package com.sibvisions.rad.server.security;

import com.sibvisions.rad.server.config.DBObjects;
import com.sibvisions.util.ArrayUtil;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import javax.rad.server.IConfiguration;
import javax.rad.server.ISession;

/* loaded from: input_file:com/sibvisions/rad/server/security/DBSecurityManager.class */
public class DBSecurityManager extends AbstractDBSecurityManager {
    protected static final String TABLE_USERS = "USERS";
    protected static final String TABLE_AUTOLOGIN = "AUTOLOGIN";
    protected static final String VIEW_ACCESSRULES = "V_ACCESSRULES";
    private PreparedStatement psAutoLogin;
    private PreparedStatement psInsertAutoLogin;
    private PreparedStatement psDeleteAutoLoginKey;
    private PreparedStatement psDeleteAutoLoginUser;
    private PreparedStatement psUserId;
    private PreparedStatement psUserName;
    private PreparedStatement psAccessRule;
    private PreparedStatement psChangePwd;
    private PreparedStatement psChangePwdUnset;
    private String sUsersTable;
    private String sUsersId;
    private String sUsersName;
    private String sUsersChgPwd;
    private String sUsersPwd;
    private String sAutoLoginTable;
    private String sAutoLoginId;
    private String sAutoLoginKey;
    private String sAccessTable;
    private String sAccessUser;

    /* loaded from: input_file:com/sibvisions/rad/server/security/DBSecurityManager$DBAccessController.class */
    public static final class DBAccessController implements IAccessController {
        private ArrayUtil<String> auAllowedLCO = null;

        @Override // com.sibvisions.rad.server.security.IAccessController
        public boolean isAllowed(String str) {
            if (str == null || this.auAllowedLCO == null) {
                return false;
            }
            return this.auAllowedLCO.contains(str);
        }

        @Override // com.sibvisions.rad.server.security.IAccessController
        public void addAccess(String str) {
            if (str == null) {
                return;
            }
            if (this.auAllowedLCO == null) {
                this.auAllowedLCO = new ArrayUtil<>();
            }
            if (this.auAllowedLCO.contains(str)) {
                return;
            }
            this.auAllowedLCO.add(str);
        }

        @Override // com.sibvisions.rad.server.security.IAccessController
        public void removeAccess(String str) {
            if (str == null || this.auAllowedLCO == null) {
                return;
            }
            this.auAllowedLCO.remove(str);
        }

        public String[] getAllowedLifeCycleNames() {
            return this.auAllowedLCO == null ? new String[0] : (String[]) this.auAllowedLCO.toArray(new String[this.auAllowedLCO.size()]);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:13:0x00c5
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void validateAuthentication(javax.rad.server.ISession r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 792
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.validateAuthentication(javax.rad.server.ISession):void");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:28:0x01de
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void changePassword(javax.rad.server.ISession r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 504
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.changePassword(javax.rad.server.ISession):void");
    }

    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized void logout(ISession iSession) {
        if (Boolean.valueOf((String) iSession.getProperty("userlogout")).booleanValue()) {
            try {
                String str = (String) iSession.getProperty("client.login.key");
                if (str != null) {
                    openConnection(iSession);
                    this.psDeleteAutoLoginKey.clearParameters();
                    this.psDeleteAutoLoginKey.setString(1, str);
                    if (this.psDeleteAutoLoginKey.execute()) {
                        this.psDeleteAutoLoginKey.getResultSet().close();
                    }
                    commit();
                    iSession.setProperty("client.login.key", null);
                }
            } catch (Exception e) {
                rollback();
                error(e);
            }
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:49:0x01a1
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // com.sibvisions.rad.server.security.ISecurityManager
    public synchronized com.sibvisions.rad.server.security.IAccessController getAccessController(javax.rad.server.ISession r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 441
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sibvisions.rad.server.security.DBSecurityManager.getAccessController(javax.rad.server.ISession):com.sibvisions.rad.server.security.IAccessController");
    }

    @Override // com.sibvisions.rad.server.security.AbstractDBSecurityManager
    protected void updateConfiguration(IConfiguration iConfiguration) throws Exception {
        this.sUsersTable = DBObjects.getTableName(iConfiguration, TABLE_USERS);
        this.sUsersId = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "ID");
        this.sUsersName = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "USERNAME");
        this.sUsersChgPwd = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "CHANGE_PASSWORD");
        this.sUsersPwd = DBObjects.getColumnName(iConfiguration, TABLE_USERS, "PASSWORD");
        this.sAutoLoginTable = DBObjects.getTableName(iConfiguration, TABLE_AUTOLOGIN);
        this.sAutoLoginId = DBObjects.getColumnName(iConfiguration, TABLE_AUTOLOGIN, "USER_ID");
        this.sAutoLoginKey = DBObjects.getColumnName(iConfiguration, TABLE_AUTOLOGIN, "LOGINKEY");
        this.sAccessTable = DBObjects.getTableName(iConfiguration, VIEW_ACCESSRULES);
        this.sAccessUser = DBObjects.getColumnName(iConfiguration, VIEW_ACCESSRULES, "USERNAME");
    }

