package com.iotcube.scanner.java.maven;

import com.android.SdkConstants;
import com.iotcube.scanner.model.Constants;
import com.iotcube.scanner.runtime.util.CommonUtils;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Timer;
import java.util.TimerTask;
import java.util.UUID;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
import net.lingala.zip4j.ZipFile;
import net.lingala.zip4j.exception.ZipException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.input.NullInputStream;
import org.apache.commons.lang3.StringUtils;
import org.apache.maven.Maven;
import org.apache.maven.model.Model;
import org.apache.maven.model.Profile;
import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
import org.apache.maven.shared.invoker.DefaultInvocationRequest;
import org.apache.maven.shared.invoker.DefaultInvoker;
import org.apache.maven.shared.invoker.MavenInvocationException;
import org.apache.maven.shared.invoker.PrintStreamHandler;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/com/iotcube/scanner/java/maven/MavenService.class */
public class MavenService {
    private boolean found = false;

    public boolean projectParser(Path path, List<Path> list) throws Exception {
        System.out.println("[+] Start Linked Library Scanning - Maven");
        TimerTask timerTask = new TimerTask() { // from class: com.iotcube.scanner.java.maven.MavenService.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                System.out.print(".");
            }
        };
        Timer timer = new Timer("Timer");
        System.out.print("Linked Library Checking. This may take a few minutes for downloading libraries...");
        timer.scheduleAtFixedRate(timerTask, 5000L, 5000L);
        JSONArray jSONArray = new JSONArray();
        URI uri = getClass().getClassLoader().getResource(Constants.MAVEN_ZIP).toURI();
        if (!mavenExists().booleanValue()) {
            extractMaven(uri);
        }
        int parsePom = parsePom(path, list, jSONArray, true);
        if (parsePom == -1) {
            parsePom = parsePom(path, list, jSONArray, false);
        }
        timer.cancel();
        System.out.print("\n");
        System.out.println(parsePom == 0 ? this.found ? "[Caution] We found Log4j affected by CVE-2021-44228 in your project." : "[Info] No Log4j affected by CVE-2021-44228 was found." : "Fail to library scan");
        return this.found;
    }

