package org.owasp.dependencycheck.analyzer;

import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.composer.ComposerDependency;
import org.owasp.dependencycheck.data.composer.ComposerException;
import org.owasp.dependencycheck.data.composer.ComposerLockParser;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Experimental
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-3.0.1.jar:org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.class */
public class ComposerLockAnalyzer extends AbstractFileTypeAnalyzer {
    public static final String DEPENDENCY_ECOSYSTEM = "Composer";
    private static final String ANALYZER_NAME = "Composer.lock analyzer";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ComposerLockAnalyzer.class);
    private static final String COMPOSER_LOCK = "composer.lock";
    private static final FileFilter FILE_FILTER = FileFilterBuilder.newInstance().addFilenames(COMPOSER_LOCK).build();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILE_FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
        try {
            getSha1MessageDigest();
        } catch (IllegalStateException e) {
            setEnabled(false);
            throw new InitializationException("Unable to create SHA1 MessageDigest", e);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        try {
            FileInputStream fileInputStream = new FileInputStream(dependency.getActualFile());
            Throwable th = null;
            try {
                try {
                    ComposerLockParser composerLockParser = new ComposerLockParser(fileInputStream);
                    LOGGER.debug("Checking composer.lock file {}", dependency.getActualFilePath());
                    composerLockParser.process();
                    boolean z = false;
                    for (ComposerDependency composerDependency : composerLockParser.getDependencies()) {
                        Dependency dependency2 = new Dependency(dependency.getActualFile());
                        String format = String.format("%s:%s/%s/%s", dependency.getFilePath(), composerDependency.getGroup(), composerDependency.getProject(), composerDependency.getVersion());
                        dependency2.setName(composerDependency.getProject());
                        dependency2.setVersion(composerDependency.getVersion());
                        dependency2.setEcosystem(DEPENDENCY_ECOSYSTEM);
                        MessageDigest sha1MessageDigest = getSha1MessageDigest();
                        dependency2.setFilePath(format);
                        dependency2.setSha1sum(Checksum.getHex(sha1MessageDigest.digest(format.getBytes(Charset.defaultCharset()))));
                        dependency2.addEvidence(EvidenceType.VENDOR, COMPOSER_LOCK, Fields.VENDOR, composerDependency.getGroup(), Confidence.HIGHEST);
                        dependency2.addEvidence(EvidenceType.PRODUCT, COMPOSER_LOCK, Fields.PRODUCT, composerDependency.getProject(), Confidence.HIGHEST);
                        dependency2.addEvidence(EvidenceType.VERSION, COMPOSER_LOCK, "version", composerDependency.getVersion(), Confidence.HIGHEST);
                        LOGGER.debug("Adding dependency {}", dependency2.getDisplayFileName());
                        engine.addDependency(dependency2);
                        z = true;
                    }
                    if (z && dependency.getDisplayFileName().equalsIgnoreCase(COMPOSER_LOCK)) {
                        LOGGER.debug("Removing main redundant dependency {}", dependency.getDisplayFileName());
                        engine.removeDependency(dependency);
                    }
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th4;
            }
        } catch (IOException e) {
            LOGGER.warn("Error opening dependency {}", dependency.getActualFilePath());
        } catch (ComposerException e2) {
            LOGGER.warn("Error parsing composer.json {}", dependency.getActualFilePath(), e2);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.INFORMATION_COLLECTION;
    }

    private MessageDigest getSha1MessageDigest() {
        try {
            return MessageDigest.getInstance("SHA1");
        } catch (NoSuchAlgorithmException e) {
            LOGGER.error(e.getMessage());
            throw new IllegalStateException("Failed to obtain the SHA1 message digest.", e);
        }
    }
}
