package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.io.FileUtils;
import org.apache.commons.jcs.access.exception.CacheException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.UnexpectedAnalysisException;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;
import org.owasp.dependencycheck.data.central.CentralSearch;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.ResourceNotFoundException;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.TooManyRequestsException;
import org.owasp.dependencycheck.xml.pom.Model;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-5.3.2.jar:org/owasp/dependencycheck/analyzer/CentralAnalyzer.class */
public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String ANALYZER_NAME = "Central Analyzer";
    private static final String SUPPORTED_EXTENSIONS = "jar";
    private static final int BASE_RETRY_WAIT = 1500;
    private CentralSearch searcher;
    private DataCache<Model> cache;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CentralAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions("jar").build();
    private static int numberOfRetries = 7;

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public synchronized void initialize(Settings settings) {
        super.initialize(settings);
        setEnabled(checkEnabled());
        numberOfRetries = getSettings().getInt(Settings.KEYS.ANALYZER_CENTRAL_RETRY_COUNT, numberOfRetries);
        if (settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_USE_CACHE, true)) {
            try {
                this.cache = new DataCacheFactory(settings).getPomCache();
            } catch (CacheException e) {
                settings.setBoolean(Settings.KEYS.ANALYZER_CENTRAL_USE_CACHE, false);
                LOGGER.debug("Error creating cache, disabling caching", (Throwable) e);
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public boolean supportsParallelProcessing() {
        return getSettings().getBoolean(Settings.KEYS.ANALYZER_CENTRAL_PARALLEL_ANALYSIS, true);
    }

