package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileFilter;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import org.apache.commons.compress.utils.IOUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.lucene.analysis.shingle.ShingleFilter;
import org.jsoup.Jsoup;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.data.update.cpe.CPEHandler;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.xml.pom.License;
import org.owasp.dependencycheck.xml.pom.Model;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-2.0.1.jar:org/owasp/dependencycheck/analyzer/JarAnalyzer.class */
public class JarAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String BUNDLE_VERSION = "Bundle-Version";
    private static final String BUNDLE_DESCRIPTION = "Bundle-Description";
    private static final String BUNDLE_NAME = "Bundle-Name";
    private static final String ANALYZER_NAME = "Jar Analyzer";
    private File tempFileLocation = null;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JarAnalyzer.class);
    private static final AtomicInteger DIR_COUNT = new AtomicInteger(0);
    private static final String NEWLINE = System.getProperty("line.separator");
    private static final Set<String> IGNORE_VALUES = newHashSet("Sun Java System Application Server");
    private static final Set<String> IGNORE_KEYS = newHashSet("built-by", "created-by", "builtby", "createdby", "build-jdk", "buildjdk", "ant-version", "antversion", "dynamicimportpackage", "dynamicimport-package", "dynamic-importpackage", "dynamic-import-package", "import-package", "ignore-package", "export-package", "importpackage", "ignorepackage", "exportpackage", "sealed", "manifest-version", "archiver-version", "manifestversion", "archiverversion", "classpath", "class-path", "tool", "bundle-manifestversion", "bundlemanifestversion", "bundle-vendor", "include-resource", "embed-dependency", "ipojo-components", "ipojo-extension", "eclipse-sourcereferences");
    private static final String IMPLEMENTATION_VENDOR_ID = Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString();
    private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", 2);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final String[] EXTENSIONS = {ArchiveStreamFactory.JAR, "war"};
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/dependency-check-core-2.0.1.jar:org/owasp/dependencycheck/analyzer/JarAnalyzer$ClassNameInformation.class */
    public static class ClassNameInformation {
        private String name;
        private final ArrayList<String> packageStructure = new ArrayList<>();

