package com.sibvisions.rad.server.security;

import com.sibvisions.rad.persist.jdbc.DBCredentials;
import com.sibvisions.rad.server.config.DBObjects;
import com.sibvisions.util.ArrayUtil;
import com.sibvisions.util.log.ILogger;
import com.sibvisions.util.log.LoggerFactory;
import com.sibvisions.util.xml.XmlNode;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import javax.rad.server.IConfiguration;
import javax.rad.server.ISession;

/* loaded from: input_file:com/sibvisions/rad/server/security/DBSecurityManager.class */
public class DBSecurityManager extends AbstractSecurityManager {
    protected static final String TABLE_USERS = "USERS";
    protected static final String TABLE_AUTOLOGIN = "AUTOLOGIN";
    protected static final String VIEW_ACCESSRULES = "V_ACCESSRULES";
    private static ILogger log = LoggerFactory.getInstance(DBSecurityManager.class);
    private PreparedStatement psAutoLogin;
    private PreparedStatement psInsertAutoLogin;
    private PreparedStatement psDeleteAutoLoginKey;
    private PreparedStatement psDeleteAutoLoginUser;
    private PreparedStatement psUserId;
    private PreparedStatement psUserName;
    private PreparedStatement psAccessRule;
    private PreparedStatement psChangePwd;
    private PreparedStatement psChangePwdUnset;
    String sUsersTable;
    String sUsersId;
    String sUsersName;
    String sUsersChgPwd;
    String sUsersPwd;
    String sAutoLoginTable;
    String sAutoLoginId;
    String sAutoLoginKey;
    String sAccessTable;
    String sAccessUser;
    private DBCredentials credentials = null;
    private Connection con = null;
    private long lConfigModified = -1;

    /* loaded from: input_file:com/sibvisions/rad/server/security/DBSecurityManager$DBAccessController.class */
    public static final class DBAccessController implements IAccessController {
        private ArrayUtil<String> auAllowedLCO = null;

        @Override // com.sibvisions.rad.server.security.IAccessController
        public boolean isAllowed(String str) {
            if (str == null || this.auAllowedLCO == null) {
                return false;
            }
            return this.auAllowedLCO.contains(str);
        }

        @Override // com.sibvisions.rad.server.security.IAccessController
        public void addAccess(String str) {
            if (str == null) {
                return;
            }
            if (this.auAllowedLCO == null) {
                this.auAllowedLCO = new ArrayUtil<>();
            }
            if (this.auAllowedLCO.contains(str)) {
                return;
            }
            this.auAllowedLCO.add(str);
        }

        @Override // com.sibvisions.rad.server.security.IAccessController
        public void removeAccess(String str) {
            if (str == null || this.auAllowedLCO == null) {
                return;
            }
            this.auAllowedLCO.remove(str);
        }

        public String[] getAllowedLifeCycleNames() {
            return this.auAllowedLCO == null ? new String[0] : (String[]) this.auAllowedLCO.toArray(new String[this.auAllowedLCO.size()]);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:13:0x00c9
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void validateAuthentication(javax.rad.server.ISession r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 836
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.validateAuthentication(javax.rad.server.ISession):void");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:28:0x0202
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void changePassword(javax.rad.server.ISession r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 540
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.changePassword(javax.rad.server.ISession):void");
    }

    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void logout(ISession iSession) {
        if (Boolean.valueOf((String) iSession.getProperty("userlogout")).booleanValue()) {
            try {
                String str = (String) iSession.getProperty("client.login.key");
                if (str != null) {
                    openConnection(iSession);
                    this.psDeleteAutoLoginKey.clearParameters();
                    this.psDeleteAutoLoginKey.setString(1, str);
                    if (this.psDeleteAutoLoginKey.execute()) {
                        this.psDeleteAutoLoginKey.getResultSet().close();
                    }
                    this.con.commit();
                    iSession.setProperty("client.login.key", null);
                }
            } catch (Exception e) {
                try {
                    this.con.rollback();
                } catch (SQLException e2) {
                    log.error(e2);
                }
                log.error(e);
            }
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:49:0x01a5
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized com.sibvisions.rad.server.security.IAccessController getAccessController(javax.rad.server.ISession r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 445
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.getAccessController(javax.rad.server.ISession):com.sibvisions.rad.server.security.IAccessController");
    }

