package com.sankuai.sjst.erp.skeleton.dao.plugin;

import com.dianping.cat.Cat;
import com.google.common.base.z;
import com.sankuai.sjst.erp.skeleton.core.config.SkeletonConfig;
import java.io.StringReader;
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.sql.PreparedStatement;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.parser.CCJSqlParserManager;
import net.sf.jsqlparser.parser.ParseException;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.delete.Delete;
import net.sf.jsqlparser.statement.select.Select;
import net.sf.jsqlparser.statement.update.Update;
import org.apache.ibatis.executor.parameter.ParameterHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Plugin;
import org.apache.ibatis.plugin.Signature;
import org.slf4j.c;
import org.slf4j.d;

@Intercepts({@Signature(args = {PreparedStatement.class}, method = "setParameters", type = ParameterHandler.class)})
/* loaded from: classes9.dex */
public class SqlValidator implements Interceptor {
    private static final String DEFAULT_SPLITTER = ",";
    private static final String SQL_PARSE_NOT_SUPPORT = "SQL_PARSE_NOT_SUPPORT";
    private Set<String> checkColumns;
    private Set<String> checkTables;
    private static final c log = d.a((Class<?>) SqlValidator.class);
    private static final Map<Class, ValidateConfiguration> VALIDATE_CONFIGURATION = new ConcurrentHashMap();
    private static final CCJSqlParserManager SQL_PARSER_MANAGER = new CCJSqlParserManager();
    private static final Set<String> CHECK_ALL_TABLES = new HashSet(0);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes9.dex */
    public static class ValidateConfiguration {
        static final ValidateConfiguration EMPTY = new ValidateConfiguration();
        Set<String> columns;
        Boolean ignore;
        Set<String> ignoreMethods;
        Map<String, ValidateConfigurationItem> items;
        Class mapperInterface;
        String table;

        private ValidateConfiguration() {
            this.columns = Collections.emptySet();
            this.ignore = Boolean.FALSE;
            this.ignoreMethods = Collections.emptySet();
            this.items = Collections.emptyMap();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes9.dex */
    public static class ValidateConfigurationItem {
        Set<String> columns;
        Boolean ignore;
        String method;

        private ValidateConfigurationItem() {
            this.columns = Collections.emptySet();
        }
    }

    private Set<String> getNeedCheckColumns(ValidateConfiguration validateConfiguration, String str) {
        if (validateConfiguration != ValidateConfiguration.EMPTY) {
            if (validateConfiguration.ignoreMethods.contains(str)) {
                return Collections.emptySet();
            }
            if (validateConfiguration.items.containsKey(str) && validateConfiguration.items.get(str).ignore.booleanValue()) {
                return Collections.emptySet();
            }
            ValidateConfigurationItem validateConfigurationItem = validateConfiguration.items.get(str);
            if (validateConfigurationItem != null && !validateConfigurationItem.columns.isEmpty()) {
                return validateConfigurationItem.columns;
            }
            if (!validateConfiguration.columns.isEmpty()) {
                return validateConfiguration.columns;
            }
        }
        return this.checkColumns;
    }

    private ValidateConfiguration resolveValidateConfig(String str) {
        Class<?> cls;
        ValidateConfiguration validateConfiguration;
        try {
            cls = Class.forName(str);
            validateConfiguration = VALIDATE_CONFIGURATION.get(cls);
        } catch (Exception e) {
            log.error("SqlValidator.resolveValidateConfig failed: {}", (Throwable) e);
        }
        if (validateConfiguration != null) {
            return validateConfiguration;
        }
        Annotation declaredAnnotation = cls.getDeclaredAnnotation(SqlValidate.class);
        if (declaredAnnotation == null || !(declaredAnnotation instanceof SqlValidate)) {
            VALIDATE_CONFIGURATION.put(cls, ValidateConfiguration.EMPTY);
            return ValidateConfiguration.EMPTY;
        }
        SqlValidate sqlValidate = (SqlValidate) declaredAnnotation;
        ValidateConfiguration validateConfiguration2 = new ValidateConfiguration();
        validateConfiguration2.mapperInterface = cls;
        validateConfiguration2.table = sqlValidate.table();
        validateConfiguration2.columns = new HashSet(Arrays.asList(sqlValidate.columns()));
        validateConfiguration2.ignore = Boolean.valueOf(sqlValidate.ignore());
        validateConfiguration2.ignoreMethods = new HashSet(Arrays.asList(sqlValidate.ignoreMethods()));
        if (sqlValidate.items().length > 0) {
            validateConfiguration2.items = new HashMap();
            SqlValidateItem[] items = sqlValidate.items();
            for (SqlValidateItem sqlValidateItem : items) {
                ValidateConfigurationItem validateConfigurationItem = new ValidateConfigurationItem();
                validateConfigurationItem.method = sqlValidateItem.method();
                validateConfigurationItem.columns = new HashSet(Arrays.asList(sqlValidateItem.columns()));
                validateConfigurationItem.ignore = Boolean.valueOf(sqlValidateItem.ignore());
                validateConfiguration2.items.put(validateConfigurationItem.method, validateConfigurationItem);
            }
        }
        return validateConfiguration2;
    }

