package com.metaeffekt.mirror.download.nvd;

import com.metaeffekt.artifact.analysis.utils.FileUtils;
import com.metaeffekt.artifact.analysis.utils.TimeUtils;
import com.metaeffekt.mirror.Retry;
import com.metaeffekt.mirror.download.Download;
import com.metaeffekt.mirror.download.ResourceLocation;
import com.metaeffekt.mirror.download.documentation.MirrorMetadata;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MirrorMetadata(directoryName = "nvd", mavenPropertyName = "nvdCveDownload")
/* loaded from: input_file:com/metaeffekt/mirror/download/nvd/NvdCveApiDownload.class */
public class NvdCveApiDownload extends Download {
    private static final Logger LOG = LoggerFactory.getLogger(NvdCveApiDownload.class);
    private static final SimpleDateFormat ISO_8601_DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    private static final int API_DELAY_BETWEEN_AUTHORIZED_REQUESTS = 600;
    private static final int API_DELAY_BETWEEN_UNAUTHORIZED_REQUESTS = 6400;
    private String apiKey;

    /* loaded from: input_file:com/metaeffekt/mirror/download/nvd/NvdCveApiDownload$ResourceLocationNvd.class */
    public enum ResourceLocationNvd implements ResourceLocation {
        CVE_API_LIST_ALL("https://services.nvd.nist.gov/rest/json/cves/2.0?startIndex=%d"),
        CVE_API_START_END_DATE("https://services.nvd.nist.gov/rest/json/cves/2.0/?startIndex=%d&lastModStartDate=%s&lastModEndDate=%s");

        private final String defaultValue;

        ResourceLocationNvd(String str) {
            this.defaultValue = str;
        }

        @Override // com.metaeffekt.mirror.download.ResourceLocation
        public String getDefault() {
            return this.defaultValue;
        }
    }

    public NvdCveApiDownload(File file) {
        super(file, NvdCveApiDownload.class);
    }

    public NvdCveApiDownload setApiKey(String str) {
        this.apiKey = str;
        return this;
    }

    @Override // com.metaeffekt.mirror.download.Download
    protected void performDownload() {
        boolean isFullMirrorRequired = isFullMirrorRequired();
        if (isFullMirrorRequired) {
            clearDownload();
            LOG.info("Downloading initial NVD data from NVD API");
        } else {
            LOG.info("Existing mirror detected. Downloading incremental NVD data from NVD API");
        }
        LOG.info("Requests {} be authorized with an API key, delay between requests [{}]", this.apiKey == null ? "will not" : "will", TimeUtils.formatTimeDiff(this.apiKey == null ? 6400L : 600L));
        Date date = new Date(getDownloadDirectoryLastModified());
        Date date2 = new Date(TimeUtils.utcNow());
        int i = 0;
        ArrayList arrayList = new ArrayList();
        while (true) {
            long currentTimeMillis = System.currentTimeMillis();
            int i2 = i;
            AtomicReference atomicReference = new AtomicReference();
            new Retry(() -> {
                if (isFullMirrorRequired) {
                    atomicReference.set(downloadCvePage(i2));
                } else {
                    atomicReference.set(downloadCvePage(i2, date, date2));
                }
            }).withDelay(API_DELAY_BETWEEN_UNAUTHORIZED_REQUESTS).onException(Exception.class).retryCount(8).run();
            int i3 = ((JSONObject) atomicReference.get()).getInt("totalResults");
            int i4 = ((JSONObject) atomicReference.get()).getInt("resultsPerPage");
            i += i4;
            if (i3 == 0) {
                LOG.info("No CVEs found for the given range.");
                break;
            }
            LOG.info("Downloaded CVEs [{}] to [{}] of [{}] [{} %]", new Object[]{Integer.valueOf(i - i4), Integer.valueOf(i), Integer.valueOf(i3), Integer.valueOf((i * 100) / i3)});
            arrayList.add(((JSONObject) atomicReference.get()).getJSONArray("vulnerabilities"));
            if (arrayList.size() >= 10) {
                processApiCveItems(mergeCveItems(arrayList));
                arrayList.clear();
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (i >= i3) {
                break;
            }
            try {
                long j = (this.apiKey == null ? API_DELAY_BETWEEN_UNAUTHORIZED_REQUESTS : API_DELAY_BETWEEN_AUTHORIZED_REQUESTS) - currentTimeMillis2;
                if (j > 0) {
                    LOG.info("Sleeping for [{}] to avoid rate limit", TimeUtils.formatTimeDiff(j));
                    Thread.sleep(j);
                }
            } catch (InterruptedException e) {
            }
        }
        if (arrayList.size() > 0) {
            processApiCveItems(mergeCveItems(arrayList));
        }
        LOG.info("Finished processing all CVEs");
    }

    private void processApiCveItems(JSONArray jSONArray) {
        Map<Integer, JSONArray> sortCvesIntoYears = sortCvesIntoYears(jSONArray);
        LOG.info("Processing CVE data from years: [{}]", sortCvesIntoYears.entrySet().stream().sorted(Map.Entry.comparingByValue(Comparator.comparing((v0) -> {
            return v0.length();
        }).reversed())).map(entry -> {
            return entry.getKey() + " = " + ((JSONArray) entry.getValue()).length();
        }).collect(Collectors.joining("; ")));
        for (Map.Entry<Integer, JSONArray> entry2 : sortCvesIntoYears.entrySet()) {
            int intValue = entry2.getKey().intValue();
            JSONArray mergeCveItems = mergeCveItems(Arrays.asList(entry2.getValue(), parseCveItemsFromDownloadedYear(intValue)));
            File file = new File(this.downloadIntoDirectory, intValue + ".json");
            try {
                FileUtils.write(file, mergeCveItems.toString(), StandardCharsets.UTF_8);
            } catch (IOException e) {
                throw new RuntimeException("Unable to write NVD CVE year file " + file.getAbsolutePath(), e);
            }
        }
    }

