package com.metaeffekt.artifact.enrichment.validation.validators;

import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.validation.VulnerabilityInventoryValidator;
import com.metaeffekt.artifact.enrichment.validation.reason.InventoryValidationReason;
import com.metaeffekt.artifact.enrichment.validation.reason.ReasonIdentifier;
import com.metaeffekt.artifact.terms.model.NormalizationMetaData;
import com.metaeffekt.mirror.query.NvdCpeApiIndexQuery;
import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.metaeffekt.core.inventory.processor.model.AbstractModelBase;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.exceptions.CpeValidationException;

/* loaded from: input_file:com/metaeffekt/artifact/enrichment/validation/validators/ArtifactAndCpeVersionsDifferGreatlyInventoryValidator.class */
public class ArtifactAndCpeVersionsDifferGreatlyInventoryValidator extends VulnerabilityInventoryValidator {
    private static final Logger log = LoggerFactory.getLogger(ArtifactAndCpeVersionsDifferGreatlyInventoryValidator.class);
    private NvdCpeApiIndexQuery nvdCpeApiIndexQuery;

    @Override // com.metaeffekt.artifact.enrichment.validation.InventoryValidator
    public void beforeValidation(File file) {
        super.beforeValidation(file);
        this.nvdCpeApiIndexQuery = new NvdCpeApiIndexQuery(file);
    }

    @Override // com.metaeffekt.artifact.enrichment.validation.VulnerabilityInventoryValidator
    public List<InventoryValidationReason> validate(Inventory inventory, VulnerabilityMetaData vulnerabilityMetaData) {
        ArrayList arrayList = new ArrayList();
        if (this.nvdCpeApiIndexQuery == null) {
            log.warn("NVD CPE API index query is not initialized, will use only the versions known on the data.");
        }
        List<Artifact> artifacts = getArtifacts(inventory, vulnerabilityMetaData);
        List<Cpe> parseCpe = CommonEnumerationUtil.parseCpe((AbstractModelBase) vulnerabilityMetaData, VulnerabilityMetaData.Attribute.PRODUCT_URIS.getKey());
        HashMap hashMap = new HashMap();
        for (Cpe cpe : parseCpe) {
            ((List) hashMap.computeIfAbsent(buildCacheCpe(cpe), cpe2 -> {
                return new ArrayList();
            })).addAll((List) ((Set) (this.nvdCpeApiIndexQuery == null ? Collections.singletonList(cpe) : this.nvdCpeApiIndexQuery.findByCpeUri(cpe)).stream().map((v0) -> {
                return v0.getVersion();
            }).collect(Collectors.toSet())).stream().map(this::extractMajorVersion).filter((v0) -> {
                return Objects.nonNull(v0);
            }).sorted(this::majorVersionComparator).distinct().collect(Collectors.toList()));
        }
        for (Artifact artifact : artifacts) {
            String extractMajorVersion = extractMajorVersion(artifact.getVersion());
            if (extractMajorVersion != null) {
                List<Cpe> parseCpe2 = CommonEnumerationUtil.parseCpe((AbstractModelBase) artifact, InventoryAttribute.MATCHED_CPES.getKey());
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                LinkedHashSet linkedHashSet2 = new LinkedHashSet();
                for (Cpe cpe3 : parseCpe) {
                    boolean z = false;
                    Iterator<Cpe> it = parseCpe2.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Cpe next = it.next();
                        if (Objects.equals(next.getVendor(), cpe3.getVendor()) && Objects.equals(next.getProduct(), cpe3.getProduct()) && Objects.equals(next.getPart(), cpe3.getPart())) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                        List list = (List) hashMap.get(buildCacheCpe(cpe3));
                        if (list == null) {
                            log.warn("No CPE major versions found for CPE [{}], even though it was matched by artifact [{}] with major version [{}]", new Object[]{cpe3, artifact.getId(), extractMajorVersion});
                        } else if (!list.contains(extractMajorVersion) && (list.size() != 1 || !list.contains("*"))) {
                            linkedHashSet.add(extractMajorVersion);
                            linkedHashSet2.add(cpe3);
                        }
                    }
                }
                if (!linkedHashSet.isEmpty()) {
                    arrayList.add(new InventoryValidationReason(vulnerabilityMetaData, ReasonIdentifier.ARTIFACT_AND_CPE_VERSIONS_DIFFER_GREATLY, "Artifact [" + artifact.getId() + "] with major version [" + extractMajorVersion + "] is not present in any CPE major version: " + ((String) linkedHashSet2.stream().map(cpe4 -> {
                        return CommonEnumerationUtil.toCpe22UriOrFallbackToCpe23FS(cpe4) + NormalizationMetaData.STRING_WHITESPACE + hashMap.get(cpe4);
                    }).collect(Collectors.joining(", ")))));
                }
            }
        }
        return arrayList;
    }

    private Cpe buildCacheCpe(Cpe cpe) {
        try {
            return CommonEnumerationUtil.builder().from(cpe).keepOnlyPartVendorProduct().build();
        } catch (CpeValidationException e) {
            log.warn("Failed to build key CPE for CPE [{}], using itself instead of part:v:p-only CPE: {}", cpe, e.getMessage());
            return cpe;
        }
    }

    private int majorVersionComparator(String str, String str2) {
        return Integer.compare(numericalCompareVersion(str), numericalCompareVersion(str2));
    }

    private int numericalCompareVersion(String str) {
        if (str.equals("*")) {
            return Integer.MIN_VALUE;
        }
        if (str.equals("-")) {
            return -2147483647;
        }
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            return 0;
        }
    }

    private List<Artifact> getArtifacts(Inventory inventory, VulnerabilityMetaData vulnerabilityMetaData) {
        return (List) inventory.getArtifacts().stream().filter(artifact -> {
            return InventoryEnricher.splitVulnerabilitiesCsv(artifact.getVulnerability()).contains(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.NAME));
        }).collect(Collectors.toList());
    }

    private String extractMajorVersion(String str) {
        if (str != null) {
            return str.split("\\.")[0];
        }
        return null;
    }

    @Override // com.metaeffekt.artifact.enrichment.validation.InventoryValidator
    public String getValidatorName() {
        return "Artifact and CPE versions differ greatly";
    }

    @Override // com.metaeffekt.artifact.enrichment.validation.InventoryValidator
    public LinkedHashMap<String, Object> getProperties() {
        return super.getProperties();
    }

    @Override // com.metaeffekt.artifact.enrichment.validation.InventoryValidator
    public void setProperties(LinkedHashMap<String, Object> linkedHashMap) {
    }
}
