package com.bizvane.search.domain.service.impl;

import com.bizvane.search.domain.common.NacosComponent;
import com.bizvane.search.domain.service.ISqlVerificationService;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/bizvane/search/domain/service/impl/sqlVerificationImpl.class */
public class sqlVerificationImpl implements ISqlVerificationService {

    @Autowired
    private NacosComponent nacosComponent;
    private static final Set<String> DISALLOWED_KEYWORDS = new HashSet(Arrays.asList("update", "delete", "drop", "alter", "1=1", "--", "/* */", "//", "@variable", "sp_executesql", "DATABASE()", "USER()", "SYSTEM_USER", "CURRENT_USER", "GRANT", "REVOKE", "LOAD_FILE"));
    private static String username = "demo";
    private static String password = "ABCD1234!@#";
    private static String url = "jdbc:mysql://lb-42i3qklp-j9ythr5usabo7ven.clb.sh-tencentclb.com:9030";

    @Override // com.bizvane.search.domain.service.ISqlVerificationService
    public boolean sqlVerification(String str) {
        if (isValidSQL(str)) {
            return explainCheckSQL("explain  " + str);
        }
        System.out.println("SQL验证失败，SQL不符合规范");
        return false;
    }

    public boolean isValidSQL(String str) {
        if (str == null || str.trim().length() == 0) {
            return false;
        }
        String lowerCase = str.trim().toLowerCase();
        Iterator<String> it = DISALLOWED_KEYWORDS.iterator();
        while (it.hasNext()) {
            if (lowerCase.contains(it.next())) {
                return false;
            }
        }
        return lowerCase.startsWith("select");
    }

    private static boolean explainCheckSQL(String str) {
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;
        try {
            try {
                Class.forName("com.p6spy.engine.spy.P6SpyDriver");
                DriverManager.setLoginTimeout(10);
                connection = DriverManager.getConnection(url, username, password);
                statement = connection.createStatement();
                resultSet = statement.executeQuery(str);
                if (resultSet != null) {
                    try {
                        resultSet.close();
                    } catch (SQLException e) {
                        e.printStackTrace();
                    }
                }
                if (statement != null) {
                    statement.close();
                }
                if (connection != null) {
                    connection.close();
                }
                return true;
            } catch (Throwable th) {
                if (resultSet != null) {
                    try {
                        resultSet.close();
                    } catch (SQLException e2) {
                        e2.printStackTrace();
                        throw th;
                    }
                }
                if (statement != null) {
                    statement.close();
                }
                if (connection != null) {
                    connection.close();
                }
                throw th;
            }
        } catch (ClassNotFoundException | SQLException e3) {
            e3.printStackTrace();
            if (resultSet != null) {
                try {
                    resultSet.close();
                } catch (SQLException e4) {
                    e4.printStackTrace();
                    return false;
                }
            }
            if (statement != null) {
                statement.close();
            }
            if (connection != null) {
                connection.close();
            }
            return false;
        }
    }
}
