package com.xliic.cicd.audit;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.xliic.cicd.audit.client.Client;
import com.xliic.cicd.audit.client.RemoteApi;
import com.xliic.cicd.audit.client.RemoteApiMap;
import com.xliic.cicd.audit.config.ConfigDefaults;
import com.xliic.cicd.audit.config.ConfigReader;
import com.xliic.cicd.audit.config.model.Audit;
import com.xliic.cicd.audit.config.model.AuditConfig;
import com.xliic.cicd.audit.config.model.AuditConfigMap;
import com.xliic.cicd.audit.config.model.Discovery;
import com.xliic.cicd.audit.config.model.FailOn;
import com.xliic.cicd.audit.config.model.Mapping;
import com.xliic.cicd.audit.model.api.ApiUploadResult;
import com.xliic.cicd.audit.model.api.ComplianceReport;
import com.xliic.cicd.audit.model.api.GatesMap;
import com.xliic.cicd.audit.model.api.Maybe;
import com.xliic.cicd.audit.model.api.PlatformConfig;
import com.xliic.cicd.audit.model.assessment.AssessmentReport;
import com.xliic.cicd.audit.model.assessment.AssessmentResponse;
import com.xliic.cicd.audit.model.jsonReport.DiscoveryCollection;
import com.xliic.cicd.audit.model.jsonReport.JsonReport;
import com.xliic.cicd.common.GlobMatcher;
import com.xliic.cicd.common.Logger;
import com.xliic.cicd.common.OpenApiFinder;
import com.xliic.cicd.common.Reference;
import com.xliic.cicd.common.TaskException;
import com.xliic.cicd.common.Util;
import com.xliic.cicd.common.WritableWorkspace;
import com.xliic.common.Workspace;
import com.xliic.common.WorkspaceException;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.tools.ant.taskdefs.optional.vss.MSVSSConstants;

/* loaded from: input_file:WEB-INF/lib/cicd-core-5.33.jar:com/xliic/cicd/audit/Auditor.class */
public class Auditor {
    private OpenApiFinder finder;
    private Logger logger;
    private Client client;
    private String cicdName;
    private String platformUrl;
    private SharingType shareEveryone;
    private String writeJsonReportTo;
    private List<String> apiTags;
    private int minScore = 75;
    private String defaultCollectionName = "${repo_short_path} ${branch_info}${tag_info}${pr_info}";
    private boolean configEnabled = true;
    private boolean skipLocalChecks = false;

    public Auditor(OpenApiFinder openApiFinder, Logger logger, Secret secret, String str, String str2, String str3) {
        this.finder = openApiFinder;
        this.logger = logger;
        this.cicdName = str3;
        this.platformUrl = str;
        this.client = new Client(secret, str, logger);
        this.client.setUserAgent(str2);
    }

    public void disableConfig() {
        this.configEnabled = false;
    }

    public void setWriteJsonReportTo(String str) {
        this.writeJsonReportTo = str;
    }

    public void setAssessmentMaxWaitTime(int i) {
        this.client.setAssessmentMaxWaitTime(i);
    }

    public void setApiTags(String str) throws TaskException {
        if (str == null || str.isEmpty()) {
            return;
        }
        List<String> asList = Arrays.asList(str.trim().split("\\s+"));
        if (asList.size() > 0) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            HashSet hashSet = new HashSet();
            for (String str2 : asList) {
                if (!hashSet.add(str2)) {
                    linkedHashSet.add(str2);
                }
            }
            if (linkedHashSet.size() > 0) {
                throw new TaskException("The specified tags must be unique. Duplicated: " + ((String) linkedHashSet.stream().collect(Collectors.joining(", "))));
            }
        }
        this.apiTags = asList;
    }

    public void setProxy(String str, int i) {
        this.client.setProxy(str, i);
        this.logger.warn(String.format("Using proxy server: %s:%d ", str, Integer.valueOf(i)));
    }

    public void setMinScore(int i) {
        this.minScore = i;
    }

    public void setShareEveryone(SharingType sharingType) {
        this.shareEveryone = sharingType;
    }

    public void setDefaultCollectionName(String str) {
        this.defaultCollectionName = str;
    }

    public void setSkipLocalChecks(boolean z) {
        this.skipLocalChecks = z;
    }

