package com.jsql.model.injection.strategy;
   
   import com.jsql.model.InjectionModel;
   import com.jsql.model.exception.JSqlException;
   import com.jsql.model.injection.engine.model.EngineYaml;
   import com.jsql.model.suspendable.Input;
   import com.jsql.model.suspendable.SuspendableGetCharInsertion;
   import com.jsql.model.suspendable.SuspendableGetEngine;
   import com.jsql.util.LogLevelUtil;
  import com.jsql.util.StringUtil;
  import com.jsql.view.subscriber.Seal;
  import org.apache.commons.lang3.StringUtils;
  import org.apache.logging.log4j.LogManager;
  import org.apache.logging.log4j.Logger;
  
  import java.util.AbstractMap.SimpleEntry;
  import java.util.Arrays;
  import java.util.List;
  import java.util.regex.Matcher;
  
  public class MediatorStrategy {
  
      private static final Logger LOGGER = LogManager.getRootLogger();
      
      private final AbstractStrategy time;
      private final AbstractStrategy blindBit;
      private final AbstractStrategy blindBin;
      private final AbstractStrategy multibit;
      private final AbstractStrategy dns;
      private final StrategyError error;
      private final AbstractStrategy union;
      private final AbstractStrategy stack;
  
      private final List<AbstractStrategy> strategies;
      
      /**
       * Current injection strategy.
       */
      private AbstractStrategy strategy;
  
      private final InjectionModel injectionModel;
      
      public MediatorStrategy(InjectionModel injectionModel) {
          this.injectionModel = injectionModel;
          
          this.time = new StrategyTime(this.injectionModel);
          this.blindBit = new StrategyBlindBit(this.injectionModel);
          this.blindBin = new StrategyBlindBin(this.injectionModel);
          this.multibit = new StrategyMultibit(this.injectionModel);
          this.dns = new StrategyDns(this.injectionModel);
          this.error = new StrategyError(this.injectionModel);
          this.union = new StrategyUnion(this.injectionModel);
          this.stack = new StrategyStack(this.injectionModel);
  
          this.strategies = Arrays.asList(this.time, this.blindBin, this.blindBit, this.multibit, this.error, this.dns, this.stack, this.union);
      }
      
      public String getMeta() {
          String strategyName = this.strategy == null ? StringUtils.EMPTY : this.strategy.toString().toLowerCase();
          var strategyMode = "default";
          if (this.injectionModel.getMediatorUtils().preferencesUtil().isDiosStrategy()) {
              strategyMode = "dios";
          } else if (this.injectionModel.getMediatorUtils().preferencesUtil().isZipStrategy()) {
              strategyMode = "zip";
          }
          return String.format("%s#%s", strategyName.replace(" ", "-"), strategyMode);
      }
      
      /**
       * Build correct data for GET, POST, HEADER.
       * Each can be either raw data (no injection), SQL query without index requirement,
       * or SQL query with index requirement.
       * @param urlBase Beginning of the request data
       * @param isUsingIndex False if request doesn't use indexes
       * @param sqlTrail SQL statement
       * @return Final data
       */
      public String buildPath(String urlBase, boolean isUsingIndex, String sqlTrail) {
          String result = urlBase;
          if (urlBase.contains(InjectionModel.STAR)) {
              if (!isUsingIndex) {
                  result = urlBase.replace(InjectionModel.STAR, this.encodePath(sqlTrail));
              } else {
                  result = urlBase.replace(
                      InjectionModel.STAR,
                      this.encodePath(
                          this.getSpecificUnion().getIndexesInUrl().replaceAll(
                              String.format(EngineYaml.FORMAT_INDEX, this.getSpecificUnion().getVisibleIndex()),
                              Matcher.quoteReplacement(sqlTrail)  // Oracle column can contain regex char $ => quoteReplacement()
                          )
                      )
                  );
              }
          }
          return result;
      }
  
      private String encodePath(String sqlTrail) {
          String sqlTrailEncoded = StringUtil.cleanSql(sqlTrail);
 
         if (!this.injectionModel.getMediatorUtils().preferencesUtil().isUrlEncodingDisabled()) {
             sqlTrailEncoded = sqlTrailEncoded
                 .replace("'", "%27")
                 .replace("(", "%28")
                 .replace(")", "%29")
                 .replace("{", "%7b")
                 .replace("[", "%5b")
                 .replace("]", "%5d")
                 .replace("}", "%7d")
                 .replace(">", "%3e")
                 .replace("<", "%3c")
                 .replace("?", "%3f")
                 .replace("_", "%5f")
                 .replace("\\", "%5c")
                 .replace(",", "%2c");
         }
 
         // URL forbidden characters
         return (sqlTrailEncoded + this.injectionModel.getMediatorEngine().getEngine().instance().endingComment())
             .replace("\"", "%22")
             .replace("|", "%7c")
             .replace("`", "%60")
             .replace(StringUtils.SPACE, "%20")
             .replace("+", "%20");
     }
     
     /**
      * Find the insertion character, test each strategy, inject metadata and list databases.
      * @param parameterToInject to be tested, null when injection point
      * @return true when successful injection
      * @throws JSqlException when no params integrity, process stopped by user, or injection failure
      */
     public boolean testStrategies(SimpleEntry<String, String> parameterToInject) throws JSqlException {
         // Define insertionCharacter, i.e, -1 in "[..].php?id=-1 union select[..]",
         
         String parameterOriginalValue = null;
         
         // Fingerprint database
         this.injectionModel.getMediatorEngine().setEngine(this.injectionModel.getMediatorEngine().fingerprintEngine());
         