        ClassNameInformation(String str) {
            this.name = str;
            if (!this.name.contains("/")) {
                this.packageStructure.add(this.name);
                return;
            }
            String[] split = StringUtils.split(str.toLowerCase(), '/');
            int i = 0;
            int i2 = 3;
            if ("com".equals(split[0]) || "org".equals(split[0])) {
                i = 1;
                i2 = 4;
            }
            this.packageStructure.addAll(Arrays.asList(split).subList(i, (split.length <= i2 ? split.length - 1 : i2) + 1));
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public ArrayList<String> getPackageStructure() {
            return this.packageStructure;
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_JAR_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        try {
            List<ClassNameInformation> collectClassNames = collectClassNames(dependency);
            String lowerCase = dependency.getFileName().toLowerCase();
            if (collectClassNames.isEmpty() && (lowerCase.endsWith("-sources.jar") || lowerCase.endsWith("-javadoc.jar") || lowerCase.endsWith("-src.jar") || lowerCase.endsWith("-doc.jar"))) {
                engine.getDependencies().remove(dependency);
            }
            analyzePackageNames(collectClassNames, dependency, (parseManifest(dependency, collectClassNames) && analyzePOM(dependency, collectClassNames, engine)) ? false : true);
        } catch (IOException e) {
            throw new AnalysisException("Exception occurred reading the JAR file (" + dependency.getFileName() + ").", e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r10v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0215: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:79:0x0215 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x021a: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:81:0x021a */
    /* JADX WARN: Type inference failed for: r10v1, types: [java.util.jar.JarFile] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    protected boolean analyzePOM(Dependency dependency, List<ClassNameInformation> list, Engine engine) throws AnalysisException {
        File file;
        try {
            try {
                JarFile jarFile = new JarFile(dependency.getActualFilePath());
                Throwable th = null;
                List<String> retrievePomListing = retrievePomListing(jarFile);
                if (retrievePomListing == null || retrievePomListing.size() > 1) {
                    for (String str : retrievePomListing) {
                        LOGGER.debug("Reading pom entry: {}", str);
                        try {
                            Properties retrievePomProperties = retrievePomProperties(str, jarFile);
                            File extractPom = extractPom(str, jarFile);
                            Model readPom = PomUtils.readPom(extractPom);
                            readPom.processProperties(retrievePomProperties);
                            String format = String.format("%s%s%s", dependency.getFilePath(), File.separator, str);
                            String format2 = String.format("%s%s%s", dependency.getFileName(), File.separator, str);
                            Dependency dependency2 = new Dependency();
                            dependency2.setActualFilePath(extractPom.getAbsolutePath());
                            dependency2.setFileName(format2);
                            dependency2.setFilePath(format);
                            setPomEvidence(dependency2, readPom, null);
                            engine.getDependencies().add(dependency2);
                        } catch (AnalysisException e) {
                            LOGGER.warn("An error occurred while analyzing '{}'.", dependency.getActualFilePath());
                            LOGGER.trace(StringUtils.EMPTY, (Throwable) e);
                        }
                    }
                    if (jarFile != null) {
                        if (0 != 0) {
                            try {
                                jarFile.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jarFile.close();
                        }
                    }
                    return false;
                }
                Properties properties = null;
                if (retrievePomListing.size() == 1) {
                    String str2 = retrievePomListing.get(0);
                    file = extractPom(str2, jarFile);
                    properties = retrievePomProperties(str2, jarFile);
                } else {
                    file = new File(FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom");
                }
                if (!file.isFile()) {
                    if (jarFile != null) {
                        if (0 != 0) {
                            try {
                                jarFile.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            jarFile.close();
                        }
                    }
                    return false;
                }
                Model readPom2 = PomUtils.readPom(file);
                if (readPom2 != null && properties != null) {
                    readPom2.processProperties(properties);
                }
                boolean z = readPom2 != null && setPomEvidence(dependency, readPom2, list);
                if (jarFile != null) {
                    if (0 != 0) {
                        try {
                            jarFile.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        jarFile.close();
                    }
                }
                return z;
            } finally {
            }
        } catch (IOException e2) {
            LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath());
            LOGGER.trace(StringUtils.EMPTY, (Throwable) e2);
            return false;
        }
        LOGGER.warn("Unable to read JarFile '{}'.", dependency.getActualFilePath());
        LOGGER.trace(StringUtils.EMPTY, (Throwable) e2);
        return false;
    }

    private Properties retrievePomProperties(String str, JarFile jarFile) {
        Properties properties = null;
        String str2 = str.substring(0, str.length() - 7) + "pom.properies";
        ZipEntry entry = jarFile.getEntry(str2);
        if (entry != null) {
            try {
                InputStreamReader inputStreamReader = new InputStreamReader(jarFile.getInputStream(entry), "UTF-8");
                Throwable th = null;
                try {
                    try {
                        properties = new Properties();
                        properties.load(inputStreamReader);
                        LOGGER.debug("Read pom.properties: {}", str2);
                        if (inputStreamReader != null) {
                            if (0 != 0) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                inputStreamReader.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (inputStreamReader != null) {
                        if (th != null) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    throw th3;
                }
            } catch (UnsupportedEncodingException e) {
                LOGGER.trace("UTF-8 is not supported", (Throwable) e);
            } catch (IOException e2) {
                LOGGER.trace("Unable to read the POM properties", (Throwable) e2);
            }
        }
        return properties;
    }

    private List<String> retrievePomListing(JarFile jarFile) throws IOException {
        ArrayList arrayList = new ArrayList();
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            String lowerCase = new File(nextElement.getName()).getName().toLowerCase();
            if (!nextElement.isDirectory() && "pom.xml".equals(lowerCase)) {
                LOGGER.trace("POM Entry found: {}", nextElement.getName());
                arrayList.add(nextElement.getName());
            }
        }
        return arrayList;
    }

