package org.owasp.dependencycheck.jaxb.pom;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.apache.commons.lang.StringUtils;
import org.apache.tools.ant.types.selectors.FilenameSelector;
import org.owasp.dependencycheck.analyzer.JarAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.jaxb.pom.generated.Model;
import org.owasp.dependencycheck.jaxb.pom.generated.Organization;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/owasp/dependencycheck/jaxb/pom/PomUtils.class */
public class PomUtils {
    private static final Logger LOGGER = Logger.getLogger(PomUtils.class.getName());
    private Unmarshaller pomUnmarshaller;

    public PomUtils() {
        try {
            this.pomUnmarshaller = JAXBContext.newInstance(new Class[]{Model.class}).createUnmarshaller();
        } catch (JAXBException e) {
            LOGGER.log(Level.SEVERE, "Unable to load parser. See the log for more details.");
            LOGGER.log(Level.FINE, (String) null, e);
        }
    }

    public Model readPom(File file) throws AnalysisException {
        try {
            return readPom(new SAXSource(new InputSource(new InputStreamReader(new FileInputStream(file), "UTF-8"))));
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s'(IO Exception)", file.getPath()));
            LOGGER.log(Level.FINE, StringUtils.EMPTY, (Throwable) e);
            throw new AnalysisException(e);
        } catch (SecurityException e2) {
            LOGGER.log(Level.WARNING, String.format("Unable to parse pom '%s'; invalid signature", file.getPath()));
            LOGGER.log(Level.FINE, StringUtils.EMPTY, (Throwable) e2);
            throw new AnalysisException(e2);
        } catch (Throwable th) {
            LOGGER.log(Level.WARNING, String.format("Unexpected error during parsing of the pom '%s'", file.getPath()));
            LOGGER.log(Level.FINE, StringUtils.EMPTY, th);
            throw new AnalysisException(th);
        }
    }

    public Model readPom(SAXSource sAXSource) throws AnalysisException {
        try {
            new MavenNamespaceFilter().setParent(SAXParserFactory.newInstance().newSAXParser().getXMLReader());
            return (Model) this.pomUnmarshaller.unmarshal(sAXSource, Model.class).getValue();
        } catch (JAXBException e) {
            throw new AnalysisException((Throwable) e);
        } catch (SecurityException e2) {
            throw new AnalysisException(e2);
        } catch (ParserConfigurationException e3) {
            throw new AnalysisException(e3);
        } catch (SAXException e4) {
            throw new AnalysisException(e4);
        } catch (Throwable th) {
            throw new AnalysisException(th);
        }
    }

    public void analyzePOM(Dependency dependency, File file) throws AnalysisException {
        String description;
        String name;
        Model readPom = readPom(file);
        String groupId = readPom.getGroupId();
        String str = null;
        if (readPom.getParent() != null) {
            str = readPom.getParent().getGroupId();
            if ((groupId == null || groupId.isEmpty()) && str != null && !str.isEmpty()) {
                groupId = str;
            }
        }
        if (groupId != null && !groupId.isEmpty()) {
            dependency.getVendorEvidence().addEvidence("pom", "groupid", groupId, Confidence.HIGHEST);
            dependency.getProductEvidence().addEvidence("pom", "groupid", groupId, Confidence.LOW);
            if (str != null && !str.isEmpty() && !str.equals(groupId)) {
                dependency.getVendorEvidence().addEvidence("pom", "parent-groupid", str, Confidence.MEDIUM);
                dependency.getProductEvidence().addEvidence("pom", "parent-groupid", str, Confidence.LOW);
            }
        }
        String artifactId = readPom.getArtifactId();
        String str2 = null;
        if (readPom.getParent() != null) {
            str2 = readPom.getParent().getArtifactId();
            if ((artifactId == null || artifactId.isEmpty()) && str2 != null && !str2.isEmpty()) {
                artifactId = str2;
            }
        }
        if (artifactId != null && !artifactId.isEmpty()) {
            if (artifactId.startsWith("org.") || artifactId.startsWith("com.")) {
                artifactId = artifactId.substring(4);
            }
            dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactId, Confidence.HIGHEST);
            dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactId, Confidence.LOW);
            if (str2 != null && !str2.isEmpty() && !str2.equals(artifactId)) {
                dependency.getProductEvidence().addEvidence("pom", "parent-artifactid", str2, Confidence.MEDIUM);
                dependency.getVendorEvidence().addEvidence("pom", "parent-artifactid", str2, Confidence.LOW);
            }
        }
        String version = readPom.getVersion();
        String str3 = null;
        if (readPom.getParent() != null) {
            str3 = readPom.getParent().getVersion();
            if ((version == null || version.isEmpty()) && str3 != null && !str3.isEmpty()) {
                version = str3;
            }
        }
        if (version != null && !version.isEmpty()) {
            dependency.getVersionEvidence().addEvidence("pom", "version", version, Confidence.HIGHEST);
            if (str3 != null && !str3.isEmpty() && !str3.equals(version)) {
                dependency.getVersionEvidence().addEvidence("pom", "parent-version", version, Confidence.LOW);
            }
        }
        Organization organization = readPom.getOrganization();
        if (organization != null && (name = organization.getName()) != null && !name.isEmpty()) {
            dependency.getVendorEvidence().addEvidence("pom", "organization name", name, Confidence.HIGH);
        }
        String name2 = readPom.getName();
        if (name2 != null && !name2.isEmpty()) {
            dependency.getProductEvidence().addEvidence("pom", FilenameSelector.NAME_KEY, name2, Confidence.HIGH);
            dependency.getVendorEvidence().addEvidence("pom", FilenameSelector.NAME_KEY, name2, Confidence.HIGH);
        }
        if (readPom.getDescription() != null && (description = readPom.getDescription()) != null && !description.isEmpty()) {
            JarAnalyzer.addDescription(dependency, description, "pom", "description");
        }
        JarAnalyzer.extractLicense(readPom, null, dependency);
    }
}
