package com.github.toolarium.dependency.check.formatter.impl;

import com.github.toolarium.dependency.check.DependencyCheckUtil;
import com.github.toolarium.dependency.check.formatter.IDependencyCheckFormatter;
import com.github.toolarium.dependency.check.model.DependecyCheckResult;
import com.github.toolarium.dependency.check.model.Dependency;
import com.github.toolarium.dependency.check.model.IncludedBy;
import com.github.toolarium.dependency.check.model.Package;
import com.github.toolarium.dependency.check.model.vulnerability.Vulnerability;
import com.github.toolarium.dependency.check.model.vulnerability.VulnerabilityId;
import com.github.toolarium.dependency.check.model.vulnerability.VulnerableSoftware;
import com.github.toolarium.dependency.check.report.DependencyArtifact;
import com.github.toolarium.dependency.check.report.Vulnerability;
import com.github.toolarium.dependency.check.report.VulnerabilityReport;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/toolarium/dependency/check/formatter/impl/VulnerabilityReportDependecyCheckFormatter.class */
public class VulnerabilityReportDependecyCheckFormatter implements IDependencyCheckFormatter<VulnerabilityReport> {
    private static final String COLON = ":";
    private static final Logger LOG = LoggerFactory.getLogger(VulnerabilityReportDependecyCheckFormatter.class);

    /* loaded from: input_file:com/github/toolarium/dependency/check/formatter/impl/VulnerabilityReportDependecyCheckFormatter$VulnerabilityDependencyArtifact.class */
    public class VulnerabilityDependencyArtifact {
        private DependencyArtifact dependencyArtifact;
        private String confidence;
        private String url;

        public VulnerabilityDependencyArtifact(VulnerabilityReportDependecyCheckFormatter vulnerabilityReportDependecyCheckFormatter) {
        }

        public DependencyArtifact getDependencyArtifact() {
            return this.dependencyArtifact;
        }

        public void setDependencyArtifact(DependencyArtifact dependencyArtifact) {
            this.dependencyArtifact = dependencyArtifact;
        }

        public String getConfidence() {
            return this.confidence;
        }

        public void setConfidence(String str) {
            this.confidence = str;
        }

        public String getUrl() {
            return this.url;
        }

        public void setUrl(String str) {
            this.url = str;
        }

        public int hashCode() {
            return Objects.hash(this.confidence, this.dependencyArtifact, this.url);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            VulnerabilityDependencyArtifact vulnerabilityDependencyArtifact = (VulnerabilityDependencyArtifact) obj;
            return Objects.equals(this.confidence, vulnerabilityDependencyArtifact.confidence) && Objects.equals(this.dependencyArtifact, vulnerabilityDependencyArtifact.dependencyArtifact) && Objects.equals(this.url, vulnerabilityDependencyArtifact.url);
        }

