package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.util.HashSet;
import java.util.Iterator;
import java.util.ListIterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.suppression.SuppressionHandler;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.LogUtils;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.1.1.jar:org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.class */
public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Analyzer {
    private boolean analyzed = false;
    private static final String ANALYZER_NAME = "Dependency Bundling Analyzer";
    private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z]*");
    private static final Set<String> EXTENSIONS = null;
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public Set<String> getSupportedExtensions() {
        return EXTENSIONS;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public boolean supportsExtension(String str) {
        return true;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.analyzed) {
            return;
        }
        this.analyzed = true;
        HashSet hashSet = new HashSet();
        ListIterator<Dependency> listIterator = engine.getDependencies().listIterator();
        while (listIterator.hasNext()) {
            Dependency next = listIterator.next();
            if (listIterator.hasNext()) {
                ListIterator<Dependency> listIterator2 = engine.getDependencies().listIterator(listIterator.nextIndex());
                while (listIterator2.hasNext()) {
                    Dependency next2 = listIterator2.next();
                    if (isShadedJar(next, next2)) {
                        if (next.getFileName().toLowerCase().endsWith("pom.xml")) {
                            hashSet.add(next);
                        } else {
                            hashSet.add(next2);
                        }
                    } else if (hashesMatch(next, next2)) {
                        if (isCore(next, next2)) {
                            mergeDependencies(next, next2, hashSet);
                        } else {
                            mergeDependencies(next2, next, hashSet);
                        }
                    } else if (cpeIdentifiersMatch(next, next2) && hasSameBasePath(next, next2) && fileNameMatch(next, next2)) {
                        if (isCore(next, next2)) {
                            mergeDependencies(next, next2, hashSet);
                        } else {
                            mergeDependencies(next2, next, hashSet);
                        }
                    }
                }
            }
        }
        Iterator<Dependency> it = hashSet.iterator();
        while (it.hasNext()) {
            engine.getDependencies().remove(it.next());
        }
    }

    private void mergeDependencies(Dependency dependency, Dependency dependency2, Set<Dependency> set) {
        dependency.addRelatedDependency(dependency2);
        Iterator<Dependency> it = dependency2.getRelatedDependencies().iterator();
        while (it.hasNext()) {
            dependency.addRelatedDependency(it.next());
            it.remove();
        }
        set.add(dependency2);
    }

    private String getBaseRepoPath(String str) {
        int indexOf;
        int indexOf2 = str.indexOf("repository" + File.separator) + 11;
        if (indexOf2 >= 0 && (indexOf = str.indexOf(File.separator, indexOf2)) > 0) {
            if (indexOf > 0) {
                indexOf2 = indexOf + 1;
            }
            int indexOf3 = str.indexOf(File.separator, indexOf2);
            if (indexOf3 > 0) {
                indexOf2 = indexOf3 + 1;
            }
            return str.substring(0, indexOf2);
        }
        return str;
    }

    private boolean fileNameMatch(Dependency dependency, Dependency dependency2) {
        if (dependency == null || dependency.getFileName() == null || dependency2 == null || dependency2.getFileName() == null) {
            return false;
        }
        String fileName = dependency.getFileName();
        String fileName2 = dependency2.getFileName();
        File file = new File(fileName);
        File file2 = new File(fileName2);
        String parent = file.getParent();
        String parent2 = file2.getParent();
        if (parent != null) {
            if (!parent.equals(parent2)) {
                return false;
            }
            fileName = file.getName();
            fileName2 = file2.getName();
        } else if (parent2 != null) {
            return false;
        }
        DependencyVersion parseVersion = DependencyVersionUtil.parseVersion(fileName);
        DependencyVersion parseVersion2 = DependencyVersionUtil.parseVersion(fileName2);
        if (parseVersion != null && parseVersion2 != null && !parseVersion.equals(parseVersion2)) {
            return false;
        }
        Matcher matcher = STARTING_TEXT_PATTERN.matcher(fileName);
        Matcher matcher2 = STARTING_TEXT_PATTERN.matcher(fileName2);
        if (matcher.find() && matcher2.find()) {
            return matcher.group().equals(matcher2.group());
        }
        return false;
    }

