package com.h3xstream.maven;

import com.h3xstream.maven.tpl.ProjectSummary;
import com.h3xstream.maven.tpl.VulnerableLibrary;
import com.h3xstream.maven.victims.CveVulnerability;
import com.h3xstream.maven.victims.VictimsDbLoader;
import freemarker.template.Configuration;
import freemarker.template.Template;
import freemarker.template.TemplateException;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.manager.WagonConfigurationException;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.project.MavenProject;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;
import org.apache.maven.shared.dependency.graph.DependencyNode;
import org.apache.maven.wagon.ConnectionException;
import org.apache.maven.wagon.UnsupportedProtocolException;
import org.apache.maven.wagon.authentication.AuthenticationException;

/* loaded from: input_file:com/h3xstream/maven/SecurityVersionsCheck.class */
public class SecurityVersionsCheck extends AbstractMojo {
    private Boolean updateRepository = Boolean.FALSE;
    private static VictimsDbLoader victimDb;
    private static Object victimDbSync = new Object();

    public void execute() throws MojoExecutionException, MojoFailureException {
        MavenProject project = getProject();
        if (project.isExecutionRoot()) {
            if (this.reactorProjects == null || ((MavenProject) this.reactorProjects.get(this.reactorProjects.size() - 1)) == getProject()) {
                ArrayList arrayList = new ArrayList();
                try {
                    ArrayList<MavenProject> arrayList2 = new ArrayList(project.getCollectedProjects());
                    arrayList2.add(project);
                    for (MavenProject mavenProject : arrayList2) {
                        getLog().info("Analyzing the dependencies for " + mavenProject.getGroupId() + ":" + mavenProject.getArtifactId());
                        synchronized (victimDbSync) {
                            if (victimDb == null) {
                                victimDb = new VictimsDbLoader(getLog(), this.wagonManager);
                                victimDb.loadRepository();
                            }
                        }
                        try {
                            DependencyNode buildDependencyGraph = this.dependencyGraphBuilder.buildDependencyGraph(mavenProject, createResolvingArtifactFilter());
                            ArrayList arrayList3 = new ArrayList();
                            visitNode(buildDependencyGraph, 0, arrayList3);
                            displayCommandLine(arrayList3);
                            if (arrayList3.size() > 0) {
                                arrayList.add(new ProjectSummary(mavenProject, arrayList3));
                            }
                        } catch (DependencyGraphBuilderException e) {
                            getLog().error("Unable to build the complete dependency graph.");
                            throw new MojoFailureException("Unable to build the complete dependency graph.", e);
                        }
                    }
                    try {
                        File file = new File(getProject().getBuild().getDirectory());
                        if (!file.exists()) {
                            file.mkdir();
                        }
                        new File(file, "/dependencies/").mkdir();
                        FileOutputStream fileOutputStream = new FileOutputStream(new File(file, "/dependencies/index.html"));
                        for (String str : Arrays.asList("bootstrap.min.css", "font-awesome.min.css", "fontawesome-webfont.ttf")) {
                            copy(getClass().getResourceAsStream("/victims_tpl/" + str), new FileOutputStream(new File(file, "/dependencies/" + str)));
                        }
                        exportToHtml(arrayList, fileOutputStream);
                    } catch (FileNotFoundException e2) {
                        throw new MojoFailureException("Unable to write the HTML report.", e2);
                    } catch (TemplateException e3) {
                        throw new MojoFailureException("Unable generate the HTML report using the template.", e3);
                    } catch (IOException e4) {
                        throw new MojoFailureException("Unable to write the HTML report.", e4);
                    }
                } catch (UnsupportedProtocolException e5) {
                    throw new MojoFailureException("Unable load the repository.", e5);
                } catch (WagonConfigurationException e6) {
                    throw new MojoFailureException("Unable load the repository.", e6);
                } catch (ConnectionException e7) {
                    throw new MojoFailureException("Unable load the repository.", e7);
                } catch (AuthenticationException e8) {
                    throw new MojoFailureException("Unable load the repository.", e8);
                }
            }
        }
    }

    private void visitNode(DependencyNode dependencyNode, int i, List<VulnerableLibrary> list) {
        Artifact artifact = dependencyNode.getArtifact();
        List<CveVulnerability> search = victimDb.search(artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion());
        if (search.size() > 0) {
            list.add(new VulnerableLibrary(artifact, search, getHierarchyChain(dependencyNode)));
        }
        Iterator it = dependencyNode.getChildren().iterator();
        while (it.hasNext()) {
            visitNode((DependencyNode) it.next(), i + 1, list);
        }
    }

    private List<Artifact> getHierarchyChain(DependencyNode dependencyNode) {
        ArrayList arrayList = new ArrayList();
        DependencyNode dependencyNode2 = dependencyNode;
        while (true) {
            DependencyNode parent = dependencyNode2.getParent();
            dependencyNode2 = parent;
            if (parent == null) {
                return arrayList;
            }
            arrayList.add(dependencyNode2.getArtifact());
        }
    }

    public void displayCommandLine(List<VulnerableLibrary> list) {
        if (list.isEmpty()) {
            return;
        }
        for (VulnerableLibrary vulnerableLibrary : list) {
            Artifact artifact = vulnerableLibrary.getArtifact();
            Iterator<CveVulnerability> it = vulnerableLibrary.getVulnerabilities().iterator();
            while (it.hasNext()) {
                getLog().error(artifact.getGroupId() + ":" + artifact.getArtifactId() + " is vulnerable to CVE-" + it.next().getCveId());
            }
        }
    }

    public void exportToHtml(List<ProjectSummary> list, OutputStream outputStream) throws IOException, TemplateException {
        new PrintWriter(outputStream);
        Configuration configuration = new Configuration();
        configuration.setClassForTemplateLoading(getClass(), "/");
        Template template = configuration.getTemplate("/victims_tpl/vulnerable_dependencies.html");
        HashMap hashMap = new HashMap();
        hashMap.put("projects", list);
        template.process(hashMap, new OutputStreamWriter(outputStream));
    }

    private ArtifactFilter createResolvingArtifactFilter() {
        return new ArtifactFilter() { // from class: com.h3xstream.maven.SecurityVersionsCheck.1
            public boolean include(Artifact artifact) {
                return true;
            }
        };
    }

    /* JADX WARN: Finally extract failed */
    public void copy(InputStream inputStream, OutputStream outputStream) throws IOException {
        try {
            try {
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        outputStream.close();
                        return;
                    }
                    outputStream.write(bArr, 0, read);
                }
            } catch (Throwable th) {
                outputStream.close();
                throw th;
            }
        } finally {
            inputStream.close();
        }
    }
}
