package com.digiwin.dap.middle.console.serice;

import com.digiwin.dap.middle.console.domain.admin.SqlRule;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.Alias;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.ExpressionVisitorAdapter;
import net.sf.jsqlparser.expression.Function;
import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.schema.Table;
import net.sf.jsqlparser.statement.select.AllColumns;
import net.sf.jsqlparser.statement.select.FromItem;
import net.sf.jsqlparser.statement.select.Join;
import net.sf.jsqlparser.statement.select.OrderByElement;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import net.sf.jsqlparser.statement.select.SelectBody;
import net.sf.jsqlparser.statement.select.SelectExpressionItem;
import net.sf.jsqlparser.statement.select.SetOperationList;
import net.sf.jsqlparser.statement.select.SubSelect;
import net.sf.jsqlparser.statement.select.WithItem;

/* loaded from: input_file:com/digiwin/dap/middle/console/serice/SqlSafeValidator.class */
public class SqlSafeValidator {
    private static final String SUBSELECT = "<SUBSELECT>";
    private final SqlRule sqlRule;

    private SqlSafeValidator(SqlRule sqlRule) {
        this.sqlRule = sqlRule;
    }

    public static SqlSafeValidator build(SqlRule sqlRule) {
        return new SqlSafeValidator(sqlRule);
    }

    public void validate(String str) {
        try {
            Select parse = CCJSqlParserUtil.parse(str);
            if (!(parse instanceof Select)) {
                throw new IllegalArgumentException("仅支持 SELECT 语句");
            }
            Select select = parse;
            if (select.getWithItemsList() != null) {
                for (WithItem withItem : select.getWithItemsList()) {
                    this.sqlRule.with(withItem.getName().toLowerCase());
                    validateSelectBody(withItem.getSubSelect().getSelectBody(), "WITH 子句 [" + withItem.getName() + "]");
                }
            }
            validateSelectBody(select.getSelectBody(), "SELECT");
        } catch (JSQLParserException e) {
            throw new IllegalArgumentException("SQL 解析失败: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateSelectBody(SelectBody selectBody, String str) {
        if (selectBody instanceof PlainSelect) {
            validatePlainSelect((PlainSelect) selectBody, str);
        } else if (selectBody instanceof SetOperationList) {
            Iterator it = ((SetOperationList) selectBody).getSelects().iterator();
            while (it.hasNext()) {
                validateSelectBody((SelectBody) it.next(), "子查询(" + str + ")");
            }
        }
    }

    private void validatePlainSelect(PlainSelect plainSelect, String str) {
        Map<String, String> extractAliasTableMapping = extractAliasTableMapping(plainSelect);
        List<String> extractFiledAliases = extractFiledAliases(plainSelect);
        for (SelectExpressionItem selectExpressionItem : plainSelect.getSelectItems()) {
            if (selectExpressionItem instanceof AllColumns) {
                throw new IllegalArgumentException("禁止使用 SELECT *(位置：" + str + ")");
            }
            if (selectExpressionItem instanceof SelectExpressionItem) {
                validateExpression(selectExpressionItem.getExpression(), extractAliasTableMapping, extractFiledAliases, str + " 字段");
            }
        }
        if (plainSelect.getWhere() != null) {
            validateExpression(plainSelect.getWhere(), extractAliasTableMapping, extractFiledAliases, str + " WHERE");
        }
        if (plainSelect.getGroupBy() != null && plainSelect.getGroupBy().getGroupByExpressionList().getExpressions() != null) {
            Iterator it = plainSelect.getGroupBy().getGroupByExpressionList().getExpressions().iterator();
            while (it.hasNext()) {
                validateExpression((Expression) it.next(), extractAliasTableMapping, extractFiledAliases, str + " GROUP BY");
            }
        }
        if (plainSelect.getHaving() != null) {
            validateExpression(plainSelect.getHaving(), extractAliasTableMapping, extractFiledAliases, str + " HAVING");
        }
        if (plainSelect.getOrderByElements() != null) {
            Iterator it2 = plainSelect.getOrderByElements().iterator();
            while (it2.hasNext()) {
                validateExpression(((OrderByElement) it2.next()).getExpression(), extractAliasTableMapping, extractFiledAliases, str + " ORDER BY");
            }
        }
        if (plainSelect.getFromItem() instanceof SubSelect) {
            validateSelectBody(plainSelect.getFromItem().getSelectBody(), str + " FROM 子查询");
        }
        if (plainSelect.getJoins() != null) {
            for (Join join : plainSelect.getJoins()) {
                SubSelect rightItem = join.getRightItem();
                if (rightItem instanceof SubSelect) {
                    validateSelectBody(rightItem.getSelectBody(), str + " JOIN 子查询");
                }
                Iterator it3 = join.getOnExpressions().iterator();
                while (it3.hasNext()) {
                    validateExpression((Expression) it3.next(), extractAliasTableMapping, extractFiledAliases, str + " JOIN ON");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateExpression(Expression expression, final Map<String, String> map, final List<String> list, final String str) {
        expression.accept(new ExpressionVisitorAdapter() { // from class: com.digiwin.dap.middle.console.serice.SqlSafeValidator.1
            public void visit(Column column) {
                String str2;
                String columnName = column.getColumnName();
                if ("FALSE".equalsIgnoreCase(columnName) || "TRUE".equalsIgnoreCase(columnName) || list.contains(columnName)) {
                    return;
                }
                String name = column.getTable() != null ? column.getTable().getName() : null;
                if (name != null) {
                    str2 = (String) map.get(name);
                } else {
                    if (map.size() != 1) {
                        throw new IllegalArgumentException("多表查询时，字段 [" + column + "] 必须指定表别名(位置：" + str + ")");
                    }
                    str2 = (String) map.values().iterator().next();
                }
                if (SqlSafeValidator.SUBSELECT.equals(map.get(name)) || SqlSafeValidator.SUBSELECT.equals(str2)) {
                    return;
                }
                if (str2 == null) {
                    throw new IllegalArgumentException("字段 [" + column + "] 所属表未知(位置：" + str + ")");
                }
                if (SqlSafeValidator.this.sqlRule.containsWith(str2)) {
                    return;
                }
                if (!SqlSafeValidator.this.sqlRule.containsTable(str2)) {
                    throw new IllegalArgumentException("字段 [" + column + "] 所属表 [" + str2 + "] 不在白名单(位置：" + str + ")");
                }
                if (!SqlSafeValidator.this.sqlRule.containsColumn(str2, columnName)) {
                    throw new IllegalArgumentException("字段 [" + column + "] 不在表 [" + str2 + "] 的白名单中(位置：" + str + ")");
                }
            }