    public AuditResults audit(WritableWorkspace writableWorkspace, String str, Reference reference) throws IOException, InterruptedException, TaskException, RuntimeException, WorkspaceException {
        if (str == null || str.length() == 0) {
            throw new TaskException("The repository name must be specified");
        }
        if ((reference.branch == null || reference.branch.length() == 0) && ((reference.tag == null || reference.tag.length() == 0) && (reference.pr == null || reference.pr.id == null || reference.pr.id.length() == 0))) {
            throw new TaskException("The branch, tag or PR must be specified");
        }
        AuditConfig auditConfig = new AuditConfig();
        URI resolve = writableWorkspace.resolve("42c-conf.yaml");
        URI resolve2 = writableWorkspace.resolve(ConfigReader.CONFIG_FILE_NAME_ALT);
        URI uri = writableWorkspace.exists(resolve) ? resolve : writableWorkspace.exists(resolve2) ? resolve2 : null;
        if (this.configEnabled && uri != null) {
            this.logger.debug(String.format("Reading config file '%s'", uri));
            try {
                AuditConfig matchAuditConfig = matchAuditConfig(ConfigReader.read(writableWorkspace.read(uri)).getAudit(), reference);
                if (matchAuditConfig != null) {
                    if (matchAuditConfig.getApiTags().size() == 0 && this.apiTags != null && !this.apiTags.isEmpty()) {
                        matchAuditConfig.setApiTags(this.apiTags);
                    }
                    auditConfig = matchAuditConfig;
                } else {
                    this.logger.info(String.format("Unable to find configuration in the config file, proceeding with the default config.", new Object[0]));
                }
            } catch (IOException e) {
                throw new TaskException("Failed to read a config file", e);
            }
        }
        ConfigDefaults.applyDefaults(this.minScore, this.defaultCollectionName, auditConfig);
        Discovery discovery = auditConfig.getDiscovery();
        Mapping mapping = auditConfig.getMapping();
        PlatformConfig readPlatformConfig = this.client.readPlatformConfig();
        Util.checkMissingsTags(auditConfig.getApiTags(), this.client, this.logger);
        this.client.setApiTags(auditConfig.getApiTags());
        DiscoveryAuditor discoveryAuditor = new DiscoveryAuditor(writableWorkspace, readPlatformConfig, this.client, this.logger);
        MappingAuditor mappingAuditor = new MappingAuditor(this.client, this.logger);
        RemoteApiMap remoteApiMap = new RemoteApiMap();
        HashMap hashMap = new HashMap();
        Map<String, String> hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        DiscoveryCollection discoveryCollection = new DiscoveryCollection();
        if (discovery.isEnabled()) {
            ApiUploadResult audit = discoveryAuditor.audit(writableWorkspace, this.finder, str, reference, this.cicdName, discovery.getSearch(), mapping, discovery.getCollectionName(), this.shareEveryone);
            hashMap3.put("created", readAssessment(writableWorkspace, audit.getCreatedApi(), auditConfig.getFailOn(), readPlatformConfig.gates));
            hashMap3.put(MSVSSConstants.TIME_UPDATED, readAssessment(writableWorkspace, audit.getUpdatedApi(), auditConfig.getFailOn(), readPlatformConfig.gates));
            hashMap3.put("failed", readAssessment(writableWorkspace, audit.getFailedApi(), auditConfig.getFailOn(), readPlatformConfig.gates));
            hashMap2 = audit.getDeletedApi();
            discoveryCollection = audit.getCollection();
        }
        remoteApiMap.putAll(mappingAuditor.audit(writableWorkspace, mapping));
        HashMap<URI, Summary> readAssessment = readAssessment(writableWorkspace, remoteApiMap, auditConfig.getFailOn(), readPlatformConfig.gates);
        JsonReport jsonReport = Util.getJsonReport(hashMap3, readAssessment, hashMap2, discoveryCollection, writableWorkspace);
        if (this.writeJsonReportTo != null && !this.writeJsonReportTo.equals("")) {
            Util.writeReport(jsonReport, this.writeJsonReportTo, writableWorkspace, this.logger);
        }
        hashMap.putAll(readAssessment);
        hashMap3.values().forEach(map -> {
            hashMap.putAll(map);
        });
        return collectResults(hashMap, jsonReport);
    }

    private AuditConfig matchAuditConfig(Audit audit, Reference reference) {
        if (reference.branch != null) {
            return matchAuditConfig(audit.getBranches(), reference.branch, "branches");
        }
        if (reference.tag != null) {
            return matchAuditConfig(audit.getTags(), reference.tag, "tags");
        }
        if (reference.pr != null) {
            return matchAuditConfig(audit.getPrs(), reference.pr.target, "prs");
        }
        return null;
    }

