package org.owasp.dependencycheck.data.nvdcve;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.MissingResourceException;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.Set;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.collections.map.ReferenceMap;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.DBUtils;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Pair;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-2.0.0.jar:org/owasp/dependencycheck/data/nvdcve/CveDB.class */
public final class CveDB implements AutoCloseable {
    private Connection connection;
    private ResourceBundle statementBundle;
    private DatabaseProperties databaseProperties;
    private static CveDB instance = null;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CveDB.class);
    private int usageCount = 0;
    private final EnumMap<PreparedStatementCveDb, PreparedStatement> preparedStatements = new EnumMap<>(PreparedStatementCveDb.class);
    private final Map<String, List<Vulnerability>> vulnerabilitiesForCpeCache = Collections.synchronizedMap(new ReferenceMap(0, 1));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/dependency-check-core-2.0.0.jar:org/owasp/dependencycheck/data/nvdcve/CveDB$PreparedStatementCveDb.class */
    public enum PreparedStatementCveDb {
        CLEANUP_ORPHANS,
        COUNT_CPE,
        DELETE_REFERENCE,
        DELETE_SOFTWARE,
        DELETE_VULNERABILITY,
        INSERT_CPE,
        INSERT_PROPERTY,
        INSERT_REFERENCE,
        INSERT_SOFTWARE,
        INSERT_VULNERABILITY,
        MERGE_PROPERTY,
        SELECT_CPE_ENTRIES,
        SELECT_CPE_ID,
        SELECT_CVE_FROM_SOFTWARE,
        SELECT_PROPERTIES,
        SELECT_REFERENCES,
        SELECT_SOFTWARE,
        SELECT_VENDOR_PRODUCT_LIST,
        SELECT_VULNERABILITY,
        SELECT_VULNERABILITY_ID,
        UPDATE_PROPERTY,
        UPDATE_VULNERABILITY
    }

    public static synchronized CveDB getInstance() throws DatabaseException {
        if (instance == null) {
            instance = new CveDB();
        }
        if (!instance.isOpen()) {
            instance.open();
        }
        instance.usageCount++;
        return instance;
    }

    private CveDB() throws DatabaseException {
    }

    private static String determineDatabaseProductName(Connection connection) {
        try {
            String databaseProductName = connection.getMetaData().getDatabaseProductName();
            LOGGER.debug("Database product: {}", databaseProductName);
            return databaseProductName;
        } catch (SQLException e) {
            LOGGER.warn("Problem determining database product!", (Throwable) e);
            return null;
        }
    }

    protected synchronized int getUsageCount() {
        return this.usageCount;
    }

    private synchronized void open() throws DatabaseException {
        if (instance.isOpen()) {
            return;
        }
        instance.connection = ConnectionFactory.getConnection();
        String determineDatabaseProductName = determineDatabaseProductName(instance.connection);
        instance.statementBundle = determineDatabaseProductName != null ? ResourceBundle.getBundle("data/dbStatements", new Locale(determineDatabaseProductName)) : ResourceBundle.getBundle("data/dbStatements");
        instance.prepareStatements();
        instance.databaseProperties = new DatabaseProperties(instance);
    }

    @Override // java.lang.AutoCloseable
    public synchronized void close() {
        if (instance != null) {
            instance.usageCount--;
            if (instance.usageCount > 0 || !instance.isOpen()) {
                return;
            }
            instance.usageCount = 0;
            clearCache();
            instance.closeStatements();
            try {
                instance.connection.close();
            } catch (SQLException e) {
                LOGGER.error("There was an error attempting to close the CveDB, see the log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
            } catch (Throwable th) {
                LOGGER.error("There was an exception attempting to close the CveDB, see the log for more details.");
                LOGGER.debug(StringUtils.EMPTY, th);
            }
            instance.statementBundle = null;
            instance.preparedStatements.clear();
            instance.databaseProperties = null;
            instance.connection = null;
        }
    }

    protected synchronized boolean isOpen() {
        return this.connection != null;
    }

