package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.central.CentralSearch;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.jaxb.pom.PomUtils;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/CentralAnalyzer.class */
public class CentralAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String ANALYZER_NAME = "Central Analyzer";
    private CentralSearch searcher;
    private static final Logger LOGGER = Logger.getLogger(CentralAnalyzer.class.getName());
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final Set<String> SUPPORTED_EXTENSIONS = newHashSet(ArchiveStreamFactory.JAR);
    private boolean errorFlag = false;
    private PomUtils pomUtil = new PomUtils();
    private final boolean enabled = checkEnabled();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public boolean isEnabled() {
        return this.enabled;
    }

    private boolean checkEnabled() {
        boolean z = false;
        try {
            if (!Settings.getBoolean(Settings.KEYS.ANALYZER_CENTRAL_ENABLED)) {
                LOGGER.info("Central analyzer disabled");
            } else if (!Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED) || NexusAnalyzer.DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))) {
                LOGGER.fine("Enabling the Central analyzer");
                z = true;
            } else {
                LOGGER.info("Nexus analyzer is enabled, disabling the Central Analyzer");
            }
        } catch (InvalidSettingException e) {
            LOGGER.warning("Invalid setting. Disabling the Central analyzer");
        }
        return z;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws Exception {
        LOGGER.fine("Initializing Central analyzer");
        LOGGER.fine(String.format("Central analyzer enabled: %s", Boolean.valueOf(isEnabled())));
        if (isEnabled()) {
            String string = Settings.getString(Settings.KEYS.ANALYZER_CENTRAL_URL);
            LOGGER.fine(String.format("Central Analyzer URL: %s", string));
            this.searcher = new CentralSearch(new URL(string));
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_CENTRAL_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public Set<String> getSupportedExtensions() {
        return SUPPORTED_EXTENSIONS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.errorFlag || !isEnabled()) {
            return;
        }
        try {
            List<MavenArtifact> searchSha1 = this.searcher.searchSha1(dependency.getSha1sum());
            Confidence confidence = searchSha1.size() > 1 ? Confidence.HIGH : Confidence.HIGHEST;
            for (MavenArtifact mavenArtifact : searchSha1) {
                LOGGER.fine(String.format("Central analyzer found artifact (%s) for dependency (%s)", mavenArtifact.toString(), dependency.getFileName()));
                dependency.addAsEvidence("central", mavenArtifact, confidence);
                boolean z = false;
                Iterator<Evidence> it = dependency.getVendorEvidence().iterator();
                while (true) {
                    if (it.hasNext()) {
                        if ("pom".equals(it.next().getSource())) {
                            z = true;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (!z && mavenArtifact.getPomUrl() != null) {
                    File file = null;
                    try {
                        try {
                            file = File.createTempFile("pom", ".xml", Settings.getTempDirectory());
                            if (!file.delete()) {
                                LOGGER.warning(String.format("Unable to fetch pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName()));
                                LOGGER.fine("Unable to delete temp file");
                            }
                            LOGGER.fine(String.format("Downloading %s", mavenArtifact.getPomUrl()));
                            Downloader.fetchFile(new URL(mavenArtifact.getPomUrl()), file);
                            this.pomUtil.analyzePOM(dependency, file);
                            if (file != null && !FileUtils.deleteQuietly(file)) {
                                file.deleteOnExit();
                            }
                        } catch (Throwable th) {
                            if (file != null && !FileUtils.deleteQuietly(file)) {
                                file.deleteOnExit();
                            }
                            throw th;
                        }
                    } catch (DownloadFailedException e) {
                        LOGGER.warning(String.format("Unable to download pom.xml for %s from Central; this could result in undetected CPE/CVEs.", dependency.getFileName()));
                        if (file != null && !FileUtils.deleteQuietly(file)) {
                            file.deleteOnExit();
                        }
                    }
                }
            }
        } catch (FileNotFoundException e2) {
            LOGGER.fine(String.format("Artifact not found in repository: '%s", dependency.getFileName()));
        } catch (IOException e3) {
            LOGGER.log(Level.FINE, "Could not connect to Central search", (Throwable) e3);
            this.errorFlag = true;
        } catch (IllegalArgumentException e4) {
            LOGGER.info(String.format("invalid sha1-hash on %s", dependency.getFileName()));
        }
    }
}
