package nxt.http;

import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.URLEncoder;
import java.sql.SQLException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nxt.Db;
import nxt.util.Convert;
import nxt.util.JSON;
import org.h2.tools.Shell;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;

/* loaded from: input_file:nxt/http/DbShellServlet.class */
public final class DbShellServlet extends HttpServlet {
    private static final String header = "<!DOCTYPE html>\n<html>\n<head>\n    <meta charset=\"UTF-8\"/>\n    <title>Nxt H2 Database Shell</title>\n    <script type=\"text/javascript\">\n        function submitForm(form, adminPassword) {\n            var url = '/dbshell';\n            var params = '';\n            for (i = 0; i < form.elements.length; i++) {\n                if (! form.elements[i].name) {\n                    continue;\n                }\n                if (i > 0) {\n                    params += '&';\n                }\n                params += encodeURIComponent(form.elements[i].name);\n                params += '=';\n                params += encodeURIComponent(form.elements[i].value);\n            }\n            if (adminPassword && form.elements.length > 0) {\n                params += '&adminPassword=' + adminPassword;\n            }\n            var request = new XMLHttpRequest();\n            request.open(\"POST\", url, false);\n            request.setRequestHeader(\"Content-type\", \"application/x-www-form-urlencoded\");\n            request.send(params);\n            form.getElementsByClassName(\"result\")[0].textContent += request.responseText;\n            return false;\n        }\n    </script>\n</head>\n<body>\n";
    private static final String footer = "</body>\n</html>\n";
    private static final String form;
    private static final String errorNoPasswordIsConfigured = "This page is password-protected, but no password is configured in nxt.properties. Please set nxt.adminPassword or disable the password protection with nxt.disableAdminPassword";
    private static final String passwordFormTemplate = "<form action=\"/dbshell\" method=\"POST\"><table class=\"table\"><tr><td colspan=\"3\">%s</td></tr><tr><td>Password:</td><td><input type=\"password\" name=\"adminPassword\"/><input type=\"submit\" value=\"Go!\"/></td></tr></table><input type=\"hidden\" name=\"showShell\" value=\"true\"/></form>";
    private static final String passwordForm;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        if (!API.isAllowed(httpServletRequest.getRemoteHost())) {
            httpServletResponse.sendError(403);
            return;
        }
        String str = API.disableAdminPassword ? form : API.adminPassword.isEmpty() ? errorNoPasswordIsConfigured : passwordForm;
        PrintStream printStream = new PrintStream((OutputStream) httpServletResponse.getOutputStream());
        Throwable th = null;
        try {
            try {
                printStream.print(header);
                printStream.print(str);
                printStream.print(footer);
                if (printStream != null) {
                    if (0 == 0) {
                        printStream.close();
                        return;
                    }
                    try {
                        printStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (printStream != null) {
                if (th != null) {
                    try {
                        printStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    printStream.close();
                }
            }
            throw th4;
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        if (!API.isAllowed(httpServletRequest.getRemoteHost())) {
            httpServletResponse.sendError(403);
            return;
        }
        String str = null;
        if (!API.disableAdminPassword) {
            if (API.adminPassword.isEmpty()) {
                str = errorNoPasswordIsConfigured;
            } else {
                try {
                    API.verifyPassword(httpServletRequest);
                    if ("true".equals(httpServletRequest.getParameter("showShell"))) {
                        str = form.replace("{adminPassword}", URLEncoder.encode(httpServletRequest.getParameter("adminPassword"), "UTF-8"));
                    }
                } catch (ParameterException e) {
                    str = String.format(passwordFormTemplate, "<p style=\"color:red\">" + ((String) ((JSONObject) JSONValue.parse(JSON.toString(e.getErrorResponse()))).get("errorDescription")) + "</p>");
                }
            }
        }
        if (str != null) {
            PrintStream printStream = new PrintStream((OutputStream) httpServletResponse.getOutputStream());
            Throwable th = null;
            try {
                printStream.print(header);
                printStream.print(str);
                printStream.print(footer);
                if (printStream != null) {
                    if (0 == 0) {
                        printStream.close();
                        return;
                    }
                    try {
                        printStream.close();
                        return;
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                        return;
                    }
                }
                return;
            } catch (Throwable th3) {
                if (printStream != null) {
                    if (0 != 0) {
                        try {
                            printStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        printStream.close();
                    }
                }
                throw th3;
            }
        }
        String nullToEmpty = Convert.nullToEmpty(httpServletRequest.getParameter("line"));
        PrintStream printStream2 = new PrintStream((OutputStream) httpServletResponse.getOutputStream());
        Throwable th5 = null;
        try {
            try {
                printStream2.println("\n> " + nullToEmpty);
                try {
                    Shell shell = new Shell();
                    shell.setErr(printStream2);
                    shell.setOut(printStream2);
                    shell.runTool(Db.db.getConnection(), new String[]{"-sql", nullToEmpty});
                } catch (SQLException e2) {
                    printStream2.println(e2.toString());
                }
                if (printStream2 != null) {
                    if (0 == 0) {
                        printStream2.close();
                        return;
                    }
                    try {
                        printStream2.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                }
            } catch (Throwable th7) {
                th5 = th7;
                throw th7;
            }
        } catch (Throwable th8) {
            if (printStream2 != null) {
                if (th5 != null) {
                    try {
                        printStream2.close();
                    } catch (Throwable th9) {
                        th5.addSuppressed(th9);
                    }
                } else {
                    printStream2.close();
                }
            }
            throw th8;
        }
    }

    static {
        form = "<form action=\"/dbshell\" method=\"POST\" onsubmit=\"return submitForm(this" + (API.disableAdminPassword ? "" : ", '{adminPassword}'") + ");\"><table class=\"table\" style=\"width:90%;\"><tr><td><pre class=\"result\" style=\"float:top;width:90%;\">This is a database shell. Enter SQL to be evaluated, or \"help\" for help:</pre></td></tr><tr><td><b>&gt;</b> <input type=\"text\" name=\"line\" style=\"width:90%;\"/></td></tr></table></form>";
        passwordForm = String.format(passwordFormTemplate, "<p>This page is password-protected. Please enter the administrator's password</p>");
    }
}
