package org.owasp.dependencycheck.data.nvdcve;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.MissingResourceException;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.DBUtils;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Pair;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.3.6.jar:org/owasp/dependencycheck/data/nvdcve/CveDB.class */
public class CveDB {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CveDB.class);
    private Connection conn;
    private ResourceBundle statementBundle;
    private DatabaseProperties databaseProperties;

    public CveDB() throws DatabaseException {
        this.statementBundle = null;
        try {
            open();
            try {
                String databaseProductName = this.conn.getMetaData().getDatabaseProductName();
                LOGGER.debug("Database dialect: {}", databaseProductName);
                this.statementBundle = ResourceBundle.getBundle("data/dbStatements", new Locale(databaseProductName));
            } catch (SQLException e) {
                LOGGER.warn("Problem loading database specific dialect!", (Throwable) e);
                this.statementBundle = ResourceBundle.getBundle("data/dbStatements");
            }
            this.databaseProperties = new DatabaseProperties(this);
        } catch (DatabaseException e2) {
            throw e2;
        }
    }

    protected Connection getConnection() {
        return this.conn;
    }

    public final void open() throws DatabaseException {
        if (isOpen()) {
            return;
        }
        this.conn = ConnectionFactory.getConnection();
    }

    public void close() {
        if (this.conn != null) {
            try {
                this.conn.close();
            } catch (SQLException e) {
                LOGGER.error("There was an error attempting to close the CveDB, see the log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
            } catch (Throwable th) {
                LOGGER.error("There was an exception attempting to close the CveDB, see the log for more details.");
                LOGGER.debug(StringUtils.EMPTY, th);
            }
            this.conn = null;
        }
    }

    public boolean isOpen() {
        return this.conn != null;
    }

    public void commit() throws SQLException {
    }

    protected void finalize() throws Throwable {
        LOGGER.debug("Entering finalize");
        close();
        super.finalize();
    }

    public DatabaseProperties getDatabaseProperties() {
        return this.databaseProperties;
    }

    public Set<VulnerableSoftware> getCPEs(String str, String str2) {
        HashSet hashSet = new HashSet();
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("SELECT_CPE_ENTRIES"));
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
                    vulnerableSoftware.setCpe(resultSet.getString(1));
                    hashSet.add(vulnerableSoftware);
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
            } catch (SQLException e) {
                LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
            }
            return hashSet;
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    public Set<Pair<String, String>> getVendorProductList() throws DatabaseException {
        HashSet hashSet = new HashSet();
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("SELECT_VENDOR_PRODUCT_LIST"));
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    hashSet.add(new Pair(resultSet.getString(1), resultSet.getString(2)));
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                throw new DatabaseException("An unexpected SQL Exception occurred; please see the verbose log for more details.", e);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Properties getProperties() {
        Properties properties = new Properties();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("SELECT_PROPERTIES"));
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    properties.setProperty(resultSet.getString(1), resultSet.getString(2));
                }
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeResultSet(resultSet);
            } catch (SQLException e) {
                LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeResultSet(resultSet);
            }
            return properties;
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public void saveProperty(String str, String str2) {
        try {
            try {
                PreparedStatement prepareStatement = getConnection().prepareStatement(this.statementBundle.getString("MERGE_PROPERTY"));
                try {
                    prepareStatement.setString(1, str);
                    prepareStatement.setString(2, str2);
                    prepareStatement.executeUpdate();
                    DBUtils.closeStatement(prepareStatement);
                } catch (Throwable th) {
                    DBUtils.closeStatement(prepareStatement);
                    throw th;
                }
            } catch (MissingResourceException e) {
                PreparedStatement preparedStatement = null;
                PreparedStatement preparedStatement2 = null;
                try {
                    preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("UPDATE_PROPERTY"));
                    preparedStatement.setString(1, str2);
                    preparedStatement.setString(2, str);
                    if (preparedStatement.executeUpdate() == 0) {
                        preparedStatement2 = getConnection().prepareStatement(this.statementBundle.getString("INSERT_PROPERTY"));
                        preparedStatement2.setString(1, str);
                        preparedStatement2.setString(2, str2);
                        preparedStatement2.executeUpdate();
                    }
                    DBUtils.closeStatement(preparedStatement);
                    DBUtils.closeStatement(preparedStatement2);
                } catch (Throwable th2) {
                    DBUtils.closeStatement(preparedStatement);
                    DBUtils.closeStatement(preparedStatement2);
                    throw th2;
                }
            }
        } catch (SQLException e2) {
            LOGGER.warn("Unable to save property '{}' with a value of '{}' to the database", str, str2);
            LOGGER.debug(StringUtils.EMPTY, (Throwable) e2);
        }
    }

