package org.eclipse.steady.java.bytecode;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.zip.ZipException;
import org.eclipse.jdt.internal.compiler.util.SuffixConstants;
import org.eclipse.steady.backend.BackendConnectionException;
import org.eclipse.steady.backend.BackendConnector;
import org.eclipse.steady.core.util.CoreConfiguration;
import org.eclipse.steady.goals.GoalContext;
import org.eclipse.steady.java.JavaId;
import org.eclipse.steady.java.sign.ASTConstructBodySignature;
import org.eclipse.steady.java.sign.ASTSignatureChange;
import org.eclipse.steady.java.sign.gson.ASTSignatureChangeDeserializer;
import org.eclipse.steady.repackaged.com.fasterxml.jackson.databind.deser.std.StdDeserializer;
import org.eclipse.steady.repackaged.org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.eclipse.steady.repackaged.org.apache.commons.io.IOUtils;
import org.eclipse.steady.repackaged.org.apache.logging.log4j.LogManager;
import org.eclipse.steady.repackaged.org.apache.logging.log4j.Logger;
import org.eclipse.steady.shared.enums.AffectedVersionSource;
import org.eclipse.steady.shared.enums.ConstructChangeType;
import org.eclipse.steady.shared.enums.ConstructType;
import org.eclipse.steady.shared.json.JacksonUtil;
import org.eclipse.steady.shared.json.JsonBuilder;
import org.eclipse.steady.shared.json.model.AffectedLibrary;
import org.eclipse.steady.shared.json.model.Bug;
import org.eclipse.steady.shared.json.model.ConstructChange;
import org.eclipse.steady.shared.json.model.Library;
import org.eclipse.steady.shared.json.model.LibraryId;

/* loaded from: input_file:org/eclipse/steady/java/bytecode/BytecodeComparator.class */
public class BytecodeComparator {
    private static final Logger log = LogManager.getLogger((Class<?>) BytecodeComparator.class);
    private GoalContext context;
    private Map<Class<?>, StdDeserializer<?>> custom_deserializers;

    public BytecodeComparator() {
        this(null);
    }

    public BytecodeComparator(GoalContext goalContext) {
        this.custom_deserializers = new HashMap();
        this.custom_deserializers.put(ASTSignatureChange.class, new ASTSignatureChangeDeserializer());
        this.context = goalContext;
    }

