package de.superx.servlet;

import de.memtext.db.NichtAngemeldetException;
import de.memtext.tree.KeyParentEqualException;
import de.memtext.util.CryptUtils;
import de.memtext.util.ServletHelper;
import de.superx.common.DBServletException;
import de.superx.common.InvalidKeyException;
import de.superx.common.SichtException;
import de.superx.common.SuperX_el;
import de.superx.common.SxResultRow;
import de.superx.common.SxResultSet;
import de.superx.common.SxUser;
import de.superx.common.TranslationContainer;
import de.superx.util.SqlStringUtils;
import freemarker.template.TemplateException;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.sql.SQLException;
import java.text.ParseException;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringUtils;
import org.dom4j.DocumentException;
import org.xml.sax.SAXException;

/* loaded from: input_file:de/superx/servlet/SuperXDBServlet.class */
public class SuperXDBServlet extends HttpServlet {
    private static final long serialVersionUID = 1;

    /* loaded from: input_file:de/superx/servlet/SuperXDBServlet$QueryRunner.class */
    private class QueryRunner extends SuperXServletHelper {
        private String query;
        private boolean isAddParamsWantend;
        private SuperX_el gesamt;

        QueryRunner(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
            super(httpServletRequest, httpServletResponse);
            this.isAddParamsWantend = false;
            this.gesamt = new SuperX_el();
            this.query = str;
        }

        @Override // de.superx.servlet.SuperXServletHelper, de.memtext.util.ServletHelper
        public void run(boolean z) throws IOException {
            if (z) {
                try {
                    checkSessionType();
                } catch (Exception e) {
                    e.printStackTrace();
                    Logger.getLogger("superx_" + getMandantenID()).log(Level.SEVERE, e.toString());
                    this.gesamt.setError_String(e.toString());
                }
            }
            perform();
            try {
                sendBack();
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new IOException(e2.getMessage());
            }
        }

        public void setQuery(String str) {
            this.query = str;
        }

        @Override // de.superx.servlet.SuperXServletHelper, de.memtext.util.ServletHelper
        protected void perform() throws SQLException, DBServletException, TransformerException, KeyParentEqualException, NichtAngemeldetException, IOException, ParseException, ParserConfigurationException, FactoryConfigurationError, SAXException, DocumentException, IllegalArgumentException, SecurityException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, CloneNotSupportedException, TemplateException, InvalidKeyException, SichtException {
            if (this.query.equals("get_user")) {
                getUser();
                return;
            }
            if (this.query.startsWith("singleuserchange|")) {
                updateUserinfo(this.query);
                return;
            }
            if (this.query.indexOf("readFMBasics") > -1) {
                this.gesamt.setRawFmTemplates(SxPools.get(getMandantenID()).getTemplateProcessor().rawFmTemplates);
                this.gesamt.setRepository(SxPools.get(getMandantenID()).getRepository());
                return;
            }
            if (this.query.substring(0, 6).compareTo("multi:") == 0) {
                new String();
                this.gesamt = ServletUtils.executeALL_el(null, null, "", this.query.substring(6), getMandantenID(), true);
            } else if (this.query.substring(0, 6).compareTo("single") == 0) {
                new String();
                this.gesamt = ServletUtils.execute_el("", this.query.substring(6), false, getMandantenID());
            } else {
                this.gesamt = ServletUtils.execute_el("", this.query, true, getMandantenID());
            }
            if ((this.query != null && (this.query.indexOf("sx_captions") > -1 || this.query.indexOf("tmp_themenbaum") > -1)) || this.query.indexOf("M.erlaeuterung") > -1) {
                localize(this.gesamt);
            }
            if (this.query == null || this.query.indexOf("xil_proplist") <= -1) {
                return;
            }
            addExplanations(getMandantenID(), this.gesamt.getResultSet());
        }

