package com.cx.restclient.ast;

import com.cx.restclient.ast.dto.common.HandlerRef;
import com.cx.restclient.ast.dto.common.RemoteRepositoryInfo;
import com.cx.restclient.ast.dto.common.ScanConfig;
import com.cx.restclient.ast.dto.sca.AstScaConfig;
import com.cx.restclient.ast.dto.sca.AstScaResults;
import com.cx.restclient.ast.dto.sca.CreateProjectRequest;
import com.cx.restclient.ast.dto.sca.Project;
import com.cx.restclient.ast.dto.sca.report.AstScaSummaryResults;
import com.cx.restclient.ast.dto.sca.report.Finding;
import com.cx.restclient.ast.dto.sca.report.Package;
import com.cx.restclient.common.Scanner;
import com.cx.restclient.common.UrlUtils;
import com.cx.restclient.configuration.CxScanConfig;
import com.cx.restclient.dto.LoginSettings;
import com.cx.restclient.dto.PathFilter;
import com.cx.restclient.dto.Results;
import com.cx.restclient.dto.ScanResults;
import com.cx.restclient.dto.ScannerType;
import com.cx.restclient.dto.SourceLocationType;
import com.cx.restclient.exception.CxClientException;
import com.cx.restclient.httpClient.utils.HttpClientHelper;
import com.cx.restclient.sast.utils.zip.CxZipUtils;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.MapperFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.FileEntity;
import org.slf4j.Logger;

/* loaded from: input_file:BOOT-INF/lib/cx-client-common-2020.3.38.jar:com/cx/restclient/ast/AstScaClient.class */
public class AstScaClient extends AstClient implements Scanner {
    private static final String ENGINE_TYPE_FOR_API = "sca";
    private static final String TENANT_HEADER_NAME = "Account-Name";
    private String projectId;
    private String scanId;
    public static final String ENCODING = StandardCharsets.UTF_8.name();
    private static final ObjectMapper caseInsensitiveObjectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).enable(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS);

    public AstScaClient(CxScanConfig cxScanConfig, Logger logger) {
        super(cxScanConfig, logger);
        AstScaConfig astScaConfig = cxScanConfig.getAstScaConfig();
        validate(astScaConfig);
        this.httpClient = createHttpClient(astScaConfig.getApiUrl());
        this.httpClient.addCustomHeader(TENANT_HEADER_NAME, cxScanConfig.getAstScaConfig().getTenant());
    }

    @Override // com.cx.restclient.ast.AstClient
    protected String getScannerDisplayName() {
        return ScannerType.AST_SCA.getDisplayName();
    }

    @Override // com.cx.restclient.ast.AstClient
    protected ScanConfig getScanConfig() {
        return ScanConfig.builder().type("sca").build();
    }

    @Override // com.cx.restclient.ast.AstClient
    protected HandlerRef getBranchToScan(RemoteRepositoryInfo remoteRepositoryInfo) {
        if (StringUtils.isNotEmpty(remoteRepositoryInfo.getBranch())) {
            throw new CxClientException(String.format("Branch specification is not yet supported by %s.", getScannerDisplayName()));
        }
        return null;
    }

    @Override // com.cx.restclient.ast.AstClient
    protected URL getEffectiveRepoUrl(RemoteRepositoryInfo remoteRepositoryInfo) {
        URL url;
        URL url2 = remoteRepositoryInfo.getUrl();
        String defaultString = StringUtils.defaultString(remoteRepositoryInfo.getUsername());
        String defaultString2 = StringUtils.defaultString(remoteRepositoryInfo.getPassword());
        try {
            if (StringUtils.isNotEmpty(defaultString) || StringUtils.isNotEmpty(defaultString2)) {
                this.log.info(String.format("Adding credentials as the userinfo part of the URL, because %s only supports this kind of authentication.", getScannerDisplayName()));
                url = new URIBuilder(url2.toURI()).setUserInfo(defaultString, defaultString2).build().toURL();
            } else {
                url = remoteRepositoryInfo.getUrl();
            }
            return url;
        } catch (Exception e) {
            throw new CxClientException("Error getting effective repo URL.");
        }
    }

