package com.cisco.argento.vulnerabilities;

import com.cisco.argento.core.ArgentoPicoContainer;
import com.cisco.argento.events.ComponentVulnerabilityEvent;
import com.cisco.argento.management.AgentPolicy;
import com.cisco.argento.utils.HandlerUtils;
import com.cisco.mtagent.tenant.MTAgentTenantAPI;
import java.io.File;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import java.util.jar.JarFile;
import lombok.Generated;
import net.bytebuddy.dynamic.ClassFileLocator;
import sun.net.www.protocol.file.FileURLConnection;

/* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/vulnerabilities/VulnerabilityAssessmentCheckLibs.class */
public class VulnerabilityAssessmentCheckLibs {
    private final MTAgentTenantAPI mtAgentTenantAPI;
    private final HandlerUtils handlerUtils;
    private VulnerabilityAssessment va;
    private volatile int threadCount;
    private static final long NANO_CONVERT = 1000000;
    private volatile int skipped;
    private int jarsQueuedToCheck;
    private int jarsSeen;
    private int preScreenedJars;
    private int jarConnectionQueued;
    private int fileConnectionQueued;
    public static final int NOT_EXCLUDED = 0;
    public static final int IS_BOOT_CLASS = 1;
    public static final int IS_MT_AGENT_CLASS = 2;
    public static final int IS_TENANT_CLASS = 3;
    public static final int IS_EXCLUDED_PACKAGE = 4;
    public static final int IS_EXCLUDED_LOADER = 5;
    private StringBuilder lastVulnerabilityTrace = new StringBuilder();
    private volatile int groupCount = 0;
    private int auditCount = 0;
    private List<String> badArchiveTypeList = new ArrayList();

    /* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/vulnerabilities/VulnerabilityAssessmentCheckLibs$ApplicationJar.class */
    public static class ApplicationJar {
        final String name;
        final Map<String, String> manifestMap = new HashMap();
        final List<String> manifestList;
        final List<String> pomList;
        final VulnerabilityAssessmentCheckLibs vaLibs;
        final String enclosedJarName;
        final URL url;
        VulnerabilityAssessmentJarObject jarObject;

        ApplicationJar(VulnerabilityAssessmentCheckLibs vulnerabilityAssessmentCheckLibs, String str, URL url, List<String> list, List<String> list2, String str2) {
            this.name = str;
            this.manifestList = list;
            this.pomList = list2;
            this.vaLibs = vulnerabilityAssessmentCheckLibs;
            this.url = url;
            this.enclosedJarName = str2;
            if (list.size() > 0) {
                processManifest(list.get(0));
            }
        }

        VulnerabilityAssessmentJarObject createJarObjectFromManifest(Class cls, boolean z, HandlerUtils handlerUtils) {
            this.jarObject = new VulnerabilityAssessmentJarObject();
            File file = new File(this.name);
            this.jarObject.loader = cls.getClassLoader() != null ? cls.getClassLoader().getClass().getName() : "Boot";
            this.jarObject.name = file.getAbsolutePath();
            this.jarObject.shortName = file.getName();
            this.jarObject.jarSearch = null;
            this.jarObject.pomList = this.pomList;
            this.jarObject.enclosedJarName = this.enclosedJarName;
            if (this.enclosedJarName != null) {
                this.jarObject.name = this.jarObject.shortName + "@" + this.enclosedJarName;
            }
            int lastIndexOf = this.jarObject.shortName.lastIndexOf("-");
            if (lastIndexOf < 0 || !Character.isDigit(this.jarObject.shortName.charAt(lastIndexOf + 1))) {
                this.jarObject.jarSearch = this.jarObject.shortName;
            } else {
                this.jarObject.jarSearch = this.jarObject.shortName.substring(0, lastIndexOf) + ".jar";
            }
            this.jarObject.dirName = file.getParent();
            new HashMap();
            this.jarObject.manifestList = this.manifestList;
            for (int i = 0; i < this.manifestList.size(); i++) {
                this.jarObject.manifestList.set(i, this.jarObject.manifestList.get(i).replace("%20", " "));
            }
            for (int i2 = 0; i2 < this.pomList.size(); i2++) {
                this.jarObject.pomList.set(i2, this.jarObject.pomList.get(i2).replace("%20", " "));
            }
            this.jarObject.signed = z;
            this.jarObject.description = this.manifestMap.get("Bundle-Description");
            if (this.jarObject.description == null) {
                this.jarObject.description = "None";
            }
            return this.jarObject;
        }

        private void processManifest(String str) {
            String str2 = null;
            for (String str3 : str.split("\n")) {
                String trim = str3.trim();
                if (trim.length() != 0) {
                    String[] split = trim.split(": ");
                    String trim2 = split[0].trim();
                    if (split.length == 2) {
                        this.manifestMap.put(trim2, split[1]);
                        str2 = trim2;
                    } else {
                        this.manifestMap.put(str2, this.manifestMap.get(str2) + trim);
                    }
                }
            }
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("\n\n>>>> JarFile: " + this.name);
            for (String str : this.manifestMap.keySet()) {
                sb.append("\n" + str + ": " + this.manifestMap.get(str));
            }
            return sb.toString();
        }

