package com.indusface.plugins.report;

import com.indusface.plugins.httpclient.HttpClientProvider;
import com.indusface.plugins.wasscan.ScanAndBuildStatus;
import com.indusface.plugins.wasscan.ScanApiResponse;
import hudson.model.Action;
import hudson.model.Run;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.ArrayList;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/indusface-was.jar:com/indusface/plugins/report/ReportAction.class */
public class ReportAction implements Action {
    private Run<?, ?> run;
    private static final String SCAN_STATUS_API = "https://was.indusface.com/jenkins/v1/scan-status/%s";
    private static final String SCAN_REPORT_API = "https://was.indusface.com/jenkins/v1/scan-details/%s";
    private static final HttpClient client = HttpClientProvider.getHttpClient();

    public ReportAction(Run<?, ?> run) {
        this.run = run;
    }

    public ScanApiResponse getScanStatus() throws Exception {
        ScanAndBuildStatus action = this.run.getAction(ScanAndBuildStatus.class);
        return callGetStatusAPI(action.getScanId(), action.getSecretKey());
    }

    public ScanReport scanReportData() {
        ScanAndBuildStatus action;
        ScanReport scanReport = new ScanReport();
        try {
            action = this.run.getAction(ScanAndBuildStatus.class);
        } catch (IOException | InterruptedException | URISyntaxException e) {
            scanReport = null;
        }
        if (action == null) {
            throw new IllegalArgumentException("ScanId and access key  is missing from the build.");
        }
        String scanId = action.getScanId();
        String secretKey = action.getSecretKey();
        String buildStatus = action.getBuildStatus();
        scanReport.setJobStatus(buildStatus);
        if (buildStatus.equals(BuildStatus.COMPLETED.toString())) {
            HttpResponse send = client.send(HttpRequest.newBuilder().uri(new URI(String.format("https://was.indusface.com/jenkins/v1/scan-details/%s", scanId))).POST(HttpRequest.BodyPublishers.ofString(createJsonBody(secretKey))).build(), HttpResponse.BodyHandlers.ofString());
            if (send.statusCode() == 200) {
                scanReport = parseScanData(JSONObject.fromObject(send.body()));
                scanReport.setJobStatus(buildStatus);
            } else {
                scanReport.setJobStatus("ERROR");
            }
        }
        return scanReport;
    }

    public ScanApiResponse callGetStatusAPI(String str, String str2) throws Exception {
        ScanApiResponse scanApiResponse = new ScanApiResponse();
        HttpResponse send = client.send(HttpRequest.newBuilder().uri(new URI(String.format("https://was.indusface.com/jenkins/v1/scan-status/%s", str))).POST(HttpRequest.BodyPublishers.ofString(createJsonBody(str2))).build(), HttpResponse.BodyHandlers.ofString());
        if (send.statusCode() == 200) {
            JSONObject fromObject = JSONObject.fromObject(send.body());
            String obj = fromObject.getJSONObject("result").get("scanStatus").toString();
            scanApiResponse.setBuildStatus(fromObject.getJSONObject("result").get("buildStatus").toString());
            scanApiResponse.setScanStatus(obj);
        }
        return scanApiResponse;
    }

    private static String createJsonBody(String str) {
        if (str == null) {
            throw new IllegalStateException("SECRET_KEY is null");
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("secret_key", str);
        return jSONObject.toString();
    }

    public String getJobStatus() {
        return this.run.getAction(ScanAndBuildStatus.class).getBuildStatus();
    }

    private ScanReport parseScanData(JSONObject jSONObject) {
        ScanReport scanReport = new ScanReport();
        JSONObject jSONObject2 = jSONObject.getJSONObject("result");
        scanReport.setScanLogId(jSONObject2.getLong("scanlogid"));
        scanReport.setUrl(jSONObject2.get("url").toString());
        scanReport.setStartTime(jSONObject2.get("startTime").toString());
        scanReport.setEndTime(jSONObject2.get("endTime").toString());
        scanReport.setScanMinutes(jSONObject2.getInt("scanminutes"));
        scanReport.setScanReportUrl(jSONObject2.get("scanReport").toString());
        scanReport.setTotalVulnerabilities(jSONObject2.getInt("totalVulnerabilities"));
        scanReport.setScanStatus(jSONObject2.get("scanStatus").toString());
        scanReport.setBuildStatus(jSONObject2.get("buildStatus").toString());
        JSONObject jSONObject3 = jSONObject2.getJSONObject("severityWiseVulns");
        SeverityWiseVulns severityWiseVulns = new SeverityWiseVulns();
        severityWiseVulns.setCritical(jSONObject3.getInt("critical"));
        severityWiseVulns.setHigh(jSONObject3.getInt("high"));
        severityWiseVulns.setMedium(jSONObject3.getInt("medium"));
        severityWiseVulns.setLow(jSONObject3.getInt("low"));
        severityWiseVulns.setInfo(jSONObject3.getInt("info"));
        scanReport.setSeverityWiseVulns(severityWiseVulns);
        JSONArray jSONArray = jSONObject2.getJSONArray("buildStatusConfig");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < jSONArray.size(); i++) {
            JSONObject jSONObject4 = (JSONObject) jSONArray.get(i);
            BuildStatusConfig buildStatusConfig = new BuildStatusConfig();
            buildStatusConfig.setSeverity(jSONObject4.get("severity").toString());
            buildStatusConfig.setFoundVulns(jSONObject4.getInt("found_vulns"));
            buildStatusConfig.setThresholdLimit(jSONObject4.getInt("threshold_limit"));
            buildStatusConfig.setIsAboveThreshold(jSONObject4.get("is_above_threshold").toString());
            arrayList.add(buildStatusConfig);
        }
        scanReport.setBuildStatusConfig(arrayList);
        JSONArray jSONArray2 = jSONObject2.getJSONArray("vulnerabilities");
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < jSONArray2.size(); i2++) {
            JSONObject jSONObject5 = jSONArray2.getJSONObject(i2);
            Vulnerability vulnerability = new Vulnerability();
            vulnerability.setUniqueId(jSONObject5.getLong("uniqueid"));
            vulnerability.setTitle(jSONObject5.get("title").toString());
            vulnerability.setSeverity(jSONObject5.get("severity").toString());
            vulnerability.setCvssScore(jSONObject5.get("cvssScore").toString());
            vulnerability.setOpenStatus(jSONObject5.get("openStatus").toString());
            vulnerability.setFoundOn(jSONObject5.get("foundOn").toString());
            vulnerability.setFoundDate(jSONObject5.get("foundDate").toString());
            vulnerability.setDescription(jSONObject5.get("description").toString());
            vulnerability.setSolution(jSONObject5.get("solution").toString());
            arrayList2.add(vulnerability);
        }
        scanReport.setVulnerabilities(arrayList2);
        return scanReport;
    }

    public String getIconFileName() {
        return "symbol-reader-outline plugin-ionicons-api";
    }

    public String getDisplayName() {
        return "WAS Scan Report";
    }

    public String getUrlName() {
        return "WasScanReport";
    }
}
