package net.business.engine.common;

import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
import java.sql.Connection;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import net.business.engine.CommonTemplatePara;
import net.business.engine.ListField;
import net.business.engine.ListObjectPara;
import net.business.engine.ListResult;
import net.business.engine.TableField;
import net.business.engine.TableObject;
import net.business.engine.Template;
import net.business.engine.TemplateField;
import net.business.engine.control.DataListComponent;
import net.business.engine.manager.UserDataManager;
import net.business.engine.node.NodeUnit;
import net.business.engine.node.PaginationHtmlUnit;
import net.risesoft.util.EformSysVariables;
import net.sysmain.common.I_CustomConstant;
import net.sysmain.common.I_FetchValue;
import net.sysmain.common.I_TemplateConstant;
import net.sysmain.common.I_UserConstant;
import net.sysmain.common.I_ValuesObject;
import net.sysmain.common.Operator;
import net.sysmain.common.PermissionValid;
import net.sysmain.common.exception.TemplateInitException;
import net.sysmain.common.exception.TemplateMessageException;
import net.sysmain.util.Configuration;
import net.sysmain.util.StringTools;

/* loaded from: input_file:net/business/engine/common/Tools.class */
public class Tools {
    private static final String[] forbidKeyword = {"select ", "drop ", "update ", "truncate ", "insert ", "delete ", "create ", "'or ", " or ", "'and ", " and "};
    private static final String HTMLTAG = "(.*\\<.*)|(.*\\>.*)";

    private static String getValueFromTemplatePara(String str, I_TemplatePara i_TemplatePara) throws Exception {
        String queryString = i_TemplatePara.getQueryString();
        int indexOf = queryString.toLowerCase().indexOf(String.valueOf(str.toLowerCase()) + EformSysVariables.EQUAL_SIGN);
        String str2 = null;
        if (indexOf != -1) {
            int length = str.length() + indexOf + 1;
            int indexOf2 = queryString.indexOf(I_TemplateConstant.TEMPLATE_PARA_DELIMITER, length);
            if (indexOf2 == -1) {
                str2 = queryString.substring(length);
            } else if (indexOf2 > length) {
                str2 = queryString.substring(length, indexOf2);
            }
            if (str2.startsWith(EformSysVariables.SINGLE_QUOTE_MARK) && str2.endsWith(EformSysVariables.SINGLE_QUOTE_MARK)) {
                str2 = str2.substring(1, str2.length() - 1);
            }
            return str2;
        }
        Template template = i_TemplatePara.getTemplate();
        if (template != null) {
            for (int i = 0; i < template.length(); i++) {
                if (template.get(i).getFieldAlias().equals(str)) {
                    TemplateContext context = i_TemplatePara.getContext();
                    if (context != null) {
                        return String.valueOf(context.get(I_CustomConstant.STR_CUSTOM_TYPE_FIELD + template.get(i).getFormCtrlName()));
                    }
                    throw new Exception("系统错误，请将模板[ID:" + i_TemplatePara.getTemplate().getTemp_Id() + "]设置为非绑定模式后重新编译");
                }
            }
        }
        throw new Exception("模板参数和字段中未包含" + str);
    }

    public static void getInitResultNotFromField(Template template, I_ValuesObject i_ValuesObject, Hashtable hashtable) {
        Hashtable hashtable2 = new Hashtable();
        Object valueObject = i_ValuesObject.getValueObject();
        HttpSession session = i_ValuesObject.getType() == 1 ? ((HttpServletRequest) valueObject).getSession(false) : null;
        for (int i = 0; i < template.length(); i++) {
            TemplateField templateField = template.get(i);
            String trim = templateField.getFieldAlias().trim();
            String trim2 = templateField.getAddFieldAlias().trim();
            if (!hashtable2.containsKey(trim2)) {
                hashtable2.put(trim2, "");
                int indexOf = trim2.indexOf(".");
                if (indexOf != -1 && templateField.getAddField_Id() == 0 && !templateField.getFormCtrlName().equals("") && !trim2.equals("") && !trim.equals("")) {
                    String lowerCase = trim2.substring(0, indexOf).toLowerCase();
                    if (lowerCase.equals(I_TemplateConstant.TABLE_TYPE_FORM)) {
                        hashtable.put(trim2, StringTools.getFormValue(i_ValuesObject, trim2));
                    } else if (lowerCase.equals(I_TemplateConstant.TABLE_TYPE_SESSION) && session != null && ((Operator) session.getAttribute(I_UserConstant.USER_INFO)) != null) {
                        hashtable.put(trim2, StringTools.getSessionValue((HttpServletRequest) valueObject, trim2));
                    }
                }
            }
        }
    }

