package org.owasp.dependencycheck.analyzer;

import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.jsoup.Jsoup;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.jaxb.pom.MavenNamespaceFilter;
import org.owasp.dependencycheck.jaxb.pom.generated.License;
import org.owasp.dependencycheck.jaxb.pom.generated.Model;
import org.owasp.dependencycheck.jaxb.pom.generated.Organization;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/JarAnalyzer.class */
public class JarAnalyzer extends AbstractFileTypeAnalyzer {
    private static final int BUFFER_SIZE = 4096;
    private static final String BUNDLE_VERSION = "Bundle-Version";
    private static final String BUNDLE_DESCRIPTION = "Bundle-Description";
    private static final String BUNDLE_NAME = "Bundle-Name";
    private static final String BUNDLE_VENDOR = "Bundle-Vendor";
    private Unmarshaller pomUnmarshaller;
    private static final String ANALYZER_NAME = "Jar Analyzer";
    private File tempFileLocation = null;
    private static final Logger LOGGER = Logger.getLogger(JarAnalyzer.class.getName());
    private static int dirCount = 0;
    private static final String NEWLINE = System.getProperty("line.separator");
    private static final Set<String> IGNORE_VALUES = newHashSet("Sun Java System Application Server");
    private static final Set<String> IGNORE_KEYS = newHashSet("built-by", "created-by", "builtby", "createdby", "build-jdk", "buildjdk", "ant-version", "antversion", "dynamicimportpackage", "dynamicimport-package", "dynamic-importpackage", "dynamic-import-package", "import-package", "ignore-package", "export-package", "importpackage", "ignorepackage", "exportpackage", "sealed", "manifest-version", "archiver-version", "manifestversion", "archiverversion", "classpath", "class-path", "tool", "bundle-manifestversion", "bundlemanifestversion", "include-resource", "embed-dependency", "ipojo-components", "ipojo-extension", "eclipse-sourcereferences");
    private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", 2);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final Set<String> EXTENSIONS = newHashSet("jar", "war");

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/JarAnalyzer$ClassNameInformation.class */
    public static class ClassNameInformation {
        private String name;
        private final ArrayList<String> packageStructure = new ArrayList<>();

        ClassNameInformation(String str) {
            this.name = str;
            if (!this.name.contains("/")) {
                this.packageStructure.add(this.name);
                return;
            }
            String[] split = str.toLowerCase().split("/");
            int i = 0;
            int i2 = 3;
            if ("com".equals(split[0]) || "org".equals(split[0])) {
                i = 1;
                i2 = 4;
            }
            i2 = split.length <= i2 ? split.length - 1 : i2;
            for (int i3 = i; i3 <= i2; i3++) {
                this.packageStructure.add(split[i3]);
            }
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public ArrayList<String> getPackageStructure() {
            return this.packageStructure;
        }
    }

    public JarAnalyzer() {
        try {
            this.pomUnmarshaller = JAXBContext.newInstance(new Class[]{Model.class}).createUnmarshaller();
        } catch (JAXBException e) {
            LOGGER.log(Level.SEVERE, "Unable to load parser. See the log for more details.");
            LOGGER.log(Level.FINE, (String) null, e);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public Set<String> getSupportedExtensions() {
        return EXTENSIONS;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.jar.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        try {
            ArrayList<ClassNameInformation> collectClassNames = collectClassNames(dependency);
            String lowerCase = dependency.getFileName().toLowerCase();
            if (collectClassNames.isEmpty() && (lowerCase.endsWith("-sources.jar") || lowerCase.endsWith("-javadoc.jar") || lowerCase.endsWith("-src.jar") || lowerCase.endsWith("-doc.jar"))) {
                engine.getDependencies().remove(dependency);
            }
            analyzePackageNames(collectClassNames, dependency, (parseManifest(dependency, collectClassNames) && analyzePOM(dependency, collectClassNames, engine)) ? false : true);
        } catch (IOException e) {
            throw new AnalysisException("Exception occurred reading the JAR file.", e);
        }
    }