    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void release() {
        try {
            closeConnection();
        } catch (Exception e) {
            log.error(e);
        }
    }

    protected void finalize() throws Throwable {
        if (this.con != null) {
            try {
                this.con.close();
            } catch (Throwable th) {
            }
        }
        super.finalize();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:45:0x01cc
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected java.sql.Connection openConnection(javax.rad.server.ISession r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 639
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.openConnection(javax.rad.server.ISession):java.sql.Connection");
    }

    protected void closeConnection() throws Exception {
        if (this.con != null) {
            for (Field field : DBSecurityManager.class.getDeclaredFields()) {
                int modifiers = field.getModifiers();
                if (!Modifier.isFinal(modifiers) && !Modifier.isStatic(modifiers)) {
                    try {
                        Object obj = field.get(this);
                        if (obj != null && (obj instanceof PreparedStatement)) {
                            try {
                                ((PreparedStatement) obj).close();
                            } catch (Exception e) {
                            }
                        }
                    } catch (Exception e2) {
                        log.debug(field.getName(), e2);
                    }
                }
            }
            try {
                this.con.close();
            } catch (Throwable th) {
            } finally {
                this.con = null;
            }
        }
    }

    private void initStatements(IConfiguration iConfiguration) throws Exception {
        this.sUsersTable = DBObjects.getTableName(iConfiguration, TABLE_USERS);
        this.sUsersId = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "ID");
        this.sUsersName = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "USERNAME");
        this.sUsersChgPwd = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "CHANGE_PASSWORD");
        this.sUsersPwd = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "PASSWORD");
        this.sAutoLoginTable = DBObjects.getTableName(iConfiguration, TABLE_AUTOLOGIN);
        this.sAutoLoginId = DBObjects.getColumnName(iConfiguration, TABLE_AUTOLOGIN, "USER_ID");
        this.sAutoLoginKey = DBObjects.getColumnName(iConfiguration, TABLE_AUTOLOGIN, "LOGINKEY");
        this.sAccessTable = DBObjects.getTableName(iConfiguration, VIEW_ACCESSRULES);
        this.sAccessUser = DBObjects.getColumnName(iConfiguration, VIEW_ACCESSRULES, "USERNAME");
        initStatements(this.con);
    }

    protected void initStatements(Connection connection) throws Exception {
        this.psUserId = connection.prepareStatement("select * from " + this.sUsersTable + " u where u." + this.sUsersId + " = ?");
        this.psUserName = connection.prepareStatement("select * from " + this.sUsersTable + " u where u." + this.sUsersName + " = ?");
        this.psChangePwd = connection.prepareStatement("update " + this.sUsersTable + " u set u." + this.sUsersPwd + " = ?  where u." + this.sUsersName + " = ?");
        this.psChangePwdUnset = connection.prepareStatement("update " + this.sUsersTable + " u set u." + this.sUsersPwd + " = ?, u." + this.sUsersChgPwd + " = 'N'  where u." + this.sUsersName + " = ?");
        try {
            this.psAutoLogin = connection.prepareStatement("select al." + this.sAutoLoginId + " from " + this.sAutoLoginTable + " as al where al." + this.sAutoLoginKey + " = ?");
            this.psInsertAutoLogin = connection.prepareStatement("insert into " + this.sAutoLoginTable + "(" + this.sAutoLoginId + ", " + this.sAutoLoginKey + ") values (?, ?)");
            this.psDeleteAutoLoginKey = connection.prepareStatement("delete from " + this.sAutoLoginTable + " where " + this.sAutoLoginKey + " = ?");
            this.psDeleteAutoLoginUser = connection.prepareStatement("delete from " + this.sAutoLoginTable + " where " + this.sAutoLoginId + " = ?");
        } catch (SQLException e) {
            if (this.psAutoLogin != null) {
                try {
                    this.psAutoLogin.close();
                } catch (Exception e2) {
                }
                this.psAutoLogin = null;
            }
            if (this.psInsertAutoLogin != null) {
                try {
                    this.psInsertAutoLogin.close();
                } catch (Exception e3) {
                }
                this.psInsertAutoLogin = null;
            }
            if (this.psDeleteAutoLoginKey != null) {
                try {
                    this.psDeleteAutoLoginKey.close();
                } catch (Exception e4) {
                }
                this.psDeleteAutoLoginKey = null;
            }
            if (this.psDeleteAutoLoginUser != null) {
                try {
                    this.psDeleteAutoLoginUser.close();
                } catch (Exception e5) {
                }
                this.psDeleteAutoLoginUser = null;
            }
        }
        try {
            this.psAccessRule = connection.prepareStatement("select * from " + this.sAccessTable + " where " + this.sAccessUser + " = ?");
        } catch (SQLException e6) {
        }
    }