    @Override // com.cx.restclient.common.Scanner
    public void init() {
        try {
            login();
            resolveProject();
        } catch (IOException e) {
            throw new CxClientException("Failed to init CxSCA Client.", e);
        }
    }

    @Override // com.cx.restclient.common.Scanner
    public Results waitForScanResults() {
        waitForScanToFinish(this.scanId);
        AstScaResults retrieveScanResults = retrieveScanResults();
        retrieveScanResults.setScaResultReady(true);
        return retrieveScanResults;
    }

    @Override // com.cx.restclient.common.Scanner
    public Results initiateScan() {
        this.log.info(String.format("----------------------------------- Initiating %s Scan:------------------------------------", getScannerDisplayName()));
        AstScaResults astScaResults = new AstScaResults();
        this.scanId = null;
        try {
            AstScaConfig astScaConfig = this.config.getAstScaConfig();
            this.scanId = extractScanIdFrom(astScaConfig.getSourceLocationType() == SourceLocationType.REMOTE_REPOSITORY ? submitSourcesFromRemoteRepo(astScaConfig, this.projectId) : submitSourcesFromLocalDir());
            astScaResults.setScanId(this.scanId);
            return astScaResults;
        } catch (IOException e) {
            throw new CxClientException("Error creating scan.", e);
        }
    }

    private HttpResponse submitSourcesFromLocalDir() throws IOException {
        this.log.info("Using local directory flow.");
        File zippedSources = CxZipUtils.getZippedSources(this.config, new PathFilter(this.config.getOsaFolderExclusions(), this.config.getOsaFilterPattern(), this.log), this.config.getEffectiveSourceDirForDependencyScan(), this.log);
        String sourcesUploadUrl = getSourcesUploadUrl();
        uploadArchive(zippedSources, sourcesUploadUrl);
        CxZipUtils.deleteZippedSources(zippedSources, this.config, this.log);
        RemoteRepositoryInfo remoteRepositoryInfo = new RemoteRepositoryInfo();
        remoteRepositoryInfo.setUrl(new URL(sourcesUploadUrl));
        return sendStartScanRequest(remoteRepositoryInfo, SourceLocationType.LOCAL_DIRECTORY, this.projectId);
    }

    private String getSourcesUploadUrl() throws IOException {
        JsonNode jsonNode = (JsonNode) this.httpClient.postRequest(UrlPaths.GET_UPLOAD_URL, null, null, JsonNode.class, 200, "get upload URL for sources");
        if (jsonNode == null || jsonNode.get("url") == null) {
            throw new CxClientException("Unable to get the upload URL.");
        }
        return jsonNode.get("url").asText();
    }

    private void uploadArchive(File file, String str) throws IOException {
        this.log.info("Uploading the zipped sources.");
        createHttpClient(str).putRequest("", "", new FileEntity(file), JsonNode.class, 200, "upload ZIP file");
    }

    private void printWebReportLink(AstScaResults astScaResults) {
        if (StringUtils.isEmpty(astScaResults.getWebReportLink())) {
            return;
        }
        this.log.info(String.format("CxSCA scan results location: %s", astScaResults.getWebReportLink()));
    }

    @Override // com.cx.restclient.common.Scanner
    public ScanResults getLatestScanResults() {
        return new ScanResults();
    }

    void testConnection() throws IOException {
        login();
        getProjects();
    }

    public void login() throws IOException {
        this.log.info("Logging into CxSCA.");
        AstScaConfig astScaConfig = this.config.getAstScaConfig();
        LoginSettings loginSettings = new LoginSettings();
        String accessControlUrl = astScaConfig.getAccessControlUrl();
        loginSettings.setAccessControlBaseUrl(accessControlUrl);
        loginSettings.setUsername(astScaConfig.getUsername());
        loginSettings.setPassword(astScaConfig.getPassword());
        loginSettings.setTenant(astScaConfig.getTenant());
        loginSettings.setClientTypeForPasswordAuth(new ClientTypeResolver().determineClientType(accessControlUrl));
        this.httpClient.login(loginSettings);
    }

