package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nexus.NexusSearch;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.xml.pom.PomUtils;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.2.10.jar:org/owasp/dependencycheck/analyzer/NexusAnalyzer.class */
public class NexusAnalyzer extends AbstractFileTypeAnalyzer {
    public static final String DEFAULT_URL = "https://repository.sonatype.org/service/local/";
    private static final String ANALYZER_NAME = "Nexus Analyzer";
    private NexusSearch searcher;
    private final boolean enabled = checkEnabled();
    private static final Logger LOGGER = Logger.getLogger(NexusAnalyzer.class.getName());
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet(ArchiveStreamFactory.JAR);

    private boolean checkEnabled() {
        boolean z = false;
        try {
            if (DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL)) || !Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)) {
                LOGGER.fine("Nexus analyzer disabled, using Central instead");
            } else {
                LOGGER.info("Enabling Nexus analyzer");
                z = true;
            }
        } catch (InvalidSettingException e) {
            LOGGER.warning("Invalid setting. Disabling Nexus analyzer");
        }
        return z;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws Exception {
        LOGGER.fine("Initializing Nexus Analyzer");
        LOGGER.fine(String.format("Nexus Analyzer enabled: %s", Boolean.valueOf(isEnabled())));
        if (isEnabled()) {
            String string = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
            LOGGER.fine(String.format("Nexus Analyzer URL: %s", string));
            try {
                this.searcher = new NexusSearch(new URL(string));
                if (!this.searcher.preflightRequest()) {
                    LOGGER.warning("There was an issue getting Nexus status. Disabling analyzer.");
                    setEnabled(false);
                }
            } catch (MalformedURLException e) {
                LOGGER.warning(String.format("Property %s not a valid URL. Nexus Analyzer disabled", string));
                setEnabled(false);
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_NEXUS_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public Set<String> getSupportedExtensions() {
        return SUPPORTED_EXTENSIONS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        if (isEnabled()) {
            try {
                MavenArtifact searchSha1 = this.searcher.searchSha1(dependency.getSha1sum());
                dependency.addAsEvidence("nexus", searchSha1, Confidence.HIGH);
                boolean z = false;
                LOGGER.fine("POM URL " + searchSha1.getPomUrl());
                Iterator<Evidence> it = dependency.getVendorEvidence().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    } else if ("pom".equals(it.next().getSource())) {
                        z = true;
                        break;
                    }
                }
                if (!z && searchSha1.getPomUrl() != null) {
                    File file = null;
                    try {
                        try {
                            file = File.createTempFile("pom", ".xml", Settings.getTempDirectory());
                            if (!file.delete()) {
                                LOGGER.warning(String.format("Unable to fetch pom.xml for %s from Nexus repository; this could result in undetected CPE/CVEs.", dependency.getFileName()));
                                LOGGER.fine("Unable to delete temp file");
                            }
                            LOGGER.fine(String.format("Downloading %s", searchSha1.getPomUrl()));
                            Downloader.fetchFile(new URL(searchSha1.getPomUrl()), file);
                            PomUtils.analyzePOM(dependency, file);
                            if (file != null && !FileUtils.deleteQuietly(file)) {
                                file.deleteOnExit();
                            }
                        } catch (DownloadFailedException e) {
                            LOGGER.warning(String.format("Unable to download pom.xml for %s from Nexus repository; this could result in undetected CPE/CVEs.", dependency.getFileName()));
                            if (file != null && !FileUtils.deleteQuietly(file)) {
                                file.deleteOnExit();
                            }
                        }
                    } catch (Throwable th) {
                        if (file != null && !FileUtils.deleteQuietly(file)) {
                            file.deleteOnExit();
                        }
                        throw th;
                    }
                }
            } catch (FileNotFoundException e2) {
                LOGGER.fine(String.format("Artifact not found in repository '%s'", dependency.getFileName()));
                LOGGER.log(Level.FINE, e2.getMessage(), (Throwable) e2);
            } catch (IOException e3) {
                LOGGER.log(Level.FINE, "Could not connect to nexus repository", (Throwable) e3);
            } catch (IllegalArgumentException e4) {
                LOGGER.info(String.format("invalid sha-1 hash on %s", dependency.getFileName()));
            }
        }
    }
}