    private void prepareStatements() throws DatabaseException {
        PreparedStatementCveDb[] values = PreparedStatementCveDb.values();
        int length = values.length;
        for (int i = 0; i < length; i++) {
            PreparedStatementCveDb preparedStatementCveDb = values[i];
            String string = this.statementBundle.getString(preparedStatementCveDb.name());
            try {
                this.preparedStatements.put((EnumMap<PreparedStatementCveDb, PreparedStatement>) preparedStatementCveDb, (PreparedStatementCveDb) ((preparedStatementCveDb == PreparedStatementCveDb.INSERT_VULNERABILITY || preparedStatementCveDb == PreparedStatementCveDb.INSERT_CPE) ? this.connection.prepareStatement(string, new String[]{Fields.DOCUMENT_KEY}) : this.connection.prepareStatement(string)));
            } catch (SQLException e) {
                throw new DatabaseException(e);
            }
        }
    }

    private synchronized void closeStatements() {
        Iterator<PreparedStatement> it = this.preparedStatements.values().iterator();
        while (it.hasNext()) {
            DBUtils.closeStatement(it.next());
        }
    }

    private synchronized PreparedStatement getPreparedStatement(PreparedStatementCveDb preparedStatementCveDb) throws SQLException {
        PreparedStatement preparedStatement = this.preparedStatements.get(preparedStatementCveDb);
        preparedStatement.clearParameters();
        return preparedStatement;
    }

    public synchronized void commit() throws SQLException {
    }

    protected void finalize() throws Throwable {
        LOGGER.debug("Entering finalize");
        close();
        super.finalize();
    }

    public synchronized DatabaseProperties getDatabaseProperties() {
        return this.databaseProperties;
    }

    protected synchronized DatabaseProperties reloadProperties() {
        this.databaseProperties = new DatabaseProperties(this);
        return this.databaseProperties;
    }

    public synchronized Set<VulnerableSoftware> getCPEs(String str, String str2) {
        HashSet hashSet = new HashSet();
        ResultSet resultSet = null;
        try {
            try {
                PreparedStatement preparedStatement = getPreparedStatement(PreparedStatementCveDb.SELECT_CPE_ENTRIES);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
                    vulnerableSoftware.setCpe(resultSet.getString(1));
                    hashSet.add(vulnerableSoftware);
                }
                DBUtils.closeResultSet(resultSet);
            } catch (SQLException e) {
                LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeResultSet(resultSet);
            }
            return hashSet;
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    public synchronized Set<Pair<String, String>> getVendorProductList() throws DatabaseException {
        HashSet hashSet = new HashSet();
        ResultSet resultSet = null;
        try {
            try {
                resultSet = getPreparedStatement(PreparedStatementCveDb.SELECT_VENDOR_PRODUCT_LIST).executeQuery();
                while (resultSet.next()) {
                    hashSet.add(new Pair(resultSet.getString(1), resultSet.getString(2)));
                }
                DBUtils.closeResultSet(resultSet);
                return hashSet;
            } catch (SQLException e) {
                throw new DatabaseException("An unexpected SQL Exception occurred; please see the verbose log for more details.", e);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    public synchronized Properties getProperties() {
        Properties properties = new Properties();
        ResultSet resultSet = null;
        try {
            try {
                resultSet = getPreparedStatement(PreparedStatementCveDb.SELECT_PROPERTIES).executeQuery();
                while (resultSet.next()) {
                    properties.setProperty(resultSet.getString(1), resultSet.getString(2));
                }
                DBUtils.closeResultSet(resultSet);
            } catch (SQLException e) {
                LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details.");
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeResultSet(resultSet);
            }
            return properties;
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    public synchronized void saveProperty(String str, String str2) {
        clearCache();
        try {
            try {
                PreparedStatement preparedStatement = getPreparedStatement(PreparedStatementCveDb.MERGE_PROPERTY);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.executeUpdate();
            } catch (MissingResourceException e) {
                PreparedStatement preparedStatement2 = getPreparedStatement(PreparedStatementCveDb.UPDATE_PROPERTY);
                preparedStatement2.setString(1, str2);
                preparedStatement2.setString(2, str);
                if (preparedStatement2.executeUpdate() == 0) {
                    PreparedStatement preparedStatement3 = getPreparedStatement(PreparedStatementCveDb.INSERT_PROPERTY);
                    preparedStatement3.setString(1, str);
                    preparedStatement3.setString(2, str2);
                    preparedStatement3.executeUpdate();
                }
            }
        } catch (SQLException e2) {
            LOGGER.warn("Unable to save property '{}' with a value of '{}' to the database", str, str2);
            LOGGER.debug(StringUtils.EMPTY, (Throwable) e2);
        }
    }

    private void clearCache() {
        this.vulnerabilitiesForCpeCache.clear();
    }

