package org.owasp.dependencycheck.data.nodeaudit;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.jcs.access.exception.CacheException;
import org.json.JSONObject;
import org.owasp.dependencycheck.analyzer.NodeAuditAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.SearchException;
import org.owasp.dependencycheck.analyzer.exception.UnexpectedAnalysisException;
import org.owasp.dependencycheck.data.cache.DataCache;
import org.owasp.dependencycheck.data.cache.DataCacheFactory;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.utils.URLConnectionFactory;
import org.owasp.dependencycheck.utils.URLConnectionFailureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/data/nodeaudit/NodeAuditSearch.class */
public class NodeAuditSearch {
    private final URL nodeAuditUrl;
    private final boolean useProxy;
    private final Settings settings;
    private static final Logger LOGGER = LoggerFactory.getLogger(NodeAuditSearch.class);
    private DataCache<List<Advisory>> cache;

    public NodeAuditSearch(Settings settings) throws MalformedURLException {
        String string = settings.getString("analyzer.node.audit.url", NodeAuditAnalyzer.DEFAULT_URL);
        LOGGER.debug("Node Audit Search URL: {}", string);
        this.nodeAuditUrl = new URL(string);
        this.settings = settings;
        if (null != settings.getString("proxy.server")) {
            this.useProxy = true;
            LOGGER.debug("Using proxy");
        } else {
            this.useProxy = false;
            LOGGER.debug("Not using proxy");
        }
        if (settings.getBoolean("analyzer.node.audit.use.cache", true)) {
            try {
                this.cache = new DataCacheFactory(settings).getNodeAuditCache();
            } catch (CacheException e) {
                settings.setBoolean("analyzer.node.audit.use.cache", false);
                LOGGER.debug("Error creating cache, disabling caching", e);
            }
        }
    }

    public List<Advisory> submitPackage(JsonObject jsonObject) throws SearchException, IOException {
        String str = null;
        if (this.cache != null) {
            str = Checksum.getSHA256Checksum(jsonObject.toString());
            List<Advisory> list = this.cache.get(str);
            if (list != null) {
                LOGGER.debug("cache hit for node audit: " + str);
                return list;
            }
        }
        return submitPackage(jsonObject, str, 0);
    }