    @SuppressFBWarnings({"WMI_WRONG_MAP_ITERATOR"})
    private AuditConfig matchAuditConfig(AuditConfigMap auditConfigMap, String str, String str2) {
        if (auditConfigMap != null) {
            GlobMatcher globMatcher = new GlobMatcher();
            for (String str3 : auditConfigMap.keySet()) {
                if (globMatcher.matches(str3, str)) {
                    this.logger.debug(String.format("Matched name '%s' to pattern '%s' in %s", str, str3, str2));
                    return (AuditConfig) auditConfigMap.get(str3);
                }
                this.logger.debug(String.format("No match for name '%s' and pattern '%s' in %s", str, str3, str2));
            }
        }
        this.logger.debug(String.format("No configuration found for name '%s' in %s, using default config", str, str2));
        return null;
    }

    public void displayReport(AuditResults auditResults, Workspace workspace) {
        auditResults.summary.forEach((uri, auditResult) -> {
            this.logger.error(String.format("Audited %s, the API score is %d", workspace.relativize(uri).getPath(), Integer.valueOf(auditResult.score)));
            if (auditResult.failures.length > 0) {
                for (String str : auditResult.failures) {
                    this.logger.error("    " + str);
                }
            } else {
                this.logger.error("    No blocking issues found.");
            }
            if (auditResult.reportUrl != null) {
                this.logger.error("    Details:");
                this.logger.error(String.format("    %s", this.platformUrl, auditResult.reportUrl));
            }
            this.logger.error("");
        });
    }

    HashMap<URI, Summary> readAssessment(Workspace workspace, RemoteApiMap remoteApiMap, FailOn failOn, GatesMap gatesMap) throws IOException, TaskException {
        Maybe<AssessmentResponse> maybe;
        Maybe<ComplianceReport> maybe2;
        HashMap<URI, Summary> hashMap = new HashMap<>();
        for (Map.Entry<URI, Maybe<RemoteApi>> entry : remoteApiMap.entrySet()) {
            URI key = entry.getKey();
            Maybe<RemoteApi> value = entry.getValue();
            if (value.isOk()) {
                this.logger.info(String.format("Retrieving audit results for: %s", workspace.relativize(key).getPath()));
                maybe = this.client.readAssessment(value);
                if (!maybe.isOk()) {
                    maybe2 = new Maybe<>(maybe.getError());
                } else if (gatesMap != null) {
                    maybe2 = this.client.readCompliance(maybe.getResult().tid);
                } else {
                    this.logger.warn("No Sequrity Quality Gates information available, skipping the check.");
                    maybe2 = new Maybe<>();
                }
            } else {
                maybe = new Maybe<>(value.getError());
                maybe2 = new Maybe<>(value.getError());
            }
            hashMap.put(key, checkAssessment(value, maybe, maybe2, failOn, gatesMap));
        }
        return hashMap;
    }

    AuditResults collectResults(Map<URI, Summary> map, JsonReport jsonReport) {
        HashMap hashMap = new HashMap();
        int i = 0;
        for (Map.Entry<URI, Summary> entry : map.entrySet()) {
            URI key = entry.getKey();
            Summary value = entry.getValue();
            String str = null;
            com.xliic.openapi.bundler.Mapping mapping = null;
            if (value.api.isOk()) {
                str = String.format("%s/apis/%s/security-audit-report", this.platformUrl, value.api.getResult().apiId);
                mapping = value.api.getResult().mapping;
            }
            if (value.failures.length > 0) {
                i++;
            }
            hashMap.put(key, new AuditResult(value.score, value.report, mapping, value.failures, str));
        }
        return new AuditResults(hashMap, i, jsonReport);
    }

    @SuppressFBWarnings({"NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"})
    private Summary checkAssessment(Maybe<RemoteApi> maybe, Maybe<AssessmentResponse> maybe2, Maybe<ComplianceReport> maybe3, FailOn failOn, GatesMap gatesMap) throws JsonParseException, JsonMappingException, IOException {
        if (maybe2.isError()) {
            return new Summary(maybe, 0, null, new String[]{String.format("Transaction ID %s: %s", maybe2.getError().getTransactionId(), maybe2.getError().getMessage())});
        }
        AssessmentReport decodeReport = decodeReport(maybe2.getResult().data);
        return new Summary(maybe, Math.round(maybe2.getResult().attr.data.grade), decodeReport, (String[]) new FailureChecker().checkAssessment(maybe2.getResult(), decodeReport, maybe3, failOn, gatesMap, this.skipLocalChecks).toArray(new String[0]));
    }

    private AssessmentReport decodeReport(String str) throws JsonParseException, JsonMappingException, IOException {
        return (AssessmentReport) JsonParser.parse(Base64.getDecoder().decode(str), AssessmentReport.class);
    }
}
