package org.spdx.maven;

import java.io.File;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.model.Contributor;
import org.apache.maven.model.License;
import org.apache.maven.model.Model;
import org.apache.maven.model.Resource;
import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
import org.apache.maven.plugin.logging.Log;
import org.apache.maven.shared.model.fileset.FileSet;
import org.codehaus.plexus.util.ReaderFactory;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.spdx.rdfparser.InvalidSPDXAnalysisException;
import org.spdx.rdfparser.SPDXDocumentFactory;
import org.spdx.rdfparser.SpdxPackageVerificationCode;
import org.spdx.rdfparser.license.AnyLicenseInfo;
import org.spdx.rdfparser.license.SpdxNoAssertionLicense;
import org.spdx.rdfparser.model.Checksum;
import org.spdx.rdfparser.model.ExternalDocumentRef;
import org.spdx.rdfparser.model.ExternalSpdxElement;
import org.spdx.rdfparser.model.Relationship;
import org.spdx.rdfparser.model.SpdxDocument;
import org.spdx.rdfparser.model.SpdxElement;
import org.spdx.rdfparser.model.SpdxFile;
import org.spdx.rdfparser.model.SpdxItem;
import org.spdx.rdfparser.model.SpdxPackage;

/* loaded from: input_file:org/spdx/maven/SpdxDependencyInformation.class */
public class SpdxDependencyInformation {
    private Log log;
    private List<Relationship> relationships = new ArrayList();
    private Map<String, ExternalDocumentRef> externalDocuments = new HashMap();
    private LicenseManager licenseManager;

    public SpdxDependencyInformation(Log log, LicenseManager licenseManager) {
        this.log = log;
        this.licenseManager = licenseManager;
    }

    public void addMavenDependency(Artifact artifact) throws LicenseMapperException {
        String scope = artifact.getScope();
        Relationship.RelationshipType scopeToRelationshipType = scopeToRelationshipType(scope, artifact.isOptional());
        if (scopeToRelationshipType == Relationship.RelationshipType.OTHER) {
            this.log.warn("Could not determine the SPDX relationship type for dependency artifact ID " + artifact.getArtifactId() + " scope " + scope);
        }
        this.relationships.add(new Relationship(createSpdxPackage(artifact), scopeToRelationshipType, "Relationship based on Maven POM file dependency information"));
    }

    private Relationship.RelationshipType scopeToRelationshipType(String str, boolean z) {
        return str == null ? Relationship.RelationshipType.OTHER : z ? Relationship.RelationshipType.OPTIONAL_COMPONENT_OF : (str.equals("compile") || str.equals("runtime")) ? Relationship.RelationshipType.DYNAMIC_LINK : str.equals("test") ? Relationship.RelationshipType.TEST_CASE_OF : Relationship.RelationshipType.OTHER;
    }

