package nl.nn.adapterframework.webcontrol.api;

import java.net.URL;
import java.sql.ResultSet;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.security.RolesAllowed;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import nl.nn.adapterframework.jdbc.DirectQuerySender;
import nl.nn.adapterframework.util.AppConstants;
import nl.nn.adapterframework.util.ClassUtils;
import nl.nn.adapterframework.util.DB2XMLWriter;
import nl.nn.adapterframework.util.LogUtil;
import nl.nn.adapterframework.util.XmlUtils;
import org.apache.log4j.Logger;
import org.h2.message.Trace;
import org.hsqldb.Tokens;

@Path("/")
/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/webcontrol/api/BrowseJdbcTable.class */
public final class BrowseJdbcTable extends Base {

    @Context
    ServletConfig servletConfig;
    private static final String DB2XML_XSLT = "xml/xsl/BrowseJdbcTableExecute.xsl";
    private static final String permissionRules = AppConstants.getInstance().getResolvedProperty("browseJdbcTable.permission.rules");
    private Logger log = LogUtil.getLogger(this);

    @Context
    HttpServletRequest request;

    @Path("/jdbc/browse")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    @RolesAllowed({"IbisDataAdmin", "IbisAdmin", "IbisTester"})
    public Response execute(LinkedHashMap<String, Object> linkedHashMap) throws ApiException {
        initBase(this.servletConfig);
        String str = null;
        String str2 = null;
        String str3 = "";
        String str4 = null;
        Boolean bool = false;
        int i = 1;
        int i2 = 100;
        for (Map.Entry<String, Object> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equalsIgnoreCase("realm")) {
                str = entry.getValue().toString();
            }
            if (key.equalsIgnoreCase(Trace.TABLE)) {
                str2 = entry.getValue().toString().toLowerCase();
            }
            if (key.equalsIgnoreCase("where")) {
                str3 = entry.getValue().toString().toLowerCase();
            }
            if (key.equalsIgnoreCase("order")) {
                str4 = entry.getValue().toString().toLowerCase();
            }
            if (key.equalsIgnoreCase("rowNumbersOnly")) {
                bool = Boolean.valueOf(Boolean.parseBoolean(entry.getValue().toString()));
            }
            if (key.equalsIgnoreCase("minRow") && entry.getValue() != "") {
                i = Math.max(Integer.parseInt(entry.getValue().toString()), 0);
            }
            if (key.equalsIgnoreCase("maxRow") && entry.getValue() != "") {
                i2 = Math.min(Math.max(Integer.parseInt(entry.getValue().toString()), 1), 100);
            }
        }
        if (str == null || str2 == null) {
            throw new ApiException("realm and/or tableName not defined.", 400);
        }
        if (i2 < i) {
            throw new ApiException("Rownum max must be greater than or equal to Rownum min", 400);
        }
        if (i2 - i >= 100) {
            throw new ApiException("Difference between Rownum max and Rownum min must be less than hundred", 400);
        }
        if (!readAllowed(permissionRules, str2)) {
            throw new ApiException("Access to table (" + str2 + ") not allowed", 400);
        }
        HashMap hashMap = new HashMap();
        try {
            DirectQuerySender directQuerySender = (DirectQuerySender) this.ibisManager.getIbisContext().createBeanAutowireByName(DirectQuerySender.class);
            try {
                try {
                    directQuerySender.setName("QuerySender");
                    directQuerySender.setJmsRealm(str);
                    directQuerySender.setQueryType("select");
                    directQuerySender.setBlobSmartGet(true);
                    directQuerySender.setIncludeFieldDefinition(true);
                    directQuerySender.configure(true);
                    directQuerySender.open();
                    ResultSet columns = directQuerySender.getConnection().getMetaData().getColumns(null, null, str2, null);
                    if (!columns.isBeforeFirst()) {
                        columns = directQuerySender.getConnection().getMetaData().getColumns(null, null, str2.toUpperCase(), null);
                    }
                    String str5 = "<fielddefinition>";
                    while (columns.next()) {
                        str5 = str5 + ("<field name=\"" + columns.getString(4) + "\" type=\"" + DB2XMLWriter.getFieldType(columns.getInt(5)) + "\" size=\"" + columns.getInt(7) + "\"/>");
                        hashMap.put(columns.getString(4), DB2XMLWriter.getFieldType(columns.getInt(5)) + Tokens.T_OPENBRACKET + columns.getInt(7) + Tokens.T_CLOSEBRACKET);
                    }
                    String str6 = "<browseJdbcTableExecuteREQ><dbmsName>" + directQuerySender.getDbmsSupport().getDbmsName() + "</dbmsName><tableName>" + str2 + "</tableName><where>" + XmlUtils.encodeChars(str3) + "</where><numberOfRowsOnly>" + bool + "</numberOfRowsOnly><order>" + str4 + "</order><rownumMin>" + i + "</rownumMin><rownumMax>" + i2 + "</rownumMax>" + (str5 + "</fielddefinition>") + "<maxColumnSize>1000</maxColumnSize></browseJdbcTableExecuteREQ>";
                    URL resourceURL = ClassUtils.getResourceURL(this, "xml/xsl/BrowseJdbcTableExecute.xsl");
                    String transformXml = resourceURL != null ? XmlUtils.transformXml(XmlUtils.createTransformer(resourceURL), str6) : null;
                    String sendMessage = directQuerySender.sendMessage("dummy", transformXml);
                    directQuerySender.close();
                    List<Map<String, String>> XmlQueryResult2Map = XmlUtils.isWellFormed(sendMessage) ? XmlQueryResult2Map(sendMessage) : null;
                    if (XmlQueryResult2Map == null) {
                        throw new ApiException("Invalid query result.", 400);
                    }
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(Trace.TABLE, str2);
                    hashMap2.put("query", XmlUtils.encodeChars(transformXml));
                    hashMap2.put("fielddefinition", hashMap);
                    hashMap2.put("result", XmlQueryResult2Map);
                    return Response.status(Response.Status.CREATED).entity(hashMap2).build();
                } catch (Throwable th) {
                    directQuerySender.close();
                    throw th;
                }
            } catch (Throwable th2) {
                throw new ApiException("An error occured on executing jdbc query: " + th2.toString(), 400);
            }
        } catch (Exception e) {
            throw new ApiException("An error occured on creating or closing the connection: " + e.toString(), 400);
        }
    }