    @Override // com.sibvisions.rad.server.security.AbstractDBSecurityManager
    protected void initStatements(Connection connection) throws Exception {
        this.psUserId = (PreparedStatement) close((DBSecurityManager) this.psUserId);
        this.psUserId = prepareStatement(connection, "select * from " + this.sUsersTable + " u where u." + this.sUsersId + " = ?");
        this.psUserName = (PreparedStatement) close((DBSecurityManager) this.psUserName);
        this.psUserName = prepareStatement(connection, "select * from " + this.sUsersTable + " u where u." + this.sUsersName + " = ?");
        this.psChangePwd = (PreparedStatement) close((DBSecurityManager) this.psChangePwd);
        this.psChangePwd = prepareStatement(connection, "update " + this.sUsersTable + " u set u." + this.sUsersPwd + " = ?  where u." + this.sUsersName + " = ?");
        this.psChangePwdUnset = (PreparedStatement) close((DBSecurityManager) this.psChangePwdUnset);
        this.psChangePwdUnset = prepareStatement(connection, "update " + this.sUsersTable + " u set u." + this.sUsersPwd + " = ?, u." + this.sUsersChgPwd + " = 'N'  where u." + this.sUsersName + " = ?");
        try {
            this.psAutoLogin = (PreparedStatement) close((DBSecurityManager) this.psAutoLogin);
            this.psAutoLogin = prepareStatement(connection, "select al." + this.sAutoLoginId + " from " + this.sAutoLoginTable + " as al where al." + this.sAutoLoginKey + " = ?");
            this.psInsertAutoLogin = (PreparedStatement) close((DBSecurityManager) this.psInsertAutoLogin);
            this.psInsertAutoLogin = prepareStatement(connection, "insert into " + this.sAutoLoginTable + "(" + this.sAutoLoginId + ", " + this.sAutoLoginKey + ") values (?, ?)");
            this.psDeleteAutoLoginKey = (PreparedStatement) close((DBSecurityManager) this.psDeleteAutoLoginKey);
            this.psDeleteAutoLoginKey = prepareStatement(connection, "delete from " + this.sAutoLoginTable + " where " + this.sAutoLoginKey + " = ?");
            this.psDeleteAutoLoginUser = (PreparedStatement) close((DBSecurityManager) this.psDeleteAutoLoginUser);
            this.psDeleteAutoLoginUser = prepareStatement(connection, "delete from " + this.sAutoLoginTable + " where " + this.sAutoLoginId + " = ?");
        } catch (SQLException e) {
            this.psAutoLogin = (PreparedStatement) close((DBSecurityManager) this.psAutoLogin);
            this.psInsertAutoLogin = (PreparedStatement) close((DBSecurityManager) this.psInsertAutoLogin);
            this.psDeleteAutoLoginKey = (PreparedStatement) close((DBSecurityManager) this.psDeleteAutoLoginKey);
            this.psDeleteAutoLoginUser = (PreparedStatement) close((DBSecurityManager) this.psDeleteAutoLoginUser);
        }
        try {
            this.psAccessRule = (PreparedStatement) close((DBSecurityManager) this.psAccessRule);
            this.psAccessRule = prepareStatement(connection, "select * from " + this.sAccessTable + " where " + this.sAccessUser + " = ?");
        } catch (SQLException e2) {
        }
    }

    @Override // com.sibvisions.rad.server.security.AbstractDBSecurityManager
    protected String getAliveQuery() {
        return "select ID from " + this.sUsersTable;
    }

    private void validateUser(ISession iSession, ResultSet resultSet) throws Exception {
        String str;
        Timestamp timestamp;
        Timestamp timestamp2;
        String applicationName = iSession.getApplicationName();
        String userName = iSession.getUserName();
        if (!resultSet.next()) {
            throw new SecurityException("User '" + userName + "' was not found for application '" + applicationName + "'");
        }
        IConfiguration config = iSession.getConfig();
        try {
            str = resultSet.getString(DBObjects.getColumnName(config, TABLE_USERS, "ACTIVE"));
        } catch (SQLException e) {
            str = null;
        }
        if (!isActive(iSession, str)) {
            throw new SecurityException("User '" + userName + "' is inactive for application '" + applicationName + "'");
        }
        try {
            timestamp = resultSet.getTimestamp(DBObjects.getColumnName(config, TABLE_USERS, "VALID_FROM"));
        } catch (SQLException e2) {
            timestamp = null;
        }
        try {
            timestamp2 = resultSet.getTimestamp(DBObjects.getColumnName(config, TABLE_USERS, "VALID_TO"));
        } catch (SQLException e3) {
            timestamp2 = null;
        }
        if (!isValid(iSession, timestamp, timestamp2)) {
            throw new SecurityException("User '" + userName + "' is expired for application '" + applicationName + "'");
        }
    }

    protected boolean isActive(ISession iSession, String str) throws Exception {
        if (str == null) {
            return true;
        }
        return DBObjects.getYesValue(iSession.getConfig()).equals(str);
    }

    protected boolean isValid(ISession iSession, Timestamp timestamp, Timestamp timestamp2) {
        long currentTimeMillis = System.currentTimeMillis();
        return (timestamp == null || timestamp.getTime() <= currentTimeMillis) && (timestamp2 == null || timestamp2.getTime() > currentTimeMillis);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isPasswordValid(ISession iSession, String str) throws Exception {
        return comparePassword(iSession.getConfig(), iSession.getPassword(), str);
    }

    protected boolean isChangePassword(ISession iSession, String str) throws Exception {
        if (str == null) {
            return false;
        }
        return DBObjects.getYesValue(iSession.getConfig()).equals(str);
    }
}
