package com.geoway.landteam.landcloud.service.datatransfer.service.impl;

import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.parser.Feature;
import com.geoway.landteam.landcloud.model.datatransfer.constants.ParamType;
import com.geoway.landteam.landcloud.model.datatransfer.constants.UpdateType;
import com.geoway.landteam.landcloud.model.datatransfer.constants.ValueType;
import com.geoway.landteam.landcloud.servface.datatransfer.ImportJsonService;
import com.geoway.landteam.landcloud.service.datatransfer.support.ImportDataUtils;
import com.gw.base.log.GiLoger;
import com.gw.base.log.GwLoger;
import java.util.ArrayList;
import java.util.regex.Pattern;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/geoway/landteam/landcloud/service/datatransfer/service/impl/ImportJsonServiceImpl.class */
public class ImportJsonServiceImpl implements ImportJsonService {
    private GiLoger logger = GwLoger.getLoger(ImportJsonServiceImpl.class);

    @Autowired
    private JdbcTemplate jdbcTemplate;

    public void readJson(String str) throws Exception {
        JSONArray parseArray = JSONArray.parseArray(ImportDataUtils.readTxtFile(str).get(0), new Feature[0]);
        if (containsSqlInjection(parseArray.toString())) {
            this.logger.error("发现有sql注入问题" + parseArray.toString(), new Object[0]);
            return;
        }
        for (int i = 0; i < parseArray.size(); i++) {
            ArrayList arrayList = new ArrayList();
            JSONObject jSONObject = parseArray.getJSONObject(i);
            String string = jSONObject.getString("table");
            JSONArray jSONArray = jSONObject.getJSONArray("data");
            JSONArray jSONArray2 = jSONObject.getJSONArray("param");
            Integer integer = jSONObject.getInteger("type");
            String str2 = "";
            if (UpdateType.ADD == integer) {
                str2 = str2 + "INSERT INTO " + string + " VALUES(";
            } else if (UpdateType.DEL == integer) {
                str2 = str2 + "DELETE FROM " + string;
            } else if (UpdateType.UPDATE == integer) {
                str2 = str2 + "UPDATE " + string + " SET ";
            }
            for (int i2 = 0; i2 < jSONArray.size(); i2++) {
                JSONObject jSONObject2 = jSONArray.getJSONObject(i2);
                String string2 = jSONObject2.getString("key");
                String string3 = jSONObject2.getString("value");
                Integer integer2 = jSONObject2.getInteger("valueType");
                str2 = 1 == integer.intValue() ? str2 + " ? " : str2 + string2 + " = ? ";
                if (i2 != jSONArray.size() - 1) {
                    str2 = str2 + " , ";
                }
                arrayList.add(getInsertValue2(integer2, string3));
            }
            if (1 == integer.intValue()) {
                str2 = str2 + ")";
            }
            String str3 = str2 + " WHERE 1=1 ";
            if (null != jSONArray2 && jSONArray2.size() != 0) {
                for (int i3 = 0; i3 < jSONArray2.size(); i3++) {
                    JSONObject jSONObject3 = jSONArray2.getJSONObject(i3);
                    String string4 = jSONObject3.getString("key");
                    Object obj = jSONObject3.get("value");
                    Integer integer3 = jSONObject3.getInteger("valueType");
                    Integer integer4 = jSONObject3.getInteger("paramType");
                    if (ParamType.TYPE_IN == integer4) {
                        str3 = str3 + " and " + string4 + " in (" + getINsql((String) obj) + ")";
                    } else {
                        str3 = str3 + " and " + string4 + getOperation(integer4) + "?";
                        arrayList.add(getInsertValue2(integer3, obj));
                    }
                }
            }
            this.jdbcTemplate.update(str3, arrayList.toArray());
        }
    }

    private Object getInsertValue2(Integer num, Object obj) {
        if (ValueType.TYPE_STRING == num) {
            if (null == obj || "null".equals(obj)) {
                return null;
            }
            return obj.toString();
        }
        if (ValueType.TYPE_INT == num) {
            if (null == obj || "null".equals(obj)) {
                return null;
            }
            return ImportDataUtils.toInteger(obj);
        }
        if (ValueType.TYPE_GEOMETRY == num) {
            if (null == obj || "null".equals(obj)) {
                return null;
            }
            return ImportDataUtils.toGeometry(obj);
        }
        if (ValueType.TYPE_DATE == num) {
            if (null == obj || "null".equals(obj)) {
                return null;
            }
            return ImportDataUtils.toDate(obj);
        }
        if (ValueType.TYPE_TIMESTAMP == num) {
            if (null == obj || "null".equals(obj)) {
                return null;
            }
            return ImportDataUtils.toTimestamp(obj);
        }
        if (ValueType.TYPE_NUMBER == num) {
            if (null == obj || "null".equals(obj)) {
                return null;
            }
            return ImportDataUtils.toDouble(obj);
        }
        if (ValueType.TYPE_LONG != num) {
            return obj;
        }
        if (null == obj || "null".equals(obj)) {
            return null;
        }
        return ImportDataUtils.toLong(obj);
    }

    private String getOperation(Integer num) {
        return ParamType.TYPE_EQ == num ? " = " : ParamType.TYPE_NE == num ? " != " : ParamType.TYPE_LT == num ? " < " : ParamType.TYPE_LE == num ? " <= " : ParamType.TYPE_GT == num ? " > " : ParamType.TYPE_GE == num ? " >= " : ParamType.TYPE_IN == num ? " in " : " = ";
    }

    private String getINsql(String str) {
        String[] split = str.split(",");
        String str2 = "";
        for (int i = 0; i < split.length; i++) {
            str2 = str2 + "'" + split[i] + "'";
            if (i != split.length - 1) {
                str2 = str2 + ",";
            }
        }
        return str2;
    }

    public boolean containsSqlInjection(Object obj) {
        return Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|')").matcher(obj.toString().toLowerCase()).find();
    }
}
