
        if (!z && !operationalModeMap.equals(OperationalMode.detecting)) {
            throw new SecurityException(JsonSecurityMessage.prepStatementNotAllowedBuild(str3, "Prepared Statement not allowed", serverPreparedStatementParameters.getParameterTypes(), serverPreparedStatementParameters.getParameterValues(), this.doPrettyPrinting.booleanValue()));
        }
    }

    private void callUpdateListenersInThread(final String str, final List<List<Object>> list, final String str2, final String str3, final String str4) {
        new Thread() { // from class: org.kawanfw.sql.servlet.sql.batch.ServerPreparedStatementBatch.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                try {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        new UpdateListenersCaller(ServerPreparedStatementBatch.this.updateListeners, ServerPreparedStatementBatch.this.connection).callUpdateListeners(str2, str3, str, (List) it.next(), str4, true);
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }.start();
    }

    protected void debug(String str) {
        if (DEBUG) {
            System.out.println(new Date() + " " + str);
        }
    }
}