    protected boolean analyzePOM(Dependency dependency, ArrayList<ClassNameInformation> arrayList, Engine engine) throws AnalysisException {
        boolean z = false;
        try {
            JarFile jarFile = new JarFile(dependency.getActualFilePath());
            try {
                List<String> retrievePomListing = retrievePomListing(jarFile);
                if (retrievePomListing.isEmpty()) {
                    return false;
                }
                for (String str : retrievePomListing) {
                    Properties properties = null;
                    try {
                        properties = retrievePomProperties(str, jarFile);
                    } catch (IOException e) {
                        LOGGER.log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", (Throwable) e);
                    }
                    try {
                        if (retrievePomListing.size() > 1) {
                            Dependency dependency2 = new Dependency();
                            Model extractPom = extractPom(str, jarFile, dependency2);
                            String format = String.format("%s%s%s", dependency.getFilePath(), File.separator, str);
                            dependency2.setFileName(String.format("%s%s%s", dependency.getFileName(), File.separator, str));
                            dependency2.setFilePath(format);
                            setPomEvidence(dependency2, extractPom, properties, null);
                            engine.getDependencies().add(dependency2);
                            Collections.sort(engine.getDependencies());
                        } else {
                            z |= setPomEvidence(dependency, retrievePom(str, jarFile), properties, arrayList);
                        }
                    } catch (AnalysisException e2) {
                        LOGGER.log(Level.WARNING, String.format("An error occured while analyzing '%s'.", dependency.getActualFilePath()));
                        LOGGER.log(Level.FINE, "", (Throwable) e2);
                    }
                }
                return z;
            } catch (IOException e3) {
                String format2 = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath());
                LOGGER.log(Level.WARNING, format2);
                LOGGER.log(Level.FINE, format2, (Throwable) e3);
                return false;
            }
        } catch (IOException e4) {
            LOGGER.log(Level.WARNING, String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath()));
            LOGGER.log(Level.FINE, "", (Throwable) e4);
            return false;
        }
    }

    private Properties retrievePomProperties(String str, JarFile jarFile) throws IOException {
        Properties properties = null;
        ZipEntry entry = jarFile.getEntry(str.substring(0, str.length() - 7) + "pom.properies");
        if (entry != null) {
            InputStreamReader inputStreamReader = null;
            try {
                inputStreamReader = new InputStreamReader(jarFile.getInputStream(entry), "UTF-8");
                properties = new Properties();
                properties.load(inputStreamReader);
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e) {
                        LOGGER.log(Level.FINEST, "close error", (Throwable) e);
                    }
                }
            } catch (Throwable th) {
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e2) {
                        LOGGER.log(Level.FINEST, "close error", (Throwable) e2);
                    }
                }
                throw th;
            }
        }
        return properties;
    }

    private List<String> retrievePomListing(JarFile jarFile) throws IOException {
        ArrayList arrayList = new ArrayList();
        Enumeration<JarEntry> entries = jarFile.entries();
        while (entries.hasMoreElements()) {
            JarEntry nextElement = entries.nextElement();
            String lowerCase = new File(nextElement.getName()).getName().toLowerCase();
            if (!nextElement.isDirectory() && "pom.xml".equals(lowerCase)) {
                arrayList.add(nextElement.getName());
            }
        }
        return arrayList;
    }

    private Model extractPom(String str, JarFile jarFile, Dependency dependency) throws AnalysisException {
        InputStream inputStream = null;
        OutputStream outputStream = null;
        BufferedOutputStream bufferedOutputStream = null;
        File file = new File(getNextTempDirectory(), "pom.xml");
        try {
            try {
                inputStream = jarFile.getInputStream(jarFile.getEntry(str));
                outputStream = new FileOutputStream(file);
                bufferedOutputStream = new BufferedOutputStream(outputStream, BUFFER_SIZE);
                byte[] bArr = new byte[BUFFER_SIZE];
                while (true) {
                    int read = inputStream.read(bArr, 0, BUFFER_SIZE);
                    if (read == -1) {
                        break;
                    }
                    bufferedOutputStream.write(bArr, 0, read);
                }
                bufferedOutputStream.flush();
                dependency.setActualFilePath(file.getAbsolutePath());
                closeStream(bufferedOutputStream);
                closeStream(outputStream);
                closeStream(inputStream);
            } catch (IOException e) {
                LOGGER.warning(String.format("An error occurred reading '%s' from '%s'.", str, dependency.getFilePath()));
                LOGGER.log(Level.SEVERE, "", (Throwable) e);
                closeStream(bufferedOutputStream);
                closeStream(outputStream);
                closeStream(inputStream);
            }
            InputStream inputStream2 = null;
            try {
                try {
                    try {
                        try {
                            inputStream2 = new FileInputStream(file);
                            Model readPom = readPom(new SAXSource(new InputSource(new InputStreamReader(inputStream2, "UTF-8"))));
                            closeStream(inputStream2);
                            return readPom;
                        } catch (UnsupportedEncodingException e2) {
                            LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", str, jarFile.getName()));
                            LOGGER.log(Level.FINE, "", (Throwable) e2);
                            throw new AnalysisException(e2);
                        }
                    } catch (AnalysisException e3) {
                        LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s' in jar '%s'", str, jarFile.getName()));
                        LOGGER.log(Level.FINE, "", (Throwable) e3);
                        throw e3;
                    }
                } catch (FileNotFoundException e4) {
                    LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s' in jar '%s' (File Not Found)", str, jarFile.getName()));
                    LOGGER.log(Level.FINE, "", (Throwable) e4);
                    throw new AnalysisException(e4);
                }
            } catch (Throwable th) {
                closeStream(inputStream2);
                throw th;
            }
        } catch (Throwable th2) {
            closeStream(bufferedOutputStream);
            closeStream(outputStream);
            closeStream(inputStream);
            throw th2;
        }
    }