    public List<Vulnerability> getVulnerabilities(String str) throws DatabaseException {
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        try {
            vulnerableSoftware.parseName(str);
        } catch (UnsupportedEncodingException e) {
            LOGGER.trace(StringUtils.EMPTY, (Throwable) e);
        }
        DependencyVersion parseDependencyVersion = parseDependencyVersion(vulnerableSoftware);
        ArrayList arrayList = new ArrayList();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("SELECT_CVE_FROM_SOFTWARE"));
                preparedStatement.setString(1, vulnerableSoftware.getVendor());
                preparedStatement.setString(2, vulnerableSoftware.getProduct());
                resultSet = preparedStatement.executeQuery();
                String str2 = StringUtils.EMPTY;
                HashMap hashMap = new HashMap();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    if (!str2.equals(string)) {
                        Map.Entry<String, Boolean> matchingSoftware = getMatchingSoftware(hashMap, vulnerableSoftware.getVendor(), vulnerableSoftware.getProduct(), parseDependencyVersion);
                        if (matchingSoftware != null) {
                            Vulnerability vulnerability = getVulnerability(str2);
                            vulnerability.setMatchedCPE(matchingSoftware.getKey(), matchingSoftware.getValue().booleanValue() ? "Y" : null);
                            arrayList.add(vulnerability);
                        }
                        hashMap.clear();
                        str2 = string;
                    }
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    hashMap.put(string2, Boolean.valueOf((string3 == null || string3.isEmpty()) ? false : true));
                }
                Map.Entry<String, Boolean> matchingSoftware2 = getMatchingSoftware(hashMap, vulnerableSoftware.getVendor(), vulnerableSoftware.getProduct(), parseDependencyVersion);
                if (matchingSoftware2 != null) {
                    Vulnerability vulnerability2 = getVulnerability(str2);
                    vulnerability2.setMatchedCPE(matchingSoftware2.getKey(), matchingSoftware2.getValue().booleanValue() ? "Y" : null);
                    arrayList.add(vulnerability2);
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
                return arrayList;
            } catch (SQLException e2) {
                throw new DatabaseException("Exception retrieving vulnerability for " + str, e2);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private Vulnerability getVulnerability(String str) throws DatabaseException {
        String cweName;
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        PreparedStatement preparedStatement3 = null;
        ResultSet resultSet = null;
        ResultSet resultSet2 = null;
        ResultSet resultSet3 = null;
        Vulnerability vulnerability = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("SELECT_VULNERABILITY"));
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    vulnerability = new Vulnerability();
                    vulnerability.setName(str);
                    vulnerability.setDescription(resultSet.getString(2));
                    String string = resultSet.getString(3);
                    if (string != null && (cweName = CweDB.getCweName(string)) != null) {
                        string = string + ' ' + cweName;
                    }
                    int i = resultSet.getInt(1);
                    vulnerability.setCwe(string);
                    vulnerability.setCvssScore(resultSet.getFloat(4));
                    vulnerability.setCvssAccessVector(resultSet.getString(5));
                    vulnerability.setCvssAccessComplexity(resultSet.getString(6));
                    vulnerability.setCvssAuthentication(resultSet.getString(7));
                    vulnerability.setCvssConfidentialityImpact(resultSet.getString(8));
                    vulnerability.setCvssIntegrityImpact(resultSet.getString(9));
                    vulnerability.setCvssAvailabilityImpact(resultSet.getString(10));
                    preparedStatement2 = getConnection().prepareStatement(this.statementBundle.getString("SELECT_REFERENCES"));
                    preparedStatement2.setInt(1, i);
                    resultSet2 = preparedStatement2.executeQuery();
                    while (resultSet2.next()) {
                        vulnerability.addReference(resultSet2.getString(1), resultSet2.getString(2), resultSet2.getString(3));
                    }
                    preparedStatement3 = getConnection().prepareStatement(this.statementBundle.getString("SELECT_SOFTWARE"));
                    preparedStatement3.setInt(1, i);
                    resultSet3 = preparedStatement3.executeQuery();
                    while (resultSet3.next()) {
                        String string2 = resultSet3.getString(1);
                        String string3 = resultSet3.getString(2);
                        if (string3 == null) {
                            vulnerability.addVulnerableSoftware(string2);
                        } else {
                            vulnerability.addVulnerableSoftware(string2, string3);
                        }
                    }
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeResultSet(resultSet2);
                DBUtils.closeResultSet(resultSet3);
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeStatement(preparedStatement2);
                DBUtils.closeStatement(preparedStatement3);
                return vulnerability;
            } catch (SQLException e) {
                throw new DatabaseException("Error retrieving " + str, e);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeResultSet(resultSet2);
            DBUtils.closeResultSet(resultSet3);
            DBUtils.closeStatement(preparedStatement);
            DBUtils.closeStatement(preparedStatement2);
            DBUtils.closeStatement(preparedStatement3);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    public void updateVulnerability(Vulnerability vulnerability) throws DatabaseException {
        try {
            try {
                PreparedStatement prepareStatement = getConnection().prepareStatement(this.statementBundle.getString("SELECT_VULNERABILITY_ID"));
                PreparedStatement prepareStatement2 = getConnection().prepareStatement(this.statementBundle.getString("DELETE_VULNERABILITY"));
                PreparedStatement prepareStatement3 = getConnection().prepareStatement(this.statementBundle.getString("DELETE_REFERENCE"));
                PreparedStatement prepareStatement4 = getConnection().prepareStatement(this.statementBundle.getString("DELETE_SOFTWARE"));
                PreparedStatement prepareStatement5 = getConnection().prepareStatement(this.statementBundle.getString("UPDATE_VULNERABILITY"));
                String[] strArr = {Fields.DOCUMENT_KEY};
                PreparedStatement prepareStatement6 = getConnection().prepareStatement(this.statementBundle.getString("INSERT_VULNERABILITY"), strArr);
                PreparedStatement prepareStatement7 = getConnection().prepareStatement(this.statementBundle.getString("INSERT_REFERENCE"));