    private boolean readAllowed(String str, String str2) {
        String lowerCase = str2.toLowerCase();
        for (String str3 : Arrays.asList(str.split("\\|"))) {
            List asList = Arrays.asList(str3.trim().split("\\s+"));
            if (asList.size() != 3) {
                this.log.debug("invalid rule '" + str3 + "' contains " + asList.size() + " part(s): " + asList);
            } else {
                String lowerCase2 = ((String) asList.get(0)).toLowerCase();
                if (lowerCase != null && lowerCase2 != null) {
                    String str4 = (String) asList.get(1);
                    String str5 = (String) asList.get(2);
                    this.log.debug("check allow read table '" + lowerCase + "' with rule table '" + lowerCase2 + "', role '" + str4 + "' and type '" + str5 + "'");
                    if ("*".equals(lowerCase2) || lowerCase.equals(lowerCase2)) {
                        this.log.debug("table match");
                        if ("*".equals(str4) || this.request.isUserInRole(str4)) {
                            this.log.debug("role match");
                            if ("allow".equals(str5)) {
                                this.log.debug("allow");
                                return true;
                            }
                            if ("deny".equals(str5)) {
                                this.log.debug("deny");
                                return false;
                            }
                            this.log.error("invalid rule type");
                        }
                    }
                }
            }
        }
        this.log.debug("deny");
        return false;
    }
}