    private void closeStream(InputStream inputStream) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOGGER.log(Level.FINEST, (String) null, (Throwable) e);
            }
        }
    }

    private void closeStream(OutputStream outputStream) {
        if (outputStream != null) {
            try {
                outputStream.close();
            } catch (IOException e) {
                LOGGER.log(Level.FINEST, (String) null, (Throwable) e);
            }
        }
    }

    private Model retrievePom(String str, JarFile jarFile) throws AnalysisException {
        ZipEntry entry = jarFile.getEntry(str);
        Model model = null;
        if (entry != null) {
            try {
                model = readPom(new SAXSource(new InputSource(new InputStreamReader(new NonClosingStream(jarFile.getInputStream(entry)), "UTF-8"))));
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s' in jar '%s' (IO Exception)", str, jarFile.getName()));
                LOGGER.log(Level.FINE, "", (Throwable) e);
                throw new AnalysisException(e);
            } catch (SecurityException e2) {
                LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s' in jar '%s'; invalid signature", str, jarFile.getName()));
                LOGGER.log(Level.FINE, (String) null, (Throwable) e2);
                throw new AnalysisException(e2);
            } catch (Throwable th) {
                LOGGER.log(Level.WARNING, String.format("Unexpected error during parsing of the pom '%s' in jar '%s'", str, jarFile.getName()));
                LOGGER.log(Level.FINE, "", th);
                throw new AnalysisException(th);
            }
        }
        return model;
    }

    private Model readPom(SAXSource sAXSource) throws AnalysisException {
        try {
            new MavenNamespaceFilter().setParent(SAXParserFactory.newInstance().newSAXParser().getXMLReader());
            return (Model) this.pomUnmarshaller.unmarshal(sAXSource, Model.class).getValue();
        } catch (JAXBException e) {
            throw new AnalysisException((Throwable) e);
        } catch (SecurityException e2) {
            throw new AnalysisException(e2);
        } catch (ParserConfigurationException e3) {
            throw new AnalysisException(e3);
        } catch (SAXException e4) {
            throw new AnalysisException(e4);
        } catch (Throwable th) {
            throw new AnalysisException(th);
        }
    }

