package com.xnx3.j2ee.util;

import com.xnx3.DateUtil;
import java.util.Enumeration;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.litepal.util.Const;

/* loaded from: classes.dex */
public class Sql {
    static final String[] COLUMN_GROUP = {">=", "<=", "=", "<>", ">", "<"};
    static final String[] INJECT_KEYWORD = {"'", "sitename", "net user", "xp_cmdshell", "like'", "and", "exec", "execute", "insert", "create", "drop", "table", "from", "grant", "use", "group_concat", "column_name", "information_schema.columns", Const.TableSchema.TABLE_NAME, "union", "where", "select", "delete", "update", "order", "by", "count", "chr", "mid", "master", "truncate", "char", "declare", "or", ";", "-", "--", ",", "like", "//", "/", "%", "#", "*", "+"};
    static final String[] KEYWORD_FULL_STR = {"＇", "ｓｉｔｅｎａｍｅ", "ｎｅｔ\u3000ｕｓｅｒ", "ｘｐ＿ｃｍｄｓｈｅｌｌ", "ｌｉｋｅ＇", "ａｎｄ", "ｅｘｅｃ", "ｅｘｅｃｕｔｅ", "ｉｎｓｅｒｔ", "ｃｒｅａｔｅ", "ｄｒｏｐ", "ｔａｂｌｅ", "ｆｒｏｍ", "ｇｒａｎｔ", "ｕｓｅ", "ｇｒｏｕｐ＿ｃｏｎｃａｔ", "ｃｏｌｕｍｎ＿ｎａｍｅ", "ｉｎｆｏｒｍａｔｉｏｎ＿ｓｃｈｅｍａ．ｃｏｌｕｍｎｓ", "ｔａｂｌｅ＿ｓｃｈｅｍａ", "ｕｎｉｏｎ", "ｗｈｅｒｅ", "ｓｅｌｅｃｔ", "ｄｅｌｅｔｅ", "ｕｐｄａｔｅ", "ｏｒｄｅｒ", "ｂｙ", "ｃｏｕｎｔ", "ｃｈｒ", "ｍｉｄ", "ｍａｓｔｅｒ", "ｔｒｕｎｃａｔｅ", "ｃｈａｒ", "ｄｅｃｌａｒｅ", "ｏｒ", "；", "－", "－－", "，", "ｌｉｋｅ", "／／", "／", "％", "＃", "＊", "＋"};
    private Page page;
    private HttpServletRequest request;
    private String tableName = "";
    private String where = "";
    private String orderBy = "";
    private String selectFrom = "";
    private String groupBy = "";
    private String[] orderByField = new String[0];

    public Sql(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }

    public static String filter(String str) {
        if (str == null) {
            return null;
        }
        String str2 = str;
        for (int i = 0; i < INJECT_KEYWORD.length; i++) {
            int indexOf = str2.toLowerCase().indexOf(INJECT_KEYWORD[i]);
            if (indexOf != -1) {
                str2 = String.valueOf(str2.substring(0, indexOf)) + KEYWORD_FULL_STR[i] + str2.substring(INJECT_KEYWORD[i].length() + indexOf, str2.length());
            }
        }
        return str2;
    }

    private String getSearchColumnTableName() {
        if (this.tableName.length() <= 0) {
            return "";
        }
        return String.valueOf(this.tableName) + ".";
    }

    public String appendWhere(String str) {
        if (this.where.indexOf("WHERE") > 0) {
            this.where = String.valueOf(this.where) + " AND " + str;
        } else {
            this.where = " WHERE " + str;
        }
        return this.where;
    }

    public String getOrderBy() {
        return this.orderBy;
    }

    public String getSql() {
        if (this.page == null) {
            return String.valueOf(this.selectFrom) + this.where + this.groupBy + this.orderBy;
        }
        return String.valueOf(this.selectFrom) + this.where + this.groupBy + this.orderBy + " LIMIT " + this.page.getLimitStart() + "," + this.page.getEveryNumber();
    }

    public String getWhere() {
        return this.where;
    }

    public String inject(String str) {
        return filter(str);
    }

    public void setDefaultOrderBy(String str) {
        String str2 = this.orderBy;
        if (str2 == null || str2.length() == 0) {
            this.orderBy = " ORDER BY " + str;
        }
    }

    public void setGroupBy(String str) {
        this.groupBy = " GROUP BY " + str;
    }

    public void setOrderBy(String str) {
        this.orderBy = " ORDER BY " + str;
    }

    public String setOrderByField(String[] strArr) {
        String parameter = this.request.getParameter("orderBy");
        if (parameter != null && parameter.length() > 0) {
            String str = "";
            String str2 = "";
            if (parameter.indexOf("_ASC") > 0) {
                str = "ASC";
                str2 = parameter.replace("_ASC", "");
            } else if (parameter.indexOf("_DESC") > 0) {
                str = "DESC";
                str2 = parameter.replace("_DESC", "");
            }
            if (strArr.length > 0) {
                for (int i = 0; i < strArr.length; i++) {
                    if (strArr[i].length() > 0 && strArr[i].equals(str2)) {
                        this.orderBy = " ORDER BY " + strArr[i] + " " + str;
                        return this.orderBy;
                    }
                }
            }
        }
        return "";
    }