    public static TableField findTableField(TableObject[] tableObjectArr, String str) {
        if (tableObjectArr == null || str == null || str.indexOf(".") == -1) {
            return null;
        }
        TableField tableField = null;
        int indexOf = str.indexOf(".");
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        int i = 0;
        while (true) {
            if (i >= tableObjectArr.length) {
                break;
            }
            if (tableObjectArr[i].getAlias().equals(substring)) {
                tableField = tableObjectArr[i].getFieldByName(substring2);
                break;
            }
            i++;
        }
        return tableField;
    }

    public static String getLimitCondition(Template template, I_ValuesObject i_ValuesObject, boolean z, int i) throws Exception {
        StringBuffer stringBuffer = null;
        if (!StringTools.isBlankStr(template.getInputParameter())) {
            for (String str : template.getInputParameter().split("\r\n")) {
                String expression = getExpression(i_ValuesObject, str, z, i);
                if (expression != null) {
                    if (stringBuffer == null) {
                        stringBuffer = new StringBuffer();
                    }
                    if (stringBuffer.length() > 0) {
                        stringBuffer.append(I_TemplateConstant.TEMPLATE_PARA_DELIMITER);
                    }
                    stringBuffer.append(expression);
                }
            }
        }
        if (stringBuffer == null) {
            return null;
        }
        return stringBuffer.toString();
    }

    public static I_TemplatePara getTemplatePara(Template template) {
        return getTemplatePara(template, false);
    }

    public static I_TemplatePara getTemplatePara(Template template, boolean z) {
        CommonTemplatePara commonTemplatePara = new CommonTemplatePara(template);
        commonTemplatePara.setPost(z);
        return commonTemplatePara;
    }