    private boolean cpeIdentifiersMatch(Dependency dependency, Dependency dependency2) {
        if (dependency == null || dependency.getIdentifiers() == null || dependency2 == null || dependency2.getIdentifiers() == null) {
            return false;
        }
        boolean z = false;
        int i = 0;
        int i2 = 0;
        Iterator<Identifier> it = dependency.getIdentifiers().iterator();
        while (it.hasNext()) {
            if (SuppressionHandler.CPE.equals(it.next().getType())) {
                i++;
            }
        }
        Iterator<Identifier> it2 = dependency2.getIdentifiers().iterator();
        while (it2.hasNext()) {
            if (SuppressionHandler.CPE.equals(it2.next().getType())) {
                i2++;
            }
        }
        if (i > 0 && i == i2) {
            Iterator<Identifier> it3 = dependency.getIdentifiers().iterator();
            while (it3.hasNext()) {
                z |= dependency2.getIdentifiers().contains(it3.next());
                if (!z) {
                    break;
                }
            }
        }
        if (LogUtils.isVerboseLoggingEnabled()) {
            Logger.getLogger(DependencyBundlingAnalyzer.class.getName()).log(Level.FINE, String.format("IdentifiersMatch=%s (%s, %s)", Boolean.valueOf(z), dependency.getFileName(), dependency2.getFileName()));
        }
        return z;
    }

    private boolean hasSameBasePath(Dependency dependency, Dependency dependency2) {
        if (dependency == null || dependency2 == null) {
            return false;
        }
        String parent = new File(dependency.getFilePath()).getParent();
        String parent2 = new File(dependency2.getFilePath()).getParent();
        if (parent == null) {
            return parent2 == null;
        }
        if (parent.equalsIgnoreCase(parent2)) {
            return true;
        }
        if (parent.matches(".*[/\\\\]repository[/\\\\].*") && parent2.matches(".*[/\\\\]repository[/\\\\].*")) {
            parent = getBaseRepoPath(parent);
            parent2 = getBaseRepoPath(parent2);
        }
        if (parent.equalsIgnoreCase(parent2)) {
            return true;
        }
        Iterator<Dependency> it = dependency2.getRelatedDependencies().iterator();
        while (it.hasNext()) {
            if (hasSameBasePath(dependency, it.next())) {
                return true;
            }
        }
        return false;
    }

    boolean isCore(Dependency dependency, Dependency dependency2) {
        boolean z;
        String lowerCase = dependency.getFileName().toLowerCase();
        String lowerCase2 = dependency2.getFileName().toLowerCase();
        if ((!lowerCase2.matches(".*\\.(tar|tgz|gz|zip|ear|war).+") && lowerCase.matches(".*\\.(tar|tgz|gz|zip|ear|war).+")) || ((lowerCase2.contains("core") && !lowerCase.contains("core")) || (lowerCase2.contains("kernel") && !lowerCase.contains("kernel")))) {
            z = false;
        } else if ((!lowerCase2.matches(".*\\.(tar|tgz|gz|zip|ear|war).+") || lowerCase.matches(".*\\.(tar|tgz|gz|zip|ear|war).+")) && ((lowerCase2.contains("core") || !lowerCase.contains("core")) && (lowerCase2.contains("kernel") || !lowerCase.contains("kernel")))) {
            z = lowerCase.length() <= lowerCase2.length();
        } else {
            z = true;
        }
        if (LogUtils.isVerboseLoggingEnabled()) {
            Logger.getLogger(DependencyBundlingAnalyzer.class.getName()).log(Level.FINE, String.format("IsCore=%s (%s, %s)", Boolean.valueOf(z), dependency.getFileName(), dependency2.getFileName()));
        }
        return z;
    }

    private boolean hashesMatch(Dependency dependency, Dependency dependency2) {
        if (dependency == null || dependency2 == null || dependency.getSha1sum() == null || dependency2.getSha1sum() == null) {
            return false;
        }
        return dependency.getSha1sum().equals(dependency2.getSha1sum());
    }

    private boolean isShadedJar(Dependency dependency, Dependency dependency2) {
        String lowerCase = dependency.getFileName().toLowerCase();
        String lowerCase2 = dependency2.getFileName().toLowerCase();
        if (lowerCase.endsWith(".jar") && lowerCase2.endsWith("pom.xml")) {
            return dependency.getIdentifiers().containsAll(dependency2.getIdentifiers());
        }
        if (lowerCase2.endsWith(".jar") && lowerCase.endsWith("pom.xml")) {
            return dependency2.getIdentifiers().containsAll(dependency.getIdentifiers());
        }
        return false;
    }
}