    private JSONArray mergeCveItems(Collection<JSONArray> collection) {
        JSONArray jSONArray = new JSONArray();
        HashSet hashSet = new HashSet();
        for (JSONArray jSONArray2 : collection) {
            for (int i = 0; i < jSONArray2.length(); i++) {
                JSONObject jSONObject = jSONArray2.getJSONObject(i).has("cve") ? jSONArray2.getJSONObject(i).getJSONObject("cve") : jSONArray2.getJSONObject(i);
                if (hashSet.add(jSONObject.getString("id"))) {
                    jSONArray.put(jSONObject);
                }
            }
        }
        return jSONArray;
    }

    private Map<Integer, JSONArray> sortCvesIntoYears(JSONArray jSONArray) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            ((JSONArray) hashMap.computeIfAbsent(Integer.valueOf(Integer.parseInt((jSONObject.has("cve") ? jSONObject.getJSONObject("cve") : jSONObject).getString("id").substring(4, 8))), num -> {
                return new JSONArray();
            })).put(jSONObject);
        }
        return hashMap;
    }

    private JSONArray parseCveItemsFromDownloadedYear(int i) {
        File file = new File(this.downloadIntoDirectory, i + ".json");
        if (!file.exists()) {
            return new JSONArray();
        }
        try {
            return new JSONArray(FileUtils.readFileToString(file, StandardCharsets.UTF_8));
        } catch (IOException e) {
            throw new RuntimeException("Unable to read NVD CVE year file " + file.getAbsolutePath(), e);
        }
    }

    private JSONObject downloadCvePage(int i) {
        URL remoteResourceLocationUrl = super.getRemoteResourceLocationUrl(ResourceLocationNvd.CVE_API_LIST_ALL, Integer.valueOf(i));
        List<String> fetchResponseBodyFromUrlAsList = this.downloader.fetchResponseBodyFromUrlAsList(remoteResourceLocationUrl, Collections.singletonMap("apiKey", this.apiKey));
        try {
            return new JSONObject(String.join("", fetchResponseBodyFromUrlAsList));
        } catch (JSONException e) {
            throw new RuntimeException("Unable to parse NVD CVE API response: " + fetchResponseBodyFromUrlAsList + "\nRequest URL: " + remoteResourceLocationUrl, e);
        }
    }

    private JSONObject downloadCvePage(int i, Date date, Date date2) {
        if (date2.getTime() - date.getTime() > 10368000000L) {
            throw new IllegalArgumentException("Difference between lastModStartDate and lastModEndDate must not be greater than 120 days");
        }
        URL remoteResourceLocationUrl = super.getRemoteResourceLocationUrl(ResourceLocationNvd.CVE_API_START_END_DATE, Integer.valueOf(i), ISO_8601_DATE_FORMAT.format(date), ISO_8601_DATE_FORMAT.format(date2));
        List<String> fetchResponseBodyFromUrlAsList = this.downloader.fetchResponseBodyFromUrlAsList(remoteResourceLocationUrl, Collections.singletonMap("apiKey", this.apiKey));
        try {
            return new JSONObject(String.join("", fetchResponseBodyFromUrlAsList));
        } catch (JSONException e) {
            throw new RuntimeException("Unable to parse NVD CVE API response: " + fetchResponseBodyFromUrlAsList + "\nRequest URL: " + remoteResourceLocationUrl, e);
        }
    }

    private boolean isFullMirrorRequired() {
        File[] listFiles = this.downloadIntoDirectory.listFiles();
        if (listFiles == null) {
            LOG.info("No CVE JSON files found in download directory, performing full mirror");
            return true;
        }
        List list = (List) Arrays.stream(listFiles).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
        if (list.stream().noneMatch(str -> {
            return str.endsWith(".json");
        })) {
            LOG.info("No CVE JSON files found in download directory, performing full mirror");
            return true;
        }
        int i = Calendar.getInstance().get(1) - 1;
        for (int i2 = 1999; i2 <= i; i2++) {
            if (!list.contains(i2 + ".json")) {
                LOG.info("Missing CVE JSON file for year [{}], performing full mirror", Integer.valueOf(i2));
                return true;
            }
        }
        if (!super.isUpdatedAgeOlderThan(getDownloadDirectoryLastModified(), 10368000000L)) {
            return false;
        }
        LOG.info("Download directory last modified date is older than 120 days, performing full mirror");
        return true;
    }

    @Override // com.metaeffekt.mirror.download.Download
    protected boolean additionalIsDownloadRequired() {
        if (isFullMirrorRequired()) {
            return true;
        }
        JSONObject downloadCvePage = downloadCvePage(0, new Date(getDownloadDirectoryLastModified()), new Date(TimeUtils.utcNow()));
        if (!downloadCvePage.has("totalResults") || downloadCvePage.getInt("totalResults") <= 0) {
            return false;
        }
        LOG.info("NVD CVE API reports [{}] new/changed CVEs since last download", Integer.valueOf(downloadCvePage.getInt("totalResults")));
        return true;
    }

    @Override // com.metaeffekt.mirror.download.Download
    public void setRemoteResourceLocation(String str, String str2) {
        super.setRemoteResourceLocation(ResourceLocationNvd.valueOf(str), str2);
    }
}
