package org.owasp.dependencycheck.data.artifactory;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.owasp.dependencycheck.xml.suppression.SuppressionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/data/artifactory/ArtifactorySearchResponseHandler.class */
class ArtifactorySearchResponseHandler implements HttpClientResponseHandler<List<MavenArtifact>> {
    private static final Pattern PATH_PATTERN = Pattern.compile("^/(?<groupId>.+)/(?<artifactId>[^/]+)/(?<version>[^/]+)/[^/]+$");
    private static final Logger LOGGER = LoggerFactory.getLogger(ArtifactorySearchResponseHandler.class);
    private final ObjectReader fileImplReader = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).readerFor(FileImpl.class);
    private final Dependency expectedDependency;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ArtifactorySearchResponseHandler(Dependency dependency) {
        this.expectedDependency = dependency;
    }

    protected boolean init(JsonParser jsonParser) throws IOException {
        JsonToken nextToken = jsonParser.nextToken();
        if (nextToken != JsonToken.START_OBJECT) {
            throw new IOException("Expected " + JsonToken.START_OBJECT + ", got " + nextToken);
        }
        while (true) {
            JsonToken nextToken2 = jsonParser.nextToken();
            if (nextToken2 == null) {
                return false;
            }
            if (nextToken2.isStructStart()) {
                if (nextToken2 == JsonToken.START_ARRAY && "results".equals(jsonParser.currentName())) {
                    return true;
                }
                jsonParser.skipChildren();
            }
        }
    }

    private boolean checkHashes(ChecksumsImpl checksumsImpl) {
        String md5sum = this.expectedDependency.getMd5sum();
        boolean z = true;
        if (!checksumsImpl.getMd5().equals(md5sum)) {
            LOGGER.warn("Artifact found by API is not matching the {} of the artifact (repository hash is {} while actual is {}) !", new Object[]{"md5", md5sum, checksumsImpl.getMd5()});
            z = false;
        }
        String sha1sum = this.expectedDependency.getSha1sum();
        if (!checksumsImpl.getSha1().equals(sha1sum)) {
            LOGGER.warn("Artifact found by API is not matching the {} of the artifact (repository hash is {} while actual is {}) !", new Object[]{SuppressionHandler.SHA1, sha1sum, checksumsImpl.getSha1()});
            z = false;
        }
        String sha256sum = this.expectedDependency.getSha256sum();
        if (checksumsImpl.getSha256() != null && !checksumsImpl.getSha256().equals(sha256sum)) {
            LOGGER.warn("Artifact found by API is not matching the {} of the artifact (repository hash is {} while actual is {}) !", new Object[]{"sha256", sha256sum, checksumsImpl.getSha256()});
            z = false;
        }
        return z;
    }

    /* renamed from: handleResponse, reason: merged with bridge method [inline-methods] */
    public List<MavenArtifact> m64handleResponse(ClassicHttpResponse classicHttpResponse) throws IOException {
        ArrayList arrayList = new ArrayList();
        InputStreamReader inputStreamReader = new InputStreamReader(classicHttpResponse.getEntity().getContent(), StandardCharsets.UTF_8);
        try {
            JsonParser createParser = this.fileImplReader.getFactory().createParser(inputStreamReader);
            try {
                if (!init(createParser) || createParser.nextToken() != JsonToken.START_OBJECT) {
                    throw new FileNotFoundException("Artifact " + this.expectedDependency + " not found in Artifactory");
                }
                do {
                    FileImpl fileImpl = (FileImpl) this.fileImplReader.readValue(createParser);
                    if (fileImpl.getChecksums() == null) {
                        LOGGER.warn("No checksums found in artifactory search result of uri {}. Please make sure that header X-Result-Detail is retained on any (reverse)-proxy, loadbalancer or WebApplicationFirewall in the network path to your Artifactory Server", fileImpl.getUri());
                    } else {
                        Optional<Matcher> validateUsability = validateUsability(fileImpl);
                        if (!validateUsability.isEmpty()) {
                            Matcher matcher = validateUsability.get();
                            String replace = matcher.group(PomHandler.GROUPID).replace('/', '.');
                            String group = matcher.group(PomHandler.ARTIFACTID);
                            String group2 = matcher.group("version");
                            arrayList.add(new MavenArtifact(replace, group, group2, fileImpl.getDownloadUri(), MavenArtifact.derivePomUrl(group, group2, fileImpl.getDownloadUri())));
                        }
                    }
                } while (createParser.nextToken() == JsonToken.START_OBJECT);
                if (createParser != null) {
                    createParser.close();
                }
                inputStreamReader.close();
                if (arrayList.isEmpty()) {
                    throw new FileNotFoundException("Artifact " + this.expectedDependency + " not found in Artifactory; discovered sha1 hits not recognized as matching maven artifacts");
                }
                return arrayList;
            } finally {
            }
        } catch (Throwable th) {
            try {
                inputStreamReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private Optional<Matcher> validateUsability(FileImpl fileImpl) {
        Optional<Matcher> of;
        if (checkHashes(fileImpl.getChecksums())) {
            Matcher matcher = PATH_PATTERN.matcher(fileImpl.getPath());
            if (matcher.matches()) {
                of = Optional.of(matcher);
            } else {
                LOGGER.debug("Cannot extract the Maven information from the path retrieved in Artifactory {}", fileImpl.getPath());
                of = Optional.empty();
            }
        } else {
            of = Optional.empty();
        }
        return of;
    }
}