            public void visit(Function function) {
                String name = function.getName();
                if (name == null) {
                    return;
                }
                if (!SqlSafeValidator.this.sqlRule.containsFunction(name)) {
                    throw new IllegalArgumentException("函数 [" + name + "] 不在全局白名单中(位置：" + str + ")");
                }
                if (function.getParameters() == null) {
                    if (function.isAllColumns() && !"COUNT".equalsIgnoreCase(name)) {
                        throw new IllegalArgumentException("函数 [" + name + "] 不允许使用 * 参数(位置：" + str + ")");
                    }
                    return;
                }
                ExpressionList parameters = function.getParameters();
                if (parameters.getExpressions() != null) {
                    Iterator it = parameters.getExpressions().iterator();
                    while (it.hasNext()) {
                        SqlSafeValidator.this.validateExpression((Expression) it.next(), map, list, str + " 函数参数");
                    }
                }
            }

            public void visit(SubSelect subSelect) {
                SqlSafeValidator.this.validateSelectBody(subSelect.getSelectBody(), str + " 子查询");
            }
        });
    }

    private List<String> extractFiledAliases(PlainSelect plainSelect) {
        Alias alias;
        ArrayList arrayList = new ArrayList();
        for (SelectExpressionItem selectExpressionItem : plainSelect.getSelectItems()) {
            if ((selectExpressionItem instanceof SelectExpressionItem) && (alias = selectExpressionItem.getAlias()) != null) {
                arrayList.add(alias.getName());
            }
        }
        return arrayList;
    }

    private Map<String, String> extractAliasTableMapping(PlainSelect plainSelect) {
        HashMap hashMap = new HashMap();
        processFromItem(plainSelect.getFromItem(), hashMap);
        if (plainSelect.getJoins() != null) {
            Iterator it = plainSelect.getJoins().iterator();
            while (it.hasNext()) {
                processFromItem(((Join) it.next()).getRightItem(), hashMap);
            }
        }
        return hashMap;
    }

    private void processFromItem(FromItem fromItem, Map<String, String> map) {
        if (fromItem instanceof Table) {
            Table table = (Table) fromItem;
            String normalizeTableName = normalizeTableName(table.getName());
            map.put(table.getAlias() != null ? table.getAlias().getName() : normalizeTableName, normalizeTableName);
        } else if (fromItem instanceof SubSelect) {
            SubSelect subSelect = (SubSelect) fromItem;
            String name = subSelect.getAlias() != null ? subSelect.getAlias().getName() : null;
            if (name != null) {
                map.put(name, SUBSELECT);
            }
        }
    }

    private String normalizeTableName(String str) {
        if (str != null) {
            return str.replaceAll("`", "");
        }
        return null;
    }
}