    private boolean setPomEvidence(Dependency dependency, Model model, Properties properties, ArrayList<ClassNameInformation> arrayList) {
        boolean z = false;
        boolean z2 = true;
        if (model == null) {
            return false;
        }
        String interpolateString = interpolateString(model.getGroupId(), properties);
        String str = null;
        if (model.getParent() != null) {
            str = interpolateString(model.getParent().getGroupId(), properties);
            if ((interpolateString == null || interpolateString.isEmpty()) && str != null && !str.isEmpty()) {
                interpolateString = str;
            }
        }
        String str2 = interpolateString;
        if (interpolateString == null || interpolateString.isEmpty()) {
            z2 = false;
        } else {
            if (interpolateString.startsWith("org.") || interpolateString.startsWith("com.")) {
                interpolateString = interpolateString.substring(4);
            }
            z = true;
            dependency.getVendorEvidence().addEvidence("pom", "groupid", interpolateString, Confidence.HIGHEST);
            dependency.getProductEvidence().addEvidence("pom", "groupid", interpolateString, Confidence.LOW);
            addMatchingValues(arrayList, interpolateString, dependency.getVendorEvidence());
            addMatchingValues(arrayList, interpolateString, dependency.getProductEvidence());
            if (str != null && !str.isEmpty() && !str.equals(interpolateString)) {
                dependency.getVendorEvidence().addEvidence("pom", "parent-groupid", str, Confidence.MEDIUM);
                dependency.getProductEvidence().addEvidence("pom", "parent-groupid", str, Confidence.LOW);
                addMatchingValues(arrayList, str, dependency.getVendorEvidence());
                addMatchingValues(arrayList, str, dependency.getProductEvidence());
            }
        }
        String interpolateString2 = interpolateString(model.getArtifactId(), properties);
        String str3 = null;
        if (model.getParent() != null) {
            str3 = interpolateString(model.getParent().getArtifactId(), properties);
            if ((interpolateString2 == null || interpolateString2.isEmpty()) && str3 != null && !str3.isEmpty()) {
                interpolateString2 = str3;
            }
        }
        String str4 = interpolateString2;
        if (interpolateString2 == null || interpolateString2.isEmpty()) {
            z2 = false;
        } else {
            if (interpolateString2.startsWith("org.") || interpolateString2.startsWith("com.")) {
                interpolateString2 = interpolateString2.substring(4);
            }
            z = true;
            dependency.getProductEvidence().addEvidence("pom", "artifactid", interpolateString2, Confidence.HIGHEST);
            dependency.getVendorEvidence().addEvidence("pom", "artifactid", interpolateString2, Confidence.LOW);
            addMatchingValues(arrayList, interpolateString2, dependency.getVendorEvidence());
            addMatchingValues(arrayList, interpolateString2, dependency.getProductEvidence());
            if (str3 != null && !str3.isEmpty() && !str3.equals(interpolateString2)) {
                dependency.getProductEvidence().addEvidence("pom", "parent-artifactid", str3, Confidence.MEDIUM);
                dependency.getVendorEvidence().addEvidence("pom", "parent-artifactid", str3, Confidence.LOW);
                addMatchingValues(arrayList, str3, dependency.getVendorEvidence());
                addMatchingValues(arrayList, str3, dependency.getProductEvidence());
            }
        }
        String interpolateString3 = interpolateString(model.getVersion(), properties);
        String str5 = null;
        if (model.getParent() != null) {
            str5 = interpolateString(model.getParent().getVersion(), properties);
            if ((interpolateString3 == null || interpolateString3.isEmpty()) && str5 != null && !str5.isEmpty()) {
                interpolateString3 = str5;
            }
        }
        if (interpolateString3 == null || interpolateString3.isEmpty()) {
            z2 = false;
        } else {
            z = true;
            dependency.getVersionEvidence().addEvidence("pom", "version", interpolateString3, Confidence.HIGHEST);
            if (str5 != null && !str5.isEmpty() && !str5.equals(interpolateString3)) {
                dependency.getVersionEvidence().addEvidence("pom", "parent-version", interpolateString3, Confidence.LOW);
            }
        }
        if (z2) {
            dependency.addIdentifier("maven", String.format("%s:%s:%s", str2, str4, interpolateString3), null, Confidence.LOW);
        }
        Organization organization = model.getOrganization();
        if (organization != null && organization.getName() != null) {
            z = true;
            String interpolateString4 = interpolateString(organization.getName(), properties);
            if (interpolateString4 != null && !interpolateString4.isEmpty()) {
                dependency.getVendorEvidence().addEvidence("pom", "organization name", interpolateString4, Confidence.HIGH);
                addMatchingValues(arrayList, interpolateString4, dependency.getVendorEvidence());
            }
        }
        String interpolateString5 = interpolateString(model.getName(), properties);
        if (interpolateString5 != null && !interpolateString5.isEmpty()) {
            z = true;
            dependency.getProductEvidence().addEvidence("pom", "name", interpolateString5, Confidence.HIGH);
            dependency.getVendorEvidence().addEvidence("pom", "name", interpolateString5, Confidence.HIGH);
            addMatchingValues(arrayList, interpolateString5, dependency.getVendorEvidence());
            addMatchingValues(arrayList, interpolateString5, dependency.getProductEvidence());
        }
        if (model.getDescription() != null) {
            z = true;
            String interpolateString6 = interpolateString(model.getDescription(), properties);
            if (interpolateString6 != null && !interpolateString6.isEmpty()) {
                String addDescription = addDescription(dependency, interpolateString6, "pom", "description");
                addMatchingValues(arrayList, addDescription, dependency.getVendorEvidence());
                addMatchingValues(arrayList, addDescription, dependency.getProductEvidence());
            }
        }
        extractLicense(model, properties, dependency);
        return z;
    }

