package com.sonatype.insight.scan.file;

import de.schlichtherle.truezip.file.TFile;
import de.schlichtherle.truezip.file.TFileInputStream;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.cyclonedx.BomParserFactory;
import org.cyclonedx.CycloneDxSchema;
import org.cyclonedx.exception.ParseException;
import org.cyclonedx.model.Bom;
import org.cyclonedx.parsers.Parser;
import org.slf4j.shaded.Logger;
import org.slf4j.shaded.LoggerFactory;
import org.spdx.jacksonstore.MultiFormatStore;
import org.spdx.library.DefaultModelStore;
import org.spdx.library.InvalidSPDXAnalysisException;
import org.spdx.library.model.SpdxDocument;
import org.spdx.storage.simple.InMemSpdxStore;

/* loaded from: input_file:com/sonatype/insight/scan/file/ThirdPartyUtils.class */
public final class ThirdPartyUtils {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ThirdPartyUtils.class);
    public static final Map<String, CycloneDxSchema.Version> CYCLONEDX_ACCEPTED_VERSIONS_XML = new HashMap();
    public static final Map<String, CycloneDxSchema.Version> CYCLONEDX_ACCEPTED_VERSIONS_JSON = new HashMap();
    public static final Map<String, String> SPDX_ACCEPTED_VERSIONS = new HashMap();
    private static final Pattern DEPRECATION_PATTERN;

    public static Bom parseAndValidateCycloneDx(String str, SbomFormat sbomFormat) throws InvalidSbomException, ParseException, IOException, UnsupportedSbomException {
        long currentTimeMillis = System.currentTimeMillis();
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        Parser createParser = BomParserFactory.createParser(bytes);
        Bom parse = createParser.parse(bytes);
        log.debug("Total time parsing CDX BOM {}ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        validateCycloneDxVersion(sbomFormat, parse);
        validateCycloneDx(getCycloneDxSchemaVersion(parse.getSpecVersion()), createParser, bytes);
        log.debug("Total time parsing and validating CDX BOM {}ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        return parse;
    }

    private static void validateCycloneDx(CycloneDxSchema.Version version, Parser parser, byte[] bArr) throws IOException {
        List<ParseException> validate = parser.validate(bArr, version);
        if (validate.isEmpty()) {
            return;
        }
        InvalidSbomException invalidSbomException = new InvalidSbomException("The sbom is not valid.");
        invalidSbomException.getClass();
        validate.forEach((v1) -> {
            r1.addSuppressed(v1);
        });
        log.error(invalidSbomException.getMessage() + " There were " + invalidSbomException.getSuppressed().length + " errors.", (Throwable) invalidSbomException);
        throw invalidSbomException;
    }

    public static CycloneDxSchema.Version getCycloneDxSchemaVersion(String str) {
        for (CycloneDxSchema.Version version : CycloneDxSchema.Version.values()) {
            if (version.getVersionString().equals(str)) {
                return version;
            }
        }
        return null;
    }

    /* JADX WARN: Failed to calculate best type for var: r14v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 14, insn: 0x00de: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r14 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:59:0x00de */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x00e3: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:61:0x00e3 */
    /* JADX WARN: Type inference failed for: r14v0, types: [org.spdx.jacksonstore.MultiFormatStore] */
    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable] */
    public static SpdxDocument parseAndValidateSpdx(String str, SbomFormat sbomFormat) throws InvalidSPDXAnalysisException, InvalidSbomException, IOException, UnsupportedSbomException {
        long currentTimeMillis = System.currentTimeMillis();
        MultiFormatStore.Format format = sbomFormat == SbomFormat.JSON ? MultiFormatStore.Format.JSON : MultiFormatStore.Format.XML;
        DefaultModelStore.reset();
        InMemSpdxStore inMemSpdxStore = new InMemSpdxStore();
        try {
            try {
                MultiFormatStore multiFormatStore = new MultiFormatStore(inMemSpdxStore, format, MultiFormatStore.Verbose.COMPACT);
                Throwable th = null;
                BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(str.getBytes()));
                Throwable th2 = null;
                try {
                    try {
                        String deSerialize = multiFormatStore.deSerialize(bufferedInputStream, true);
                        if (bufferedInputStream != null) {
                            if (0 != 0) {
                                try {
                                    bufferedInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                bufferedInputStream.close();
                            }
                        }
                        if (multiFormatStore != null) {
                            if (0 != 0) {
                                try {
                                    multiFormatStore.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                multiFormatStore.close();
                            }
                        }
                        log.debug("Total time parsing SPDX BOM {}ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                        SpdxDocument spdxDocument = new SpdxDocument(inMemSpdxStore, deSerialize, DefaultModelStore.getDefaultCopyManager(), true);
                        validateSpdxVersion(sbomFormat, spdxDocument);
                        validateSpdx(spdxDocument);
                        log.debug("Total time parsing and validating SPDX BOM {}ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                        return spdxDocument;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (bufferedInputStream != null) {
                        if (th2 != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IOException("SPDX content cannot be parsed", e);
        }
    }