    public void compareLibForBug(Library library, String str, Path path) throws BackendConnectionException, IOException {
        ASTConstructBodySignature aSTConstructBodySignature;
        boolean z = false;
        boolean z2 = false;
        HashSet hashSet = new HashSet();
        Bug bug = BackendConnector.getInstance().getBug(this.context, str);
        ArrayList<AffectedLibrary> arrayList = new ArrayList();
        for (AffectedVersionSource affectedVersionSource : AffectedVersionSource.values()) {
            if (!affectedVersionSource.equals(AffectedVersionSource.TO_REVIEW)) {
                AffectedLibrary[] bugAffectedLibraries = BackendConnector.getInstance().getBugAffectedLibraries(this.context, str, affectedVersionSource.toString(), true);
                arrayList.addAll(Arrays.asList(bugAffectedLibraries));
                log.debug("Existing [" + bugAffectedLibraries.length + "] affected libraries in backend for source [" + affectedVersionSource.toString() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
        for (AffectedLibrary affectedLibrary : arrayList) {
            if (affectedLibrary.getLib() != null && affectedLibrary.getLib().getDigest().equals(library.getDigest())) {
                return;
            }
        }
        bug.setAffectedVersions(arrayList);
        try {
            JarFile jarFile = new JarFile(path.toFile());
            Iterator<ConstructChange> it = bug.getConstructChanges().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ConstructChange next = it.next();
                if (next.getConstructChangeType().equals(ConstructChangeType.MOD) && (next.getConstructId().getType().equals(ConstructType.CONS) || next.getConstructId().getType().equals(ConstructType.METH))) {
                    JavaId javaId = JavaId.getJavaId(next.getConstructId().getType().toString(), next.getConstructId().getQname());
                    JavaId compilationUnit = JavaId.getCompilationUnit(javaId);
                    Path path2 = null;
                    String str2 = compilationUnit.getQualifiedName().replace('.', '/') + SuffixConstants.SUFFIX_STRING_class;
                    JarEntry jarEntry = (JarEntry) jarFile.getEntry(str2);
                    if (jarEntry != null) {
                        path2 = File.createTempFile(compilationUnit.getQualifiedName(), SuffixConstants.SUFFIX_STRING_class, this.context.getVulasConfiguration().getTmpDir().toFile()).toPath();
                        log.debug("Extract class file to [" + path2.toAbsolutePath() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                        InputStream inputStream = jarFile.getInputStream(jarEntry);
                        try {
                            FileOutputStream fileOutputStream = new FileOutputStream(path2.toFile());
                            try {
                                IOUtils.copy(inputStream, fileOutputStream);
                                fileOutputStream.close();
                                if (inputStream != null) {
                                    inputStream.close();
                                }
                            } catch (Throwable th) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        } finally {
                        }
                    } else {
                        log.warn("Artifact does not contain entry [" + str2 + "] for class [" + compilationUnit.getQualifiedName() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                    }
                    String str3 = null;
                    if (path2 != null && (aSTConstructBodySignature = (ASTConstructBodySignature) CoreConfiguration.getSignatureFactory(JavaId.toSharedType(javaId)).createSignature(JavaId.toSharedType(javaId), path2.toFile())) != null) {
                        str3 = aSTConstructBodySignature.toJson();
                    }
                    if (str3 != null) {
                        ConstructBytecodeASTManager constructBytecodeASTManager = new ConstructBytecodeASTManager(this.context, next.getConstructId().getQname(), next.getRepoPath(), next.getConstructId().getType());
                        for (AffectedLibrary affectedLibrary2 : bug.getAffectedVersions()) {
                            if (affectedLibrary2.getAffected().booleanValue() && affectedLibrary2.getLibraryId() != null) {
                                constructBytecodeASTManager.addVulnLid(affectedLibrary2.getLibraryId());
                            } else if (!affectedLibrary2.getAffected().booleanValue() && affectedLibrary2.getLibraryId() != null) {
                                constructBytecodeASTManager.addFixedLid(affectedLibrary2.getLibraryId());
                            }
                        }
                        Iterator<LibraryId> it2 = constructBytecodeASTManager.getVulnLids().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            LibraryId next2 = it2.next();
                            log.debug(next2.toString());
                            String vulnAst = constructBytecodeASTManager.getVulnAst(next2);
                            if (vulnAst != null) {
                                ASTSignatureChange aSTSignatureChange = (ASTSignatureChange) JacksonUtil.asObject(BackendConnector.getInstance().getAstDiff(this.context, "[" + vulnAst + "," + str3 + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END), this.custom_deserializers, ASTSignatureChange.class);
                                log.debug("size to vulnerable lib " + next2.toString() + " is [" + aSTSignatureChange.getModifications().size() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                                if (aSTSignatureChange.getModifications().size() == 0) {
                                    log.info("Library ID equal to vuln based on AST bytecode comparison with " + next2.toString());
                                    z = true;
                                    hashSet.add(next2);
                                    break;
                                }
                            }
                        }
                        Iterator<LibraryId> it3 = constructBytecodeASTManager.getFixedLids().iterator();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            LibraryId next3 = it3.next();
                            log.debug(next3.toString());
                            String fixedAst = constructBytecodeASTManager.getFixedAst(next3);
                            if (fixedAst != null) {
                                ASTSignatureChange aSTSignatureChange2 = (ASTSignatureChange) JacksonUtil.asObject(BackendConnector.getInstance().getAstDiff(this.context, "[" + fixedAst + "," + str3 + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END), this.custom_deserializers, ASTSignatureChange.class);
                                log.debug("size to fixed lib " + next3.toString() + " is [" + aSTSignatureChange2.getModifications().size() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                                if (aSTSignatureChange2.getModifications().size() == 0) {
                                    log.info("Library ID equal to fix based on AST bytecode comparison with " + next3.toString());
                                    z2 = true;
                                    hashSet.add(next3);
                                    break;
                                }
                            }
                        }
                        if (z && z2) {
                            log.warn("No conclusion taken for vulnerability [" + str + "] in archive [" + library.getDigest() + "]: Construct of change " + next.toString() + " is equal both to a vulnerable and to a fixed archive");
                            break;
                        }
                    } else {
                        continue;
                    }
                }
            }
            jarFile.close();
        } catch (ZipException e) {
            log.error("Error in opening archive [" + path + "]: " + e.getMessage(), (Throwable) e);
        }
        if (!(z ^ z2)) {
            if (z && z2) {
                log.warn("No conclusion taken for bug [" + str + "] in archive [" + library.getDigest() + "]: found equalities both to vulnerable and fixed archive");
                return;
            } else {
                log.warn("No conclusion taken for bug [" + str + "] in archive [" + library.getDigest() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                return;
            }
        }
        log.info("Library with digest [" + library.getDigest() + "] assessed as [" + (z ? "vulnerable" : "non-vulnerable") + "] with regard to bug [" + bug.getBugId() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
        AffectedLibrary affectedLibrary3 = new AffectedLibrary();
        affectedLibrary3.setBugId(bug);
        affectedLibrary3.setLib(library);
        affectedLibrary3.setAffected(Boolean.valueOf(z));
        affectedLibrary3.setExplanation("Same bytecode found in library(ies) [" + hashSet.toString() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
        affectedLibrary3.setSource(AffectedVersionSource.CHECK_CODE);
        JsonBuilder startArray = new JsonBuilder().startArray();
        startArray.appendJsonToArray(JacksonUtil.asJsonString(affectedLibrary3));
        startArray.endArray();
        BackendConnector.getInstance().uploadBugAffectedLibraries(this.context, bug.getBugId(), startArray.getJson(), AffectedVersionSource.CHECK_CODE);
    }
}