    private static String getExpression(I_ValuesObject i_ValuesObject, String str, boolean z, int i) throws Exception {
        String substring;
        boolean isDebug = Configuration.getInstance().isDebug();
        String str2 = null;
        boolean z2 = false;
        String str3 = null;
        if (str.indexOf("$") != -1) {
            z2 = true;
            int indexOf = str.indexOf("$");
            substring = str.substring(0, indexOf);
            str3 = str.substring(indexOf + 1);
        } else {
            substring = str.substring(0, str.indexOf(EformSysVariables.EQUAL_SIGN) + 1);
        }
        if (str.indexOf("session.") != -1) {
            int indexOf2 = str.indexOf("session.");
            if (str3 == null) {
                str3 = str.substring(indexOf2);
            }
            if (i_ValuesObject.getType() == 1) {
                str3 = StringTools.getSessionValue((HttpServletRequest) i_ValuesObject.getValueObject(), str3);
            }
            if (z && StringTools.isBlankStr(str3)) {
                throw new Exception("未能从会话[" + str.substring(indexOf2) + "]获得行权限值");
            }
            if (z2) {
                if (str3 != null) {
                    str2 = String.valueOf(substring) + EformSysVariables.SINGLE_QUOTE_MARK + str3 + EformSysVariables.SINGLE_QUOTE_MARK;
                }
            } else {
                if (!StringTools.isNumeric(str3)) {
                    throw new Exception("模板[ID号:" + i + "],[" + str + "]条件表达式值类型非数值");
                }
                if (str3 != null) {
                    str2 = String.valueOf(substring) + str3;
                }
            }
            if (isDebug) {
                if (str3 == null) {
                    System.out.println("Log:[" + str.substring(indexOf2) + "]返回值为空");
                } else {
                    System.out.println("Log:[" + str.substring(indexOf2) + "]返回值为：" + str3);
                }
            }
        } else if (str.indexOf("form.") != -1) {
            int indexOf3 = str.indexOf("form.");
            if (str3 == null) {
                str3 = str.substring(indexOf3);
            }
            if (z2) {
                String formValue = StringTools.getFormValue(i_ValuesObject, str3);
                if (z && StringTools.isBlankStr(formValue)) {
                    throw new Exception("未能从[" + str.substring(indexOf3) + "]获得行权限值");
                }
                if (formValue.indexOf(EformSysVariables.SEMICOLON) != -1 || formValue.indexOf(EformSysVariables.SINGLE_QUOTE_MARK) != -1) {
                    throw new TemplateMessageException("参数中包含'和;等特殊字符");
                }
                if (formValue != null) {
                    str2 = String.valueOf(substring) + EformSysVariables.SINGLE_QUOTE_MARK + formValue + EformSysVariables.SINGLE_QUOTE_MARK;
                }
            } else {
                String formValue2 = StringTools.getFormValue(i_ValuesObject, str3);
                if (!StringTools.isNumeric(formValue2)) {
                    throw new Exception("[" + str + "]条件表达式值类型非数值");
                }
                if (z && StringTools.isBlankStr(formValue2)) {
                    throw new Exception("未能从[" + str.substring(indexOf3) + "]获得行权限值");
                }
                if (formValue2 != null) {
                    str2 = String.valueOf(substring) + formValue2;
                }
            }
        } else {
            str2 = z2 ? String.valueOf(substring) + EformSysVariables.SINGLE_QUOTE_MARK + str3 + EformSysVariables.SINGLE_QUOTE_MARK : str;
        }
        return str2;
    }

    public static String getQueryString(HttpServletRequest httpServletRequest, boolean z) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        StringBuffer stringBuffer = new StringBuffer();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (z || (!str.equals("temp_Id") && !str.equals("querystring") && !str.equals("edittype"))) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append("&");
                }
                stringBuffer.append(String.valueOf(str) + EformSysVariables.EQUAL_SIGN + httpServletRequest.getParameter(str));
            }
        }
        return stringBuffer.toString();
    }

    public static String getQueryString(HttpServletRequest httpServletRequest) {
        return getQueryString(httpServletRequest, true);
    }

    public static String showPagination(ListResult listResult, ListObjectPara listObjectPara, PaginationHtmlUnit paginationHtmlUnit, String str, String str2) {
        return showPagination(listResult, listObjectPara, paginationHtmlUnit, str, str2, null);
    }

