package com.metaeffekt.artifact.analysis.diffmerge;

import com.google.common.collect.Maps;
import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.stream.Stream;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData;
import org.metaeffekt.core.inventory.processor.reader.InventoryReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;

/* loaded from: input_file:com/metaeffekt/artifact/analysis/diffmerge/VulnerabilityDiffer.class */
public class VulnerabilityDiffer {
    private static final Logger LOG = LoggerFactory.getLogger(VulnerabilityDiffer.class);
    private static final String NA = "n/a";
    private final Inventory inventory1;
    private final Inventory inventory2;

    private VulnerabilityDiffer(Inventory inventory, Inventory inventory2) {
        this.inventory1 = inventory;
        this.inventory2 = inventory2;
    }

    public static VulnerabilityDiffer fromInventories(Inventory inventory, Inventory inventory2) {
        return new VulnerabilityDiffer(inventory, inventory2);
    }

    public static VulnerabilityDiffer fromFiles(Collection<File> collection, Collection<File> collection2) throws IOException {
        return new VulnerabilityDiffer(mergeInventories(readInventoriesIntoContext(collection)), mergeInventories(readInventoriesIntoContext(collection2)));
    }

    public static VulnerabilityDiffer fromMultipleInventories(Collection<Inventory> collection, Collection<Inventory> collection2) {
        HashMap newHashMap = Maps.newHashMap();
        Iterator<Inventory> it = collection.iterator();
        while (it.hasNext()) {
            newHashMap.put(it.next(), "inventory-" + newHashMap.size());
        }
        HashMap newHashMap2 = Maps.newHashMap();
        Iterator<Inventory> it2 = collection2.iterator();
        while (it2.hasNext()) {
            newHashMap2.put(it2.next(), "inventory-" + newHashMap2.size());
        }
        return new VulnerabilityDiffer(mergeInventories(newHashMap), mergeInventories(newHashMap2));
    }

    public static VulnerabilityDiffer empty() {
        return new VulnerabilityDiffer(null, null);
    }

    public DiffResult createDiffFromMergedInventories() {
        return createResult(findAndMergeDiffVulnerabilities(this.inventory1, this.inventory2), findAndMergeDiffVulnerabilities(this.inventory2, this.inventory1));
    }

    private Inventory findAndMergeDiffVulnerabilities(Inventory inventory, Inventory inventory2) {
        Inventory inventory3 = new Inventory();
        HashSet<String> hashSet = new HashSet();
        appendVulnerabilityIdentifiers(inventory, hashSet);
        appendVulnerabilityIdentifiers(inventory2, hashSet);
        for (String str : hashSet) {
            VulnerabilityMetaData findVulnerability = findVulnerability(inventory, str);
            VulnerabilityMetaData findVulnerability2 = findVulnerability(inventory2, str);
            VulnerabilityMetaData vulnerabilityMetaData = new VulnerabilityMetaData();
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.NAME, str);
            if (!appendStatusDifference(findVulnerability, findVulnerability2, vulnerabilityMetaData)) {
                try {
                    appendCvssScores(findVulnerability, findVulnerability2, vulnerabilityMetaData);
                    appendMatchingCpes(findVulnerability, findVulnerability2, vulnerabilityMetaData);
                } catch (Exception e) {
                    LOG.error("Error while processing vulnerability: {}", str, e);
                }
                inventory3.getVulnerabilityMetaData().add(vulnerabilityMetaData);
            }
        }
        return inventory3;
    }

    private boolean appendStatusDifference(VulnerabilityMetaData vulnerabilityMetaData, VulnerabilityMetaData vulnerabilityMetaData2, VulnerabilityMetaData vulnerabilityMetaData3) {
        boolean z = vulnerabilityMetaData != null;
        boolean z2 = vulnerabilityMetaData2 != null;
        String str = z ? vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.STATUS) : null;
        String str2 = z2 ? vulnerabilityMetaData2.get(VulnerabilityMetaData.Attribute.STATUS) : null;
        if (str == null && z) {
            vulnerabilityMetaData3.set(VulnerabilityMetaData.Attribute.STATUS, "in review");
        } else {
            vulnerabilityMetaData3.set(VulnerabilityMetaData.Attribute.STATUS, str);
        }
        if (str2 == null && z2) {
            vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_NEW_STATUS.getKey(), "in review");
        } else {
            vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_NEW_STATUS.getKey(), str2);
        }
        if (!z && !z2) {
            throw new IllegalStateException("Vulnerability must be contained in at least one reference inventory: " + vulnerabilityMetaData3.get(VulnerabilityMetaData.Attribute.NAME));
        }
        if (z && !z2) {
            if (str == null) {
                vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_STATUS_CHANGE.getKey(), VulnerabilityStatusDiff.REMOVED.getKey());
            } else {
                vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_STATUS_CHANGE.getKey(), VulnerabilityStatusDiff.REMOVED_EXPECTED_VOID.getKey());
            }
            vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_NEW_STATUS.getKey(), NA);
            return false;
        }
        if (z) {
            VulnerabilityStatusDiff deriveStatusChangeIdentifier = VulnerabilityStatusDiff.deriveStatusChangeIdentifier(str, str2);
            vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_STATUS_CHANGE.getKey(), deriveStatusChangeIdentifier.getKey());
            return deriveStatusChangeIdentifier.equals(VulnerabilityStatusDiff.NO_CHANGE);
        }
        vulnerabilityMetaData3.set(InventoryAttribute.VULNERABILITY_DIFF_STATUS_CHANGE.getKey(), VulnerabilityStatusDiff.NEW.getKey());
        vulnerabilityMetaData3.set(VulnerabilityMetaData.Attribute.STATUS, NA);
        return false;
    }