    protected void analyzePackageNames(ArrayList<ClassNameInformation> arrayList, Dependency dependency, boolean z) {
        HashMap<String, Integer> hashMap = new HashMap<>();
        HashMap<String, Integer> hashMap2 = new HashMap<>();
        analyzeFullyQualifiedClassNames(arrayList, hashMap, hashMap2);
        int size = arrayList.size();
        EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
        EvidenceCollection productEvidence = dependency.getProductEvidence();
        for (Map.Entry<String, Integer> entry : hashMap.entrySet()) {
            if (entry.getValue().intValue() / size > 0.5d) {
                vendorEvidence.addWeighting(entry.getKey());
                if (z && entry.getKey().length() > 1) {
                    vendorEvidence.addEvidence("jar", "package name", entry.getKey(), Confidence.LOW);
                }
            }
        }
        for (Map.Entry<String, Integer> entry2 : hashMap2.entrySet()) {
            if (entry2.getValue().intValue() / size > 0.5d) {
                productEvidence.addWeighting(entry2.getKey());
                if (z && entry2.getKey().length() > 1) {
                    productEvidence.addEvidence("jar", "package name", entry2.getKey(), Confidence.LOW);
                }
            }
        }
    }

    protected boolean parseManifest(Dependency dependency, ArrayList<ClassNameInformation> arrayList) throws IOException {
        boolean z = false;
        JarFile jarFile = null;
        try {
            JarFile jarFile2 = new JarFile(dependency.getActualFilePath());
            Manifest manifest = jarFile2.getManifest();
            if (manifest == null) {
                if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar") && !dependency.getFileName().toLowerCase().endsWith("-javadoc.jar") && !dependency.getFileName().toLowerCase().endsWith("-src.jar") && !dependency.getFileName().toLowerCase().endsWith("-doc.jar")) {
                    LOGGER.log(Level.FINE, String.format("Jar file '%s' does not contain a manifest.", dependency.getFileName()));
                }
                if (jarFile2 != null) {
                    jarFile2.close();
                }
                return false;
            }
            Attributes mainAttributes = manifest.getMainAttributes();
            EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
            EvidenceCollection productEvidence = dependency.getProductEvidence();
            EvidenceCollection versionEvidence = dependency.getVersionEvidence();
            Iterator<Map.Entry<Object, Object>> it = mainAttributes.entrySet().iterator();
            while (it.hasNext()) {
                String obj = it.next().getKey().toString();
                String value = mainAttributes.getValue(obj);
                if (HTML_DETECTION_PATTERN.matcher(value).find()) {
                    value = Jsoup.parse(value).text();
                }
                if (!IGNORE_VALUES.contains(value)) {
                    if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
                        z = true;
                        productEvidence.addEvidence("Manifest", obj, value, Confidence.HIGH);
                        addMatchingValues(arrayList, value, productEvidence);
                    } else if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
                        z = true;
                        versionEvidence.addEvidence("Manifest", obj, value, Confidence.HIGH);
                    } else if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
                        z = true;
                        vendorEvidence.addEvidence("Manifest", obj, value, Confidence.HIGH);
                        addMatchingValues(arrayList, value, vendorEvidence);
                    } else if (obj.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
                        z = true;
                        vendorEvidence.addEvidence("Manifest", obj, value, Confidence.MEDIUM);
                        addMatchingValues(arrayList, value, vendorEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_DESCRIPTION)) {
                        z = true;
                        addDescription(dependency, value, "manifest", obj);
                        addMatchingValues(arrayList, value, productEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_NAME)) {
                        z = true;
                        productEvidence.addEvidence("Manifest", obj, value, Confidence.MEDIUM);
                        addMatchingValues(arrayList, value, productEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_VENDOR)) {
                        z = true;
                        vendorEvidence.addEvidence("Manifest", obj, value, Confidence.HIGH);