    public static String showPagination(ListResult listResult, ListObjectPara listObjectPara, PaginationHtmlUnit paginationHtmlUnit, String str, String str2, String str3) {
        StringBuffer stringBuffer = new StringBuffer();
        int currentPage = listObjectPara.getCurrentPage();
        ArrayList token = paginationHtmlUnit.getToken();
        for (int i = 0; i < token.size(); i++) {
            NodeUnit nodeUnit = (NodeUnit) token.get(i);
            if (nodeUnit.getType() == 0) {
                stringBuffer.append(nodeUnit.getValue());
            } else {
                String value = nodeUnit.getValue();
                if (value.equalsIgnoreCase(I_CustomConstant.TotalRecord)) {
                    stringBuffer.append(listResult.getTotalRecord());
                } else if (value.equalsIgnoreCase(I_CustomConstant.CurrentPage)) {
                    stringBuffer.append(listResult.getCurrentPage());
                } else if (value.equalsIgnoreCase(I_CustomConstant.TotalPage)) {
                    stringBuffer.append(listResult.getTotalPage());
                } else if (value.equalsIgnoreCase(I_CustomConstant.First)) {
                    if (currentPage != 1) {
                        stringBuffer.append("<a href=\"javascript:goPage('").append(str).append("',1);\">");
                    }
                } else if (value.equalsIgnoreCase("first$")) {
                    if (currentPage != 1) {
                        stringBuffer.append("</a>");
                    }
                } else if (value.equalsIgnoreCase(I_CustomConstant.Previous)) {
                    if (currentPage > 1) {
                        stringBuffer.append("<a href=\"javascript:goPage('").append(str).append("',").append(currentPage - 1).append(");\">");
                    }
                } else if (value.equalsIgnoreCase("previous$")) {
                    if (currentPage > 1) {
                        stringBuffer.append("</a>");
                    }
                } else if (value.equalsIgnoreCase(I_CustomConstant.Next)) {
                    if (currentPage < listResult.getTotalPage()) {
                        stringBuffer.append("<a href=\"javascript:goPage('").append(str).append("',").append(currentPage + 1).append(");\">");
                    }
                } else if (value.equalsIgnoreCase("next$")) {
                    if (currentPage < listResult.getTotalPage()) {
                        stringBuffer.append("</a>");
                    }
                } else if (value.equalsIgnoreCase(I_CustomConstant.Last)) {
                    if (currentPage < listResult.getTotalPage()) {
                        stringBuffer.append("<a href=\"javascript:goPage('").append(str).append("',").append(listResult.getTotalPage()).append(");\">");
                    }
                } else if (value.equalsIgnoreCase("last$")) {
                    if (currentPage < listResult.getTotalPage()) {
                        stringBuffer.append("</a>");
                    }
                } else if (value.equalsIgnoreCase(I_CustomConstant.FORMNAME)) {
                    stringBuffer.append(str);
                }
            }
        }
        return stringBuffer.toString();
    }

    public static boolean isAccessByExpression(ListField listField, HttpServletRequest httpServletRequest, int i, Connection connection) {
        String linkRoleId;
        if (((Operator) httpServletRequest.getSession().getAttribute(I_UserConstant.USER_INFO)) == null) {
            return false;
        }
        if (i == 1) {
            linkRoleId = listField.getRoleId();
        } else {
            if (i != 2) {
                return false;
            }
            linkRoleId = listField.getLinkRoleId();
        }
        if (linkRoleId == null || linkRoleId.trim().equals("")) {
            return true;
        }
        PermissionValid permissionValid = new PermissionValid(httpServletRequest, null);
        permissionValid.setConection(connection);
        return permissionValid.isValidAccess(linkRoleId);
    }

    public static Object getRequestObject(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getAttribute(str);
    }

    public static void setRequestObject(HttpServletRequest httpServletRequest, String str, Object obj) {
        httpServletRequest.setAttribute(str, obj);
    }