    private void appendCvssScores(VulnerabilityMetaData vulnerabilityMetaData, VulnerabilityMetaData vulnerabilityMetaData2, VulnerabilityMetaData vulnerabilityMetaData3) {
        Vulnerability fromVulnerabilityMetaData = Vulnerability.fromVulnerabilityMetaData(vulnerabilityMetaData);
        Vulnerability fromVulnerabilityMetaData2 = Vulnerability.fromVulnerabilityMetaData(vulnerabilityMetaData2);
        if (fromVulnerabilityMetaData == null && fromVulnerabilityMetaData2 == null) {
            LOG.warn("Vulnerability {} is not defined in either before or after inventories", vulnerabilityMetaData3.get(VulnerabilityMetaData.Attribute.NAME));
            return;
        }
        Vulnerability fromVulnerabilityMetaData3 = Vulnerability.fromVulnerabilityMetaData(vulnerabilityMetaData3);
        if (fromVulnerabilityMetaData != null) {
            fromVulnerabilityMetaData3.getCvssVectors().addAllCvssVectors(fromVulnerabilityMetaData.getCvssVectors());
        }
        if (fromVulnerabilityMetaData2 != null) {
            fromVulnerabilityMetaData3.getCvssVectors().addAllCvssVectors(fromVulnerabilityMetaData2.getCvssVectors());
        }
        vulnerabilityMetaData3.getAttributes().clear();
        fromVulnerabilityMetaData3.appendToBaseModel(vulnerabilityMetaData3);
    }

    private void appendMatchingCpes(VulnerabilityMetaData vulnerabilityMetaData, VulnerabilityMetaData vulnerabilityMetaData2, VulnerabilityMetaData vulnerabilityMetaData3) {
        vulnerabilityMetaData3.set(VulnerabilityMetaData.Attribute.PRODUCT_URIS.getKey(), CommonEnumerationUtil.toCpe22UriOrFallbackToCpe23FS(CommonEnumerationUtil.distinctAndSortedWithWildcards((Collection<Cpe>[]) new Collection[]{CommonEnumerationUtil.parseEffectiveCpe(vulnerabilityMetaData), CommonEnumerationUtil.parseEffectiveCpe(vulnerabilityMetaData2)})));
    }

    private void appendVulnerabilityIdentifiers(Inventory inventory, Collection<String> collection) {
        Stream map = inventory.getVulnerabilityMetaData().stream().map(vulnerabilityMetaData -> {
            return vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.NAME);
        });
        collection.getClass();
        map.forEach((v1) -> {
            r1.add(v1);
        });
    }

    public static VulnerabilityMetaData findVulnerability(Inventory inventory, String str) {
        return (VulnerabilityMetaData) inventory.getVulnerabilityMetaData().stream().filter(vulnerabilityMetaData -> {
            return vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.NAME).equals(str);
        }).findFirst().orElse(null);
    }

    private DiffResult createResult(Inventory inventory, Inventory inventory2) {
        return new DiffResult(this.inventory1, this.inventory2, inventory, inventory2);
    }

    private static Map<Inventory, String> readInventoriesIntoContext(Collection<File> collection) throws IOException {
        HashMap newHashMap = Maps.newHashMap();
        for (File file : collection) {
            if (file == null || !file.exists()) {
                throw new FileNotFoundException("Inventory file does not exist: " + file);
            }
            newHashMap.put(new InventoryReader().readInventory(file), file.getName().replace(".xls", ""));
        }
        return newHashMap;
    }

    private static Inventory mergeInventories(Map<Inventory, String> map) {
        Inventory inventory = new Inventory();
        InventoryMerger inventoryMerger = new InventoryMerger(inventory);
        for (Map.Entry<Inventory, String> entry : map.entrySet()) {
            inventoryMerger.addReferenceInventory(entry.getKey(), entry.getValue());
        }
        inventoryMerger.includeVulnerabilities();
        inventoryMerger.includeAdvisories();
        return inventory;
    }
}