         // If not an injection point then find insertion character.
         // Force to 1 if no insertion char works and empty value from user,
         // Force to user's value if no insertion char works,
         // Force to insertion char otherwise.
         // parameterToInject null on true STAR injection
         // TODO Use also on Json injection where parameter == null
         String insertionGeneric = StringUtils.EMPTY;
         if (parameterToInject != null) {  // no parameter when injection point in path
             parameterOriginalValue = parameterToInject.getValue();
                      
             // Test for params integrity
             String characterInsertionByUser = this.injectionModel.getMediatorUtils().parameterUtil().initStar(parameterToInject);
             
             String characterInsertion = this.injectionModel.getMediatorUtils().preferencesUtil().isNotSearchingCharInsertion()
                 ? characterInsertionByUser
                 : new SuspendableGetCharInsertion(this.injectionModel, parameterOriginalValue).run(
                     new Input(characterInsertionByUser)
                 );
             if (this.injectionModel.getMediatorUtils().parameterUtil().isRequestSoap()) {
                 parameterToInject.setValue(StringUtils.EMPTY);  // key only when soap
                 this.injectionModel.getMediatorUtils().parameterUtil().initRequest(
                     parameterToInject.getKey().replace(InjectionModel.STAR, characterInsertion)
                 );
             } else if (characterInsertion.contains(InjectionModel.STAR)) {  // When injecting all parameters or JSON
                 parameterToInject.setValue(characterInsertion);
             } else {  // When injecting last parameter
                 parameterToInject.setValue(characterInsertion.replaceAll("(\\w)$", "$1+") + InjectionModel.STAR);
             }
             insertionGeneric = characterInsertion;
         } else if (this.injectionModel.getMediatorUtils().connectionUtil().getUrlBase().contains(InjectionModel.STAR)) {
             LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "Checking [path] params...");
             String characterInsertion = new SuspendableGetCharInsertion(this.injectionModel, parameterOriginalValue).run(
                 new Input(InjectionModel.STAR + this.injectionModel.getMediatorEngine().getEngine().instance().endingComment())
             );
             String urlBase = this.injectionModel.getMediatorUtils().connectionUtil().getUrlBase();
             this.injectionModel.getMediatorUtils().connectionUtil().setUrlBase(
                 // Space %20 for URL, do not use +
                 urlBase.replace(InjectionModel.STAR, characterInsertion.replaceAll("(\\w)$", "$1%20") + InjectionModel.STAR)
             );
             insertionGeneric = characterInsertion;
         }
 
         if (this.injectionModel.getMediatorEngine().getEngineByUser() == this.injectionModel.getMediatorEngine().getAuto()) {
             new SuspendableGetEngine(this.injectionModel).run();
         }
 
         String finalInsertionGeneric = insertionGeneric;
         LOGGER.log(
             LogLevelUtil.CONSOLE_INFORM,
             "Using [{}] and prefix [{}]",
             () -> this.injectionModel.getMediatorEngine().getEngine(),
             () -> SuspendableGetCharInsertion.format(finalInsertionGeneric)
         );
         this.injectionModel.sendToViews(new Seal.MarkEngineFound(this.injectionModel.getMediatorEngine().getEngine()));
 
         // Test each injection strategies: time < blind binary < blind bitwise < multibit < error < stack < union
         this.time.checkApplicability();
         this.blindBin.checkApplicability();
         this.blindBit.checkApplicability();
 
         if (parameterToInject != null) {
             // Multibit requires '0'
             // TODO char insertion 0' should also work on "where x='$param'"
             var backupCharacterInsertion = parameterToInject.getValue();
             parameterToInject.setValue(InjectionModel.STAR + this.injectionModel.getMediatorEngine().getEngine().instance().endingComment());
             this.multibit.checkApplicability();
             parameterToInject.setValue(backupCharacterInsertion);  // required to restore after check
         } else {
             this.multibit.checkApplicability();
         }
 
         this.dns.checkApplicability();
         this.error.checkApplicability();
         this.stack.checkApplicability();
         this.union.checkApplicability();
 
         // Set most efficient strategy first
         this.union.activateWhenApplicable();
         this.stack.activateWhenApplicable();
         this.error.activateWhenApplicable();
         this.dns.activateWhenApplicable();
         this.multibit.activateWhenApplicable();
         this.blindBit.activateWhenApplicable();
         this.blindBin.activateWhenApplicable();
         this.time.activateWhenApplicable();
 
         if (this.injectionModel.getMediatorStrategy().getStrategy() == null) {  // no strategy found
             // Restore initial parameter value on injection failure
             // Only when not true STAR injection
             if (parameterOriginalValue != null) {
                 parameterToInject.setValue(parameterOriginalValue.replace(InjectionModel.STAR, StringUtils.EMPTY));
             }
 
             LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "No injection found");
             return false;
         }
         
         return true;
     }
     
     
     // Getter and setter
 
     public AbstractStrategy getUnion() {
         return this.union;
     }
 
     public StrategyUnion getSpecificUnion() {
         return (StrategyUnion) this.union;
     }
 
     public StrategyError getError() {
         return this.error;
     }
 
     public AbstractStrategy getBlindBit() {
         return this.blindBit;
     }
 
     public AbstractStrategy getBlindBin() {
         return this.blindBin;
     }
 
     public AbstractStrategy getMultibit() {
         return this.multibit;
     }
 
     public AbstractStrategy getTime() {
         return this.time;
     }
 
     public AbstractStrategy getStack() {
         return this.stack;
     }
 
     public AbstractStrategy getDns() {
         return this.dns;
     }
 
     public List<AbstractStrategy> getStrategies() {
         return this.strategies;
     }
 
     public AbstractStrategy getStrategy() {
         return this.strategy;
     }
 
     public void setStrategy(AbstractStrategy strategy) {
         this.strategy = strategy;
     }
 }