    private void validateUser(ISession iSession, ResultSet resultSet) throws Exception {
        String str;
        Timestamp timestamp;
        Timestamp timestamp2;
        String applicationName = iSession.getApplicationName();
        String userName = iSession.getUserName();
        if (!resultSet.next()) {
            throw new SecurityException("User '" + userName + "' was not found for application '" + applicationName + "'");
        }
        IConfiguration config = iSession.getConfig();
        try {
            str = resultSet.getString(DBObjects.getColumnName(config, TABLE_USERS, "ACTIVE"));
        } catch (SQLException e) {
            str = null;
        }
        if (!isActive(iSession, str)) {
            throw new SecurityException("User '" + userName + "' is inactive for application '" + applicationName + "'");
        }
        try {
            timestamp = resultSet.getTimestamp(DBObjects.getColumnName(config, TABLE_USERS, "VALID_FROM"));
        } catch (SQLException e2) {
            timestamp = null;
        }
        try {
            timestamp2 = resultSet.getTimestamp(DBObjects.getColumnName(config, TABLE_USERS, "VALID_TO"));
        } catch (SQLException e3) {
            timestamp2 = null;
        }
        if (!isValid(iSession, timestamp, timestamp2)) {
            throw new SecurityException("User '" + userName + "' is expired for application '" + applicationName + "'");
        }
    }

    protected boolean isActive(ISession iSession, String str) throws Exception {
        if (str == null) {
            return true;
        }
        return DBObjects.getYesValue(iSession.getConfig()).equals(str);
    }

    protected boolean isValid(ISession iSession, Timestamp timestamp, Timestamp timestamp2) {
        long currentTimeMillis = System.currentTimeMillis();
        return (timestamp == null || timestamp.getTime() <= currentTimeMillis) && (timestamp2 == null || timestamp2.getTime() > currentTimeMillis);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isPasswordValid(ISession iSession, String str) throws Exception {
        return comparePassword(iSession.getConfig(), iSession.getPassword(), str);
    }

    protected boolean isChangePassword(ISession iSession, String str) throws Exception {
        if (str == null) {
            return false;
        }
        return DBObjects.getYesValue(iSession.getConfig()).equals(str);
    }

    protected IAccessController createAccessController(ISession iSession) {
        String property = iSession.getConfig().getProperty("/application/securitymanager/accesscontroller");
        if (property == null || property.trim().length() <= 0) {
            return new DBAccessController();
        }
        try {
            return (IAccessController) Class.forName(property).newInstance();
        } catch (ClassNotFoundException e) {
            throw new SecurityException("Access controller '" + property + "' was not found!");
        } catch (IllegalAccessException e2) {
            throw new SecurityException("Access controller '" + property + "' not accessible!");
        } catch (InstantiationException e3) {
            throw new SecurityException("Can't instantiate access controller '" + property + "'!");
        }
    }

    protected DBCredentials getCredentials(ISession iSession) {
        return getCredentials(iSession.getConfig());
    }