    public synchronized List<Vulnerability> getVulnerabilities(String str) throws DatabaseException {
        Vulnerability vulnerability;
        Vulnerability vulnerability2;
        List<Vulnerability> list = this.vulnerabilitiesForCpeCache.get(str);
        if (list != null) {
            LOGGER.debug("Cache hit for {}", str);
            return list;
        }
        LOGGER.debug("Cache miss for {}", str);
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        try {
            vulnerableSoftware.parseName(str);
        } catch (UnsupportedEncodingException e) {
            LOGGER.trace(StringUtils.EMPTY, (Throwable) e);
        }
        DependencyVersion parseDependencyVersion = parseDependencyVersion(vulnerableSoftware);
        ArrayList arrayList = new ArrayList();
        ResultSet resultSet = null;
        try {
            try {
                PreparedStatement preparedStatement = getPreparedStatement(PreparedStatementCveDb.SELECT_CVE_FROM_SOFTWARE);
                preparedStatement.setString(1, vulnerableSoftware.getVendor());
                preparedStatement.setString(2, vulnerableSoftware.getProduct());
                resultSet = preparedStatement.executeQuery();
                String str2 = StringUtils.EMPTY;
                HashMap hashMap = new HashMap();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    if (!str2.equals(string)) {
                        Map.Entry<String, Boolean> matchingSoftware = getMatchingSoftware(hashMap, vulnerableSoftware.getVendor(), vulnerableSoftware.getProduct(), parseDependencyVersion);
                        if (matchingSoftware != null && (vulnerability2 = getVulnerability(str2)) != null) {
                            vulnerability2.setMatchedCPE(matchingSoftware.getKey(), matchingSoftware.getValue().booleanValue() ? "Y" : null);
                            arrayList.add(vulnerability2);
                        }
                        hashMap.clear();
                        str2 = string;
                    }
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    hashMap.put(string2, Boolean.valueOf((string3 == null || string3.isEmpty()) ? false : true));
                }
                Map.Entry<String, Boolean> matchingSoftware2 = getMatchingSoftware(hashMap, vulnerableSoftware.getVendor(), vulnerableSoftware.getProduct(), parseDependencyVersion);
                if (matchingSoftware2 != null && (vulnerability = getVulnerability(str2)) != null) {
                    vulnerability.setMatchedCPE(matchingSoftware2.getKey(), matchingSoftware2.getValue().booleanValue() ? "Y" : null);
                    arrayList.add(vulnerability);
                }
                DBUtils.closeResultSet(resultSet);
                this.vulnerabilitiesForCpeCache.put(str, arrayList);
                return arrayList;
            } catch (SQLException e2) {
                throw new DatabaseException("Exception retrieving vulnerability for " + str, e2);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    public synchronized Vulnerability getVulnerability(String str) throws DatabaseException {
        String cweName;
        ResultSet resultSet = null;
        ResultSet resultSet2 = null;
        ResultSet resultSet3 = null;
        Vulnerability vulnerability = null;
        try {
            try {
                PreparedStatement preparedStatement = getPreparedStatement(PreparedStatementCveDb.SELECT_VULNERABILITY);
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    vulnerability = new Vulnerability();
                    vulnerability.setName(str);
                    vulnerability.setDescription(resultSet.getString(2));
                    String string = resultSet.getString(3);
                    if (string != null && (cweName = CweDB.getCweName(string)) != null) {
                        string = string + ' ' + cweName;
                    }
                    int i = resultSet.getInt(1);
                    vulnerability.setCwe(string);
                    vulnerability.setCvssScore(resultSet.getFloat(4));
                    vulnerability.setCvssAccessVector(resultSet.getString(5));
                    vulnerability.setCvssAccessComplexity(resultSet.getString(6));
                    vulnerability.setCvssAuthentication(resultSet.getString(7));
                    vulnerability.setCvssConfidentialityImpact(resultSet.getString(8));
                    vulnerability.setCvssIntegrityImpact(resultSet.getString(9));
                    vulnerability.setCvssAvailabilityImpact(resultSet.getString(10));
                    PreparedStatement preparedStatement2 = getPreparedStatement(PreparedStatementCveDb.SELECT_REFERENCES);
                    preparedStatement2.setInt(1, i);
                    resultSet2 = preparedStatement2.executeQuery();
                    while (resultSet2.next()) {
                        vulnerability.addReference(resultSet2.getString(1), resultSet2.getString(2), resultSet2.getString(3));
                    }
                    PreparedStatement preparedStatement3 = getPreparedStatement(PreparedStatementCveDb.SELECT_SOFTWARE);
                    preparedStatement3.setInt(1, i);
                    resultSet3 = preparedStatement3.executeQuery();
                    while (resultSet3.next()) {
                        String string2 = resultSet3.getString(1);
                        String string3 = resultSet3.getString(2);
                        if (string3 == null) {
                            vulnerability.addVulnerableSoftware(string2);
                        } else {
                            vulnerability.addVulnerableSoftware(string2, string3);
                        }
                    }
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeResultSet(resultSet2);
                DBUtils.closeResultSet(resultSet3);
                return vulnerability;
            } catch (SQLException e) {
                throw new DatabaseException("Error retrieving " + str, e);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeResultSet(resultSet2);
            DBUtils.closeResultSet(resultSet3);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    public synchronized void updateVulnerability(Vulnerability vulnerability) throws DatabaseException {
        clearCache();
        try {
            try {
                int i = 0;
                PreparedStatement preparedStatement = getPreparedStatement(PreparedStatementCveDb.SELECT_VULNERABILITY_ID);
                preparedStatement.setString(1, vulnerability.getName());
                ResultSet executeQuery = preparedStatement.executeQuery();
                if (executeQuery.next()) {
                    i = executeQuery.getInt(1);
                    PreparedStatement preparedStatement2 = getPreparedStatement(PreparedStatementCveDb.DELETE_REFERENCE);
                    preparedStatement2.setInt(1, i);
                    preparedStatement2.execute();
                    PreparedStatement preparedStatement3 = getPreparedStatement(PreparedStatementCveDb.DELETE_SOFTWARE);
                    preparedStatement3.setInt(1, i);
                    preparedStatement3.execute();
                }
                DBUtils.closeResultSet(executeQuery);
                if (executeQuery == 0) {
                    PreparedStatement preparedStatement4 = getPreparedStatement(PreparedStatementCveDb.INSERT_VULNERABILITY);
                    preparedStatement4.setString(1, vulnerability.getName());
                    preparedStatement4.setString(2, vulnerability.getDescription());
                    preparedStatement4.setString(3, vulnerability.getCwe());
                    preparedStatement4.setFloat(4, vulnerability.getCvssScore());
                    preparedStatement4.setString(5, vulnerability.getCvssAccessVector());
                    preparedStatement4.setString(6, vulnerability.getCvssAccessComplexity());
                    preparedStatement4.setString(7, vulnerability.getCvssAuthentication());
                    preparedStatement4.setString(8, vulnerability.getCvssConfidentialityImpact());
                    preparedStatement4.setString(9, vulnerability.getCvssIntegrityImpact());
                    preparedStatement4.setString(10, vulnerability.getCvssAvailabilityImpact());
                    preparedStatement4.execute();
                    try {
                        try {
                            executeQuery = preparedStatement4.getGeneratedKeys();
                            executeQuery.next();
                            i = executeQuery.getInt(1);
                            DBUtils.closeResultSet(executeQuery);
                        } catch (Throwable th) {
                            DBUtils.closeResultSet(executeQuery);
                            throw th;
                        }
                    } catch (SQLException e) {
                        throw new DatabaseException(String.format("Unable to retrieve id for new vulnerability for '%s'", vulnerability.getName()), e);
                    }
                } else if (vulnerability.getDescription().contains("** REJECT **")) {
                    getPreparedStatement(PreparedStatementCveDb.DELETE_VULNERABILITY).executeUpdate();
                } else {
                    PreparedStatement preparedStatement5 = getPreparedStatement(PreparedStatementCveDb.UPDATE_VULNERABILITY);
                    preparedStatement5.setString(1, vulnerability.getDescription());
                    preparedStatement5.setString(2, vulnerability.getCwe());
                    preparedStatement5.setFloat(3, vulnerability.getCvssScore());
                    preparedStatement5.setString(4, vulnerability.getCvssAccessVector());
                    preparedStatement5.setString(5, vulnerability.getCvssAccessComplexity());
                    preparedStatement5.setString(6, vulnerability.getCvssAuthentication());
                    preparedStatement5.setString(7, vulnerability.getCvssConfidentialityImpact());
                    preparedStatement5.setString(8, vulnerability.getCvssIntegrityImpact());
                    preparedStatement5.setString(9, vulnerability.getCvssAvailabilityImpact());
                    preparedStatement5.setInt(10, executeQuery);
                    preparedStatement5.executeUpdate();
                }
                PreparedStatement preparedStatement6 = getPreparedStatement(PreparedStatementCveDb.INSERT_REFERENCE);
                for (Reference reference : vulnerability.getReferences()) {
                    preparedStatement6.setInt(1, i);
                    preparedStatement6.setString(2, reference.getName());
                    preparedStatement6.setString(3, reference.getUrl());
                    preparedStatement6.setString(4, reference.getSource());
                    preparedStatement6.execute();
                }
                PreparedStatement preparedStatement7 = getPreparedStatement(PreparedStatementCveDb.INSERT_SOFTWARE);
                for (VulnerableSoftware vulnerableSoftware : vulnerability.getVulnerableSoftware()) {
                    PreparedStatement preparedStatement8 = getPreparedStatement(PreparedStatementCveDb.SELECT_CPE_ID);
                    preparedStatement8.setString(1, vulnerableSoftware.getName());
                    try {
                        try {
                            executeQuery = preparedStatement8.executeQuery();
                            int i2 = executeQuery.next() ? executeQuery.getInt(1) : 0;
                            DBUtils.closeResultSet(executeQuery);
                            if (i2 == 0) {
                                PreparedStatement preparedStatement9 = getPreparedStatement(PreparedStatementCveDb.INSERT_CPE);
                                preparedStatement9.setString(1, vulnerableSoftware.getName());
                                preparedStatement9.setString(2, vulnerableSoftware.getVendor());
                                preparedStatement9.setString(3, vulnerableSoftware.getProduct());
                                preparedStatement9.executeUpdate();
                                i2 = DBUtils.getGeneratedKey(preparedStatement9);
                            }
                            if (i2 == 0) {
                                throw new DatabaseException("Unable to retrieve cpeProductId - no data returned");
                            }
                            preparedStatement7.setInt(1, i);
                            preparedStatement7.setInt(2, i2);
                            if (vulnerableSoftware.getPreviousVersion() == null) {
                                preparedStatement7.setNull(3, 12);
                            } else {
                                preparedStatement7.setString(3, vulnerableSoftware.getPreviousVersion());
                            }
                            try {
                                preparedStatement7.execute();
                            } catch (SQLException e2) {
                                if (!e2.getMessage().contains("Duplicate entry")) {
                                    throw e2;
                                }
                                LOGGER.info(String.format("Duplicate software key identified in '%s:%s'", vulnerability.getName(), vulnerableSoftware.getName()), (Throwable) e2);
                            }
                        } finally {
                            DBUtils.closeResultSet(executeQuery);
                        }
                    } catch (SQLException e3) {
                        throw new DatabaseException("Unable to get primary key for new cpe: " + vulnerableSoftware.getName(), e3);
                    }
                }
            } catch (SQLException e4) {
                String format = String.format("Error updating '%s'", vulnerability.getName());
                LOGGER.debug(format, (Throwable) e4);
                throw new DatabaseException(format, e4);
            }
        } catch (Throwable th2) {
            DBUtils.closeResultSet(null);
            throw th2;
        }
    }