        @Generated
        public Map<String, String> getManifestMap() {
            return this.manifestMap;
        }

        @Generated
        public List<String> getManifestList() {
            return this.manifestList;
        }

        @Generated
        public List<String> getPomList() {
            return this.pomList;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/vulnerabilities/VulnerabilityAssessmentCheckLibs$VulnerabilityAssessmentJarObject.class */
    public static class VulnerabilityAssessmentJarObject {
        String name;
        String jarSearch;
        String enclosedJarName;
        String shortName;
        String dirName;
        int classes;
        List<String> manifestList;
        String loader;
        boolean signed;
        List<String> pomList;
        long incidentStamp = 0;
        String description = "";
        String jar_sha1 = "None";

        VulnerabilityAssessmentJarObject() {
        }

        public String toResults() {
            StringBuilder sb = new StringBuilder();
            sb.append("Name: " + this.name);
            return sb.toString();
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("\n\n>>> Jar  " + this.name);
            sb.append("\nPath: " + this.name);
            sb.append("\nName: " + this.shortName);
            sb.append("\nLoader: " + this.loader);
            sb.append("\nDirectory: " + this.dirName);
            sb.append("\nClasses: " + this.classes);
            sb.append("\nDescription: " + this.description);
            sb.append("\nManifest: " + this.manifestList);
            sb.append("\nSigned: " + this.signed);
            sb.append("\nSha1: " + this.jar_sha1);
            sb.append("\nPom: " + this.pomList);
            return sb.toString();
        }

        ComponentVulnerabilityEvent createComponentVulnerabilityEvent() {
            String date = this.incidentStamp != 0 ? new Date(this.incidentStamp).toString() : "None";
            return new ComponentVulnerabilityEvent(this.name, this.shortName, this.manifestList, this.pomList, this.description, this.signed, this.jar_sha1);
        }
    }

    /* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/vulnerabilities/VulnerabilityAssessmentCheckLibs$VulnerabilityAssessmentPackageObject.class */
    static class VulnerabilityAssessmentPackageObject {
        String name;
        int classes;
        String jar;

        VulnerabilityAssessmentPackageObject() {
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("\n>>> Package");
            sb.append("\nName: " + this.name);
            sb.append("\nClasses: " + this.classes);
            sb.append("\nJar: " + this.jar);
            return sb.toString();
        }
    }

    public VulnerabilityAssessmentCheckLibs(MTAgentTenantAPI mTAgentTenantAPI, HandlerUtils handlerUtils) {
        this.mtAgentTenantAPI = mTAgentTenantAPI;
        this.handlerUtils = handlerUtils;
    }

    private boolean preScreenJars(Map<String, Boolean> map, Map<String, ApplicationJar> map2, String str) {
        this.preScreenedJars++;
        if (str == null || map.get(str) != null) {
            return false;
        }
        map.put(str, true);
        return (str.startsWith("jrt:/") || str.endsWith(ClassFileLocator.CLASS_FILE_EXTENSION)) ? false : true;
    }

    public int allowClassJar(Class cls, String str, String str2) {
        if (cls.getClassLoader() == null) {
            logAndAuditFirstOnly("Eliminating " + str2 + " as a candidate to scan...it's a boot class...");
            return 1;
        }
        if (this.mtAgentTenantAPI.isMTAgentLoader(cls.getClassLoader())) {
            logAndAuditFirstOnly("Eliminating " + str2 + " as a candidate to scan...it's part of the MT Agent...");
            return 2;
        }
        if (this.mtAgentTenantAPI.isTenantLoader(cls.getClassLoader())) {
            logAndAuditFirstOnly("Eliminating " + str2 + " as a candidate to scan...it's part of the Argento Agent...");
            return 3;
        }
        if (doesMatchSubstring(str, AgentPolicy.getPolicy().getExcludeClass())) {
            logAndAuditFirstOnly("Eliminating " + str2 + " as a candidate to scan...it's an excluded class...");
            return 4;
        }
        if (cls.getClassLoader() == null || !doesMatchSubstring(cls.getClassLoader().getClass().getName(), AgentPolicy.getPolicy().getExcludeLoader())) {
            return 0;
        }
        logAndAuditFirstOnly("Eliminating " + str2 + " as a candidate to scan...it's part of an excluded loader...");
        return 5;
    }