    /* JADX WARN: Type inference failed for: r0v27, types: [java.io.OutputStream, java.io.BufferedOutputStream, java.io.InputStream] */
    private List<Advisory> submitPackage(JsonObject jsonObject, String str, int i) throws SearchException, IOException {
        try {
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("----------------------------------------");
                LOGGER.trace("Node Audit Payload:");
                LOGGER.trace(jsonObject.toString());
                LOGGER.trace("----------------------------------------");
                LOGGER.trace("----------------------------------------");
            }
            byte[] bytes = jsonObject.toString().getBytes(StandardCharsets.UTF_8);
            HttpURLConnection createHttpURLConnection = new URLConnectionFactory(this.settings).createHttpURLConnection(this.nodeAuditUrl, this.useProxy);
            createHttpURLConnection.setDoOutput(true);
            createHttpURLConnection.setDoInput(true);
            createHttpURLConnection.setRequestMethod("POST");
            createHttpURLConnection.setRequestProperty("user-agent", "npm/6.1.0 node/v10.5.0 linux x64");
            createHttpURLConnection.setRequestProperty("npm-in-ci", "false");
            createHttpURLConnection.setRequestProperty("npm-scope", "");
            createHttpURLConnection.setRequestProperty("npm-session", generateRandomSession());
            createHttpURLConnection.setRequestProperty("content-type", "application/json");
            createHttpURLConnection.setRequestProperty("Content-Length", Integer.toString(bytes.length));
            createHttpURLConnection.connect();
            ?? bufferedOutputStream = new BufferedOutputStream(createHttpURLConnection.getOutputStream());
            Throwable th = null;
            try {
                try {
                    bufferedOutputStream.write(bytes);
                    bufferedOutputStream.flush();
                    if (bufferedOutputStream != 0) {
                        if (0 != 0) {
                            try {
                                bufferedOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedOutputStream.close();
                        }
                    }
                    switch (createHttpURLConnection.getResponseCode()) {
                        case 200:
                            try {
                                try {
                                    BufferedInputStream bufferedInputStream = new BufferedInputStream(createHttpURLConnection.getInputStream());
                                    Throwable th3 = null;
                                    JsonReader createReader = Json.createReader(bufferedInputStream);
                                    Throwable th4 = null;
                                    try {
                                        try {
                                            List<Advisory> parse = new NpmAuditParser().parse(new JSONObject(createReader.readObject().toString()));
                                            if (this.cache != null) {
                                                this.cache.put(str, parse);
                                            }
                                            if (createReader != null) {
                                                if (0 != 0) {
                                                    try {
                                                        createReader.close();
                                                    } catch (Throwable th5) {
                                                        th4.addSuppressed(th5);
                                                    }
                                                } else {
                                                    createReader.close();
                                                }
                                            }
                                            if (bufferedInputStream != null) {
                                                if (0 != 0) {
                                                    try {
                                                        bufferedInputStream.close();
                                                    } catch (Throwable th6) {
                                                        th3.addSuppressed(th6);
                                                    }
                                                } else {
                                                    bufferedInputStream.close();
                                                }
                                            }
                                            return parse;
                                        } finally {
                                        }
                                    } catch (Throwable th7) {
                                        if (createReader != null) {
                                            if (th4 != null) {
                                                try {
                                                    createReader.close();
                                                } catch (Throwable th8) {
                                                    th4.addSuppressed(th8);
                                                }
                                            } else {
                                                createReader.close();
                                            }
                                        }
                                        throw th7;
                                    }
                                } catch (Exception e) {
                                    LOGGER.debug("Error connecting to Node Audit API. Error: {}", e.getMessage());
                                    throw new SearchException("Could not connect to Node Audit API: " + e.getMessage(), e);
                                }
                            } catch (Throwable th9) {
                                if (bufferedOutputStream != 0) {
                                    if (0 != 0) {
                                        try {
                                            bufferedOutputStream.close();
                                        } catch (Throwable th10) {
                                            th.addSuppressed(th10);
                                        }
                                    } else {
                                        bufferedOutputStream.close();
                                    }
                                }
                                throw th9;
                            }
                        case 400:
                            LOGGER.debug("Invalid payload submitted to Node Audit API. Received response code: {} {}", Integer.valueOf(createHttpURLConnection.getResponseCode()), createHttpURLConnection.getResponseMessage());
                            throw new SearchException("Could not perform Node Audit analysis. Invalid payload submitted to Node Audit API.");
                        case 503:
                            LOGGER.debug("Node Audit API returned `{} {}` - retrying request.", Integer.valueOf(createHttpURLConnection.getResponseCode()), createHttpURLConnection.getResponseMessage());
                            if (i >= 5) {
                                throw new SearchException("Could not perform Node Audit analysis - service returned a 503.");
                            }
                            int i2 = i + 1;
                            try {
                                Thread.sleep(1500 * i2);
                                return submitPackage(jsonObject, str, i2);
                            } catch (InterruptedException e2) {
                                Thread.currentThread().interrupt();
                                throw new UnexpectedAnalysisException(e2);
                            }
                        default:
                            LOGGER.debug("Could not connect to Node Audit API. Received response code: {} {}", Integer.valueOf(createHttpURLConnection.getResponseCode()), createHttpURLConnection.getResponseMessage());
                            throw new IOException("Could not connect to Node Audit API");
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e3) {
            if (e3 instanceof SSLHandshakeException) {
            }
            throw e3;
        }
        if ((e3 instanceof SSLHandshakeException) || !e3.getMessage().contains("unable to find valid certification path to requested target")) {
            throw e3;
        }
        throw new URLConnectionFailureException(String.format("Unable to connect to '%s' - the Java trust store does not contain a trusted root for the cert.  Please see https://github.com/jeremylong/InstallCert for one method of updating the trusted certificates.", this.nodeAuditUrl), e3);
    }

    private String generateRandomSession() {
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        while (sb.length() < 16) {
            sb.append(Integer.toHexString(secureRandom.nextInt()));
        }
        return sb.toString().substring(0, 16);
    }
}