                PreparedStatement prepareStatement8 = getConnection().prepareStatement(this.statementBundle.getString("SELECT_CPE_ID"));
                PreparedStatement prepareStatement9 = getConnection().prepareStatement(this.statementBundle.getString("INSERT_CPE"), strArr);
                PreparedStatement prepareStatement10 = getConnection().prepareStatement(this.statementBundle.getString("INSERT_SOFTWARE"));
                int i = 0;
                prepareStatement.setString(1, vulnerability.getName());
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    i = executeQuery.getInt(1);
                    prepareStatement3.setInt(1, i);
                    prepareStatement3.execute();
                    prepareStatement4.setInt(1, i);
                    prepareStatement4.execute();
                }
                DBUtils.closeResultSet(executeQuery);
                ResultSet resultSet = null;
                if (i == 0) {
                    prepareStatement6.setString(1, vulnerability.getName());
                    prepareStatement6.setString(2, vulnerability.getDescription());
                    prepareStatement6.setString(3, vulnerability.getCwe());
                    prepareStatement6.setFloat(4, vulnerability.getCvssScore());
                    prepareStatement6.setString(5, vulnerability.getCvssAccessVector());
                    prepareStatement6.setString(6, vulnerability.getCvssAccessComplexity());
                    prepareStatement6.setString(7, vulnerability.getCvssAuthentication());
                    prepareStatement6.setString(8, vulnerability.getCvssConfidentialityImpact());
                    prepareStatement6.setString(9, vulnerability.getCvssIntegrityImpact());
                    prepareStatement6.setString(10, vulnerability.getCvssAvailabilityImpact());
                    prepareStatement6.execute();
                    try {
                        try {
                            resultSet = prepareStatement6.getGeneratedKeys();
                            resultSet.next();
                            i = resultSet.getInt(1);
                            DBUtils.closeResultSet(resultSet);
                            resultSet = null;
                        } catch (SQLException e) {
                            throw new DatabaseException(String.format("Unable to retrieve id for new vulnerability for '%s'", vulnerability.getName()), e);
                        }
                    } catch (Throwable th) {
                        throw th;
                    }
                } else if (vulnerability.getDescription().contains("** REJECT **")) {
                    prepareStatement2.setInt(1, i);
                    prepareStatement2.executeUpdate();
                } else {
                    prepareStatement5.setString(1, vulnerability.getDescription());
                    prepareStatement5.setString(2, vulnerability.getCwe());
                    prepareStatement5.setFloat(3, vulnerability.getCvssScore());
                    prepareStatement5.setString(4, vulnerability.getCvssAccessVector());
                    prepareStatement5.setString(5, vulnerability.getCvssAccessComplexity());
                    prepareStatement5.setString(6, vulnerability.getCvssAuthentication());
                    prepareStatement5.setString(7, vulnerability.getCvssConfidentialityImpact());
                    prepareStatement5.setString(8, vulnerability.getCvssIntegrityImpact());
                    prepareStatement5.setString(9, vulnerability.getCvssAvailabilityImpact());
                    prepareStatement5.setInt(10, i);
                    prepareStatement5.executeUpdate();
                }
                prepareStatement7.setInt(1, i);
                for (Reference reference : vulnerability.getReferences()) {
                    prepareStatement7.setString(2, reference.getName());
                    prepareStatement7.setString(3, reference.getUrl());
                    prepareStatement7.setString(4, reference.getSource());
                    prepareStatement7.execute();
                }
                for (VulnerableSoftware vulnerableSoftware : vulnerability.getVulnerableSoftware()) {
                    prepareStatement8.setString(1, vulnerableSoftware.getName());
                    try {
                        try {
                            resultSet = prepareStatement8.executeQuery();
                            int i2 = resultSet.next() ? resultSet.getInt(1) : 0;
                            DBUtils.closeResultSet(resultSet);
                            resultSet = null;
                            if (i2 == 0) {
                                prepareStatement9.setString(1, vulnerableSoftware.getName());
                                prepareStatement9.setString(2, vulnerableSoftware.getVendor());
                                prepareStatement9.setString(3, vulnerableSoftware.getProduct());
                                prepareStatement9.executeUpdate();
                                i2 = DBUtils.getGeneratedKey(prepareStatement9);
                            }
                            if (i2 == 0) {
                                throw new DatabaseException("Unable to retrieve cpeProductId - no data returned");
                            }
                            prepareStatement10.setInt(1, i);
                            prepareStatement10.setInt(2, i2);
                            if (vulnerableSoftware.getPreviousVersion() == null) {
                                prepareStatement10.setNull(3, 12);
                            } else {
                                prepareStatement10.setString(3, vulnerableSoftware.getPreviousVersion());
                            }
                            prepareStatement10.execute();
                        } finally {
                            DBUtils.closeResultSet(resultSet);
                        }
                    } catch (SQLException e2) {
                        throw new DatabaseException("Unable to get primary key for new cpe: " + vulnerableSoftware.getName(), e2);
                    }
                }
                DBUtils.closeStatement(prepareStatement);
                DBUtils.closeStatement(prepareStatement3);
                DBUtils.closeStatement(prepareStatement4);
                DBUtils.closeStatement(prepareStatement5);
                DBUtils.closeStatement(prepareStatement2);
                DBUtils.closeStatement(prepareStatement6);
                DBUtils.closeStatement(prepareStatement7);
                DBUtils.closeStatement(prepareStatement8);
                DBUtils.closeStatement(prepareStatement9);
                DBUtils.closeStatement(prepareStatement10);
            } catch (SQLException e3) {
                String format = String.format("Error updating '%s'", vulnerability.getName());
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e3);
                throw new DatabaseException(format, e3);
            }
        } catch (Throwable th2) {
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            throw th2;
        }
    }