    private boolean checkEnabled() {
        try {
            return getSettings().getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED);
        } catch (InvalidSettingException e) {
            LOGGER.warn("Invalid setting. Disabling the Central analyzer");
            return false;
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
        LOGGER.debug("Initializing Central analyzer");
        LOGGER.debug("Central analyzer enabled: {}", Boolean.valueOf(isEnabled()));
        if (isEnabled()) {
            try {
                this.searcher = new CentralSearch(getSettings());
            } catch (MalformedURLException e) {
                setEnabled(false);
                throw new InitializationException("The configured URL to Maven Central is malformed", e);
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_CENTRAL_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        int i;
        Iterator it = dependency.getEvidence(EvidenceType.VENDOR).iterator();
        while (it.hasNext()) {
            if ("pom".equals(((Evidence) it.next()).getSource())) {
                return;
            }
        }
        try {
            List<MavenArtifact> fetchMavenArtifacts = fetchMavenArtifacts(dependency);
            Confidence confidence = fetchMavenArtifacts.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST;
            for (MavenArtifact mavenArtifact : fetchMavenArtifacts) {
                LOGGER.debug("Central analyzer found artifact ({}) for dependency ({})", mavenArtifact, dependency.getFileName());
                dependency.addAsEvidence("central", mavenArtifact, confidence);
                if (mavenArtifact.getPomUrl() != null) {
                    File file = null;
                    try {
                        try {
                            File createTempFile = File.createTempFile("pom", ".xml", getSettings().getTempDirectory());
                            if (!createTempFile.delete()) {
                                LOGGER.warn("Unable to fetch pom.xml for {} from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
                                LOGGER.debug("Unable to delete temp file");
                            }
                            Downloader downloader = new Downloader(getSettings());
                            int i2 = getSettings().getInt(Settings.KEYS.ANALYZER_CENTRAL_RETRY_COUNT, 3);
                            int i3 = 0;
                            long j = 1500;
                            boolean z = false;
                            Model model = this.cache != null ? this.cache.get(mavenArtifact.getPomUrl()) : null;
                            if (model == null) {
                                LOGGER.debug("Downloading {}", mavenArtifact.getPomUrl());
                                do {
                                    try {
                                        downloader.fetchFile(new URL(mavenArtifact.getPomUrl()), createTempFile);
                                        z = true;
                                    } catch (DownloadFailedException e) {
                                        try {
                                            Thread.sleep(j);
                                            j *= 2;
                                        } catch (InterruptedException e2) {
                                            Thread.currentThread().interrupt();
                                            throw new UnexpectedAnalysisException(e2);
                                        }
                                    } catch (ResourceNotFoundException e3) {
                                        LOGGER.debug("pom.xml does not exist in Central for {}", dependency.getFileName());
                                        if (createTempFile == null || !createTempFile.exists() || FileUtils.deleteQuietly(createTempFile)) {
                                            return;
                                        }
                                        LOGGER.debug("Failed to delete temporary pom file {}", createTempFile.toString());
                                        createTempFile.deleteOnExit();
                                        return;
                                    }
                                    if (z) {
                                        break;
                                    }
                                    i = i3;
                                    i3++;
                                } while (i < i2);
                            } else {
                                z = true;
                                LOGGER.debug("Cache hit for {}", mavenArtifact.getPomUrl());
                            }
                            if (z) {
                                if (model == null) {
                                    model = PomUtils.readPom(createTempFile);
                                    if (this.cache != null) {
                                        this.cache.put(mavenArtifact.getPomUrl(), model);
                                    }
                                }
                                JarAnalyzer.setPomEvidence(dependency, model, null, fetchMavenArtifacts.size() == 1 || dependency.getActualFilePath().contains(mavenArtifact.getVersion()));
                            } else {
                                LOGGER.warn("Unable to download pom.xml for {} from Central; this could result in undetected CPE/CVEs.", dependency.getFileName());
                            }
                            if (createTempFile != null && createTempFile.exists() && !FileUtils.deleteQuietly(createTempFile)) {
                                LOGGER.debug("Failed to delete temporary pom file {}", createTempFile.toString());
                                createTempFile.deleteOnExit();
                            }
                        } catch (AnalysisException e4) {
                            LOGGER.warn(MessageFormat.format("Unable to analyze pom.xml for {0} from Central; this could result in undetected CPE/CVEs.", dependency.getFileName()), (Throwable) e4);
                            if (0 != 0 && file.exists() && !FileUtils.deleteQuietly(null)) {
                                LOGGER.debug("Failed to delete temporary pom file {}", file.toString());
                                file.deleteOnExit();
                            }
                        }
                    } catch (Throwable th) {
                        if (0 != 0 && file.exists() && !FileUtils.deleteQuietly(null)) {
                            LOGGER.debug("Failed to delete temporary pom file {}", file.toString());
                            file.deleteOnExit();
                        }
                        throw th;
                    }
                }
            }
        } catch (FileNotFoundException e5) {
            LOGGER.debug("Artifact not found in repository: '{}", dependency.getFileName());
        } catch (IOException e6) {
            LOGGER.error("Could not connect to Central search. Analysis failed.", (Throwable) e6);
            throw new AnalysisException("Could not connect to Central search. Analysis failed.", e6);
        } catch (IllegalArgumentException e7) {
            LOGGER.info("invalid sha1-hash on {}", dependency.getFileName());
        } catch (TooManyRequestsException e8) {
            setEnabled(false);
            LOGGER.error("Connections to Central search refused. Analysis failed.", (Throwable) e8);
            throw new AnalysisException("Connections to Central search refused. Analysis failed.", e8);
        }
    }

    protected List<MavenArtifact> fetchMavenArtifacts(Dependency dependency) throws IOException, TooManyRequestsException {
        IOException iOException = null;
        long j = 1500;
        int i = numberOfRetries;
        while (true) {
            int i2 = i;
            i--;
            if (i2 <= 0) {
                throw new IOException("Finally failed connecting to Central search. Giving up after " + numberOfRetries + " tries.", iOException);
            }
            try {
                return this.searcher.searchSha1(dependency.getSha1sum());
            } catch (FileNotFoundException e) {
                throw e;
            } catch (IOException e2) {
                LOGGER.debug("Could not connect to Central search (tries left: {}): {}", Integer.valueOf(i), e2.getMessage());
                iOException = e2;
                if (i > 0) {
                    try {
                        Thread.sleep(j);
                        j *= 2;
                    } catch (InterruptedException e3) {
                        Thread.currentThread().interrupt();
                        throw new UnexpectedAnalysisException(e3);
                    }
                }
            }
        }
    }

    protected void setCentralSearch(CentralSearch centralSearch) {
        this.searcher = centralSearch;
    }
}
