package com.xpn.xwiki.internal.store.hibernate.query;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.Function;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.schema.Table;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.select.FromItem;
import net.sf.jsqlparser.statement.select.Join;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import net.sf.jsqlparser.statement.select.SelectBody;
import net.sf.jsqlparser.statement.select.SelectExpressionItem;
import net.sf.jsqlparser.statement.select.SelectItem;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-oldcore-7.4.6-struts2-1.jar:com/xpn/xwiki/internal/store/hibernate/query/HqlQueryUtils.class */
public final class HqlQueryUtils {
    private static final String DOCUMENT_FIELD_FULLNAME = "fullName";
    private static final String DOCUMENT_FIELD_NAME = "name";
    private static final String DOCUMENT_FIELD_SPACE = "space";
    private static final String DOCUMENT_FIELD_LANGUAGE = "language";
    private static final String DOCUMENT_FIELD_DEFAULTLANGUAGE = "defaultLanguage";
    private static final String DOCUMENT_FIELD_TRANSLATION = "translation";
    private static final String DOCUMENT_FIELD_HIDDEN = "hidden";
    private static final String SPACE_FIELD_REFERENCE = "reference";
    private static final String SPACE_FIELD_NAME = "name";
    private static final String SPACE_FIELD_PARENT = "parent";
    private static final String SPACE_FIELD_HIDDEN = "hidden";
    private static final String FROM_REPLACEMENT = "$1";
    private static final Pattern FROM_DOC = Pattern.compile("com\\.xpn\\.xwiki\\.doc\\.([^ ]+)");
    private static final Pattern FROM_OBJECT = Pattern.compile("com\\.xpn\\.xwiki\\.objects\\.([^ ]+)");
    private static final Pattern FROM_RCS = Pattern.compile("com\\.xpn\\.xwiki\\.doc\\.rcs\\.([^ ]+)");
    private static final Pattern FROM_VERSION = Pattern.compile("com\\.xpn\\.xwiki\\.store\\.migration\\.([^ ]+)");
    private static final Map<String, Set<String>> ALLOWED_FIELDS = new HashMap();

    private HqlQueryUtils() {
    }

    public static boolean isShortFormStatement(String str) {
        return StringUtils.startsWithAny(str.trim().toLowerCase(), ",", "from", "where", "order");
    }

    public static boolean isSafe(String str) {
        try {
            Statement parse = CCJSqlParserUtil.parse(FROM_VERSION.matcher(FROM_RCS.matcher(FROM_OBJECT.matcher(FROM_DOC.matcher(str).replaceAll(FROM_REPLACEMENT)).replaceAll(FROM_REPLACEMENT)).replaceAll(FROM_REPLACEMENT)).replaceAll(FROM_REPLACEMENT));
            if (!(parse instanceof Select)) {
                return false;
            }
            SelectBody selectBody = ((Select) parse).getSelectBody();
            if (!(selectBody instanceof PlainSelect)) {
                return false;
            }
            PlainSelect plainSelect = (PlainSelect) selectBody;
            Map<String, String> tables = getTables(plainSelect);
            Iterator<SelectItem> it = plainSelect.getSelectItems().iterator();
            while (it.hasNext()) {
                if (!isSelectItemAllowed(it.next(), tables)) {
                    return false;
                }
            }
            return true;
        } catch (JSQLParserException e) {
            e.printStackTrace();
            return false;
        }
    }

    private static Map<String, String> getTables(PlainSelect plainSelect) {
        HashMap hashMap = new HashMap();
        addFromItem(plainSelect.getFromItem(), hashMap);
        List<Join> joins = plainSelect.getJoins();
        if (joins != null) {
            Iterator<Join> it = joins.iterator();
            while (it.hasNext()) {
                addFromItem(it.next().getRightItem(), hashMap);
            }
        }
        return hashMap;
    }

    private static void addFromItem(FromItem fromItem, Map<String, String> map) {
        if (fromItem instanceof Table) {
            String name = ((Table) fromItem).getName();
            map.put(fromItem.getAlias() != null ? fromItem.getAlias().getName() : name, name);
        }
    }

    private static boolean isSelectItemAllowed(SelectItem selectItem, Map<String, String> map) {
        if (selectItem instanceof SelectExpressionItem) {
            return isSelectExpressionAllowed(((SelectExpressionItem) selectItem).getExpression(), map);
        }
        return false;
    }

    private static boolean isSelectExpressionAllowed(Expression expression, Map<String, String> map) {
        if (expression instanceof Column) {
            return isColumnAllowed((Column) expression, map);
        }
        if (!(expression instanceof Function)) {
            return false;
        }
        Function function = (Function) expression;
        if (function.isAllColumns()) {
            return function.getName().equals("count") && map.size() == 1 && isTableAllowed(map.values().iterator().next());
        }
        Iterator<Expression> it = function.getParameters().getExpressions().iterator();
        while (it.hasNext()) {
            if (!isSelectExpressionAllowed(it.next(), map)) {
                return false;
            }
        }
        return true;
    }

    private static boolean isColumnAllowed(Column column, Map<String, String> map) {
        Set<String> set = ALLOWED_FIELDS.get(getTableName(column.getTable(), map));
        return set != null && set.contains(column.getColumnName());
    }

    private static boolean isTableAllowed(String str) {
        return ALLOWED_FIELDS.containsKey(str);
    }

    private static String getTableName(Table table, Map<String, String> map) {
        String next = map.values().iterator().next();
        if (table != null && StringUtils.isNotEmpty(table.getFullyQualifiedName())) {
            next = map.get(table.getFullyQualifiedName());
        }
        return next;
    }

    static {
        HashSet hashSet = new HashSet();
        ALLOWED_FIELDS.put("XWikiDocument", hashSet);
        hashSet.add(DOCUMENT_FIELD_FULLNAME);
        hashSet.add("name");
        hashSet.add("space");
        hashSet.add("language");
        hashSet.add("defaultLanguage");
        hashSet.add("translation");
        hashSet.add("hidden");
        HashSet hashSet2 = new HashSet();
        ALLOWED_FIELDS.put("XWikiSpace", hashSet2);
        hashSet2.add("reference");
        hashSet2.add("name");
        hashSet2.add("parent");
        hashSet2.add("hidden");
    }
}