    public boolean dataExists() {
        String string;
        Statement statement = null;
        ResultSet resultSet = null;
        try {
            try {
                statement = this.conn.createStatement();
                resultSet = statement.executeQuery("SELECT COUNT(*) records FROM cpeEntry");
                if (resultSet.next()) {
                    if (resultSet.getInt(1) > 0) {
                        DBUtils.closeResultSet(resultSet);
                        DBUtils.closeStatement(statement);
                        return true;
                    }
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(statement);
                return false;
            } catch (SQLException e) {
                try {
                    string = Settings.getDataDirectory().getAbsolutePath();
                } catch (IOException e2) {
                    string = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
                }
                LOGGER.error("Unable to access the local database.\n\nEnsure that '{}' is a writable directory. If the problem persist try deleting the files in '{}' and running {} again. If the problem continues, please create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at https://github.com/jeremylong/DependencyCheck/issues and include the log file.\n\n", string, string, Settings.getString(Settings.KEYS.APPLICATION_VAME));
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(statement);
                return false;
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeStatement(statement);
            throw th;
        }
    }

    public void cleanupDatabase() {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(this.statementBundle.getString("CLEANUP_ORPHANS"));
                if (preparedStatement != null) {
                    preparedStatement.executeUpdate();
                }
                DBUtils.closeStatement(preparedStatement);
            } catch (SQLException e) {
                LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeStatement(preparedStatement);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    Map.Entry<String, Boolean> getMatchingSoftware(Map<String, Boolean> map, String str, String str2, DependencyVersion dependencyVersion) {
        boolean z = "apache".equals(str) && "struts".equals(str2);
        HashSet hashSet = new HashSet();
        boolean z2 = dependencyVersion == null || "-".equals(dependencyVersion.toString());
        String str3 = null;
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            DependencyVersion parseDependencyVersion = parseDependencyVersion(entry.getKey());
            if (parseDependencyVersion == null || "-".equals(parseDependencyVersion.toString())) {
                return entry;
            }
            if (entry.getValue().booleanValue()) {
                if (z2) {
                    return entry;
                }
                if (dependencyVersion != null && dependencyVersion.getVersionParts().get(0).equals(parseDependencyVersion.getVersionParts().get(0))) {
                    str3 = parseDependencyVersion.getVersionParts().get(0);
                }
                hashSet.add(parseDependencyVersion.getVersionParts().get(0));
            }
        }
        if (z2) {
            return null;
        }
        boolean z3 = str3 != null && hashSet.size() > 1;
        for (Map.Entry<String, Boolean> entry2 : map.entrySet()) {
            if (!entry2.getValue().booleanValue()) {
                DependencyVersion parseDependencyVersion2 = parseDependencyVersion(entry2.getKey());
                if (!z3 || str3.equals(parseDependencyVersion2.getVersionParts().get(0))) {
                    if (dependencyVersion.equals(parseDependencyVersion2)) {
                        return entry2;
                    }
                }
            }
        }
        for (Map.Entry<String, Boolean> entry3 : map.entrySet()) {
            if (entry3.getValue().booleanValue()) {
                DependencyVersion parseDependencyVersion3 = parseDependencyVersion(entry3.getKey());
                if (!z3 || str3.equals(parseDependencyVersion3.getVersionParts().get(0))) {
                    if (entry3.getValue().booleanValue() && dependencyVersion.compareTo(parseDependencyVersion3) <= 0 && (!z || dependencyVersion.getVersionParts().get(0).equals(parseDependencyVersion3.getVersionParts().get(0)))) {
                        return entry3;
                    }
                }
            }
        }
        return null;
    }