    public synchronized boolean dataExists() {
        String string;
        ResultSet resultSet = null;
        try {
            try {
                resultSet = getPreparedStatement(PreparedStatementCveDb.COUNT_CPE).executeQuery();
                if (resultSet.next()) {
                    if (resultSet.getInt(1) > 0) {
                        DBUtils.closeResultSet(resultSet);
                        return true;
                    }
                }
                DBUtils.closeResultSet(resultSet);
                return false;
            } catch (Exception e) {
                try {
                    string = Settings.getDataDirectory().getAbsolutePath();
                } catch (IOException e2) {
                    string = Settings.getString(Settings.KEYS.DATA_DIRECTORY);
                }
                LOGGER.error("Unable to access the local database.\n\nEnsure that '{}' is a writable directory. If the problem persist try deleting the files in '{}' and running {} again. If the problem continues, please create a log file (see documentation at http://jeremylong.github.io/DependencyCheck/) and open a ticket at https://github.com/jeremylong/DependencyCheck/issues and include the log file.\n\n", string, string, Settings.getString(Settings.KEYS.APPLICATION_NAME));
                LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
                DBUtils.closeResultSet(resultSet);
                return false;
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    public synchronized void cleanupDatabase() {
        clearCache();
        try {
            PreparedStatement preparedStatement = getPreparedStatement(PreparedStatementCveDb.CLEANUP_ORPHANS);
            if (preparedStatement != null) {
                preparedStatement.executeUpdate();
            }
        } catch (SQLException e) {
            LOGGER.error("An unexpected SQL Exception occurred; please see the verbose log for more details.");
            LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
        }
    }

