package com.xliic.ci.audit;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.xliic.ci.audit.client.Client;
import com.xliic.ci.audit.client.ClientConstants;
import com.xliic.ci.audit.client.RemoteApi;
import com.xliic.ci.audit.client.RemoteApiMap;
import com.xliic.ci.audit.config.Config;
import com.xliic.ci.audit.config.ConfigReader;
import com.xliic.ci.audit.config.Discovery;
import com.xliic.ci.audit.config.Mapping;
import com.xliic.ci.audit.model.OpenApiFile;
import com.xliic.ci.audit.model.api.Api;
import com.xliic.ci.audit.model.api.ApiCollection;
import com.xliic.ci.audit.model.api.ApiCollections;
import com.xliic.ci.audit.model.api.Maybe;
import com.xliic.ci.audit.model.assessment.AssessmentReport;
import com.xliic.ci.audit.model.assessment.AssessmentResponse;
import com.xliic.oas.bundler.Bundler;
import com.xliic.oas.bundler.Document;
import com.xliic.oas.bundler.Parser;
import com.xliic.oas.bundler.Serializer;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/xliic/ci/audit/Auditor.class */
public class Auditor {
    static int MAX_NAME_LEN = 64;
    private OpenApiFinder finder;
    private Logger logger;
    private Secret apiKey;
    private ResultCollector resultCollector;

    public Auditor(OpenApiFinder openApiFinder, Logger logger, Secret secret) {
        this.finder = openApiFinder;
        this.logger = logger;
        this.apiKey = secret;
    }

    public void setResultCollector(ResultCollector resultCollector) {
        this.resultCollector = resultCollector;
    }

    public String audit(Workspace workspace, String str, int i) throws IOException, InterruptedException, AuditException {
        Config read;
        if (workspace.exists(ConfigReader.CONFIG_FILE_NAME)) {
            try {
                read = ConfigReader.read(workspace.read(ConfigReader.CONFIG_FILE_NAME));
            } catch (IOException e) {
                throw new AuditException("Failed to read config file", e);
            }
        } else {
            read = Config.createDefault();
        }
        Discovery discovery = read.getAudit().getDiscovery();
        Mapping mapping = read.getAudit().getMapping();
        FailureConditions failureConditions = new FailureConditions(i, read.getAudit().getFailOn());
        RemoteApiMap remoteApiMap = new RemoteApiMap();
        if (discovery.isEnabled()) {
            remoteApiMap.putAll(uploadDiscoveredFiles(workspace, this.finder, str, discovery.getSearch(), mapping));
        }
        remoteApiMap.putAll(uploadMappedFiles(workspace, mapping));
        HashMap<String, Summary> readAssessment = readAssessment(remoteApiMap, failureConditions);
        collectResults(readAssessment);
        displayReport(readAssessment);
        int size = readAssessment.size();
        int countFilesWithFailures = countFilesWithFailures(readAssessment);
        if (countFilesWithFailures > 0) {
            return String.format("Detected %d failure(s) in the %d OpenAPI file(s) checked", Integer.valueOf(countFilesWithFailures), Integer.valueOf(size));
        }
        if (size == 0) {
            return "No OpenAPI files found.";
        }
        return null;
    }

    private RemoteApiMap uploadDiscoveredFiles(Workspace workspace, OpenApiFinder openApiFinder, String str, String[] strArr, Mapping mapping) throws IOException, InterruptedException, AuditException {
        return uploadFilesToCollection(discoverOpenApiFiles(workspace, openApiFinder, strArr, mapping), workspace, createOrFindCollectionId(makeName(str)));
    }

    private RemoteApiMap uploadMappedFiles(Workspace workspace, Mapping mapping) throws IOException, AuditException {
        RemoteApiMap remoteApiMap = new RemoteApiMap();
        for (Map.Entry<String, String> entry : mapping.entrySet()) {
            String key = entry.getKey();
            remoteApiMap.put(key, Client.updateApi(entry.getValue(), parseFile(key, workspace), this.apiKey, this.logger));
        }
        return remoteApiMap;
    }

    private HashMap<String, Summary> readAssessment(RemoteApiMap remoteApiMap, FailureConditions failureConditions) throws IOException {
        HashMap<String, Summary> hashMap = new HashMap<>();
        for (Map.Entry<String, Maybe<RemoteApi>> entry : remoteApiMap.entrySet()) {
            String key = entry.getKey();
            Maybe<RemoteApi> value = entry.getValue();
            hashMap.put(key, checkAssessment(value, Client.readAssessment(value, this.apiKey, this.logger), failureConditions));
        }
        return hashMap;
    }

    private AssessmentReport decodeReport(String str) throws JsonParseException, JsonMappingException, IOException {
        byte[] decode = Base64.getDecoder().decode(str);
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.registerModule(new JavaTimeModule());
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        return (AssessmentReport) objectMapper.readValue(decode, AssessmentReport.class);
    }

    private void collectResults(Map<String, Summary> map) {
        if (this.resultCollector != null) {
            map.forEach((str, summary) -> {
                String str = null;
                if (summary.api.isOk()) {
                    str = String.format("%s/apis/%s/security-audit-report", ClientConstants.PLATFORM_URL, summary.api.getResult().apiId);
                }
                this.resultCollector.collect(str, summary.failures, str);
            });
        }
    }