    private DependencyVersion parseDependencyVersion(String str) {
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        try {
            vulnerableSoftware.parseName(str);
        } catch (UnsupportedEncodingException e) {
            LOGGER.trace(StringUtils.EMPTY, (Throwable) e);
        }
        return parseDependencyVersion(vulnerableSoftware);
    }

    private DependencyVersion parseDependencyVersion(VulnerableSoftware vulnerableSoftware) {
        DependencyVersion dependencyVersion;
        if (vulnerableSoftware.getVersion() == null || vulnerableSoftware.getVersion().isEmpty()) {
            dependencyVersion = new DependencyVersion("-");
        } else {
            dependencyVersion = DependencyVersionUtil.parseVersion((vulnerableSoftware.getUpdate() == null || vulnerableSoftware.getUpdate().isEmpty()) ? vulnerableSoftware.getVersion() : String.format("%s.%s", vulnerableSoftware.getVersion(), vulnerableSoftware.getUpdate()));
        }
        return dependencyVersion;
    }

    public void deleteUnusedCpe() {
        CallableStatement callableStatement = null;
        try {
            try {
                callableStatement = getConnection().prepareCall(this.statementBundle.getString("DELETE_UNUSED_DICT_CPE"));
                callableStatement.executeUpdate();
                DBUtils.closeStatement(callableStatement);
            } catch (SQLException e) {
                LOGGER.error("Unable to delete CPE dictionary entries", (Throwable) e);
                DBUtils.closeStatement(callableStatement);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(callableStatement);
            throw th;
        }
    }

    public void addCpe(String str, String str2, String str3) {
        CallableStatement callableStatement = null;
        try {
            try {
                callableStatement = getConnection().prepareCall(this.statementBundle.getString("ADD_DICT_CPE"));
                callableStatement.setString(1, str);
                callableStatement.setString(2, str2);
                callableStatement.setString(3, str3);
                callableStatement.executeUpdate();
                DBUtils.closeStatement(callableStatement);
            } catch (SQLException e) {
                LOGGER.error("Unable to add CPE dictionary entry", (Throwable) e);
                DBUtils.closeStatement(callableStatement);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(callableStatement);
            throw th;
        }
    }
}