    /* JADX WARN: Finally extract failed */
    private File extractPom(String str, JarFile jarFile) throws AnalysisException {
        File file = new File(getNextTempDirectory(), "pom.xml");
        ZipEntry entry = jarFile.getEntry(str);
        if (entry == null) {
            throw new AnalysisException(String.format("Pom (%s) does not exist in %s", str, jarFile.getName()));
        }
        try {
            InputStream inputStream = jarFile.getInputStream(entry);
            Throwable th = null;
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                Throwable th2 = null;
                try {
                    try {
                        IOUtils.copy(inputStream, fileOutputStream);
                        if (fileOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                        if (inputStream != null) {
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (fileOutputStream != null) {
                        if (th2 != null) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    throw th5;
                }
            } catch (Throwable th7) {
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                throw th7;
            }
        } catch (IOException e) {
            LOGGER.warn("An error occurred reading '{}' from '{}'.", str, jarFile.getName());
            LOGGER.error(StringUtils.EMPTY, (Throwable) e);
        }
        return file;
    }

    public static boolean setPomEvidence(Dependency dependency, Model model, List<ClassNameInformation> list) {
        if (model == null) {
            return false;
        }
        boolean z = false;
        boolean z2 = true;
        String groupId = model.getGroupId();
        String parentGroupId = model.getParentGroupId();
        String artifactId = model.getArtifactId();
        String parentArtifactId = model.getParentArtifactId();
        String version = model.getVersion();
        String parentVersion = model.getParentVersion();
        if ("org.sonatype.oss".equals(parentGroupId) && "oss-parent".equals(parentArtifactId)) {
            parentGroupId = null;
            parentArtifactId = null;
            parentVersion = null;
        }
        if ((groupId == null || groupId.isEmpty()) && parentGroupId != null && !parentGroupId.isEmpty()) {
            groupId = parentGroupId;
        }
        String str = groupId;
        if (groupId != null && (groupId.startsWith("org.") || groupId.startsWith("com."))) {
            groupId = groupId.substring(4);
        }
        if ((artifactId == null || artifactId.isEmpty()) && parentArtifactId != null && !parentArtifactId.isEmpty()) {
            artifactId = parentArtifactId;
        }
        String str2 = artifactId;
        if (artifactId != null && (artifactId.startsWith("org.") || artifactId.startsWith("com."))) {
            artifactId = artifactId.substring(4);
        }
        if ((version == null || version.isEmpty()) && parentVersion != null && !parentVersion.isEmpty()) {
            version = parentVersion;
        }
        if (groupId == null || groupId.isEmpty()) {
            z2 = false;
        } else {
            z = true;
            dependency.getVendorEvidence().addEvidence("pom", "groupid", groupId, Confidence.HIGHEST);
            dependency.getProductEvidence().addEvidence("pom", "groupid", groupId, Confidence.LOW);
            addMatchingValues(list, groupId, dependency.getVendorEvidence());
            addMatchingValues(list, groupId, dependency.getProductEvidence());
            if (parentGroupId != null && !parentGroupId.isEmpty() && !parentGroupId.equals(groupId)) {
                dependency.getVendorEvidence().addEvidence("pom", "parent-groupid", parentGroupId, Confidence.MEDIUM);
                dependency.getProductEvidence().addEvidence("pom", "parent-groupid", parentGroupId, Confidence.LOW);
                addMatchingValues(list, parentGroupId, dependency.getVendorEvidence());
                addMatchingValues(list, parentGroupId, dependency.getProductEvidence());
            }
        }
        if (artifactId == null || artifactId.isEmpty()) {
            z2 = false;
        } else {
            z = true;
            dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactId, Confidence.HIGHEST);
            dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactId, Confidence.LOW);
            addMatchingValues(list, artifactId, dependency.getVendorEvidence());
            addMatchingValues(list, artifactId, dependency.getProductEvidence());