    private static void validateSpdx(SpdxDocument spdxDocument) {
        List list = (List) spdxDocument.verify().stream().filter(str -> {
            return !DEPRECATION_PATTERN.matcher(str).matches();
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            return;
        }
        InvalidSbomException invalidSbomException = new InvalidSbomException("The sbom is not valid.");
        list.forEach(str2 -> {
            invalidSbomException.addSuppressed(new InvalidSPDXAnalysisException(str2.replace("Relationship error: ", "")));
        });
        log.error(invalidSbomException.getMessage() + " There were " + list.size() + " errors.", (Throwable) invalidSbomException);
        throw invalidSbomException;
    }

    public static void validateCycloneDxVersion(SbomFormat sbomFormat, Bom bom) throws UnsupportedSbomException {
        if (sbomFormat == null) {
            throw new UnsupportedSbomException("Missing CycloneDX encoding type");
        }
        String specVersion = bom.getSpecVersion();
        if (sbomFormat == SbomFormat.XML) {
            if (CYCLONEDX_ACCEPTED_VERSIONS_XML.get(specVersion) == null) {
                throw new UnsupportedSbomException("CycloneDX XML " + specVersion + " version is not supported");
            }
        } else {
            if (sbomFormat != SbomFormat.JSON) {
                throw new UnsupportedSbomException("CycloneDX content encodingType (" + sbomFormat + ") is not supported");
            }
            if (CYCLONEDX_ACCEPTED_VERSIONS_JSON.get(specVersion) == null) {
                throw new UnsupportedSbomException("CycloneDX JSON " + specVersion + " version is not supported");
            }
        }
    }

    public static void validateSpdxVersion(SbomFormat sbomFormat, SpdxDocument spdxDocument) throws UnsupportedSbomException {
        if (sbomFormat == null) {
            throw new UnsupportedSbomException("Missing SPDX encoding type");
        }
        try {
            String specVersion = spdxDocument.getSpecVersion();
            if (StringUtils.isBlank(specVersion)) {
                throw new UnsupportedSbomException("SPDX version is not specified");
            }
            if (!SPDX_ACCEPTED_VERSIONS.containsKey(specVersion)) {
                throw new UnsupportedSbomException("SPDX " + specVersion.replace("SPDX-", "") + " version is not supported");
            }
        } catch (InvalidSPDXAnalysisException e) {
            throw new UnsupportedSbomException("SPDX version is not specified");
        }
    }

    public static boolean isSbomContent(TFile tFile) {
        try {
            TFileInputStream tFileInputStream = new TFileInputStream(tFile);
            Throwable th = null;
            try {
                boolean looksLikeCycloneDX = looksLikeCycloneDX(IOUtils.toString(tFileInputStream, StandardCharsets.UTF_8));
                if (tFileInputStream != null) {
                    if (0 != 0) {
                        try {
                            tFileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        tFileInputStream.close();
                    }
                }
                return looksLikeCycloneDX;
            } finally {
            }
        } catch (IOException e) {
            return false;
        }
    }

    public static boolean looksLikeCycloneDX(String str) {
        if (str.contains("<bom") && str.contains("http://cyclonedx.org/schema/bom")) {
            return true;
        }
        return str.startsWith("{") && str.contains("bomFormat") && str.contains("CycloneDX");
    }

    static {
        CYCLONEDX_ACCEPTED_VERSIONS_XML.put(CycloneDxSchema.Version.VERSION_11.getVersionString(), CycloneDxSchema.Version.VERSION_11);
        CYCLONEDX_ACCEPTED_VERSIONS_XML.put(CycloneDxSchema.Version.VERSION_12.getVersionString(), CycloneDxSchema.Version.VERSION_12);
        CYCLONEDX_ACCEPTED_VERSIONS_XML.put(CycloneDxSchema.Version.VERSION_13.getVersionString(), CycloneDxSchema.Version.VERSION_13);
        CYCLONEDX_ACCEPTED_VERSIONS_XML.put(CycloneDxSchema.Version.VERSION_14.getVersionString(), CycloneDxSchema.Version.VERSION_14);
        CYCLONEDX_ACCEPTED_VERSIONS_XML.put(CycloneDxSchema.Version.VERSION_15.getVersionString(), CycloneDxSchema.Version.VERSION_15);
        CYCLONEDX_ACCEPTED_VERSIONS_JSON.put(CycloneDxSchema.Version.VERSION_14.getVersionString(), CycloneDxSchema.Version.VERSION_14);
        CYCLONEDX_ACCEPTED_VERSIONS_JSON.put(CycloneDxSchema.Version.VERSION_15.getVersionString(), CycloneDxSchema.Version.VERSION_15);
        SPDX_ACCEPTED_VERSIONS.put("SPDX-2.3", "2.3");
        DEPRECATION_PATTERN = Pattern.compile(".*Relationship error: [^\\s]+ is deprecated\\..*");
    }
}