    private void displayReport(Map<String, Summary> map) {
        map.forEach((str, summary) -> {
            this.logger.log(String.format("Audited %s, the API score is %d", str, Integer.valueOf(summary.score)));
            if (summary.failures.length > 0) {
                for (String str : summary.failures) {
                    this.logger.log("    " + str);
                }
            } else {
                this.logger.log("    No blocking issues found.");
            }
            if (summary.api.isOk()) {
                this.logger.log("    Details:");
                this.logger.log(String.format("    %s/apis/%s/security-audit-report", ClientConstants.PLATFORM_URL, summary.api.getResult().apiId));
            }
            this.logger.log("");
        });
    }

    public int countFilesWithFailures(Map<String, Summary> map) {
        int i = 0;
        Iterator<Summary> it = map.values().iterator();
        while (it.hasNext()) {
            if (it.next().failures.length > 0) {
                i++;
            }
        }
        return i;
    }

    private String[] discoverOpenApiFiles(Workspace workspace, OpenApiFinder openApiFinder, String[] strArr, Mapping mapping) throws IOException, InterruptedException, AuditException {
        ArrayList arrayList = new ArrayList();
        String[] findOpenapiFiles = findOpenapiFiles(workspace, openApiFinder, strArr);
        this.logger.log(String.format("Files matching search criteria: %s", String.join(", ", findOpenapiFiles)));
        for (String str : findOpenapiFiles) {
            if (isOpenApiFile(str, workspace) && !mapping.containsKey(str)) {
                arrayList.add(str);
            }
        }
        this.logger.log(String.format("Discovered OpenAPI files: %s", String.join(", ", arrayList)));
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private String[] findOpenapiFiles(Workspace workspace, OpenApiFinder openApiFinder, String[] strArr) throws IOException, InterruptedException, AuditException {
        openApiFinder.setPatterns(strArr);
        return openApiFinder.find();
    }

    private static boolean isOpenApiFile(String str, Workspace workspace) throws JsonParseException, JsonMappingException, IOException, InterruptedException {
        ObjectMapper objectMapper = (str.endsWith(".yaml") || str.endsWith(".yml")) ? new ObjectMapper(new YAMLFactory()) : new ObjectMapper();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        return ((OpenApiFile) objectMapper.readValue(workspace.read(str), OpenApiFile.class)).isOpenApi();
    }

    @SuppressFBWarnings({"NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"})
    private String createOrFindCollectionId(String str) throws AuditException, IOException {
        Maybe<ApiCollections> listCollections = Client.listCollections(this.apiKey, this.logger);
        if (listCollections.isError()) {
            throw new AuditException("Unable to list collection: " + listCollections.getError().getMessage());
        }
        for (ApiCollections.ApiCollection apiCollection : listCollections.getResult().list) {
            if (apiCollection.desc.name.equals(str)) {
                return apiCollection.desc.id;
            }
        }
        Maybe<ApiCollections.ApiCollection> createCollection = Client.createCollection(str, this.apiKey, this.logger);
        if (createCollection.isError()) {
            throw new AuditException("Unable to create collection: " + createCollection.getError().getMessage());
        }
        return createCollection.getResult().desc.id;
    }

    private RemoteApiMap uploadFilesToCollection(String[] strArr, Workspace workspace, String str) throws IOException, AuditException {
        RemoteApiMap remoteApiMap = new RemoteApiMap();
        purgeCollection(str);
        for (String str2 : strArr) {
            remoteApiMap.put(str2, Client.createApi(str, makeName(str2), parseFile(str2, workspace), this.apiKey, this.logger));
        }
        return remoteApiMap;
    }

    private void purgeCollection(String str) throws IOException, AuditException {
        Maybe<ApiCollection> listCollection = Client.listCollection(str, this.apiKey, this.logger);
        if (listCollection.isError()) {
            throw new AuditException("Unable to read collection: " + listCollection.getError().getMessage());
        }
        for (Api api : listCollection.getResult().list) {
            Maybe<String> deleteApi = Client.deleteApi(api.desc.id, this.apiKey, this.logger);
            if (deleteApi.isError()) {
                throw new AuditException("Unable to delete collection: " + deleteApi.getError().getMessage());
            }
        }
    }

    private String makeName(String str) {
        String replaceAll = str.replaceAll("[^A-Za-z0-9_\\-\\.\\ ]", "-");
        return replaceAll.length() > MAX_NAME_LEN ? replaceAll.substring(0, MAX_NAME_LEN) : replaceAll;
    }

    private String parseFile(String str, Workspace workspace) throws AuditException {
        try {
            Parser parser = new Parser(workspace);
            Serializer serializer = new Serializer();
            Bundler bundler = new Bundler(serializer);
            Document parse = parser.parse(workspace.absolutize(str));
            bundler.bundle(parse);
            return serializer.serialize(parse);
        } catch (Exception e) {
            throw new AuditException(String.format("Failed to parse file: %s %s", str, e), e);
        }
    }

    @SuppressFBWarnings({"NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"})
    private Summary checkAssessment(Maybe<RemoteApi> maybe, Maybe<AssessmentResponse> maybe2, FailureConditions failureConditions) throws JsonParseException, JsonMappingException, IOException {
        return maybe2.isError() ? new Summary(maybe, 0, new String[]{maybe2.getError().getMessage()}) : new Summary(maybe, Math.round(maybe2.getResult().attr.data.grade), (String[]) new FailureChecker().checkAssessment(maybe2.getResult(), decodeReport(maybe2.getResult().data), failureConditions).toArray(new String[0]));
    }
}
