package org.sonatype.ossindex.maven.common;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.maven.artifact.Artifact;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.goodies.packageurl.PackageUrl;
import org.sonatype.ossindex.service.api.componentreport.ComponentReport;
import org.sonatype.ossindex.service.api.componentreport.ComponentReportVulnerability;
import org.sonatype.ossindex.service.client.OssindexClient;
import org.sonatype.ossindex.service.client.OssindexClientConfiguration;
import org.sonatype.ossindex.service.client.cache.CacheConfiguration;
import org.sonatype.ossindex.service.client.cache.DirectoryCache;
import org.sonatype.ossindex.service.client.internal.OssindexClientImpl;
import org.sonatype.ossindex.service.client.internal.VersionSupplier;
import org.sonatype.ossindex.service.client.marshal.GsonMarshaller;
import org.sonatype.ossindex.service.client.transport.HttpClientTransport;
import org.sonatype.ossindex.service.client.transport.UserAgentBuilder;
import org.sonatype.ossindex.service.client.transport.UserAgentSupplier;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/ossindex/maven/common/ComponentReportAssistant.class */
public class ComponentReportAssistant {
    private static final Logger log = LoggerFactory.getLogger(ComponentReportAssistant.class);

    public ComponentReportResult request(ComponentReportRequest componentReportRequest) {
        Preconditions.checkNotNull(componentReportRequest);
        Preconditions.checkState(componentReportRequest.getComponents() != null, "Missing: components");
        Preconditions.checkState(!componentReportRequest.getComponents().isEmpty(), "At least one component must be specified");
        Preconditions.checkState(componentReportRequest.getClientConfiguration() != null, "Missing: client-configuration");
        log.info("Checking for vulnerabilities; {} artifacts", Integer.valueOf(componentReportRequest.getComponents().size()));
        HashMap hashMap = new HashMap();
        for (Artifact artifact : componentReportRequest.getComponents()) {
            log.debug("  {}", artifact);
            hashMap.put(packageUrl(artifact), artifact);
        }
        log.info("Exclude coordinates: {}", componentReportRequest.getExcludeCoordinates());
        log.info("Exclude vulnerability identifiers: {}", componentReportRequest.getExcludeVulnerabilityIds());
        log.info("CVSS-score threshold: {}", Float.valueOf(componentReportRequest.getCvssScoreThreshold()));
        ComponentReportResult componentReportResult = new ComponentReportResult();
        OssindexClient createClient = createClient(componentReportRequest);
        try {
            try {
                Map requestComponentReports = createClient.requestComponentReports(new ArrayList(hashMap.keySet()));
                log.trace("Fetched {} component-reports", Integer.valueOf(requestComponentReports.size()));
                for (Map.Entry entry : requestComponentReports.entrySet()) {
                    PackageUrl packageUrl = (PackageUrl) entry.getKey();
                    Artifact artifact2 = (Artifact) hashMap.get(packageUrl);
                    ComponentReport componentReport = (ComponentReport) entry.getValue();
                    if (componentReport == null) {
                        log.warn("Missing report for: {}", packageUrl);
                    } else {
                        componentReportResult.getReports().put(artifact2, componentReport);
                        if (match(componentReportRequest, componentReportResult, componentReport)) {
                            componentReportResult.getVulnerable().put(artifact2, componentReport);
                        }
                    }
                }
                try {
                    createClient.close();
                } catch (Exception e) {
                    log.warn("Failed to close client", e);
                }
            } catch (Exception e2) {
                log.warn("Failed to fetch component-reports", e2);
            }
            return componentReportResult;
        } finally {
            try {
                createClient.close();
            } catch (Exception e3) {
                log.warn("Failed to close client", e3);
            }
        }
    }

    @VisibleForTesting
    static PackageUrl packageUrl(Artifact artifact) {
        return PackageUrl.builder().type("maven").namespace(artifact.getGroupId()).name(artifact.getArtifactId()).version(artifact.getVersion()).build();
    }

    @VisibleForTesting
    OssindexClient createClient(final ComponentReportRequest componentReportRequest) {
        HttpClientTransport httpClientTransport = new HttpClientTransport(new UserAgentSupplier(new VersionSupplier().get()) { // from class: org.sonatype.ossindex.maven.common.ComponentReportAssistant.1
            protected void customize(UserAgentBuilder userAgentBuilder) {
                List<UserAgentBuilder.Product> products = componentReportRequest.getProducts();
                if (products != null) {
                    Iterator<UserAgentBuilder.Product> it = products.iterator();
                    while (it.hasNext()) {
                        userAgentBuilder.product(it.next());
                    }
                }
            }
        });
        GsonMarshaller gsonMarshaller = new GsonMarshaller();
        OssindexClientConfiguration clientConfiguration = componentReportRequest.getClientConfiguration();
        if (PropertyHelper.getBoolean(componentReportRequest.getProperties(), "ossindex.cache.disable", false)) {
            clientConfiguration.setCacheConfiguration((CacheConfiguration) null);
        } else if (clientConfiguration.getCacheConfiguration() == null) {
            DirectoryCache.Configuration configuration = new DirectoryCache.Configuration();
            File file = PropertyHelper.getFile(componentReportRequest.getProperties(), "ossindex.cache.directory");
            if (file != null) {
                configuration.setBaseDir(file.toPath());
            }
            Duration duration = PropertyHelper.getDuration(componentReportRequest.getProperties(), "ossindex.cache.expiration");
            if (duration != null) {
                configuration.setExpireAfter(duration);
            }
            clientConfiguration.setCacheConfiguration(configuration);
        }
        return new OssindexClientImpl(clientConfiguration, httpClientTransport, gsonMarshaller);
    }

    @VisibleForTesting
    boolean match(ComponentReportRequest componentReportRequest, ComponentReportResult componentReportResult, ComponentReport componentReport) {
        List<ComponentReportVulnerability> vulnerabilities = componentReport.getVulnerabilities();
        if (vulnerabilities.isEmpty()) {
            return false;
        }
        MavenCoordinates from = MavenCoordinates.from(componentReport.getCoordinates());
        if (componentReportRequest.getExcludeCoordinates().contains(from)) {
            log.warn("Excluding coordinates: {}", from);
            componentReportResult.getExcludedCoordinates().add(from);
            return false;
        }
        int i = 0;
        float cvssScoreThreshold = componentReportRequest.getCvssScoreThreshold();
        Set<String> excludeVulnerabilityIds = componentReportRequest.getExcludeVulnerabilityIds();
        for (ComponentReportVulnerability componentReportVulnerability : vulnerabilities) {
            boolean z = false;
            Float cvssScore = componentReportVulnerability.getCvssScore();
            if (cvssScore != null) {
                if (cvssScore.floatValue() >= cvssScoreThreshold) {
                    z = true;
                } else {
                    log.warn("Excluding CVSS-score: {}", cvssScore);
                }
            }
            if (excludeVulnerabilityIds.contains(componentReportVulnerability.getId())) {
                log.warn("Excluding vulnerability ID: {}", componentReportVulnerability.getId());
                z = false;
            }
            if (z) {
                i++;
            } else {
                componentReportResult.getExcludedVulnerabilities().add(componentReportVulnerability);
            }
        }
        return i != 0;
    }
}