        private void updateUserinfo(String str) throws SQLException, DBServletException {
            int indexOf = str.indexOf("|");
            int lastIndexOf = str.lastIndexOf("|");
            String substring = str.substring(indexOf + 2, lastIndexOf);
            String substring2 = str.substring(lastIndexOf + 1);
            SxUser sxUser = (SxUser) this.request.getSession().getAttribute("user");
            if (sxUser.getName().equals(substring2)) {
                if (sxUser.isPWSHAUsedBefore(substring)) {
                    throw new SQLException("Passwort wurde schon früher verwendet");
                }
            } else if (!sxUser.isAdmin()) {
                throw new SQLException("Nur Admins können Passwörter anderer User ändern");
            }
            this.gesamt = ServletUtils.execute_el("", "update userinfo set passwd_sha = '" + substring + "',kennwort=''  where benutzer = '" + substring2 + "'", false, getMandantenID());
            if (sxUser.getName().equals(substring2)) {
                sxUser.rememberOldSHA(sxUser.getCurrentSha());
                sxUser.setCurrentSha(substring);
                ServletUtils.execute_el("", sxUser.getUser_PW_Command(SxPools.get(getMandantenID()).m103getPasswortGltigkeit()), false, getMandantenID());
            }
        }

        private void getUser() throws NichtAngemeldetException {
            SxResultSet sxResultSet = new SxResultSet();
            HttpSession session = this.request.getSession();
            String str = null;
            if (session != null) {
                str = (String) session.getAttribute("UserID");
            }
            if (str == null) {
                throw new NichtAngemeldetException("Falscher Sessiontyp!");
            }
            String str2 = null;
            SxUser sxUser = (SxUser) session.getAttribute("user");
            String str3 = "0";
            if (sxUser != null) {
                str2 = sxUser.getName();
                if (sxUser.isAdmin()) {
                    str3 = "1";
                }
            }
            SxResultRow sxResultRow = new SxResultRow(1, 1);
            sxResultRow.add(str + "|" + str2 + "^" + str3);
            sxResultSet.add(sxResultRow);
            this.gesamt.setRows(sxResultSet);
        }

        private void localize(SuperX_el superX_el) {
            Iterator it = superX_el.getResultSet().iterator();
            while (it.hasNext()) {
                SxResultRow sxResultRow = (SxResultRow) it.next();
                for (int i = 0; i < sxResultRow.size(); i++) {
                    Object obj = sxResultRow.get(i);
                    if (obj != null && (obj instanceof String)) {
                        sxResultRow.set(i, SxPools.get(getMandantenID()).localize(obj.toString(), TranslationContainer.defaultLocale));
                    }
                }
            }
        }

        void setErrorMessage(String str) {
            this.gesamt.setError_String(str.toString());
        }

        void sendBack() throws Exception {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(this.response.getOutputStream());
            this.gesamt.setJsessionid(this.request.getSession().getId());
            if (this.isAddParamsWantend) {
                this.gesamt.setCheckval(CryptUtils.encryptStringDES(SxPools.get(getMandantenID()).getPrivateKey()));
                this.gesamt.newPasswordChecker = SxPools.get(getMandantenID()).getNewPWChecker();
            } else {
                this.gesamt.setCheckval(null);
                this.gesamt.newPasswordChecker = null;
            }
            objectOutputStream.writeObject(this.gesamt);
            objectOutputStream.flush();
            objectOutputStream.close();
        }

        private void addExplanations(String str, SxResultSet sxResultSet) throws SQLException {
            Iterator it = sxResultSet.iterator();
            while (it.hasNext()) {
                SxResultRow sxResultRow = (SxResultRow) it.next();
                String str2 = (String) sxResultRow.get(2);
                sxResultRow.set(2, str2);
                sxResultRow.add(new XilParserServer(str2).getExplanations(str, true, sxResultSet.size()));
            }
        }