    public int parsePom(Path path, List<Path> list, JSONArray jSONArray, boolean z) throws IOException, JSONException, MavenInvocationException {
        JSONObject jSONObject = null;
        JSONArray jSONArray2 = null;
        JSONArray jSONArray3 = new JSONArray();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        HashMap hashMap = new HashMap();
        String path2 = path.toString();
        parsePomAndMapArtifact(path2, hashMap, false, list, path2);
        if (list != null) {
            int i = 0;
            Iterator it = new ArrayList(list).iterator();
            while (it.hasNext()) {
                Path path3 = (Path) it.next();
                if (i == 0) {
                    i++;
                } else {
                    parsePomAndMapArtifact(path3.toString(), hashMap, true, list, path2);
                }
            }
        }
        DefaultInvocationRequest defaultInvocationRequest = new DefaultInvocationRequest();
        defaultInvocationRequest.setInputStream(new NullInputStream(0L));
        defaultInvocationRequest.setPomFile(list.get(0).toFile());
        defaultInvocationRequest.setGoals(Collections.singletonList("dependency:tree"));
        defaultInvocationRequest.setOutputHandler(new PrintStreamHandler(printStream, false));
        DefaultInvoker defaultInvoker = new DefaultInvoker();
        defaultInvoker.setMavenHome(new File(Constants.MAVEN_HOME_PATH));
        defaultInvoker.execute(defaultInvocationRequest);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
        boolean z2 = false;
        new JSONObject();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return 0;
            }
            String trim = readLine.replace("[INFO] ", "").trim();
            if (trim.contains("Downloading from ") && z) {
                bufferedReader.close();
                return -1;
            }
            if (!z2 && trim.startsWith("--- maven-dependency-plugin:") && trim.endsWith(" ---")) {
                z2 = true;
                jSONObject = new JSONObject();
                jSONArray2 = new JSONArray();
                jSONObject.put("type", "maven");
                jSONObject.put("file", hashMap.get(parseModuleName(trim)));
            } else if (z2 && parseNotEnded(trim).booleanValue()) {
                if (trim.split(":").length >= 4) {
                    String trim2 = trim.trim();
                    if (isProject(trim2).booleanValue()) {
                        String[] split = trim2.split(":");
                        JSONObject jSONObject2 = new JSONObject();
                        jSONObject2.put(CommonUtils.GROUP_ID, split[0]);
                        jSONObject2.put(CommonUtils.ARTIFACT_ID, split[1]);
                        jSONObject2.put("type", split[2]);
                        jSONObject2.put("version", split[3]);
                        jSONObject.put("project", jSONObject2);
                    } else {
                        Integer findDepth = findDepth(trim2);
                        String[] split2 = trimString(trim2, findDepth).split(":");
                        JSONObject jSONObject3 = new JSONObject();
                        int length = split2.length;
                        String uuid = UUID.randomUUID().toString();
                        jSONObject3.put("uuid", uuid);
                        jSONObject3.put("depth", findDepth);
                        jSONObject3.put(CommonUtils.GROUP_ID, split2[0]);
                        jSONObject3.put(CommonUtils.ARTIFACT_ID, split2[1]);
                        jSONObject3.put("type", split2[2]);
                        jSONObject3.put("version", split2[length - 2]);
                        jSONObject3.put("dependedBy", findDepth.intValue() > 1 ? jSONArray3.getJSONObject(findDepth.intValue() - 1) : null);
                        if (jSONObject3.get(CommonUtils.GROUP_ID).equals("org.apache.logging.log4j") && jSONObject3.get(CommonUtils.ARTIFACT_ID).equals("log4j-core") && jSONObject3.get("version").toString().startsWith("2") && !jSONObject3.get("version").toString().startsWith("2.15")) {
                            System.out.print("\n[Caution] " + jSONObject.get("file") + " :: " + jSONObject3.get(CommonUtils.GROUP_ID) + ":" + jSONObject3.get(CommonUtils.ARTIFACT_ID) + ":" + jSONObject3.get("version") + " \n\t  You are using Log4j affected by CVE-2021-44228. ");
                            this.found = true;
                        }
                        JSONObject jSONObject4 = new JSONObject();
                        jSONObject4.put("uuid", uuid);
                        jSONObject4.put(CommonUtils.GROUP_ID, split2[0]);
                        jSONObject4.put(CommonUtils.ARTIFACT_ID, split2[1]);
                        jSONObject4.put("type", split2[2]);
                        jSONObject4.put("version", split2[length - 2]);
                        if (split2.length < 5) {
                            jSONObject3.put("scope", "compile");
                            jSONObject4.put("scope", "compile");
                        } else if (jSONObject3.has("dependedBy")) {
                            String objects = Objects.toString(jSONObject3.getJSONObject("dependedBy").get("scope"));
                            if (objects.equals("test")) {
                                jSONObject3.put("scope", objects);
                                jSONObject4.put("scope", objects);
                            } else {
                                jSONObject3.put("scope", split2[length - 1]);
                                jSONObject4.put("scope", split2[length - 1]);
                            }
                        } else {
                            jSONObject3.put("scope", split2[length - 1]);
                            jSONObject4.put("scope", split2[length - 1]);
                        }
                        jSONArray2.put(jSONObject3);
                        jSONArray3.put(findDepth.intValue(), jSONObject4);
                    }
                }
            } else if (z2 && !parseNotEnded(trim).booleanValue()) {
                z2 = false;
                jSONObject.put(CommonUtils.DEPENDENCIES, jSONArray2);
                jSONArray.put(jSONObject);
                jSONObject = new JSONObject();
                jSONArray2 = new JSONArray();
                jSONArray3 = new JSONArray();
            }
        }
    }