                        addMatchingValues(arrayList, value, vendorEvidence);
                    } else if (obj.equalsIgnoreCase(BUNDLE_VERSION)) {
                        z = true;
                        versionEvidence.addEvidence("Manifest", obj, value, Confidence.HIGH);
                    } else if (!obj.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) {
                        String lowerCase = obj.toLowerCase();
                        if (!IGNORE_KEYS.contains(lowerCase) && !lowerCase.endsWith("jdk") && !lowerCase.contains("lastmodified") && !lowerCase.endsWith("package") && !lowerCase.endsWith("classpath") && !lowerCase.endsWith("class-path") && !lowerCase.endsWith("-scm") && !lowerCase.startsWith("scm-") && !value.trim().startsWith("scm:") && !isImportPackage(lowerCase, value) && !isPackage(lowerCase, value)) {
                            z = true;
                            if (lowerCase.contains("version")) {
                                if (lowerCase.contains("specification")) {
                                    versionEvidence.addEvidence("Manifest", lowerCase, value, Confidence.LOW);
                                } else {
                                    versionEvidence.addEvidence("Manifest", lowerCase, value, Confidence.MEDIUM);
                                }
                            } else if ("build-id".equals(lowerCase)) {
                                int indexOf = value.indexOf(40);
                                if (indexOf >= 0) {
                                    value = value.substring(0, indexOf - 1);
                                }
                                int indexOf2 = value.indexOf(91);
                                if (indexOf2 >= 0) {
                                    value = value.substring(0, indexOf2 - 1);
                                }
                                versionEvidence.addEvidence("Manifest", lowerCase, value, Confidence.MEDIUM);
                            } else if (lowerCase.contains("title")) {
                                productEvidence.addEvidence("Manifest", lowerCase, value, Confidence.MEDIUM);
                                addMatchingValues(arrayList, value, productEvidence);
                            } else if (lowerCase.contains(Fields.VENDOR)) {
                                if (lowerCase.contains("specification")) {
                                    vendorEvidence.addEvidence("Manifest", lowerCase, value, Confidence.LOW);
                                } else {
                                    vendorEvidence.addEvidence("Manifest", lowerCase, value, Confidence.MEDIUM);
                                    addMatchingValues(arrayList, value, vendorEvidence);
                                }
                            } else if (lowerCase.contains("name")) {
                                productEvidence.addEvidence("Manifest", lowerCase, value, Confidence.MEDIUM);
                                vendorEvidence.addEvidence("Manifest", lowerCase, value, Confidence.MEDIUM);
                                addMatchingValues(arrayList, value, vendorEvidence);
                                addMatchingValues(arrayList, value, productEvidence);
                            } else if (lowerCase.contains("license")) {
                                addLicense(dependency, value);
                            } else if (lowerCase.contains("description")) {
                                addDescription(dependency, value, "manifest", lowerCase);
                            } else {
                                productEvidence.addEvidence("Manifest", lowerCase, value, Confidence.LOW);
                                vendorEvidence.addEvidence("Manifest", lowerCase, value, Confidence.LOW);
                                addMatchingValues(arrayList, value, vendorEvidence);
                                addMatchingValues(arrayList, value, productEvidence);
                                if (value.matches(".*\\d.*")) {
                                    StringTokenizer stringTokenizer = new StringTokenizer(value, " ");
                                    while (stringTokenizer.hasMoreElements()) {
                                        String nextToken = stringTokenizer.nextToken();
                                        if (nextToken.matches("^[0-9.]+$")) {
                                            versionEvidence.addEvidence("Manifest", lowerCase, nextToken, Confidence.LOW);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            if (jarFile2 != null) {
                jarFile2.close();
            }
            return z;
        } catch (Throwable th) {
            if (0 != 0) {
                jarFile.close();
            }
            throw th;
        }
    }