    @Override // com.cx.restclient.common.Scanner
    public void close() {
        if (this.httpClient != null) {
            this.httpClient.close();
        }
    }

    public void testScaConnection() {
        try {
            testConnection();
        } catch (IOException e) {
            throw new CxClientException(e);
        }
    }

    private void resolveProject() throws IOException {
        String projectName = this.config.getProjectName();
        this.log.info(String.format("Getting project by name: '%s'", projectName));
        this.projectId = getProjectIdByName(projectName);
        if (this.projectId != null) {
            this.log.info(String.format("Project already exists with ID %s", this.projectId));
            return;
        }
        this.log.info("Project not found, creating a new one.");
        this.projectId = createProject(projectName);
        this.log.info(String.format("Created a project with ID %s", this.projectId));
    }

    private String getProjectIdByName(String str) throws IOException {
        if (StringUtils.isEmpty(str)) {
            throw new CxClientException("Non-empty project name must be provided.");
        }
        return (String) getProjects().stream().filter(project -> {
            return str.equals(project.getName());
        }).map((v0) -> {
            return v0.getId();
        }).findFirst().orElse(null);
    }

    private List<Project> getProjects() throws IOException {
        return (List) this.httpClient.getRequest(UrlPaths.PROJECTS, "application/json", Project.class, 200, "CxSCA projects", true);
    }

    private String createProject(String str) throws IOException {
        CreateProjectRequest createProjectRequest = new CreateProjectRequest();
        createProjectRequest.setName(str);
        return ((Project) this.httpClient.postRequest(UrlPaths.PROJECTS, "application/json", HttpClientHelper.convertToStringEntity(createProjectRequest), Project.class, 201, "create a project")).getId();
    }

    private AstScaResults retrieveScanResults() {
        try {
            String reportId = getReportId();
            AstScaResults astScaResults = new AstScaResults();
            astScaResults.setScanId(this.scanId);
            AstScaSummaryResults summaryReport = getSummaryReport(reportId);
            astScaResults.setSummary(summaryReport);
            printSummary(summaryReport, this.scanId);
            astScaResults.setFindings(getFindings(reportId));
            astScaResults.setPackages(getPackages(reportId));
            astScaResults.setWebReportLink(getWebReportLink(reportId));
            printWebReportLink(astScaResults);
            astScaResults.setScaResultReady(true);
            this.log.info("Retrieved SCA results successfully.");
            return astScaResults;
        } catch (IOException e) {
            throw new CxClientException("Error retrieving CxSCA scan results.", e);
        }
    }

    private String getWebReportLink(String str) {
        String str2 = null;
        try {
            String webAppUrl = this.config.getAstScaConfig().getWebAppUrl();
            if (StringUtils.isEmpty(webAppUrl)) {
                this.log.warn(String.format("%s Web app URL is not specified.", "Unable to generate web report link."));
            } else {
                str2 = UrlUtils.parseURLToString(webAppUrl, String.format(UrlPaths.WEB_REPORT, URLEncoder.encode(this.projectId, ENCODING), URLEncoder.encode(str, ENCODING)));
            }
        } catch (MalformedURLException e) {
            this.log.warn("Unable to generate web report link: invalid web app URL.", (Throwable) e);
        } catch (Exception e2) {
            this.log.warn("Unable to generate web report link: general error.", (Throwable) e2);
        }
        return str2;
    }