    private void validateExpressionColumns(Set<String> set, List<String> list) throws SqlValidateException {
        if (list == null || list.isEmpty()) {
            throw SqlValidateException.UNSAFE_EXPRESSION_COLUMN;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (!list.contains(it.next())) {
                throw SqlValidateException.UNSAFE_EXPRESSION_COLUMN;
            }
        }
    }

    private void validateOperateColumns(Set<String> set, List<String> list) throws SqlValidateException {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (list.contains(it.next())) {
                throw SqlValidateException.UNSAFE_UPDATE_COLUMN;
            }
        }
    }

    private boolean validateTable(List<String> list, ValidateConfiguration validateConfiguration) {
        if (list.isEmpty() || list.size() > 1) {
            return false;
        }
        String replace = list.get(0).replace(SqlFinder.SINGLE_QUETO, "");
        if (validateConfiguration != ValidateConfiguration.EMPTY && replace.equals(validateConfiguration.table) && validateConfiguration.ignore.booleanValue()) {
            return false;
        }
        return this.checkTables == CHECK_ALL_TABLES || this.checkTables.contains(replace);
    }

    public Object intercept(Invocation invocation) throws Throwable {
        String str;
        ParameterHandler parameterHandler;
        if (SkeletonConfig.getSqlValidateSkip().booleanValue()) {
            return invocation.proceed();
        }
        try {
            try {
                parameterHandler = (ParameterHandler) invocation.getTarget();
                Field declaredField = parameterHandler.getClass().getDeclaredField("boundSql");
                declaredField.setAccessible(true);
                BoundSql boundSql = (BoundSql) declaredField.get(parameterHandler);
                str = boundSql != null ? boundSql.getSql() : null;
            } catch (Exception e) {
                e = e;
                str = null;
            }
        } catch (ParseException | JSQLParserException e2) {
            Cat.logEvent(SQL_PARSE_NOT_SUPPORT, z.f(e2));
        }
        if (str != null) {
            try {
            } catch (Exception e3) {
                e = e3;
                Cat.logError("SQL校验失败，请检查语句是否正确: " + str, e);
                log.error("SQL校验失败，请检查语句是否正确: " + str, (Throwable) e);
                return invocation.proceed();
            }
            if (!"".equals(str)) {
                if (str.startsWith("INSERT") || str.startsWith("insert")) {
                    return invocation.proceed();
                }
                Field declaredField2 = parameterHandler.getClass().getDeclaredField("mappedStatement");
                declaredField2.setAccessible(true);
                String id = ((MappedStatement) declaredField2.get(parameterHandler)).getId();
                validateSql(str, resolveValidateConfig(id.substring(0, id.lastIndexOf("."))), id.substring(id.lastIndexOf(".") + 1));
                return invocation.proceed();
            }
        }
        log.warn("reasql is null.");
        return invocation.proceed();
    }

    public Object plugin(Object obj) {
        return Plugin.wrap(obj, this);
    }

    public void setProperties(Properties properties) {
        String property = properties.getProperty("checkTables");
        if (property == null) {
            this.checkTables = CHECK_ALL_TABLES;
        } else if ("*".equals(property)) {
            this.checkTables = CHECK_ALL_TABLES;
        } else {
            this.checkTables = new HashSet(Arrays.asList(property.split(",")));
        }
        String property2 = properties.getProperty("checkColumns");
        if (property2 != null) {
            this.checkColumns = new HashSet(Arrays.asList(property2.split(",")));
        } else {
            this.checkColumns = Collections.emptySet();
        }
    }

    protected void validateSql(String str, ValidateConfiguration validateConfiguration, String str2) throws Exception {
        Set<String> needCheckColumns;
        Statement parse = SQL_PARSER_MANAGER.parse(new StringReader(str));
        SqlFinder findInStatement = new SqlFinder().findInStatement(parse);
        if (!validateTable(findInStatement.getTables(), validateConfiguration) || (needCheckColumns = getNeedCheckColumns(validateConfiguration, str2)) == null || needCheckColumns.isEmpty()) {
            return;
        }
        if (parse instanceof Select) {
            validateExpressionColumns(needCheckColumns, findInStatement.getExpressionColumns());
            return;
        }
        if (parse instanceof Update) {
            validateOperateColumns(needCheckColumns, findInStatement.getOperateColumns());
            validateExpressionColumns(needCheckColumns, findInStatement.getExpressionColumns());
        } else if (parse instanceof Delete) {
            validateExpressionColumns(needCheckColumns, findInStatement.getExpressionColumns());
        }
    }
}