    private void parsePomAndMapArtifact(String str, Map<String, String> map, boolean z, List<Path> list, String str2) {
        try {
            if (new File(str + File.separator + Maven.POMv4).exists()) {
                str = str + File.separator + Maven.POMv4;
            }
            FileReader fileReader = new FileReader(str);
            Model read = new MavenXpp3Reader().read(fileReader);
            fileReader.close();
            if (read.getArtifactId() != null) {
                map.put(read.getArtifactId(), str.replace(str2 + File.separator, ""));
            }
            if (z) {
                if (read.getModules() != null) {
                    Iterator<String> it = read.getModules().iterator();
                    while (it.hasNext()) {
                        String str3 = str.replace(Maven.POMv4, "") + it.next() + File.separator + Maven.POMv4;
                        list.add(Paths.get(str3, new String[0]));
                        parsePomAndMapArtifact(str3, map, z, list, str2);
                    }
                }
                if (read.getProfiles() != null) {
                    for (Profile profile : read.getProfiles()) {
                        if (profile.getModules() != null) {
                            Iterator<String> it2 = profile.getModules().iterator();
                            while (it2.hasNext()) {
                                String str4 = str.replace(Maven.POMv4, "") + it2.next() + File.separator + Maven.POMv4;
                                list.add(Paths.get(str4, new String[0]));
                                parsePomAndMapArtifact(str4, map, z, list, str2);
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
        }
    }

    private Boolean isProject(String str) {
        return Boolean.valueOf(Character.isAlphabetic(str.charAt(0)));
    }

    private Integer findDepth(String str) {
        Integer num = 0;
        while (str.length() - 1 > num.intValue() && !Character.isAlphabetic(str.charAt(num.intValue()))) {
            num = Integer.valueOf(num.intValue() + 1);
        }
        return Integer.valueOf(num.intValue() / 3);
    }

    private Boolean parseNotEnded(String str) {
        return (str.trim().length() == 0 || str.length() == StringUtils.countMatches(str, "-")) ? false : true;
    }

    private String trimString(String str, Integer num) {
        return str.substring(num.intValue() * 3).trim();
    }

    private void extractMaven(URI uri) throws IOException, URISyntaxException {
        String path;
        new String();
        File file = new File(Constants.MAVEN_FOLDER_PATH);
        if (!file.exists()) {
            FileUtils.forceMkdir(file);
        }
        if ("jar".equals(uri.getScheme())) {
            extractMavenZipFromJAR(uri);
            path = Constants.MAVEN_FOLDER_PATH + File.separator + Constants.MAVEN_ZIP;
        } else {
            path = Paths.get(uri).toString();
        }
        unzipFolder(path, Constants.MAVEN_FOLDER_PATH);
    }

    private void extractMavenZipFromJAR(URI uri) throws URISyntaxException, IOException {
        String substring = uri.toString().substring("jar:file:".length());
        int indexOf = substring.indexOf(".jar!") + ".jar!".length();
        String replace = substring.substring(0, indexOf).replace("!", "");
        String replace2 = substring.substring(indexOf + 1).replace("!", "");
        File file = new File(Constants.MAVEN_HOME_PATH);
        if (!file.exists()) {
            FileUtils.forceMkdir(file);
        }
        JarFile jarFile = new JarFile(replace);
        ZipEntry entry = jarFile.getEntry(replace2);
        File file2 = new File(Constants.MAVEN_FOLDER_PATH, Constants.MAVEN_ZIP);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(jarFile.getInputStream(entry));
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file2));
        byte[] bArr = new byte[2048];
        while (true) {
            int read = bufferedInputStream.read(bArr);
            if (read <= 0) {
                bufferedOutputStream.flush();
                bufferedOutputStream.close();
                bufferedInputStream.close();
                return;
            }
            bufferedOutputStream.write(bArr, 0, read);
        }
    }

    private void unzipFolder(String str, String str2) {
        try {
            new ZipFile(str).extractAll(str2);
        } catch (ZipException e) {
            e.printStackTrace();
        }
    }

    private Boolean mavenExists() {
        return Boolean.valueOf(new File(Constants.MAVEN_MVN_PATH).exists() && new File(Constants.MAVEN_MVN_CMD_PATH).exists());
    }

    private String parseModuleName(String str) {
        return str.substring(str.indexOf(SdkConstants.PREFIX_RESOURCE_REF) + 1).replaceAll(" ---", "").trim();
    }
}
