package com.worktrans.shared.search.sql;

import com.google.common.collect.Lists;
import com.worktrans.commons.lang.Argument;
import com.worktrans.shared.search.request.MetaQuery;
import com.worktrans.shared.search.request.SearchRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/worktrans/shared/search/sql/BuilderSql.class */
public class BuilderSql {
    private static final Pattern pattern = Pattern.compile("select|update|delete|insert|truncate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|table|char|declare|sitename|xp_cmdshell|from|grant|use|group_concat|column_name|information_schema.columns|table_schema|union|where|order|by|updatexml|\\*");

    /* loaded from: input_file:com/worktrans/shared/search/sql/BuilderSql$BuilderSqlInner.class */
    private static class BuilderSqlInner {
        private static final BuilderSql builderSql = new BuilderSql();

        private BuilderSqlInner() {
        }
    }

    private BuilderSql() {
        if (BuilderSqlInner.builderSql != null) {
            throw new RuntimeException("实例已创建");
        }
    }

    public static String getWhere(SearchRequest searchRequest, IQuery iQuery, IQueryField iQueryField) {
        return getWhere(null, searchRequest, iQuery, iQueryField);
    }

    public static String getWhere(Long l, SearchRequest searchRequest, IQuery iQuery, IQueryField iQueryField) {
        if (searchRequest == null || iQuery == null || iQueryField == null) {
            return "";
        }
        List<WhereCondition> doCreateQuery = doCreateQuery(iQuery.getMetaQuery(searchRequest.getMetaQueryList()), iQueryField);
        if (Argument.isEmpty(doCreateQuery)) {
            return "";
        }
        String logic = StringUtils.isNotEmpty(searchRequest.getLogic()) ? searchRequest.getLogic() : "and";
        StringBuilder sb = new StringBuilder();
        boolean isPositive = Argument.isPositive(l);
        if (isPositive) {
            sb.append("where ");
            sb.append("cid =");
            sb.append(l);
            sb.append(" ");
            sb.append("and status = 0");
            sb.append(" ");
        }
        if (isPositive) {
            sb.append(" and ");
            if ("or".equalsIgnoreCase(logic)) {
                sb.append(" ( ");
            }
        }
        List list = (List) doCreateQuery.stream().filter(whereCondition -> {
            return StringUtils.isNotEmpty(whereCondition.getField()) && StringUtils.isNotEmpty(whereCondition.getVariable());
        }).collect(Collectors.toList());
        list.forEach(whereCondition2 -> {
            int indexOf = list.indexOf(whereCondition2);
            sb.append(whereCondition2.getField());
            sb.append(" ");
            sb.append(whereCondition2.getVariable());
            sb.append(" ");
            if (list.size() - 1 > indexOf) {
                sb.append(logic);
                sb.append(" ");
            }
        });
        if (isPositive && "or".equalsIgnoreCase(logic)) {
            sb.append(")");
        }
        if (!sqlValidate(sb.toString())) {
            return sb.toString();
        }
        try {
            throw new IOException("请求中的参数中含有非法字符");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static List<WhereCondition> doCreateQuery(List<MetaQuery> list, IQueryField iQueryField) {
        return Argument.isEmpty(list) ? Collections.emptyList() : (List) list.stream().filter(metaQuery -> {
            return Argument.isNotEmpty(metaQuery.getSymbols());
        }).map(metaQuery2 -> {
            Operate operate = BuilderSqlOperate.operateMap.get(String.valueOf(metaQuery2.getSymbols().get(0)).toLowerCase());
            if (operate == null) {
                operate = BuilderSqlOperate.operateMap.get("eq");
            }
            return new WhereCondition(iQueryField.getField(metaQuery2.getMetaField()), operate, metaQuery2.getValues());
        }).collect(Collectors.toList());
    }

    public static void main(String[] strArr) {
        sqlValidate("ahp.PROCESS_CONFIG_BID_ like '%20220524094826647900304680000054'  AND 1=updatexml(1, (concat(0x7e, user()|0x7e)), 1) AND\n'123'= 123%' ");
        System.out.println();
        MetaQuery metaQuery = new MetaQuery();
        metaQuery.setMetaObj("employee");
        metaQuery.setMetaField("name");
        metaQuery.setSymbols(Lists.newArrayList(new String[]{"LIKE"}));
        metaQuery.setValues(Lists.newArrayList(new String[]{"cc"}));
        ArrayList newArrayList = Lists.newArrayList(new MetaQuery[]{metaQuery});
        IQuery iQuery = new IQuery() { // from class: com.worktrans.shared.search.sql.BuilderSql.1
            @Override // com.worktrans.shared.search.sql.IQuery
            public List<MetaQuery> getMetaQuery(List<MetaQuery> list) {
                return (List) list.stream().filter(metaQuery2 -> {
                    return metaQuery2.getMetaObj().equals("employee");
                }).collect(Collectors.toList());
            }
        };
        final HashMap hashMap = new HashMap();
        hashMap.put("name", "name");
        IQueryField iQueryField = new IQueryField() { // from class: com.worktrans.shared.search.sql.BuilderSql.2
            @Override // com.worktrans.shared.search.sql.IQueryField
            public String getField(String str) {
                return (String) hashMap.get(str);
            }
        };
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setMetaQueryList(newArrayList);
        searchRequest.setLogic("or");
        System.out.println(getWhere(searchRequest, iQuery, iQueryField));
    }

    protected static boolean sqlValidate(String str) {
        return pattern.matcher(str.toLowerCase()).find();
    }
}