            if (parentArtifactId != null && !parentArtifactId.isEmpty() && !parentArtifactId.equals(artifactId)) {
                dependency.getProductEvidence().addEvidence("pom", "parent-artifactid", parentArtifactId, Confidence.MEDIUM);
                dependency.getVendorEvidence().addEvidence("pom", "parent-artifactid", parentArtifactId, Confidence.LOW);
                addMatchingValues(list, parentArtifactId, dependency.getVendorEvidence());
                addMatchingValues(list, parentArtifactId, dependency.getProductEvidence());
            }
        }
        if (version == null || version.isEmpty()) {
            z2 = false;
        } else {
            z = true;
            dependency.getVersionEvidence().addEvidence("pom", "version", version, Confidence.HIGHEST);
            if (parentVersion != null && !parentVersion.isEmpty() && !parentVersion.equals(version)) {
                dependency.getVersionEvidence().addEvidence("pom", "parent-version", version, Confidence.LOW);
            }
        }
        if (z2) {
            dependency.addIdentifier("maven", String.format("%s:%s:%s", str, str2, version), null, Confidence.HIGH);
        }
        String organization = model.getOrganization();
        if (organization != null && !organization.isEmpty()) {
            dependency.getVendorEvidence().addEvidence("pom", "organization name", organization, Confidence.HIGH);
            dependency.getProductEvidence().addEvidence("pom", "organization name", organization, Confidence.LOW);
            addMatchingValues(list, organization, dependency.getVendorEvidence());
            addMatchingValues(list, organization, dependency.getProductEvidence());
        }
        String organizationUrl = model.getOrganizationUrl();
        if (organizationUrl != null && !organizationUrl.isEmpty()) {
            dependency.getVendorEvidence().addEvidence("pom", "organization url", organizationUrl, Confidence.MEDIUM);
            dependency.getProductEvidence().addEvidence("pom", "organization url", organizationUrl, Confidence.LOW);
        }
        String name = model.getName();
        if (name != null && !name.isEmpty()) {
            z = true;
            dependency.getProductEvidence().addEvidence("pom", PomHandler.NAME, name, Confidence.HIGH);
            dependency.getVendorEvidence().addEvidence("pom", PomHandler.NAME, name, Confidence.HIGH);
            addMatchingValues(list, name, dependency.getVendorEvidence());
            addMatchingValues(list, name, dependency.getProductEvidence());
        }
        String description = model.getDescription();
        if (description != null && !description.isEmpty() && !description.startsWith("POM was created by")) {
            z = true;
            String addDescription = addDescription(dependency, description, "pom", PomHandler.DESCRIPTION);
            addMatchingValues(list, addDescription, dependency.getVendorEvidence());
            addMatchingValues(list, addDescription, dependency.getProductEvidence());
        }
        String projectURL = model.getProjectURL();
        if (projectURL != null && !projectURL.trim().isEmpty()) {
            dependency.getVendorEvidence().addEvidence("pom", PomHandler.URL, projectURL, Confidence.HIGHEST);
        }
        extractLicense(model, dependency);
        return z;
    }

    protected void analyzePackageNames(List<ClassNameInformation> list, Dependency dependency, boolean z) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        analyzeFullyQualifiedClassNames(list, hashMap, hashMap2);
        int size = list.size();
        EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
        EvidenceCollection productEvidence = dependency.getProductEvidence();
        for (Map.Entry<String, Integer> entry : hashMap.entrySet()) {
            if (entry.getValue().intValue() / size > 0.5d) {
                vendorEvidence.addWeighting(entry.getKey());
                if (z && entry.getKey().length() > 1) {
                    vendorEvidence.addEvidence(ArchiveStreamFactory.JAR, "package name", entry.getKey(), Confidence.LOW);
                }
            }
        }
        for (Map.Entry<String, Integer> entry2 : hashMap2.entrySet()) {
            if (entry2.getValue().intValue() / size > 0.5d) {
                productEvidence.addWeighting(entry2.getKey());
                if (z && entry2.getKey().length() > 1) {
                    productEvidence.addEvidence(ArchiveStreamFactory.JAR, "package name", entry2.getKey(), Confidence.LOW);
                }
            }
        }
    }

