package com.blackduck.integration.blackduck.codelocation.signaturescanner.command;

import com.blackduck.integration.blackduck.api.core.BlackDuckResponse;
import com.blackduck.integration.blackduck.exception.BlackDuckIntegrationException;
import com.blackduck.integration.blackduck.http.BlackDuckRequestBuilder;
import com.blackduck.integration.blackduck.http.client.BlackDuckHttpClient;
import com.blackduck.integration.blackduck.keystore.KeyStoreHelper;
import com.blackduck.integration.blackduck.service.request.BlackDuckRequest;
import com.blackduck.integration.blackduck.version.BlackDuckVersion;
import com.blackduck.integration.exception.IntegrationException;
import com.blackduck.integration.log.IntLogger;
import com.blackduck.integration.rest.HttpUrl;
import com.blackduck.integration.rest.response.Response;
import com.blackduck.integration.util.CleanupZipExpander;
import com.blackduck.integration.util.OperatingSystemType;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.security.cert.Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.compress.archivers.ArchiveException;
import org.apache.commons.io.FileUtils;

/* loaded from: input_file:BOOT-INF/lib/blackduck-common-67.0.4.jar:com/blackduck/integration/blackduck/codelocation/signaturescanner/command/ToolsApiScannerInstaller.class */
public class ToolsApiScannerInstaller extends ApiScannerInstaller {
    public static final BlackDuckVersion MIN_BLACK_DUCK_VERSION = new BlackDuckVersion(2024, 7, 0);
    private static final String LATEST_SCAN_CLI_TOOL_DOWNLOAD_URL = "api/tools/scan.cli.zip/versions/latest/";
    private static final String PLATFORM_PARAMETER_KEY = "platforms";
    private static final String MAC_PLATFORM_PARAMETER_VALUE = "macosx";
    private static final String LINUX_PLATFORM_PARAMETER_VALUE = "linux";
    private static final String WINDOWS_PLATFORM_PARAMETER_VALUE = "windows";
    private final IntLogger logger;
    private final BlackDuckHttpClient blackDuckHttpClient;
    private final CleanupZipExpander cleanupZipExpander;
    private final ScanPathsUtility scanPathsUtility;
    private final KeyStoreHelper keyStoreHelper;
    private final HttpUrl blackDuckServerUrl;
    private final OperatingSystemType operatingSystemType;
    private final File installDirectory;

    public ToolsApiScannerInstaller(IntLogger intLogger, BlackDuckHttpClient blackDuckHttpClient, CleanupZipExpander cleanupZipExpander, ScanPathsUtility scanPathsUtility, KeyStoreHelper keyStoreHelper, HttpUrl httpUrl, OperatingSystemType operatingSystemType, File file) {
        if (null == httpUrl) {
            throw new IllegalArgumentException("A Black Duck server url must be provided.");
        }
        this.logger = intLogger;
        this.blackDuckHttpClient = blackDuckHttpClient;
        this.cleanupZipExpander = cleanupZipExpander;
        this.scanPathsUtility = scanPathsUtility;
        this.keyStoreHelper = keyStoreHelper;
        this.blackDuckServerUrl = httpUrl;
        this.operatingSystemType = operatingSystemType;
        this.installDirectory = file;
    }

    @Override // com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ApiScannerInstaller, com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ScannerInstaller
    public File installOrUpdateScanner() throws BlackDuckIntegrationException {
        if (this.installDirectory.exists()) {
            try {
                if (!this.scanPathsUtility.searchForScanPaths(this.installDirectory).isManagedByLibrary()) {
                    return this.installDirectory;
                }
            } catch (BlackDuckIntegrationException e) {
            }
        }
        File file = new File(this.installDirectory, ApiScannerInstaller.BLACK_DUCK_SIGNATURE_SCANNER_INSTALL_DIRECTORY);
        file.mkdirs();
        File file2 = new File(file, ApiScannerInstaller.VERSION_FILENAME);
        HttpUrl downloadUrl = getDownloadUrl();
        try {
            if (!file2.exists()) {
                this.logger.info("No version file exists, assuming this is new installation and the signature scanner should be downloaded.");
                String downloadSignatureScanner = downloadSignatureScanner(file, downloadUrl, "");
                this.logger.debug("The version file has not been created yet so creating it now.");
                FileUtils.writeStringToFile(file2, downloadSignatureScanner, Charset.defaultCharset());
                return this.installDirectory;
            }
            String readFileToString = FileUtils.readFileToString(file2, Charset.defaultCharset());
            this.logger.debug(String.format("Locally installed signature scanner version: %s", readFileToString));
            String downloadSignatureScanner2 = downloadSignatureScanner(file, downloadUrl, readFileToString);
            if (readFileToString != downloadSignatureScanner2) {
                FileUtils.writeStringToFile(file2, downloadSignatureScanner2, Charset.defaultCharset());
            }
            this.logger.info("The Black Duck Signature Scanner downloaded/found successfully: " + this.installDirectory.getAbsolutePath());
            return this.installDirectory;
        } catch (Exception e2) {
            throw new BlackDuckIntegrationException("The Black Duck Signature Scanner could not be downloaded successfully: " + e2.getMessage(), e2);
        }
    }

