package com.jxdinfo.hussar.support.secure.riskprotect.interceptor;

import com.baomidou.mybatisplus.core.conditions.AbstractWrapper;
import com.jxdinfo.hussar.platform.core.utils.CollectionUtil;
import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import com.jxdinfo.hussar.support.secure.riskprotect.properties.SecureRiskProtectProperties;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.ibatis.cache.CacheKey;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.ParameterMapping;
import org.apache.ibatis.mapping.SqlCommandType;
import org.apache.ibatis.mapping.SqlSource;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Signature;
import org.apache.ibatis.reflection.DefaultReflectorFactory;
import org.apache.ibatis.reflection.MetaObject;
import org.apache.ibatis.reflection.ReflectorFactory;
import org.apache.ibatis.reflection.factory.DefaultObjectFactory;
import org.apache.ibatis.reflection.factory.ObjectFactory;
import org.apache.ibatis.reflection.wrapper.DefaultObjectWrapperFactory;
import org.apache.ibatis.reflection.wrapper.ObjectWrapperFactory;
import org.apache.ibatis.scripting.xmltags.DynamicContext;
import org.apache.ibatis.scripting.xmltags.SqlNode;
import org.apache.ibatis.session.Configuration;
import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds;

@Intercepts({@Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class}), @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class})})
/* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/interceptor/QueryUseLikeHandleInterceptor.class */
public class QueryUseLikeHandleInterceptor implements Interceptor {
    private static final String ROOT_SQL_NODE = "sqlSource.rootSqlNode";
    private static final String KEYWORD_LIKE = "like";
    private static final String ESCAPE_STATEMENT = "escape '|'";
    private List<Character> symbols = CollectionUtil.ofImmutableList(new Character[]{'%', '_'});
    private SecureRiskProtectProperties secureRiskProtectProperties;
    private static final ObjectFactory DEFAULT_OBJECT_FACTORY = new DefaultObjectFactory();
    private static final ObjectWrapperFactory DEFAULT_OBJECT_WRAPPER_FACTORY = new DefaultObjectWrapperFactory();
    private static final ReflectorFactory DEFAULT_OBJECT_REFLECTOR_FACTORY = new DefaultReflectorFactory();
    private static final Character ESCAPE_SYMBOL = '|';
    private static final Pattern REGEX_LIKE_PATTERN = Pattern.compile("[^\\s]+[\\s]+\\bLIKE\\b[^#]*#\\{[^}]*}", 2);
    private static final Pattern SPECIAL_WORD_PATTERN = Pattern.compile("[%_]", 2);
    private static final Pattern ALREADY_RESOLVE = Pattern.compile("(\\\\%|\\\\_)+", 2);

    /* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/interceptor/QueryUseLikeHandleInterceptor$InnerSqlSource.class */
    class InnerSqlSource implements SqlSource {
        private BoundSql boundSql;

        public InnerSqlSource(BoundSql boundSql) {
            this.boundSql = boundSql;
        }

        public BoundSql getBoundSql(Object obj) {
            return this.boundSql;
        }
    }

    public QueryUseLikeHandleInterceptor(SecureRiskProtectProperties secureRiskProtectProperties) {
        this.secureRiskProtectProperties = secureRiskProtectProperties;
    }

    public Object intercept(Invocation invocation) throws Throwable {
        if (!this.secureRiskProtectProperties.isEnableEscape()) {
            return invocation.proceed();
        }
        MappedStatement mappedStatement = (MappedStatement) invocation.getArgs()[0];
        MetaObject forObject = MetaObject.forObject(mappedStatement, DEFAULT_OBJECT_FACTORY, DEFAULT_OBJECT_WRAPPER_FACTORY, DEFAULT_OBJECT_REFLECTOR_FACTORY);
        BoundSql boundSql = invocation.getArgs().length == 6 ? (BoundSql) invocation.getArgs()[5] : mappedStatement.getBoundSql(invocation.getArgs()[1]);
        if (SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType()) && forObject.hasGetter(ROOT_SQL_NODE) && boundSql.getSql().toLowerCase().contains(KEYWORD_LIKE)) {
            String modifyBoundSql = modifyBoundSql(mappedStatement.getConfiguration(), boundSql.getSql(), boundSql.getParameterObject(), (SqlNode) forObject.getValue(ROOT_SQL_NODE));
            if (HussarUtils.isNotEmpty(modifyBoundSql)) {
                BoundSql boundSql2 = new BoundSql(mappedStatement.getConfiguration(), modifyBoundSql, boundSql.getParameterMappings(), boundSql.getParameterObject());
                MappedStatement buildNewMappedStatement = buildNewMappedStatement(mappedStatement, new InnerSqlSource(boundSql2));
                Iterator it = boundSql.getParameterMappings().iterator();
                while (it.hasNext()) {
                    String property = ((ParameterMapping) it.next()).getProperty();
                    if (boundSql.hasAdditionalParameter(property)) {
                        boundSql2.setAdditionalParameter(property, boundSql.getAdditionalParameter(property));
                    }
                }
                Object[] args = invocation.getArgs();
                args[0] = buildNewMappedStatement;
                if (args.length == 6) {
                    args[5] = boundSql2;
                }
            }
        }
        return invocation.proceed();
    }