    private String addDescription(Dependency dependency, String str, String str2, String str3) {
        if (dependency.getDescription() == null) {
            dependency.setDescription(str);
        }
        String text = HTML_DETECTION_PATTERN.matcher(str).find() ? Jsoup.parse(str).text() : str;
        dependency.setDescription(text);
        if (text.length() > 100) {
            text = text.replaceAll("\\s\\s+", " ");
            int indexOf = text.toLowerCase().indexOf("such as ", 100);
            int indexOf2 = text.toLowerCase().indexOf("like ", 100);
            int indexOf3 = text.toLowerCase().indexOf("will use ", 100);
            int indexOf4 = text.toLowerCase().indexOf(" uses ", 100);
            int max = Math.max(-1, indexOf);
            int max2 = (max < 0 || indexOf2 < 0) ? Math.max(max, indexOf2) : Math.min(max, indexOf2);
            int max3 = (max2 < 0 || indexOf3 < 0) ? Math.max(max2, indexOf3) : Math.min(max2, indexOf3);
            int max4 = (max3 < 0 || indexOf4 < 0) ? Math.max(max3, indexOf4) : Math.min(max3, indexOf4);
            if (max4 > 0) {
                StringBuilder sb = new StringBuilder(max4 + 3);
                sb.append(text.substring(0, max4));
                sb.append("...");
                text = sb.toString();
            }
            dependency.getProductEvidence().addEvidence(str2, str3, text, Confidence.LOW);
            dependency.getVendorEvidence().addEvidence(str2, str3, text, Confidence.LOW);
        } else {
            dependency.getProductEvidence().addEvidence(str2, str3, text, Confidence.MEDIUM);
            dependency.getVendorEvidence().addEvidence(str2, str3, text, Confidence.MEDIUM);
        }
        return text;
    }

    private void addLicense(Dependency dependency, String str) {
        if (dependency.getLicense() == null) {
            dependency.setLicense(str);
        } else {
            if (dependency.getLicense().contains(str)) {
                return;
            }
            dependency.setLicense(dependency.getLicense() + NEWLINE + str);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws Exception {
        this.tempFileLocation = File.createTempFile("check", "tmp", Settings.getTempDirectory());
        if (!this.tempFileLocation.delete()) {
            throw new AnalysisException(String.format("Unable to delete temporary file '%s'.", this.tempFileLocation.getAbsolutePath()));
        }
        if (!this.tempFileLocation.mkdirs()) {
            throw new AnalysisException(String.format("Unable to create directory '%s'.", this.tempFileLocation.getAbsolutePath()));
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public void close() {
        if (this.tempFileLocation == null || !this.tempFileLocation.exists()) {
            return;
        }
        LOGGER.log(Level.FINE, "Attempting to delete temporary files");
        if (FileUtils.delete(this.tempFileLocation)) {
            return;
        }
        LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
    }

    protected String interpolateString(String str, Properties properties) {
        int indexOf;
        Properties properties2 = properties;
        if (str == null) {
            return str;
        }
        if (properties2 == null) {
            properties2 = new Properties();
        }
        int indexOf2 = str.indexOf("${");
        if (indexOf2 >= 0 && (indexOf = str.indexOf("}")) >= indexOf2) {
            String interpolateString = interpolateString(properties2.getProperty(str.substring(indexOf2 + 2, indexOf)), properties2);
            if (interpolateString == null) {
                interpolateString = "";
            }
            StringBuilder sb = new StringBuilder(interpolateString.length() + str.length());
            sb.append(str.subSequence(0, indexOf2));
            sb.append(interpolateString);
            sb.append(str.substring(indexOf + 1));
            return interpolateString(sb.toString(), properties2);
        }
        return str;
    }

    private boolean isImportPackage(String str, String str2) {
        return Pattern.compile("^([a-zA-Z0-9_#\\$\\*\\.]+\\s*[,;]\\s*)+([a-zA-Z0-9_#\\$\\*\\.]+\\s*)?$").matcher(str2).matches() && (str.contains("import") || str.contains("include") || str2.length() > 10);
    }

    private ArrayList<ClassNameInformation> collectClassNames(Dependency dependency) {
        ArrayList<ClassNameInformation> arrayList = new ArrayList<>();
        JarFile jarFile = null;
        try {
            try {
                jarFile = new JarFile(dependency.getActualFilePath());
                Enumeration<JarEntry> entries = jarFile.entries();
                while (entries.hasMoreElements()) {
                    String lowerCase = entries.nextElement().getName().toLowerCase();
                    if (lowerCase.endsWith(".class") && !lowerCase.matches("^javax?\\..*$")) {
                        arrayList.add(new ClassNameInformation(lowerCase.substring(0, lowerCase.length() - 6)));
                    }
                }
                if (jarFile != null) {
                    try {
                        jarFile.close();
                    } catch (IOException e) {
                        LOGGER.log(Level.FINEST, (String) null, (Throwable) e);
                    }
                }
            } catch (IOException e2) {
                LOGGER.log(Level.WARNING, String.format("Unable to open jar file '%s'.", dependency.getFileName()));
                LOGGER.log(Level.FINE, (String) null, (Throwable) e2);
                if (jarFile != null) {
                    try {
                        jarFile.close();
                    } catch (IOException e3) {
                        LOGGER.log(Level.FINEST, (String) null, (Throwable) e3);
                    }
                }
            }
            return arrayList;
        } catch (Throwable th) {
            if (jarFile != null) {
                try {
                    jarFile.close();
                } catch (IOException e4) {
                    LOGGER.log(Level.FINEST, (String) null, (Throwable) e4);
                }
            }
            throw th;
        }
    }