    protected Map.Entry<String, Boolean> getMatchingSoftware(Map<String, Boolean> map, String str, String str2, DependencyVersion dependencyVersion) {
        boolean z = "apache".equals(str) && "struts".equals(str2);
        HashSet hashSet = new HashSet();
        boolean z2 = dependencyVersion == null || "-".equals(dependencyVersion.toString());
        String str3 = null;
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            DependencyVersion parseDependencyVersion = parseDependencyVersion(entry.getKey());
            if (parseDependencyVersion == null || "-".equals(parseDependencyVersion.toString())) {
                return entry;
            }
            if (entry.getValue().booleanValue()) {
                if (z2) {
                    return entry;
                }
                if (dependencyVersion != null && dependencyVersion.getVersionParts().get(0).equals(parseDependencyVersion.getVersionParts().get(0))) {
                    str3 = parseDependencyVersion.getVersionParts().get(0);
                }
                hashSet.add(parseDependencyVersion.getVersionParts().get(0));
            }
        }
        if (z2) {
            return null;
        }
        boolean z3 = str3 != null && hashSet.size() > 1;
        for (Map.Entry<String, Boolean> entry2 : map.entrySet()) {
            if (!entry2.getValue().booleanValue()) {
                DependencyVersion parseDependencyVersion2 = parseDependencyVersion(entry2.getKey());
                if (!z3 || str3 == null || str3.equals(parseDependencyVersion2.getVersionParts().get(0))) {
                    if (dependencyVersion != null && dependencyVersion.equals(parseDependencyVersion2)) {
                        return entry2;
                    }
                }
            }
        }
        for (Map.Entry<String, Boolean> entry3 : map.entrySet()) {
            if (entry3.getValue().booleanValue()) {
                DependencyVersion parseDependencyVersion3 = parseDependencyVersion(entry3.getKey());
                if (!z3 || str3 == null || str3.equals(parseDependencyVersion3.getVersionParts().get(0))) {
                    if (entry3.getValue().booleanValue() && dependencyVersion != null && dependencyVersion.compareTo(parseDependencyVersion3) <= 0 && (!z || dependencyVersion.getVersionParts().get(0).equals(parseDependencyVersion3.getVersionParts().get(0)))) {
                        return entry3;
                    }
                }
            }
        }
        return null;
    }