    public static void setQueryTableValues(I_ValuesObject i_ValuesObject, I_TemplatePara i_TemplatePara, TableObject[] tableObjectArr, I_FetchValue i_FetchValue) throws Exception {
        if (tableObjectArr != null) {
            for (int i = 0; i < tableObjectArr.length; i++) {
                for (int i2 = 0; i2 < tableObjectArr[i].length(); i2++) {
                    TableField tableField = tableObjectArr[i].get(i2);
                    String defaultValue = tableField.getDefaultValue();
                    if (tableField.getOperator().equals("in")) {
                        tableField.setFieldValue(defaultValue);
                    } else if (defaultValue.startsWith("session.")) {
                        if (i_ValuesObject.getType() != 1) {
                            return;
                        } else {
                            tableField.setFieldValue(StringTools.getSessionValue((HttpServletRequest) i_ValuesObject.getValueObject(), defaultValue));
                        }
                    } else if (defaultValue.startsWith("form.")) {
                        tableField.setFieldValue(StringTools.getFormValue(i_ValuesObject, defaultValue));
                    } else if (defaultValue.startsWith("FORM.")) {
                        String formValue = StringTools.getFormValue(i_ValuesObject, defaultValue.substring(1));
                        if ((formValue == null || formValue.equals("")) && (i_FetchValue instanceof DataListComponent)) {
                            if (tableField.getFieldType() == 4 || tableField.getFieldType() == 1) {
                                formValue = "-999999999";
                            } else if (tableField.getFieldType() == 2) {
                                formValue = StringTools.generateBoundary();
                            }
                        }
                        tableField.setFieldValue(formValue);
                    } else if (defaultValue.startsWith("$") && i_FetchValue != null) {
                        tableField.setFieldValue(i_FetchValue.getVariableValue(defaultValue.substring(1)));
                    } else if (defaultValue.indexOf(".") == -1 || StringTools.isNumeric(defaultValue)) {
                        if (defaultValue.indexOf(".") == -1 || StringTools.isNumeric(defaultValue)) {
                            tableField.setFieldValue(StringTools.ifNull(defaultValue));
                        }
                    } else if (i_TemplatePara.isPost()) {
                        tableField.setFieldValue(defaultValue);
                    } else {
                        String valueFromTemplatePara = getValueFromTemplatePara(defaultValue, i_TemplatePara);
                        if ((valueFromTemplatePara == null || valueFromTemplatePara.equals("")) && (i_FetchValue instanceof DataListComponent)) {
                            if (tableField.getFieldType() == 4 || tableField.getFieldType() == 1) {
                                valueFromTemplatePara = "-999999999";
                            } else if (tableField.getFieldType() == 2) {
                                valueFromTemplatePara = StringTools.generateBoundary();
                            }
                        }
                        tableField.setFieldValue(valueFromTemplatePara);
                    }
                }
            }
        }
    }

    public static I_TemplateAction getTemplateAction(HttpServletRequest httpServletRequest, String str, int i) throws Exception {
        String parameter;
        Class<?>[] parameterTypes;
        I_TemplateAction i_TemplateAction = (I_TemplateAction) Class.forName(str).newInstance();
        if (httpServletRequest != null && (i == 1 || i == 4)) {
            PropertyDescriptor[] propertyDescriptors = Introspector.getBeanInfo(i_TemplateAction.getClass(), Object.class).getPropertyDescriptors();
            for (int i2 = 0; i2 < propertyDescriptors.length; i2++) {
                Method writeMethod = propertyDescriptors[i2].getWriteMethod();
                if (writeMethod != null && (parameter = httpServletRequest.getParameter("_" + propertyDescriptors[i2].getName())) != null && (parameterTypes = writeMethod.getParameterTypes()) != null) {
                    String name = parameterTypes[0].getName();
                    Object obj = null;
                    if (name.equals("java.lang.String")) {
                        obj = parameter;
                    } else if (name.equals(EformSysVariables.INT)) {
                        if (StringTools.isInteger(parameter)) {
                            obj = new Integer(parameter);
                        }
                    } else if (name.equals("long")) {
                        if (StringTools.isInteger(parameter)) {
                            obj = new Long(parameter);
                        }
                    } else if (name.equals("short")) {
                        if (StringTools.isInteger(parameter)) {
                            obj = new Short(parameter);
                        }
                    } else if (name.equals("float")) {
                        if (StringTools.isNumeric(parameter)) {
                            obj = new Float(parameter);
                        }
                    } else if (name.equals(EformSysVariables.DOUBLE)) {
                        if (StringTools.isNumeric(parameter)) {
                            obj = new Double(parameter);
                        }
                    } else if (name.equals("byte")) {
                        if (StringTools.isInteger(parameter)) {
                            obj = new Byte(parameter);
                        }
                    } else if (name.equals("char")) {
                        if (parameter.length() == 1) {
                            obj = new Character(parameter.charAt(0));
                        }
                    } else if (name.equals("boolean") && parameter.length() == 1) {
                        obj = new Boolean(parameter);
                    }
                    if (obj != null) {
                        writeMethod.invoke(i_TemplateAction, obj);
                    }
                }
            }
        }
        return i_TemplateAction;
    }