    private boolean doesMatchSubstring(String str, String[] strArr) {
        if (str == null || strArr == null) {
            return false;
        }
        for (String str2 : strArr) {
            if (str2.trim().length() > 0 && str.indexOf(str2) >= 0) {
                return true;
            }
        }
        return false;
    }

    public synchronized List<ComponentVulnerabilityEvent> getApplicationComponentsVulnerabilityList() {
        this.lastVulnerabilityTrace.setLength(0);
        this.va = (VulnerabilityAssessment) ArgentoPicoContainer.getInstance(VulnerabilityAssessment.class);
        this.auditCount++;
        this.jarsQueuedToCheck = 0;
        this.skipped = 0;
        this.jarConnectionQueued = 0;
        this.fileConnectionQueued = 0;
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Class[] allLoadedClasses = this.mtAgentTenantAPI.getInstrumentationHandle().getAllLoadedClasses();
        this.mtAgentTenantAPI.log("Scanning " + allLoadedClasses.length + " classes...and collecting jars to send for Vulnerability Check Backend...");
        logAndAudit("Starting a Vulnerability Assessment Component Scan @ " + new Date().toString());
        List<ComponentVulnerabilityEvent> synchronizedList = Collections.synchronizedList(new ArrayList());
        for (Class cls : allLoadedClasses) {
            evaluateClassJarToQueue(cls, hashMap2, hashMap);
        }
        long j = 0;
        logAndAudit(">>>> Now Queueing jars (" + hashMap.size() + " for a vulnerability check==>");
        for (String str : hashMap.keySet()) {
            this.jarsQueuedToCheck++;
            String str2 = MTAgentTenantAPI.OTEL_NOT_EXIST;
            ApplicationJar applicationJar = hashMap.get(str);
            if (AgentPolicy.isCalculateJarSha1()) {
                try {
                    long nanoTime = System.nanoTime();
                    InputStream inputStream = applicationJar.url.openConnection().getInputStream();
                    str2 = this.mtAgentTenantAPI.calculateSha1(inputStream);
                    j += System.nanoTime() - nanoTime;
                    inputStream.close();
                    applicationJar.jarObject.jar_sha1 = str2;
                } catch (Exception e) {
                    logAndAudit("Could not calculate Sha1 Digest for jar " + applicationJar.name + ", error: " + e);
                }
            }
            logAndAuditFirstOnly("Queueing a vulnerability check for jar " + applicationJar.name + ", short:  " + new File(applicationJar.name).getName() + " , SHA1 Checksum:  " + str2);
            synchronizedList.add(applicationJar.jarObject.createComponentVulnerabilityEvent());
        }
        hashMap.clear();
        this.jarsSeen = hashMap2.size();
        logAndAudit(">>>> Done==>");
        logAndAudit("Done Scanning " + allLoadedClasses.length + " classes");
        logAndAudit("Time spent creating Sha1: " + (j / NANO_CONVERT) + " ms");
        logAndAudit("Found " + synchronizedList.size() + " jars to send for vulnerability check...");
        logAndAudit("Skipped " + this.skipped + " jars because they are Cisco/AppDynamics/specified excluded...");
        logAndAudit("Ending a Vulnerability Assessment Component Scan @ " + new Date().toString());
        return synchronizedList;
    }

    public boolean evaluateClassJarToQueue(Class cls, Map<String, Boolean> map, Map<String, ApplicationJar> map2) {
        URL location;
        if (cls.getProtectionDomain() == null || cls.getProtectionDomain().getCodeSource() == null || cls.getProtectionDomain().getCodeSource().getLocation() == null || (location = cls.getProtectionDomain().getCodeSource().getLocation()) == null) {
            return false;
        }
        return _evaluateClassJarToQueue(location, cls, map, map2);
    }

    private String getArchiveType(String str) {
        int lastIndexOf = str.lastIndexOf(".");
        if (lastIndexOf >= 0) {
            return str.substring(lastIndexOf);
        }
        this.mtAgentTenantAPI.logWarning("Archive type can't be determined for " + str.toString());
        return "Invalid: " + str.toString();
    }

    private boolean trackAndLogBadArchiveTypes(String str) {
        String archiveType = getArchiveType(str);
        if (this.badArchiveTypeList.contains(archiveType)) {
            return false;
        }
        this.badArchiveTypeList.add(archiveType);
        this.mtAgentTenantAPI.logWarning("Adding file type " + archiveType + " to the bad archive type list...");
        return true;
    }