    protected boolean parseManifest(Dependency dependency, List<ClassNameInformation> list) throws IOException {
        boolean z = false;
        JarFile jarFile = new JarFile(dependency.getActualFilePath());
        Throwable th = null;
        try {
            Manifest manifest = jarFile.getManifest();
            if (manifest == null) {
                if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar") && !dependency.getFileName().toLowerCase().endsWith("-javadoc.jar") && !dependency.getFileName().toLowerCase().endsWith("-src.jar") && !dependency.getFileName().toLowerCase().endsWith("-doc.jar")) {
                    LOGGER.debug("Jar file '{}' does not contain a manifest.", dependency.getFileName());
                }
                return false;
            }
            EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
            EvidenceCollection productEvidence = dependency.getProductEvidence();
            EvidenceCollection versionEvidence = dependency.getVersionEvidence();
            String str = "Manifest";
            String str2 = null;
            boolean z2 = false;
            Attributes mainAttributes = manifest.getMainAttributes();
            Iterator<Map.Entry<Object, Object>> it = mainAttributes.entrySet().iterator();
            while (it.hasNext()) {
                String obj = it.next().getKey().toString();
                String value = mainAttributes.getValue(obj);
                if (HTML_DETECTION_PATTERN.matcher(value).find()) {
                    value = Jsoup.parse(value).text();
                }
                if (!IGNORE_VALUES.contains(value)) {
                    if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
                        z = true;
                        productEvidence.addEvidence(str, obj, value, Confidence.HIGH);
                        addMatchingValues(list, value, productEvidence);
                    } else if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
                        z2 = true;
                        z = true;
                        versionEvidence.addEvidence(str, obj, value, Confidence.HIGH);
                    } else if ("specification-version".equalsIgnoreCase(obj)) {
                        str2 = value;
                    } else if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
                        z = true;
                        vendorEvidence.addEvidence(str, obj, value, Confidence.HIGH);
                        addMatchingValues(list, value, vendorEvidence);
                    } else if (obj.equalsIgnoreCase(IMPLEMENTATION_VENDOR_ID)) {
                        z = true;
                        vendorEvidence.addEvidence(str, obj, value, Confidence.MEDIUM);
                        addMatchingValues(list, value, vendorEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_DESCRIPTION)) {
                        z = true;
                        addDescription(dependency, value, "manifest", obj);
                        addMatchingValues(list, value, productEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_NAME)) {
                        z = true;
                        productEvidence.addEvidence(str, obj, value, Confidence.MEDIUM);
                        addMatchingValues(list, value, productEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_VERSION)) {
                        z = true;
                        versionEvidence.addEvidence(str, obj, value, Confidence.HIGH);
                    } else if (!obj.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) {
                        String lowerCase = obj.toLowerCase();
                        if (!IGNORE_KEYS.contains(lowerCase) && !lowerCase.endsWith("jdk") && !lowerCase.contains("lastmodified") && !lowerCase.endsWith("package") && !lowerCase.endsWith("classpath") && !lowerCase.endsWith("class-path") && !lowerCase.endsWith("-scm") && !lowerCase.startsWith("scm-") && !value.trim().startsWith("scm:") && !isImportPackage(lowerCase, value) && !isPackage(lowerCase, value)) {
                            z = true;
                            if (lowerCase.contains("version")) {
                                if (!lowerCase.contains("specification")) {
                                    versionEvidence.addEvidence(str, lowerCase, value, Confidence.MEDIUM);
                                }
                            } else if ("build-id".equals(lowerCase)) {
                                int indexOf = value.indexOf(40);
                                if (indexOf > 0) {
                                    value = value.substring(0, indexOf - 1);
                                }
                                int indexOf2 = value.indexOf(91);
                                if (indexOf2 > 0) {
                                    value = value.substring(0, indexOf2 - 1);
                                }
                                versionEvidence.addEvidence(str, lowerCase, value, Confidence.MEDIUM);
                            } else if (lowerCase.contains(CPEHandler.Element.TITLE)) {
                                productEvidence.addEvidence(str, lowerCase, value, Confidence.MEDIUM);
                                addMatchingValues(list, value, productEvidence);
                            } else if (lowerCase.contains(Fields.VENDOR)) {
                                if (lowerCase.contains("specification")) {
                                    vendorEvidence.addEvidence(str, lowerCase, value, Confidence.LOW);
                                } else {
                                    vendorEvidence.addEvidence(str, lowerCase, value, Confidence.MEDIUM);
                                    addMatchingValues(list, value, vendorEvidence);
                                }
                            } else if (lowerCase.contains(PomHandler.NAME)) {
                                productEvidence.addEvidence(str, lowerCase, value, Confidence.MEDIUM);
                                vendorEvidence.addEvidence(str, lowerCase, value, Confidence.MEDIUM);
                                addMatchingValues(list, value, vendorEvidence);
                                addMatchingValues(list, value, productEvidence);
                            } else if (lowerCase.contains(PomHandler.LICENSE)) {
                                addLicense(dependency, value);
                            } else if (lowerCase.contains(PomHandler.DESCRIPTION)) {
                                addDescription(dependency, value, "manifest", lowerCase);
                            } else {
                                productEvidence.addEvidence(str, lowerCase, value, Confidence.LOW);
                                vendorEvidence.addEvidence(str, lowerCase, value, Confidence.LOW);
                                addMatchingValues(list, value, vendorEvidence);
                                addMatchingValues(list, value, productEvidence);
                                if (value.matches(".*\\d.*")) {
                                    StringTokenizer stringTokenizer = new StringTokenizer(value, ShingleFilter.DEFAULT_TOKEN_SEPARATOR);
                                    while (stringTokenizer.hasMoreElements()) {
                                        String nextToken = stringTokenizer.nextToken();
                                        if (nextToken.matches("^[0-9.]+$")) {
                                            versionEvidence.addEvidence(str, lowerCase, nextToken, Confidence.LOW);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            for (Map.Entry<String, Attributes> entry : manifest.getEntries().entrySet()) {
                str = "manifest: " + entry.getKey();
                Attributes value2 = entry.getValue();
                Iterator<Map.Entry<Object, Object>> it2 = value2.entrySet().iterator();
                while (it2.hasNext()) {
                    String obj2 = it2.next().getKey().toString();
                    String value3 = value2.getValue(obj2);
                    if (obj2.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
                        z = true;
                        productEvidence.addEvidence(str, obj2, value3, Confidence.MEDIUM);
                        addMatchingValues(list, value3, productEvidence);
                    } else if (obj2.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
                        z = true;
                        versionEvidence.addEvidence(str, obj2, value3, Confidence.MEDIUM);
                    } else if (obj2.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
                        z = true;
                        vendorEvidence.addEvidence(str, obj2, value3, Confidence.MEDIUM);
                        addMatchingValues(list, value3, vendorEvidence);
                    } else if (obj2.equalsIgnoreCase(Attributes.Name.SPECIFICATION_TITLE.toString())) {
                        z = true;
                        productEvidence.addEvidence(str, obj2, value3, Confidence.MEDIUM);
                        addMatchingValues(list, value3, productEvidence);
                    }
                }
            }
            if (str2 != null && !z2) {
                z = true;
                versionEvidence.addEvidence(str, "specification-version", str2, Confidence.HIGH);
            }
            if (jarFile != null) {
                if (0 != 0) {
                    try {
                        jarFile.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    jarFile.close();
                }
            }
            return z;
        } finally {
            if (jarFile != null) {
                if (0 != 0) {
                    try {
                        jarFile.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    jarFile.close();
                }
            }
        }
    }