    private SpdxElement createSpdxPackage(Artifact artifact) throws LicenseMapperException {
        this.log.debug("Creating SPDX package for artifact " + artifact.getArtifactId());
        if (artifact.getFile() == null) {
            this.log.debug("Artifact file is null");
        } else {
            this.log.debug("Artifact file name = " + artifact.getFile().getName());
        }
        File file = null;
        if (artifact.getFile() != null) {
            file = artifactFileToSpdxFile(artifact.getFile());
        }
        if (file != null && file.exists()) {
            this.log.debug("Dependency " + artifact.getArtifactId() + "Looking for SPDX file " + file.getAbsolutePath());
            try {
                this.log.debug("Dependency " + artifact.getArtifactId() + "Dependency information collected from SPDX file " + file.getAbsolutePath());
                return createExternalSpdxPackageReference(SPDXDocumentFactory.createSpdxDocument(file.getPath()), file, "DocumentRef-" + artifact.getArtifactId());
            } catch (IOException e) {
                this.log.error("IO error reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e.getMessage() + ".  Using POM file information for creating SPDX package data.");
            } catch (SpdxCollectionException e2) {
                this.log.error("Unable to create file checksum for external SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e2.getMessage() + ".  Using POM file information for creating SPDX package data.");
            } catch (InvalidSPDXAnalysisException e3) {
                this.log.error("Invalid SPDX analysis exception reading SPDX document for dependency artifact ID " + artifact.getArtifactId() + ":" + e3.getMessage() + ".  Using POM file information for creating SPDX package data.");
            }
        }
        File file2 = null;
        if (artifact.getFile() != null) {
            file2 = artifactFileToPomFile(artifact.getFile());
        }
        if (file2 != null && file2.exists()) {
            this.log.debug("Dependency " + artifact.getArtifactId() + "Looking for POM file " + file2.getAbsolutePath());
            try {
                this.log.debug("Dependency " + artifact.getArtifactId() + "Collecting information from POM file " + file2.getAbsolutePath());
                return createSpdxPackage(file2);
            } catch (XmlPullParserException e4) {
                this.log.error("Parser Error reading POM file for dependency artifact ID " + artifact.getArtifactId() + ":" + e4.getMessage());
                this.log.warn("No POM file found for dependency artifact ID " + artifact.getArtifactId() + ".  A minimal SPDX package will be created.");
                this.log.debug("Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package");
                SpdxPackage spdxPackage = new SpdxPackage(artifact.getArtifactId(), new SpdxNoAssertionLicense(), new AnyLicenseInfo[]{new SpdxNoAssertionLicense()}, "UNSPECIFIED", new SpdxNoAssertionLicense(), "NOASSERTION", new SpdxFile[0], (SpdxPackageVerificationCode) null);
                spdxPackage.setComment("This package was created for a Maven dependency.  No SPDX or license information could be found in the Maven POM file.");
                spdxPackage.setVersionInfo(artifact.getBaseVersion());
                spdxPackage.setFilesAnalyzed(false);
                return spdxPackage;
            } catch (IOException e5) {
                this.log.error("IO Error reading POM file for dependency artifact ID " + artifact.getArtifactId() + ":" + e5.getMessage());
                this.log.warn("No POM file found for dependency artifact ID " + artifact.getArtifactId() + ".  A minimal SPDX package will be created.");
                this.log.debug("Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package");
                SpdxPackage spdxPackage2 = new SpdxPackage(artifact.getArtifactId(), new SpdxNoAssertionLicense(), new AnyLicenseInfo[]{new SpdxNoAssertionLicense()}, "UNSPECIFIED", new SpdxNoAssertionLicense(), "NOASSERTION", new SpdxFile[0], (SpdxPackageVerificationCode) null);
                spdxPackage2.setComment("This package was created for a Maven dependency.  No SPDX or license information could be found in the Maven POM file.");
                spdxPackage2.setVersionInfo(artifact.getBaseVersion());
                spdxPackage2.setFilesAnalyzed(false);
                return spdxPackage2;
            } catch (NoSuchAlgorithmException e6) {
                this.log.error("Verification Code Error reading POM file for dependency artifact ID " + artifact.getArtifactId() + ":" + e6.getMessage());
                this.log.warn("No POM file found for dependency artifact ID " + artifact.getArtifactId() + ".  A minimal SPDX package will be created.");
                this.log.debug("Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package");
                SpdxPackage spdxPackage22 = new SpdxPackage(artifact.getArtifactId(), new SpdxNoAssertionLicense(), new AnyLicenseInfo[]{new SpdxNoAssertionLicense()}, "UNSPECIFIED", new SpdxNoAssertionLicense(), "NOASSERTION", new SpdxFile[0], (SpdxPackageVerificationCode) null);
                spdxPackage22.setComment("This package was created for a Maven dependency.  No SPDX or license information could be found in the Maven POM file.");
                spdxPackage22.setVersionInfo(artifact.getBaseVersion());
                spdxPackage22.setFilesAnalyzed(false);
                return spdxPackage22;
            } catch (SpdxCollectionException e7) {
                this.log.error("SPDX File Collection Error reading POM file for dependency artifact ID " + artifact.getArtifactId() + ":" + e7.getMessage());
                this.log.warn("No POM file found for dependency artifact ID " + artifact.getArtifactId() + ".  A minimal SPDX package will be created.");
                this.log.debug("Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package");
                SpdxPackage spdxPackage222 = new SpdxPackage(artifact.getArtifactId(), new SpdxNoAssertionLicense(), new AnyLicenseInfo[]{new SpdxNoAssertionLicense()}, "UNSPECIFIED", new SpdxNoAssertionLicense(), "NOASSERTION", new SpdxFile[0], (SpdxPackageVerificationCode) null);
                spdxPackage222.setComment("This package was created for a Maven dependency.  No SPDX or license information could be found in the Maven POM file.");
                spdxPackage222.setVersionInfo(artifact.getBaseVersion());
                spdxPackage222.setFilesAnalyzed(false);
                return spdxPackage222;
            }
        }
        this.log.debug("Dependency " + artifact.getArtifactId() + "Using only artifact information to create dependent package");
        SpdxPackage spdxPackage2222 = new SpdxPackage(artifact.getArtifactId(), new SpdxNoAssertionLicense(), new AnyLicenseInfo[]{new SpdxNoAssertionLicense()}, "UNSPECIFIED", new SpdxNoAssertionLicense(), "NOASSERTION", new SpdxFile[0], (SpdxPackageVerificationCode) null);
        spdxPackage2222.setComment("This package was created for a Maven dependency.  No SPDX or license information could be found in the Maven POM file.");
        spdxPackage2222.setVersionInfo(artifact.getBaseVersion());
        spdxPackage2222.setFilesAnalyzed(false);
        return spdxPackage2222;
    }