    private String modifyBoundSql(Configuration configuration, String str, Object obj, SqlNode sqlNode) {
        DynamicContext dynamicContext = new DynamicContext(configuration, obj);
        sqlNode.apply(dynamicContext);
        return modifyLikeSql(str, dynamicContext.getSql(), obj);
    }

    private String modifyLikeSql(String str, String str2, Object obj) {
        if (!(obj instanceof Map) || str2.toLowerCase().contains(ESCAPE_STATEMENT)) {
            return "";
        }
        Matcher matcher = REGEX_LIKE_PATTERN.matcher(str2);
        HashMap hashMap = new HashMap();
        while (matcher.find()) {
            String group = matcher.group();
            if (!HussarUtils.isEmpty(group)) {
                String parameterKey = getParameterKey(group);
                if (HussarUtils.isNotEmpty(parameterKey)) {
                    hashMap.put(parameterKey, group);
                }
            }
        }
        Map map = (Map) obj;
        if (HussarUtils.isNotEmpty(map) && map.containsKey("ew") && (map.get("ew") instanceof AbstractWrapper)) {
            AbstractWrapper abstractWrapper = (AbstractWrapper) map.get("ew");
            for (Map.Entry entry : hashMap.entrySet()) {
                Object obj2 = abstractWrapper.getParamNameValuePairs().get(entry.getKey());
                if (obj2 instanceof String) {
                    String obj3 = obj2.toString();
                    if (obj3.length() > 2 && obj3.startsWith("%") && obj3.endsWith("%")) {
                        String substring = obj3.substring(1, obj3.length() - 1);
                        if (SPECIAL_WORD_PATTERN.matcher(substring).find() && !ALREADY_RESOLVE.matcher(substring).find()) {
                            String resolveParameter = resolveParameter(substring);
                            str = resolveSql(str, (String) entry.getValue());
                            abstractWrapper.getParamNameValuePairs().put(entry.getKey(), "%" + resolveParameter + "%");
                        }
                    }
                }
            }
        }
        return str;
    }

    private String resolveParameter(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        Character ch = ' ';
        for (char c : str.toCharArray()) {
            Character valueOf = Character.valueOf(c);
            if (this.symbols.contains(valueOf) && ch != ESCAPE_SYMBOL) {
                stringBuffer.append(ESCAPE_SYMBOL);
            }
            ch = valueOf;
            stringBuffer.append(valueOf);
        }
        return stringBuffer.toString();
    }

    private String resolveSql(String str, String str2) {
        String str3 = str2.split("#")[0];
        int indexOf = str.indexOf(str3) + str3.length();
        while (str.charAt(indexOf) != '?') {
            indexOf++;
        }
        if (indexOf < str.length() && str.charAt(indexOf) == '?') {
            str = str.substring(0, indexOf) + "? " + ESCAPE_STATEMENT + str.substring(indexOf + 1);
        }
        return str;
    }

    private String getParameterKey(String str) {
        String str2 = "";
        String[] split = str.split("#");
        if (split.length > 1) {
            str2 = split[1];
            String[] split2 = str2.replace("{", "").replace("}", "").split("\\.");
            if (split2.length > 0) {
                str2 = split2[split2.length - 1];
            }
        }
        return str2.trim();
    }

    private MappedStatement buildNewMappedStatement(MappedStatement mappedStatement, SqlSource sqlSource) {
        MappedStatement.Builder builder = new MappedStatement.Builder(mappedStatement.getConfiguration(), mappedStatement.getId(), sqlSource, mappedStatement.getSqlCommandType());
        builder.resource(mappedStatement.getResource());
        builder.fetchSize(mappedStatement.getFetchSize());
        builder.statementType(mappedStatement.getStatementType());
        builder.keyGenerator(mappedStatement.getKeyGenerator());
        if (mappedStatement.getKeyProperties() != null && mappedStatement.getKeyProperties().length > 0) {
            builder.keyProperty(mappedStatement.getKeyProperties()[0]);
        }
        builder.timeout(mappedStatement.getTimeout());
        builder.parameterMap(mappedStatement.getParameterMap());
        builder.resultMaps(mappedStatement.getResultMaps());
        builder.resultSetType(mappedStatement.getResultSetType());
        builder.cache(mappedStatement.getCache());
        builder.flushCacheRequired(mappedStatement.isFlushCacheRequired());
        builder.useCache(mappedStatement.isUseCache());
        return builder.build();
    }
}