    private void analyzeFullyQualifiedClassNames(ArrayList<ClassNameInformation> arrayList, HashMap<String, Integer> hashMap, HashMap<String, Integer> hashMap2) {
        Iterator<ClassNameInformation> it = arrayList.iterator();
        while (it.hasNext()) {
            ArrayList<String> packageStructure = it.next().getPackageStructure();
            addEntry(hashMap, packageStructure.get(0));
            if (packageStructure.size() == 2) {
                addEntry(hashMap2, packageStructure.get(1));
            }
            if (packageStructure.size() == 3) {
                addEntry(hashMap, packageStructure.get(1));
                addEntry(hashMap2, packageStructure.get(1));
                addEntry(hashMap2, packageStructure.get(2));
            }
            if (packageStructure.size() >= 4) {
                addEntry(hashMap, packageStructure.get(1));
                addEntry(hashMap, packageStructure.get(2));
                addEntry(hashMap2, packageStructure.get(1));
                addEntry(hashMap2, packageStructure.get(2));
                addEntry(hashMap2, packageStructure.get(3));
            }
        }
    }

    private void addEntry(HashMap<String, Integer> hashMap, String str) {
        if (hashMap.containsKey(str)) {
            hashMap.put(str, Integer.valueOf(hashMap.get(str).intValue() + 1));
        } else {
            hashMap.put(str, 1);
        }
    }

    private void addMatchingValues(ArrayList<ClassNameInformation> arrayList, String str, EvidenceCollection evidenceCollection) {
        if (str == null || str.isEmpty() || arrayList == null || arrayList.isEmpty()) {
            return;
        }
        String lowerCase = str.toLowerCase();
        Iterator<ClassNameInformation> it = arrayList.iterator();
        while (it.hasNext()) {
            Iterator<String> it2 = it.next().getPackageStructure().iterator();
            while (it2.hasNext()) {
                String next = it2.next();
                if (lowerCase.contains(next)) {
                    evidenceCollection.addEvidence("jar", "package name", next, Confidence.HIGHEST);
                }
            }
        }
    }

    private boolean isPackage(String str, String str2) {
        return !str.matches(".*(version|title|vendor|name|license|description).*") && str2.matches("^([a-zA-Z_][a-zA-Z0-9_\\$]*(\\.[a-zA-Z_][a-zA-Z0-9_\\$]*)*)?$");
    }

    private void extractLicense(Model model, Properties properties, Dependency dependency) {
        if (model.getLicenses() != null) {
            String str = null;
            for (License license : model.getLicenses().getLicense()) {
                String interpolateString = license.getName() != null ? interpolateString(license.getName(), properties) : null;
                if (license.getUrl() != null) {
                    interpolateString = interpolateString == null ? interpolateString(license.getUrl(), properties) : interpolateString + ": " + interpolateString(license.getUrl(), properties);
                }
                if (interpolateString != null) {
                    if (HTML_DETECTION_PATTERN.matcher(interpolateString).find()) {
                        interpolateString = Jsoup.parse(interpolateString).text();
                    }
                    str = str == null ? interpolateString : str + "\n" + interpolateString;
                }
            }
            if (str != null) {
                dependency.setLicense(str);
            }
        }
    }

    private File getNextTempDirectory() throws AnalysisException {
        dirCount++;
        File file = new File(this.tempFileLocation, String.valueOf(dirCount));
        if (file.exists()) {
            return getNextTempDirectory();
        }
        if (file.mkdirs()) {
            return file;
        }
        throw new AnalysisException(String.format("Unable to create temp directory '%s'.", file.getAbsolutePath()));
    }
}
