package org.ametys.plugins.forms.data;

import java.io.IOException;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.ametys.core.datasource.ConnectionHelper;
import org.ametys.core.datasource.dbtype.SQLDatabaseTypeExtensionPoint;
import org.ametys.core.user.CurrentUserProvider;
import org.ametys.core.user.UserIdentity;
import org.ametys.plugins.forms.table.FormTableManager;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.config.Config;
import org.ametys.web.renderingcontext.RenderingContext;
import org.ametys.web.renderingcontext.RenderingContextHandler;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.cocoon.ProcessingException;
import org.apache.cocoon.reading.ServiceableReader;
import org.apache.commons.lang.StringUtils;
import org.apache.excalibur.source.SourceUtil;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/ametys/plugins/forms/data/FormEntryFileReader.class */
public class FormEntryFileReader extends ServiceableReader {
    private CurrentUserProvider _currentUserProvider;
    private SQLDatabaseTypeExtensionPoint _sqlDatabaseTypeExtensionPoint;
    private RenderingContextHandler _renderingContextHandler;

    private SQLDatabaseTypeExtensionPoint getSQLDatabaseTypeExtensionPoint() {
        if (this._sqlDatabaseTypeExtensionPoint == null) {
            try {
                this._sqlDatabaseTypeExtensionPoint = (SQLDatabaseTypeExtensionPoint) this.manager.lookup(SQLDatabaseTypeExtensionPoint.ROLE);
            } catch (ServiceException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return this._sqlDatabaseTypeExtensionPoint;
    }

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._renderingContextHandler = (RenderingContextHandler) serviceManager.lookup(RenderingContextHandler.ROLE);
        this._currentUserProvider = (CurrentUserProvider) serviceManager.lookup(CurrentUserProvider.ROLE);
    }

    public void generate() throws IOException, SAXException, ProcessingException {
        String parameter = this.parameters.getParameter("site", "");
        String parameter2 = this.parameters.getParameter("form-id", "");
        int parameterAsInteger = this.parameters.getParameterAsInteger("entry-id", Integer.MIN_VALUE);
        String parameter3 = this.parameters.getParameter("field-id", "");
        if (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(parameter2) || parameterAsInteger == Integer.MIN_VALUE || StringUtils.isEmpty(parameter3)) {
            throw new IllegalArgumentException("Site name, form id, entry id and field id must be provided.");
        }
        String str = "Forms_" + parameter2;
        try {
            try {
                Connection connection = ConnectionHelper.getConnection((String) Config.getInstance().getValue(FormTableManager.FORMS_POOL_CONFIG_PARAM));
                String databaseType = ConnectionHelper.getDatabaseType(connection);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT " + getSQLDatabaseTypeExtensionPoint().languageEscapeTableName(databaseType, parameter3) + ",login,populationId FROM " + getSQLDatabaseTypeExtensionPoint().languageEscapeTableName(databaseType, str) + " WHERE id = ?");
                prepareStatement.setInt(1, parameterAsInteger);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    _checkAccess(executeQuery.getString(FormTableManager.LOGIN_FIELD), executeQuery.getString(FormTableManager.POPULATION_ID_FIELD));
                    InputStream blob = this._sqlDatabaseTypeExtensionPoint.getBlob(databaseType, executeQuery, 1);
                    if (blob != null) {
                        try {
                            SourceUtil.copy(blob, this.out);
                        } catch (Throwable th) {
                            if (blob != null) {
                                try {
                                    blob.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    }
                    if (blob != null) {
                        blob.close();
                    }
                }
                ConnectionHelper.cleanup(executeQuery);
                ConnectionHelper.cleanup(prepareStatement);
                ConnectionHelper.cleanup(connection);
            } catch (SQLException e) {
                getLogger().error("Error reading a form entry blob." + str, e);
                throw new ProcessingException("Error reading a form entry blob.", e);
            }
        } catch (Throwable th3) {
            ConnectionHelper.cleanup((ResultSet) null);
            ConnectionHelper.cleanup((Statement) null);
            ConnectionHelper.cleanup((Connection) null);
            throw th3;
        }
    }

    private void _checkAccess(String str, String str2) {
        UserIdentity userIdentity = null;
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            userIdentity = new UserIdentity(str, str2);
        }
        if (this._renderingContextHandler.getRenderingContext() == RenderingContext.FRONT) {
            UserIdentity user = this._currentUserProvider.getUser();
            if (userIdentity == null || !userIdentity.equals(user)) {
                throw new AccessDeniedException("User '" + user + "' is not allowed to access to user entry data.");
            }
        }
    }
}