    @Override // com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ApiScannerInstaller
    protected HttpUrl getDownloadUrl() throws BlackDuckIntegrationException {
        StringBuilder sb = new StringBuilder(this.blackDuckServerUrl.string());
        if (!this.blackDuckServerUrl.string().endsWith("/")) {
            sb.append("/");
        }
        sb.append(LATEST_SCAN_CLI_TOOL_DOWNLOAD_URL);
        sb.append("platforms/" + (OperatingSystemType.MAC == this.operatingSystemType ? "macosx" : OperatingSystemType.WINDOWS == this.operatingSystemType ? "windows" : "linux"));
        try {
            return new HttpUrl(sb.toString());
        } catch (IntegrationException e) {
            throw new BlackDuckIntegrationException(String.format("The Black Duck Signature Scanner url (%s) is not valid.", sb));
        }
    }

    @Override // com.blackduck.integration.blackduck.codelocation.signaturescanner.command.ApiScannerInstaller
    protected String downloadSignatureScanner(File file, HttpUrl httpUrl, String str) throws IOException, IntegrationException, ArchiveException {
        BlackDuckRequestBuilder addHeader = new BlackDuckRequestBuilder().url(httpUrl).addHeader("Version", str);
        if (!str.isEmpty()) {
            addHeader.addHeader("Accept-Version", "ANY");
        }
        Response execute = this.blackDuckHttpClient.execute(BlackDuckRequest.createSingleRequest(addHeader, httpUrl, BlackDuckResponse.class));
        try {
            if (!execute.isStatusCodeSuccess()) {
                if (execute.getStatusCode() != 304) {
                    this.logger.debug("Unable to download Signature Scanner. Response code: " + execute.getStatusCode() + " " + execute.getStatusMessage());
                    throw new IntegrationException("Unable to download Black Duck Signature Scanner. Response code: " + execute.getStatusCode() + " " + execute.getStatusMessage());
                }
                this.logger.debug("Locally installed Signature Scanner version is up to date - skipping download.");
                connectAndGetServerCertificate(httpUrl, this.scanPathsUtility.searchForScanPaths(file.getParentFile()));
                if (execute != null) {
                    execute.close();
                }
                return str;
            }
            String headerValue = execute.getHeaderValue("Version");
            if (!str.isEmpty()) {
                this.logger.info(String.format("The signature scanner should be downloaded. Locally installed signature scanner is %s, but the latest version is %s", str, headerValue));
            }
            this.logger.info("Downloading the Black Duck Signature Scanner.");
            InputStream content = execute.getContent();
            try {
                this.logger.info(String.format("If the Signature Scanner on your Black Duck server has changed, the contents of %s may change which could involve deleting files - please do not place items in the expansion directory as this directory is assumed to be under blackduck-common control.", file.getAbsolutePath()));
                this.cleanupZipExpander.expand(content, file);
                if (content != null) {
                    content.close();
                }
                ScanPaths searchForScanPaths = this.scanPathsUtility.searchForScanPaths(file.getParentFile());
                File file2 = new File(searchForScanPaths.getPathToJavaExecutable());
                File file3 = new File(searchForScanPaths.getPathToOneJar());
                File file4 = new File(searchForScanPaths.getPathToScanExecutable());
                file2.setExecutable(true);
                file3.setExecutable(true);
                file4.setExecutable(true);
                connectAndGetServerCertificate(httpUrl, searchForScanPaths);
                this.logger.info("Black Duck Signature Scanner downloaded successfully.");
                if (execute != null) {
                    execute.close();
                }
                return headerValue;
            } finally {
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void connectAndGetServerCertificate(HttpUrl httpUrl, ScanPaths scanPaths) {
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpUrl.url().openConnection();
            httpsURLConnection.connect();
            Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
            httpsURLConnection.disconnect();
            if (serverCertificates.length <= 0) {
                throw new IOException();
            }
            this.keyStoreHelper.updateKeyStoreWithServerCertificate(httpUrl.url().getHost(), serverCertificates[0], scanPaths.getPathToCacerts());
        } catch (SSLHandshakeException e) {
            this.logger.warn("Automatically trusting server certificates - not recommended for production use.");
        } catch (IOException e2) {
            this.logger.errorAndDebug("Could not get Black Duck server certificate which is required for managing the local keystore - communicating to the server will have to be configured manually: " + e2.getMessage(), e2);
        }
    }
}