    private DependencyVersion parseDependencyVersion(String str) {
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        try {
            vulnerableSoftware.parseName(str);
        } catch (UnsupportedEncodingException e) {
            LOGGER.trace(StringUtils.EMPTY, (Throwable) e);
        }
        return parseDependencyVersion(vulnerableSoftware);
    }

    private DependencyVersion parseDependencyVersion(VulnerableSoftware vulnerableSoftware) {
        DependencyVersion dependencyVersion;
        if (vulnerableSoftware.getVersion() == null || vulnerableSoftware.getVersion().isEmpty()) {
            dependencyVersion = new DependencyVersion("-");
        } else {
            dependencyVersion = DependencyVersionUtil.parseVersion((vulnerableSoftware.getUpdate() == null || vulnerableSoftware.getUpdate().isEmpty()) ? vulnerableSoftware.getVersion() : String.format("%s.%s", vulnerableSoftware.getVersion(), vulnerableSoftware.getUpdate()));
        }
        return dependencyVersion;
    }

    public synchronized void deleteUnusedCpe() {
        clearCache();
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = this.connection.prepareStatement(this.statementBundle.getString("DELETE_UNUSED_DICT_CPE"));
                preparedStatement.executeUpdate();
                DBUtils.closeStatement(preparedStatement);
            } catch (SQLException e) {
                LOGGER.error("Unable to delete CPE dictionary entries", (Throwable) e);
                DBUtils.closeStatement(preparedStatement);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    public synchronized void addCpe(String str, String str2, String str3) {
        clearCache();
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = this.connection.prepareStatement(this.statementBundle.getString("ADD_DICT_CPE"));
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.setString(3, str3);
                preparedStatement.executeUpdate();
                DBUtils.closeStatement(preparedStatement);
            } catch (SQLException e) {
                LOGGER.error("Unable to add CPE dictionary entry", (Throwable) e);
                DBUtils.closeStatement(preparedStatement);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }
}