    public String setSearchColumn(String[] strArr) {
        Enumeration enumeration;
        String str;
        String[] strArr2;
        if (strArr != null) {
            HashMap hashMap = new HashMap();
            String str2 = ",";
            for (String str3 : strArr) {
                SqlColumn sqlColumn = new SqlColumn(str3);
                hashMap.put(sqlColumn.getColumnName(), sqlColumn);
                str2 = String.valueOf(str2) + sqlColumn.getColumnName() + ",";
            }
            Enumeration parameterNames = this.request.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str4 = (String) parameterNames.nextElement();
                String replace = str4.replace("_start", "").replace("_end", "");
                if (str2.indexOf("," + replace + ",") > -1) {
                    SqlColumn sqlColumn2 = (SqlColumn) hashMap.get(replace);
                    if (sqlColumn2.getOperators() != null) {
                        enumeration = parameterNames;
                        if (sqlColumn2.getOperators().equals("<>")) {
                            if (str4.indexOf("_start") > -1) {
                                String parameter = this.request.getParameter(str4);
                                if (parameter == null || parameter.length() <= 0) {
                                    parameterNames = enumeration;
                                } else {
                                    String inject = inject(parameter);
                                    if (inject.length() > 0) {
                                        if (sqlColumn2.getDateFormat() != null) {
                                            StringBuilder sb = new StringBuilder();
                                            sb.append(DateUtil.StringToInt(inject, sqlColumn2.getDateFormat()));
                                            inject = sb.toString();
                                        }
                                        if (this.where.equals("")) {
                                            this.where = " WHERE ";
                                        } else {
                                            this.where = String.valueOf(this.where) + " AND ";
                                        }
                                        this.where = String.valueOf(this.where) + getSearchColumnTableName() + sqlColumn2.getColumnName() + " >= " + inject.replaceAll(" ", "");
                                        parameterNames = enumeration;
                                    } else {
                                        parameterNames = enumeration;
                                    }
                                }
                            } else if (str4.indexOf("_end") > -1) {
                                String parameter2 = this.request.getParameter(str4);
                                if (parameter2 == null || parameter2.length() <= 0) {
                                    parameterNames = enumeration;
                                } else {
                                    String inject2 = inject(parameter2);
                                    if (inject2.length() > 0) {
                                        if (sqlColumn2.getDateFormat() != null) {
                                            StringBuilder sb2 = new StringBuilder();
                                            sb2.append(DateUtil.StringToInt(inject2, sqlColumn2.getDateFormat()));
                                            inject2 = sb2.toString();
                                        }
                                        if (this.where.equals("")) {
                                            this.where = " WHERE ";
                                        } else {
                                            this.where = String.valueOf(this.where) + " AND ";
                                        }
                                        this.where = String.valueOf(this.where) + getSearchColumnTableName() + sqlColumn2.getColumnName() + " <= " + inject2.replaceAll(" ", "");
                                        parameterNames = enumeration;
                                    } else {
                                        parameterNames = enumeration;
                                    }
                                }
                            } else {
                                parameterNames = enumeration;
                            }
                        }
                    } else {
                        enumeration = parameterNames;
                    }
                    if (sqlColumn2.getColumnName().equals(str4)) {
                        String inject3 = inject(this.request.getParameter(str4));
                        if (inject3.length() > 0) {
                            if (sqlColumn2.getDateFormat() != null) {
                                StringBuilder sb3 = new StringBuilder();
                                sb3.append(DateUtil.StringToInt(inject3, sqlColumn2.getDateFormat()));
                                str = sb3.toString();
                            } else {
                                str = inject3;
                            }
                            if (this.where.equals("")) {
                                this.where = " WHERE ";
                            } else {
                                this.where = String.valueOf(this.where) + " AND ";
                            }
                            int i = 1;
                            String[] strArr3 = {""};
                            if (str.indexOf(",") > -1) {
                                strArr2 = str.split(",");
                            } else {
                                strArr3[0] = str;
                                strArr2 = strArr3;
                            }
                            int i2 = 0;
                            StringBuffer stringBuffer = new StringBuffer();
                            while (strArr2.length > i2) {
                                String filter = filter(strArr2[i2]);
                                if (filter == null || filter.length() == 0) {
                                    i2++;
                                    str4 = str4;
                                    i = 1;
                                } else {
                                    String str5 = str4;
                                    stringBuffer.append(String.valueOf(i2 == 0 ? "" : " OR ") + getSearchColumnTableName() + sqlColumn2.getColumnName());
                                    if (sqlColumn2.getOperators() == null) {
                                        stringBuffer.append(" LIKE '%" + filter + "%'");
                                    } else {
                                        stringBuffer.append(" " + sqlColumn2.getOperators() + " '" + filter + "' ");
                                    }
                                    i2++;
                                    str4 = str5;
                                    i = 1;
                                }
                            }
                            this.where = String.valueOf(this.where) + (strArr2.length > i ? "( " + stringBuffer.toString() + " )" : stringBuffer.toString());
                            parameterNames = enumeration;
                        } else {
                            parameterNames = enumeration;
                        }
                    } else {
                        parameterNames = enumeration;
                    }
                }
            }
        }
        return this.where;
    }

    public void setSearchTable(String str) {
        this.tableName = str;
    }

    public String setSelectFromAndPage(String str, Page page) {
        this.selectFrom = str;
        this.page = page;
        return String.valueOf(str) + this.where + this.groupBy + this.orderBy + " LIMIT " + page.getLimitStart() + "," + page.getEveryNumber();
    }
}