    public static DBCredentials getCredentials(IConfiguration iConfiguration) {
        try {
            XmlNode node = iConfiguration.getNode("/application/securitymanager/database");
            if (node == null) {
                return DataSourceHandler.createDBCredentials(iConfiguration, "default");
            }
            XmlNode node2 = node.getNode("/datasource");
            return node2 == null ? DataSourceHandler.createDBCredentials(node) : DataSourceHandler.createDBCredentials(iConfiguration, node2.getValue());
        } catch (Exception e) {
            log.error(e);
            return null;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:11:0x0071
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public java.sql.Connection getConnection() throws java.lang.Exception {
        /*
            r5 = this;
            r0 = r5
            java.sql.Connection r0 = r0.con
            if (r0 == 0) goto Lce
            r0 = 0
            r6 = r0
            r0 = 0
            r7 = r0
            r0 = 0
            r8 = r0
            r0 = r5
            java.sql.Connection r0 = r0.con     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            java.sql.Statement r0 = r0.createStatement()     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            r7 = r0
            r0 = r7
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            r2 = r1
            r2.<init>()     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            java.lang.String r2 = "select ID from "
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            r2 = r5
            java.lang.String r2 = r2.sUsersTable     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            java.sql.ResultSet r0 = r0.executeQuery(r1)     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            r8 = r0
            r0 = r8
            boolean r0 = r0.next()     // Catch: java.lang.Throwable -> L41 java.lang.Throwable -> L4b
            r0 = jsr -> L53
        L3e:
            goto L75
        L41:
            r9 = move-exception
            r0 = 1
            r6 = r0
            r0 = jsr -> L53
        L48:
            goto L75
        L4b:
            r10 = move-exception
            r0 = jsr -> L53
        L50:
            r1 = r10
            throw r1
        L53:
            r11 = r0
            r0 = r8
            if (r0 == 0) goto L64
            r0 = r8
            r0.close()     // Catch: java.lang.Throwable -> L62
            goto L64
        L62:
            r12 = move-exception
        L64:
            r0 = r7
            if (r0 == 0) goto L73
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L71
            goto L73
        L71:
            r12 = move-exception
        L73:
            ret r11
        L75:
            r1 = r6
            if (r1 == 0) goto Lce
            r1 = r5
            com.sibvisions.rad.persist.jdbc.DBCredentials r1 = r1.credentials     // Catch: java.sql.SQLException -> La0
            com.sibvisions.rad.persist.jdbc.DBAccess r1 = com.sibvisions.rad.persist.jdbc.DBAccess.getDBAccess(r1)     // Catch: java.sql.SQLException -> La0
            r9 = r1
            r1 = r5
            r2 = r9
            java.sql.Connection r2 = r2.getConnection()     // Catch: java.sql.SQLException -> La0
            r1.con = r2     // Catch: java.sql.SQLException -> La0
            r1 = r5
            java.sql.Connection r1 = r1.con     // Catch: java.sql.SQLException -> La0
            r2 = 0
            r1.setAutoCommit(r2)     // Catch: java.sql.SQLException -> La0
            r1 = r5
            r2 = r5
            java.sql.Connection r2 = r2.con     // Catch: java.sql.SQLException -> La0
            r1.initStatements(r2)     // Catch: java.sql.SQLException -> La0
            goto Lce
        La0:
            r9 = move-exception
            r0 = r5
            r0.closeConnection()
            java.lang.Exception r0 = new java.lang.Exception
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Can not open database connection with '"
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r5
            com.sibvisions.rad.persist.jdbc.DBCredentials r3 = r3.credentials
            java.lang.String r3 = r3.getUrl()
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r3 = "'"
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r9
            r1.<init>(r2, r3)
            throw r0
        Lce:
            r0 = r5
            java.sql.Connection r0 = r0.con
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.getConnection():java.sql.Connection");
    }

    public Connection getConnection(ISession iSession) throws Exception {
        return openConnection(iSession);
    }
}
