package com.vaadin.appsec.backend;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.vaadin.appsec.backend.model.osv.response.Ecosystem;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.cyclonedx.exception.ParseException;
import org.cyclonedx.model.Bom;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Dependency;
import org.cyclonedx.model.Property;
import org.cyclonedx.parsers.JsonParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/vaadin/appsec/backend/BillOfMaterialsStore.class */
public class BillOfMaterialsStore {
    private static final Logger LOGGER = LoggerFactory.getLogger(BillOfMaterialsStore.class);
    private static final ObjectMapper MAPPER = new ObjectMapper();
    static final String DEVELOPMENT_PROPERTY_NAME = "cdx:npm:package:development";
    private static final String NO_NAME_REF = "-/no-name@-";
    private static final String PLATFORM_COMBINED_BOM = "https://github.com/vaadin/platform/releases/download/%s/Software.Bill.Of.Materials.json";
    private Bom bomMaven;
    private Bom bomNpm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Bom getBom(Ecosystem ecosystem) {
        return Objects.requireNonNull(ecosystem) == Ecosystem.MAVEN ? this.bomMaven : this.bomNpm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void readBomFile(Path path, Ecosystem ecosystem) throws ParseException {
        if (Objects.requireNonNull(ecosystem) == Ecosystem.MAVEN) {
            this.bomMaven = readBomFile(path);
        } else {
            this.bomNpm = AppSecService.getInstance().getConfiguration().isIncludeNpmDevDependencies() ? readBomFile(path) : filterOutNpmDevLibraries(readBomFile(path));
        }
        LOGGER.debug("Reading SBOM from file " + path.toAbsolutePath());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void readPlatformCombinedBomFile() {
        try {
            Bom bom = (Bom) MAPPER.readerFor(Bom.class).readValue(getPlatformCombinedBomUrl());
            this.bomNpm = AppSecService.getInstance().getConfiguration().isIncludeNpmDevDependencies() ? filterOutMavenLibraries(bom) : filterOutNpmDevLibraries(filterOutMavenLibraries(bom));
            LOGGER.debug("Reading SBOM from Vaadin platform");
        } catch (IOException e) {
            throw new AppSecException("Cannot get Vaadin platform SBOM", e);
        }
    }

    private Bom readBomFile(Path path) throws ParseException {
        JsonParser jsonParser = new JsonParser();
        try {
            return jsonParser.parse(path.toFile());
        } catch (ParseException e) {
            try {
                InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(path.toString());
                try {
                    if (resourceAsStream == null) {
                        throw e;
                    }
                    Bom parse = jsonParser.parse(resourceAsStream);
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return parse;
                } finally {
                }
            } catch (IOException e2) {
                throw new AppSecException("SBOM file not found on path " + path, e2);
            }
        }
    }

    private Bom filterOutNpmDevLibraries(Bom bom) {
        ArrayList arrayList = new ArrayList();
        filterOutNpmDevComponents(bom, arrayList);
        filterOutNpmDevDependencies(bom, arrayList);
        return bom;
    }

    private void filterOutNpmDevComponents(Bom bom, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (Component component : bom.getComponents()) {
            boolean z = false;
            for (Property property : component.getProperties()) {
                if (property.getName().equals(DEVELOPMENT_PROPERTY_NAME) && property.getValue().equals("true")) {
                    z = true;
                    list.add(component.getBomRef());
                }
            }
            if (!z) {
                arrayList.add(component);
            }
        }
        bom.setComponents(arrayList);
    }

    private void filterOutNpmDevDependencies(Bom bom, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (Dependency dependency : bom.getDependencies()) {
            if (dependency.getRef().equals(NO_NAME_REF)) {
                ArrayList arrayList2 = new ArrayList();
                for (Dependency dependency2 : dependency.getDependencies()) {
                    if (!list.contains(dependency2.getRef())) {
                        arrayList2.add(dependency2);
                    }
                }
                dependency.setDependencies(arrayList2);
                arrayList.add(dependency);
            } else if (!list.contains(dependency.getRef())) {
                arrayList.add(dependency);
            }
        }
        bom.setDependencies(arrayList);
    }

    private Bom filterOutMavenLibraries(Bom bom) {
        ArrayList arrayList = new ArrayList();
        filterOutMavenComponents(bom, arrayList);
        filterOutMavenDependencies(bom, arrayList);
        return bom;
    }

    private void filterOutMavenComponents(Bom bom, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (Component component : bom.getComponents()) {
            boolean z = false;
            if (AppSecUtils.getEcosystem(component) == Ecosystem.MAVEN) {
                z = true;
                list.add(component.getPurl());
            }
            if (!z) {
                arrayList.add(component);
            }
        }
        bom.setComponents(arrayList);
    }

    private void filterOutMavenDependencies(Bom bom, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (Dependency dependency : bom.getDependencies()) {
            if (!list.contains(dependency.getRef())) {
                arrayList.add(dependency);
            }
        }
        bom.setDependencies(arrayList);
    }

    private URL getPlatformCombinedBomUrl() {
        Optional<Component> flowServerComponent = AppSecService.getInstance().getFlowServerComponent();
        if (!flowServerComponent.isPresent()) {
            throw new AppSecException("Cannot get Vaadin platform version.");
        }
        try {
            return new URL(String.format(PLATFORM_COMBINED_BOM, flowServerComponent.get().getVersion()));
        } catch (MalformedURLException e) {
            throw new AppSecException("Invalid Vaadin platform SBOM URL", e);
        }
    }
}
