package icu.easyj.spring.boot.autoconfigure.loopholecheck;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.EasyjFastjsonBugfixUtils;
import icu.easyj.core.util.jar.JarInfo;
import icu.easyj.core.util.jar.JarUtils;
import icu.easyj.core.util.version.ExistLoopholeVersionError;
import icu.easyj.spring.boot.autoconfigure.jar.EasyjDependenciesAutoConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.Ordered;

@EnableConfigurationProperties({LoopholeCheckProperties.class})
@ConditionalOnClass({JSON.class})
@Configuration(proxyBeanMethods = false)
@AutoConfigureAfter({EasyjDependenciesAutoConfiguration.class})
@ConditionalOnProperty(value = {"easyj.loophole-check.fastjson"}, matchIfMissing = true)
@Lazy(false)
/* loaded from: input_file:icu/easyj/spring/boot/autoconfigure/loopholecheck/EasyjFastjsonLoopholeCheckAutoConfiguration.class */
public class EasyjFastjsonLoopholeCheckAutoConfiguration implements Ordered {
    public EasyjFastjsonLoopholeCheckAutoConfiguration(LoopholeCheckProperties loopholeCheckProperties) {
        JarInfo jar = JarUtils.getJar("com.alibaba", "fastjson");
        if (jar == null || !EasyjFastjsonBugfixUtils.isLoopholeVersion(jar.getVersion())) {
            return;
        }
        Logger logger = LoggerFactory.getLogger(getClass());
        logger.warn("");
        logger.warn("==>");
        logger.warn("fastjson 严重漏洞警告：");
        logger.warn("当前 fastjson 版本号为：{}。该版本存在远程代码执行漏洞，请尽快升级至1.2.69及以上版本。", jar.getVersion());
        logger.warn("为了避免升级导致的兼容性问题，也可升级至低版本的最新漏洞修复版本（格式如 '1.2.68.sec10' 的版本号）。");
        logger.warn("fastjson版本号请查看链接（含低版本漏洞修复版本）：https://repo1.maven.org/maven2/com/alibaba/fastjson");
        logger.warn("如果您的fastjson版本已经是不存在漏洞的版本，您可以添加配置关闭该警告：easyj.loophole-check.fastjson=false");
        logger.warn("<==");
        logger.warn("");
        if (loopholeCheckProperties.isNeedThrowIfExist()) {
            throw new ExistLoopholeVersionError("当前fastjson版本存在远程代码执行漏洞，请尽快更新至1.2.69及以上版本，或最新漏洞修复版本！");
        }
    }

    public int getOrder() {
        return Integer.MIN_VALUE;
    }
}