        public void setAddParamsWantend(boolean z) {
            this.isAddParamsWantend = z;
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        AbstractSuperXServlet.setEncoding(httpServletRequest);
        String str = SxSQL_Server.DEFAULT_MANDANTEN_ID;
        String parameter = ServletHelper.getParameter(httpServletRequest, "query");
        if (ServletHelper.getParameter(httpServletRequest, "MandantenID") == null) {
            httpServletRequest.setAttribute("MandantenID", SxSQL_Server.DEFAULT_MANDANTEN_ID);
        } else {
            str = ServletHelper.getParameter(httpServletRequest, "MandantenID");
        }
        if (parameter != null && parameter.equals("Anmeldung")) {
            String str2 = "singleselect tid,'', administration,akt_versuch,max_versuch,kennwort from userinfo where benutzer = '" + ServletHelper.getParameter(httpServletRequest, "kennung") + "' and (passwd_sha='" + CryptUtils.encodeSHA(ServletHelper.getParameter(httpServletRequest, "passwort")) + "' or passwd_sha='" + CryptUtils.encodeSHA(ServletHelper.getParameter(httpServletRequest, "passwort") + CryptUtils.geheimnis1) + "')";
            Logger.getLogger("superx_" + str).log(Level.INFO, "Anmeldung: " + str2);
            try {
                new UserInitializer(httpServletRequest, true).perform(str);
                httpServletRequest.getSession().setAttribute("User-A", "nocheck");
            } catch (NichtAngemeldetException e) {
                e.printStackTrace();
                Logger.getLogger("superx_" + str).log(Level.SEVERE, e.toString());
            } catch (Exception e2) {
                e2.printStackTrace();
                Logger.getLogger("superx_" + str).log(Level.SEVERE, e2.toString());
            }
            new QueryRunner(httpServletRequest, httpServletResponse, str2).run(true);
            return;
        }
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(httpServletRequest.getInputStream());
            Logger.getLogger("superx_" + str).log(Level.INFO, "Beginn: " + parameter);
            if (objectInputStream != null) {
                str = (String) objectInputStream.readObject();
            }
            if (str == null) {
                throw new IllegalStateException("Kann keine Datenbankverbindung ohne MandantenID (ggfs. default) herstellen");
            }
            httpServletRequest.setAttribute("MandantenID", str);
            String str3 = (String) objectInputStream.readObject();
            String decodeUmlauts = decodeUmlauts(SqlStringUtils.getEncoding().equals("UTF-8") ? CryptUtils.decryptStringDES_UTF8(str3) : CryptUtils.decryptStringDES(str3));
            String str4 = (String) objectInputStream.readObject();
            QueryRunner queryRunner = new QueryRunner(httpServletRequest, httpServletResponse, decodeUmlauts);
            if (SxPools.get(str).hasDSAHandler() && !decodeUmlauts.equals("get_params") && !SxPools.get(str).verifiy(str3, str4)) {
                queryRunner.setErrorMessage("DSA-Kontrolle fehlgeschlagen");
                queryRunner.sendBack();
                return;
            }
            if (decodeUmlauts.equals("get_params")) {
                queryRunner.setQuery("multi:select tid from sichten");
                queryRunner.setAddParamsWantend(true);
                queryRunner.run(false);
            } else {
                queryRunner.run(true);
            }
            objectInputStream.close();
        } catch (Exception e3) {
            e3.printStackTrace();
            Logger.getLogger("superx_" + str).log(Level.SEVERE, e3.toString());
        }
    }

    private String decodeUmlauts(String str) {
        return StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "///oe///", "ö"), "///Oe///", "Ö"), "///ae///", "ä"), "///Ae///", "Ä"), "///ue///", "ü"), "///Ue///", "Ü"), "///ss///", "ß");
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = SuperXManager.htmlPageHead("Servlet") + "<h1 align=center>SuperXDBServlet läuft</h1><center>SuperX 5.0 (build:12.09.2023 22:39)</center></body></html>";
        PrintWriter writer = httpServletResponse.getWriter();
        httpServletResponse.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
        writer.write(str);
        writer.close();
    }

    public String getServletInfo() {
        return "<i>SuperXDBServlet, v.3.0</i>";
    }
}
