package icu.easyj.spring.boot.autoconfigure.loopholecheck;

import icu.easyj.core.util.jar.JarInfo;
import icu.easyj.core.util.jar.JarUtils;
import icu.easyj.core.util.version.ExistLoopholeVersionError;
import icu.easyj.spring.boot.autoconfigure.jar.EasyjDependenciesAutoConfiguration;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.Ordered;

@EnableConfigurationProperties({LoopholeCheckProperties.class})
@ConditionalOnClass(name = {"org.apache.logging.log4j.Logger", "org.apache.logging.log4j.core.net.JndiManager"})
@Configuration(proxyBeanMethods = false)
@AutoConfigureAfter({EasyjDependenciesAutoConfiguration.class})
@ConditionalOnProperty(value = {"easyj.loophole-check.log4j2"}, matchIfMissing = true)
@Lazy(false)
/* loaded from: input_file:icu/easyj/spring/boot/autoconfigure/loopholecheck/EasyjLog4j2LoopholeCheckAutoConfiguration.class */
public class EasyjLog4j2LoopholeCheckAutoConfiguration implements Ordered {
    public EasyjLog4j2LoopholeCheckAutoConfiguration(LoopholeCheckProperties loopholeCheckProperties) {
        JarInfo jar;
        Logger logger = LogManager.getLogger(getClass());
        if ("org.apache.logging.log4j.core.Logger".equals(logger.getClass().getName()) && (jar = JarUtils.getJar("org.apache.logging.log4j", "log4j-core")) != null && jar.betweenVersion("2.0.0-SNAPSHOT", "2.14.999")) {
            logger.warn("");
            logger.warn("==>");
            logger.warn("log4j2 严重漏洞警告：");
            logger.warn("当前log4j2日志的实现类为 '{}'，且 'log4j-core.jar' 的版本号为：{}。该版本的该实现存在远程代码执行漏洞，请尽快升级log4j2到2.15.0及以上版本", logger.getClass().getName(), jar.getVersion());
            logger.warn("漏洞复现步骤：https://mp.weixin.qq.com/s/0tBE0Y4c-XLPlVdVsYZ4Ig");
            logger.warn("漏洞修复记录：https://github.com/apache/logging-log4j2/commit/7fe72d6");
            logger.warn("漏洞确认日志：{}", "${java:os}");
            logger.warn("请观察上一行“漏洞确认日志”中冒号后面的内容：如果显示出操作系统信息，说明漏洞的确存在；如果显示出 '${java:os}'，则说明漏洞不存在，以上警告信息则为误报。");
            logger.warn("您可以添加配置关闭该警告：easyj.loophole-check.log4j2=false");
            logger.warn("<==");
            logger.warn("");
            if (loopholeCheckProperties.isNeedThrowIfExist()) {
                throw new ExistLoopholeVersionError("当前log4j2版本存在远程代码执行漏洞，请尽快更新至2.15.0及以上版本！");
            }
        }
    }

    public int getOrder() {
        return Integer.MIN_VALUE;
    }
}