    private String getReportId() throws IOException {
        this.log.debug(String.format("Getting report ID by scan ID: %s", this.scanId));
        String str = (String) this.httpClient.getRequest(String.format(UrlPaths.REPORT_ID, URLEncoder.encode(this.scanId, ENCODING)), "application/json", String.class, 200, "Risk report ID", false);
        this.log.debug(String.format("Found report ID: %s", str));
        return str;
    }

    private AstScaSummaryResults getSummaryReport(String str) throws IOException {
        this.log.debug("Getting summary report.");
        return (AstScaSummaryResults) this.httpClient.getRequest(String.format(UrlPaths.SUMMARY_REPORT, URLEncoder.encode(str, ENCODING)), "application/json", AstScaSummaryResults.class, 200, "CxSCA report summary", false);
    }

    private List<Finding> getFindings(String str) throws IOException {
        this.log.debug("Getting findings.");
        return Arrays.asList((Finding[]) caseInsensitiveObjectMapper.treeToValue((ArrayNode) this.httpClient.getRequest(String.format(UrlPaths.FINDINGS, URLEncoder.encode(str, ENCODING)), "application/json", ArrayNode.class, 200, "CxSCA findings", false), Finding[].class));
    }

    private List<Package> getPackages(String str) throws IOException {
        this.log.debug("Getting packages.");
        return (List) this.httpClient.getRequest(String.format(UrlPaths.PACKAGES, URLEncoder.encode(str, ENCODING)), "application/json", Package.class, 200, "CxSCA findings", true);
    }

    private void printSummary(AstScaSummaryResults astScaSummaryResults, String str) {
        if (this.log.isInfoEnabled()) {
            this.log.info(String.format("%n----CxSCA risk report summary----", new Object[0]));
            this.log.info(String.format("Created on: %s", astScaSummaryResults.getCreatedOn()));
            this.log.info(String.format("Direct packages: %d", Integer.valueOf(astScaSummaryResults.getDirectPackages())));
            this.log.info(String.format("High vulnerabilities: %d", Integer.valueOf(astScaSummaryResults.getHighVulnerabilityCount())));
            this.log.info(String.format("Medium vulnerabilities: %d", Integer.valueOf(astScaSummaryResults.getMediumVulnerabilityCount())));
            this.log.info(String.format("Low vulnerabilities: %d", Integer.valueOf(astScaSummaryResults.getLowVulnerabilityCount())));
            this.log.info(String.format("Risk report ID: %s", astScaSummaryResults.getRiskReportId()));
            this.log.info(String.format("Scan ID: %s", str));
            this.log.info(String.format("Risk score: %.2f", Double.valueOf(astScaSummaryResults.getRiskScore())));
            this.log.info(String.format("Total packages: %d", Integer.valueOf(astScaSummaryResults.getTotalPackages())));
            this.log.info(String.format("Total outdated packages: %d%n", Integer.valueOf(astScaSummaryResults.getTotalOutdatedPackages())));
        }
    }

    private void validate(AstScaConfig astScaConfig) {
        String str = null;
        if (astScaConfig == null) {
            str = "%s config must be provided.";
        } else if (StringUtils.isEmpty(astScaConfig.getApiUrl())) {
            str = "%s API URL must be provided.";
        } else if (StringUtils.isEmpty(astScaConfig.getAccessControlUrl())) {
            str = "%s access control URL must be provided.";
        } else {
            RemoteRepositoryInfo remoteRepositoryInfo = astScaConfig.getRemoteRepositoryInfo();
            if (remoteRepositoryInfo == null && astScaConfig.getSourceLocationType() == SourceLocationType.REMOTE_REPOSITORY) {
                str = "%s remote repository info must be provided.";
            } else if (remoteRepositoryInfo != null && StringUtils.isNotEmpty(remoteRepositoryInfo.getBranch())) {
                str = "%s doesn't support specifying custom branches. It currently uses the default branch of a repo.";
            }
        }
        if (str != null) {
            throw new IllegalArgumentException(String.format(str, getScannerDisplayName()));
        }
    }
}