    public static String addDescription(Dependency dependency, String str, String str2, String str3) {
        if (dependency.getDescription() == null) {
            dependency.setDescription(str);
        }
        String text = HTML_DETECTION_PATTERN.matcher(str).find() ? Jsoup.parse(str).text() : str;
        dependency.setDescription(text);
        if (text.length() > 100) {
            text = text.replaceAll("\\s\\s+", ShingleFilter.DEFAULT_TOKEN_SEPARATOR);
            int indexOf = text.toLowerCase().indexOf("such as ", 100);
            int indexOf2 = text.toLowerCase().indexOf("like ", 100);
            int indexOf3 = text.toLowerCase().indexOf("will use ", 100);
            int indexOf4 = text.toLowerCase().indexOf(" uses ", 100);
            int max = Math.max(-1, indexOf);
            int max2 = (max < 0 || indexOf2 < 0) ? Math.max(max, indexOf2) : Math.min(max, indexOf2);
            int max3 = (max2 < 0 || indexOf3 < 0) ? Math.max(max2, indexOf3) : Math.min(max2, indexOf3);
            int max4 = (max3 < 0 || indexOf4 < 0) ? Math.max(max3, indexOf4) : Math.min(max3, indexOf4);
            if (max4 > 0) {
                text = text.substring(0, max4) + "...";
            }
            dependency.getProductEvidence().addEvidence(str2, str3, text, Confidence.LOW);
            dependency.getVendorEvidence().addEvidence(str2, str3, text, Confidence.LOW);
        } else {
            dependency.getProductEvidence().addEvidence(str2, str3, text, Confidence.MEDIUM);
            dependency.getVendorEvidence().addEvidence(str2, str3, text, Confidence.MEDIUM);
        }
        return text;
    }