    private SpdxElement createExternalSpdxPackageReference(SpdxDocument spdxDocument, File file, String str) throws SpdxCollectionException, InvalidSPDXAnalysisException {
        ExternalDocumentRef externalDocumentRef = this.externalDocuments.get(fixExternalRefId(str));
        if (externalDocumentRef == null) {
            externalDocumentRef = new ExternalDocumentRef(spdxDocument, new Checksum(Checksum.ChecksumAlgorithm.checksumAlgorithm_sha1, SpdxFileCollector.generateSha1(file)), str);
            this.externalDocuments.put(str, externalDocumentRef);
        }
        SpdxItem[] documentDescribes = spdxDocument.getDocumentDescribes();
        if (documentDescribes == null || documentDescribes.length == 0) {
            throw new InvalidSPDXAnalysisException("SPDX document does not contain any described items.");
        }
        SpdxItem spdxItem = documentDescribes[0];
        if (documentDescribes.length > 1) {
            int length = documentDescribes.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                SpdxItem spdxItem2 = documentDescribes[i];
                if (spdxItem2 instanceof SpdxPackage) {
                    spdxItem = spdxItem2;
                    break;
                }
                i++;
            }
        }
        return new ExternalSpdxElement(externalDocumentRef + ":" + spdxItem.getId());
    }

    private String fixExternalRefId(String str) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            if (validExternalRefIdChar(str.charAt(i))) {
                sb.append(str.charAt(i));
            } else {
                sb.append("-");
            }
        }
        return sb.toString();
    }

    private boolean validExternalRefIdChar(char c) {
        return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || c == '.' || c == '-';
    }