    public boolean _evaluateClassJarToQueue(URL url, Class cls, Map<String, Boolean> map, Map<String, ApplicationJar> map2) {
        String absolutePath;
        JarFile jarFile;
        boolean z = false;
        try {
            URLConnection openConnection = url.openConnection();
            if (openConnection instanceof JarURLConnection) {
                z = true;
                jarFile = ((JarURLConnection) openConnection).getJarFile();
                absolutePath = jarFile.getName();
            } else {
                if (!(openConnection instanceof FileURLConnection)) {
                    return false;
                }
                File file = Paths.get(url.toURI()).toFile();
                if (file.isDirectory()) {
                    return false;
                }
                absolutePath = file.getAbsolutePath();
                jarFile = new JarFile(absolutePath);
            }
            if (!preScreenJars(map, map2, absolutePath)) {
                return false;
            }
            logAndAuditFirstOnly("Looking at jar " + absolutePath + " as a candidate to scan based on class " + cls.getName() + " and loader " + this.mtAgentTenantAPI.getLoaderObjectString(cls.getClassLoader()));
            if (allowClassJar(cls, cls.getName(), absolutePath) != 0) {
                this.skipped++;
                return false;
            }
            try {
                if (z) {
                    this.jarConnectionQueued++;
                } else {
                    this.fileConnectionQueued++;
                }
                queueJarToBeChecked(map2, cls, url, jarFile, absolutePath, null);
                jarFile.close();
                return true;
            } catch (Exception e) {
                this.mtAgentTenantAPI.logWarning("Error opening manifest for jar containing class " + cls.getName() + " , class location: " + absolutePath + ", error: " + e + "\n" + this.mtAgentTenantAPI.getStackTrace(e));
                return false;
            }
        } catch (Exception e2) {
            if (!trackAndLogBadArchiveTypes(url.toString())) {
                return false;
            }
            this.mtAgentTenantAPI.logWarning("This file type: " + url + " is not an archive for class " + cls.getName() + ",  Error: " + e2);
            return false;
        }
    }

    private void logAndAuditFirstOnly(String str) {
        if (this.auditCount > 1) {
            return;
        }
        logAndAudit(str);
    }

    private void logAndAudit(String str) {
        this.mtAgentTenantAPI.log(str);
        if (this.mtAgentTenantAPI.isDiagnosticsServerActive()) {
            this.lastVulnerabilityTrace.append(new Date().toString() + ": " + str + "\n");
        }
    }

    public ApplicationJar queueJarToBeChecked(Map<String, ApplicationJar> map, Class cls, URL url, JarFile jarFile, String str, String str2) throws Exception {
        logAndAuditFirstOnly("Jar " + str + " added to the queued Jar list based on class " + cls.getName() + " being loaded in class loader " + (cls.getClassLoader() != null ? cls.getClassLoader().getClass().getName() : "Boot"));
        ApplicationJar applicationJar = new ApplicationJar(this, str, url, this.handlerUtils.getJarEntryContentStringList(jarFile, "META-INF/MANIFEST.MF"), this.handlerUtils.getJarEntryContentStringList(jarFile, "pom.xml"), str2);
        applicationJar.jarObject = applicationJar.createJarObjectFromManifest(cls, false, this.handlerUtils);
        map.put(str, applicationJar);
        return applicationJar;
    }

    private ExecutorService getThreadPool() {
        this.threadCount = 0;
        this.groupCount++;
        return Executors.newFixedThreadPool(AgentPolicy.getPolicy().getProcessingThreads(), new ThreadFactory() { // from class: com.cisco.argento.vulnerabilities.VulnerabilityAssessmentCheckLibs.1
            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                VulnerabilityAssessmentCheckLibs.access$008(VulnerabilityAssessmentCheckLibs.this);
                Thread thread = new Thread(runnable, "Cisco-Argento-NVD-Check-Group-" + VulnerabilityAssessmentCheckLibs.this.groupCount + "-Thread-" + VulnerabilityAssessmentCheckLibs.this.threadCount);
                thread.setDaemon(true);
                return thread;
            }
        });
    }

    @Generated
    public StringBuilder getLastVulnerabilityTrace() {
        return this.lastVulnerabilityTrace;
    }

    @Generated
    public int getSkipped() {
        return this.skipped;
    }

    @Generated
    public int getAuditCount() {
        return this.auditCount;
    }

    @Generated
    public int getJarsQueuedToCheck() {
        return this.jarsQueuedToCheck;
    }

    @Generated
    public int getJarsSeen() {
        return this.jarsSeen;
    }

    @Generated
    public int getPreScreenedJars() {
        return this.preScreenedJars;
    }

    @Generated
    public int getJarConnectionQueued() {
        return this.jarConnectionQueued;
    }

    @Generated
    public int getFileConnectionQueued() {
        return this.fileConnectionQueued;
    }

    static /* synthetic */ int access$008(VulnerabilityAssessmentCheckLibs vulnerabilityAssessmentCheckLibs) {
        int i = vulnerabilityAssessmentCheckLibs.threadCount;
        vulnerabilityAssessmentCheckLibs.threadCount = i + 1;
        return i;
    }
}