    private void addLicense(Dependency dependency, String str) {
        if (dependency.getLicense() == null) {
            dependency.setLicense(str);
        } else {
            if (dependency.getLicense().contains(str)) {
                return;
            }
            dependency.setLicense(dependency.getLicense() + NEWLINE + str);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws InitializationException {
        try {
            this.tempFileLocation = File.createTempFile(CPEHandler.Element.CHECK, "tmp", Settings.getTempDirectory());
            if (!this.tempFileLocation.delete()) {
                String format = String.format("Unable to delete temporary file '%s'.", this.tempFileLocation.getAbsolutePath());
                setEnabled(false);
                throw new InitializationException(format);
            }
            if (this.tempFileLocation.mkdirs()) {
                return;
            }
            String format2 = String.format("Unable to create directory '%s'.", this.tempFileLocation.getAbsolutePath());
            setEnabled(false);
            throw new InitializationException(format2);
        } catch (IOException e) {
            setEnabled(false);
            throw new InitializationException("Unable to create a temporary file", e);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void closeAnalyzer() {
        String[] list;
        if (this.tempFileLocation == null || !this.tempFileLocation.exists()) {
            return;
        }
        LOGGER.debug("Attempting to delete temporary files");
        if (FileUtils.delete(this.tempFileLocation) || !this.tempFileLocation.exists() || (list = this.tempFileLocation.list()) == null || list.length <= 0) {
            return;
        }
        LOGGER.warn("Failed to delete some temporary files, see the log for more details");
    }

    private boolean isImportPackage(String str, String str2) {
        return Pattern.compile("^([a-zA-Z0-9_#\\$\\*\\.]+\\s*[,;]\\s*)+([a-zA-Z0-9_#\\$\\*\\.]+\\s*)?$").matcher(str2).matches() && (str.contains("import") || str.contains("include") || str2.length() > 10);
    }