    public static void checkKeyword(String str) throws Exception {
        if (str == null || str.equals("")) {
            return;
        }
        String lowerCase = str.toLowerCase();
        int i = 0;
        while (i < forbidKeyword.length) {
            if (lowerCase.indexOf(forbidKeyword[i]) != -1) {
                if (i != 2 || !forbidKeyword[i + 1].equals(">")) {
                    System.out.println("表单安全问题：非法的参数调用," + lowerCase);
                    throw new TemplateInitException("非法的参数调用");
                }
                i++;
            }
            i++;
        }
    }

    public static boolean isIncSQLKey(HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            try {
                checkKeyword(httpServletRequest.getParameter((String) parameterNames.nextElement()));
            } catch (Exception e) {
                return true;
            }
        }
        return false;
    }

    public static void checkSQLAndHtmlAttack(HttpServletRequest httpServletRequest) throws Exception {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String parameter = httpServletRequest.getParameter((String) parameterNames.nextElement());
            checkKeyword(parameter);
            if (Pattern.matches(HTMLTAG, parameter)) {
                throw new TemplateInitException("参数访问安全性限制");
            }
        }
    }

    public static void checkParameter(HttpServletRequest httpServletRequest) throws TemplateMessageException {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String parameter = httpServletRequest.getParameter((String) parameterNames.nextElement());
            if (Pattern.matches(HTMLTAG, parameter)) {
                System.out.println("表单运行警告，包含不安全参数：" + parameter);
                throw new TemplateMessageException("参数访问安全性限制");
            }
        }
    }

    public static String getValidRequest(HttpServletRequest httpServletRequest) {
        try {
            checkUrlQueryString(httpServletRequest);
            return null;
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    public static void checkUrlQueryString(HttpServletRequest httpServletRequest) throws TemplateMessageException {
        if (!httpServletRequest.getMethod().equals("POST")) {
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String parameter = httpServletRequest.getParameter((String) parameterNames.nextElement());
                if (Pattern.matches(HTMLTAG, parameter)) {
                    System.out.println("表单运行警告，包含不安全参数：" + parameter);
                    throw new TemplateMessageException("参数访问安全性限制");
                }
            }
            return;
        }
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null || "".equals(queryString)) {
            return;
        }
        String[] split = queryString.split("&");
        for (int i = 0; i < split.length; i++) {
            if (Pattern.matches(HTMLTAG, split[i])) {
                System.out.println("表单运行警告，包含不安全参数：" + split[i]);
                throw new TemplateMessageException("参数访问安全性限制");
            }
        }
    }

    private static void testPrintHeaders(HttpServletRequest httpServletRequest) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            System.out.println(String.valueOf(str) + EformSysVariables.COLON + httpServletRequest.getHeader(str));
        }
    }

    public static boolean validPostUrl(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("referer");
        if (header == null) {
            return false;
        }
        return header.indexOf(new StringBuilder("://").append(httpServletRequest.getServerName()).append(httpServletRequest.getServerPort() == 80 ? "" : new StringBuilder(EformSysVariables.COLON).append(httpServletRequest.getServerPort()).toString()).append(httpServletRequest.getContextPath()).append(httpServletRequest.getContextPath().endsWith("/") ? "" : "/").toString()) != -1;
    }

    public static void saveFormData(TemplateContext templateContext) throws Exception {
        TableObject[] tables = templateContext.getTables();
        Connection conn = templateContext.getConn();
        UserDataManager insByTemplate = UserDataManager.getInsByTemplate(templateContext.getTemplate());
        insByTemplate.setConnection(conn);
        insByTemplate.saveUserData(tables, templateContext.getTemplate(), new Vector());
    }
}