    private SpdxPackage createSpdxPackage(File file) throws IOException, XmlPullParserException, SpdxCollectionException, NoSuchAlgorithmException, LicenseMapperException {
        Model read = new MavenXpp3Reader().read(ReaderFactory.newXmlReader(file));
        SpdxDefaultFileInformation spdxDefaultFileInformation = new SpdxDefaultFileInformation();
        String name = read.getName();
        if (name == null || name.isEmpty()) {
            name = read.getArtifactId();
        }
        List contributors = read.getContributors();
        ArrayList arrayList = new ArrayList();
        if (contributors != null) {
            Iterator it = contributors.iterator();
            while (it.hasNext()) {
                arrayList.add(((Contributor) it.next()).getName());
            }
        }
        AnyLicenseInfo mavenLicensesToSpdxLicense = mavenLicensesToSpdxLicense(read.getLicenses());
        spdxDefaultFileInformation.setComment("");
        spdxDefaultFileInformation.setConcludedLicense(new SpdxNoAssertionLicense());
        spdxDefaultFileInformation.setContributors((String[]) arrayList.toArray(new String[0]));
        spdxDefaultFileInformation.setCopyright("UNSPECIFIED");
        spdxDefaultFileInformation.setDeclaredLicense(mavenLicensesToSpdxLicense);
        spdxDefaultFileInformation.setLicenseComment("");
        spdxDefaultFileInformation.setNotice("UNSPECIFIED");
        SpdxPackage spdxPackage = new SpdxPackage(name, new SpdxNoAssertionLicense(), new AnyLicenseInfo[]{new SpdxNoAssertionLicense()}, "UNSPECIFIED", mavenLicensesToSpdxLicense, "NOASSERTION", new SpdxFile[0], (SpdxPackageVerificationCode) null);
        if (read.getVersion() != null) {
            spdxPackage.setVersionInfo(read.getVersion());
        }
        if (read.getDescription() != null) {
            spdxPackage.setDescription(read.getDescription());
            spdxPackage.setSummary(read.getDescription());
        }
        if (read.getOrganization() != null) {
            spdxPackage.setOriginator("Organization:" + read.getOrganization().getName());
        }
        if (read.getUrl() != null) {
            spdxPackage.setHomepage(read.getUrl());
        }
        spdxPackage.setFilesAnalyzed(false);
        return spdxPackage;
    }

    private AnyLicenseInfo mavenLicensesToSpdxLicense(List<License> list) throws LicenseMapperException {
        try {
            return this.licenseManager.mavenLicenseListToSpdxLicense(list);
        } catch (LicenseManagerException e) {
            return MavenToSpdxLicenseMapper.getInstance(this.log).mavenLicenseListToSpdxLicense(list);
        }
    }

    private FileSet[] getIncludedDirectoriesFromModel(Model model) {
        ArrayList arrayList = new ArrayList();
        String sourceDirectory = model.getBuild().getSourceDirectory();
        if (sourceDirectory != null && !sourceDirectory.isEmpty()) {
            FileSet fileSet = new FileSet();
            fileSet.setDirectory(new File(sourceDirectory).getAbsolutePath());
            fileSet.addInclude("**/*");
            arrayList.add(fileSet);
        }
        List<Resource> resources = model.getBuild().getResources();
        if (resources != null) {
            for (Resource resource : resources) {
                FileSet fileSet2 = new FileSet();
                fileSet2.setDirectory(new File(resource.getDirectory()).getAbsolutePath());
                fileSet2.setExcludes(resource.getExcludes());
                fileSet2.setIncludes(resource.getIncludes());
                arrayList.add(fileSet2);
            }
        }
        return (FileSet[]) arrayList.toArray(new FileSet[0]);
    }

    private File artifactFileToSpdxFile(File file) {
        File fileWithDifferentType = getFileWithDifferentType(file, "spdx.rdf.xml");
        if (fileWithDifferentType == null || !fileWithDifferentType.exists()) {
            fileWithDifferentType = getFileWithDifferentType(file, "spdx");
        }
        return fileWithDifferentType;
    }

    private File getFileWithDifferentType(File file, String str) {
        String absolutePath = file.getAbsolutePath();
        int lastIndexOf = absolutePath.lastIndexOf(46);
        if (lastIndexOf > 0) {
            absolutePath = absolutePath.substring(0, lastIndexOf + 1);
        }
        return new File(absolutePath + str);
    }

    private File artifactFileToPomFile(File file) {
        return getFileWithDifferentType(file, "pom");
    }

    public List<Relationship> getPackageRelationships() {
        return this.relationships;
    }

    public Collection<ExternalDocumentRef> getDocumentExternalReferences() {
        return this.externalDocuments.values();
    }
}