    /* JADX WARN: Finally extract failed */
    private List<ClassNameInformation> collectClassNames(Dependency dependency) {
        ArrayList arrayList = new ArrayList();
        try {
            JarFile jarFile = new JarFile(dependency.getActualFilePath());
            Throwable th = null;
            try {
                Enumeration<JarEntry> entries = jarFile.entries();
                while (entries.hasMoreElements()) {
                    String lowerCase = entries.nextElement().getName().toLowerCase();
                    if (lowerCase.endsWith(".class") && !lowerCase.matches("^javax?\\..*$")) {
                        arrayList.add(new ClassNameInformation(lowerCase.substring(0, lowerCase.length() - 6)));
                    }
                }
                if (jarFile != null) {
                    if (0 != 0) {
                        try {
                            jarFile.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        jarFile.close();
                    }
                }
            } catch (Throwable th3) {
                if (jarFile != null) {
                    if (0 != 0) {
                        try {
                            jarFile.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        jarFile.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            LOGGER.warn("Unable to open jar file '{}'.", dependency.getFileName());
            LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
        }
        return arrayList;
    }

    private void analyzeFullyQualifiedClassNames(List<ClassNameInformation> list, Map<String, Integer> map, Map<String, Integer> map2) {
        Iterator<ClassNameInformation> it = list.iterator();
        while (it.hasNext()) {
            ArrayList<String> packageStructure = it.next().getPackageStructure();
            addEntry(map, packageStructure.get(0));
            if (packageStructure.size() == 2) {
                addEntry(map2, packageStructure.get(1));
            } else if (packageStructure.size() == 3) {
                addEntry(map, packageStructure.get(1));
                addEntry(map2, packageStructure.get(1));
                addEntry(map2, packageStructure.get(2));
            } else if (packageStructure.size() >= 4) {
                addEntry(map, packageStructure.get(1));
                addEntry(map, packageStructure.get(2));
                addEntry(map2, packageStructure.get(1));
                addEntry(map2, packageStructure.get(2));
                addEntry(map2, packageStructure.get(3));
            }
        }
    }

    private void addEntry(Map<String, Integer> map, String str) {
        if (map.containsKey(str)) {
            map.put(str, Integer.valueOf(map.get(str).intValue() + 1));
        } else {
            map.put(str, 1);
        }
    }

    private static void addMatchingValues(List<ClassNameInformation> list, String str, EvidenceCollection evidenceCollection) {
        if (str == null || str.isEmpty() || list == null || list.isEmpty()) {
            return;
        }
        String lowerCase = str.toLowerCase();
        Iterator<ClassNameInformation> it = list.iterator();
        while (it.hasNext()) {
            Iterator<String> it2 = it.next().getPackageStructure().iterator();
            while (it2.hasNext()) {
                String next = it2.next();
                if (Pattern.compile("\b" + next + "\b").matcher(lowerCase).find()) {
                    evidenceCollection.addEvidence(ArchiveStreamFactory.JAR, "package name", next, Confidence.HIGHEST);
                }
            }
        }
    }

    private boolean isPackage(String str, String str2) {
        return !str.matches(".*(version|title|vendor|name|license|description).*") && str2.matches("^([a-zA-Z_][a-zA-Z0-9_\\$]*(\\.[a-zA-Z_][a-zA-Z0-9_\\$]*)*)?$");
    }

    public static void extractLicense(Model model, Dependency dependency) {
        if (model.getLicenses() != null) {
            String str = null;
            for (License license : model.getLicenses()) {
                String name = license.getName() != null ? license.getName() : null;
                if (license.getUrl() != null) {
                    name = name == null ? license.getUrl() : name + ": " + license.getUrl();
                }
                if (name != null) {
                    if (HTML_DETECTION_PATTERN.matcher(name).find()) {
                        name = Jsoup.parse(name).text();
                    }
                    str = str == null ? name : str + org.apache.commons.io.IOUtils.LINE_SEPARATOR_UNIX + name;
                }
            }
            if (str != null) {
                dependency.setLicense(str);
            }
        }
    }

    private File getNextTempDirectory() throws AnalysisException {
        File file = new File(this.tempFileLocation, String.valueOf(DIR_COUNT.incrementAndGet()));
        if (file.exists()) {
            return getNextTempDirectory();
        }
        if (file.mkdirs()) {
            return file;
        }
        throw new AnalysisException(String.format("Unable to create temp directory '%s'.", file.getAbsolutePath()));
    }
}