        public String toString() {
            return "VulnerabilityDependencyArtifact [dependencyArtifact=" + String.valueOf(this.dependencyArtifact) + ", confidence=" + this.confidence + ", url=" + this.url + "]";
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.github.toolarium.dependency.check.formatter.IDependencyCheckFormatter
    public VulnerabilityReport format(DependecyCheckResult dependecyCheckResult, IDependencyCheckFormatter.DependencyFilter dependencyFilter) {
        DependencyArtifact dependencyArtifact = new DependencyArtifact(dependecyCheckResult.getProjectInfo().getGroupID(), dependecyCheckResult.getProjectInfo().getArtifactID(), dependecyCheckResult.getProjectInfo().getVersion());
        VulnerabilityReport vulnerabilityReport = new VulnerabilityReport(dependecyCheckResult.getProjectInfo().getReportDate(), dependencyArtifact);
        DependecyCheckResult filter = DependencyCheckUtil.getInstance().filter(DependencyCheckUtil.getInstance().simplify(dependecyCheckResult));
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        List list = (List) concurrentHashMap.get(dependencyArtifact);
        if (list == null) {
            list = new ArrayList();
            concurrentHashMap.put(dependencyArtifact, list);
        }
        for (Dependency dependency : filter.getDependencies()) {
            for (VulnerabilityDependencyArtifact vulnerabilityDependencyArtifact : convertPackageList(dependency.getPackages())) {
                com.github.toolarium.dependency.check.report.Dependency dependency2 = new com.github.toolarium.dependency.check.report.Dependency();
                dependency2.setFilename(dependency.getFileName());
                dependency2.setDependencyArtifact(vulnerabilityDependencyArtifact.getDependencyArtifact());
                dependency2.setPackageDescription(dependency.getDescription());
                dependency2.setPackageLicence(dependency.getLicense());
                dependency2.setConfidence(vulnerabilityDependencyArtifact.getConfidence());
                dependency2.setUrl(vulnerabilityDependencyArtifact.getUrl());
                ArrayList arrayList = new ArrayList();
                if (dependency.getProjectReferences() != null && !dependency.getProjectReferences().isEmpty()) {
                    Iterator<String> it = dependency.getProjectReferences().iterator();
                    while (it.hasNext()) {
                        String[] split = it.next().split(COLON);
                        String str = split[0];
                        arrayList.add(split[1]);
                        dependency2.addProjectReferenceList(str);
                    }
                }
                dependency2.setIncludedByReferenceList(convertIncludeByList(dependency.getIncludedBy()));
                if (dependency.getVulnerabilities() != null && !dependency.getVulnerabilities().isEmpty()) {
                    VulnerabilityId vulnerabilityId = null;
                    HashSet hashSet = new HashSet();
                    if (dependency.getVulnerabilityIds() != null && !dependency.getVulnerabilityIds().isEmpty()) {
                        for (VulnerabilityId vulnerabilityId2 : dependency.getVulnerabilityIds()) {
                            if (!hashSet.contains(vulnerabilityId2.getId())) {
                                hashSet.add(parseVulnerabilityArtifactId(vulnerabilityId2.getId()));
                                vulnerabilityId = vulnerabilityId2;
                            }
                        }
                    }
                    LinkedHashMap linkedHashMap = new LinkedHashMap();
                    for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                        String name = vulnerability.getName();
                        linkedHashMap.put(name, prepareReportVulnerability(vulnerabilityId, vulnerability, (com.github.toolarium.dependency.check.report.Vulnerability) linkedHashMap.get(name), hashSet));
                    }
                    LinkedList linkedList = new LinkedList(linkedHashMap.values());
                    linkedList.sort(Comparator.comparing((v0) -> {
                        return v0.getScore();
                    }).reversed());
                    dependency2.setVulnerabilityList(linkedList);
                }
                LOG.debug("Found a vulnerability in [" + vulnerabilityDependencyArtifact.getDependencyArtifact().toArtifactId() + "] in configuration(s): " + String.valueOf(arrayList));
                if (vulnerabilityDependencyArtifact.getDependencyArtifact() != null && !list.contains(vulnerabilityDependencyArtifact.getDependencyArtifact())) {
                    Iterator<DependencyArtifact> it2 = dependency2.getIncludedByReferenceList().iterator();
                    while (it2.hasNext()) {
                        if (it2.next().equals(dependencyArtifact) && !list.contains(vulnerabilityDependencyArtifact.getDependencyArtifact())) {
                            list.add(vulnerabilityDependencyArtifact.getDependencyArtifact());
                            LOG.info("Found a direct vulnerability in [ " + dependencyArtifact.toArtifactId() + " -> [" + vulnerabilityDependencyArtifact.getDependencyArtifact().toArtifactId() + "] in configuration(s): " + String.valueOf(arrayList));
                            if (IDependencyCheckFormatter.DependencyFilter.DIRECT.equals(dependencyFilter)) {
                                Iterator it3 = arrayList.iterator();
                                while (it3.hasNext()) {
                                    vulnerabilityReport.add((String) it3.next(), dependency2);
                                }
                            }
                        }
                    }
                }
                if (IDependencyCheckFormatter.DependencyFilter.ALL.equals(dependencyFilter)) {
                    Iterator it4 = arrayList.iterator();
                    while (it4.hasNext()) {
                        vulnerabilityReport.add((String) it4.next(), dependency2);
                    }
                }
            }
        }
        return vulnerabilityReport;
    }

    protected com.github.toolarium.dependency.check.report.Vulnerability prepareReportVulnerability(VulnerabilityId vulnerabilityId, Vulnerability vulnerability, com.github.toolarium.dependency.check.report.Vulnerability vulnerability2, Set<String> set) {
        com.github.toolarium.dependency.check.report.Vulnerability vulnerability3 = vulnerability2;
        boolean z = false;
        if (vulnerability3 == null) {
            vulnerability3 = new com.github.toolarium.dependency.check.report.Vulnerability();
            vulnerability3.setCve(vulnerability.getName());
            z = true;
        }
        if (vulnerability.getCvssv2() != null && vulnerability.getCvssv2().getScore() != null) {
            if (vulnerability.getCvssv2().getImpactScore() != null) {
                vulnerability3.setImpactScore(vulnerability.getCvssv2().getImpactScore());
            }
            if (vulnerability.getCvssv2().getExploitabilityScore() != null) {
                vulnerability3.setExploitabilityScore(vulnerability.getCvssv2().getExploitabilityScore());
            }
            vulnerability3.setScoreType(Vulnerability.ScoreType.CVSS_V2);
            vulnerability3.setScore(vulnerability.getCvssv2().getScore());
            z = true;
        }
        if (vulnerability.getCvssv3() != null && vulnerability.getCvssv3().getBaseScore() != null && (vulnerability3.getScore() == null || Vulnerability.ScoreType.CVSS_V2.equals(vulnerability3.getScoreType()) || vulnerability3.getScore().doubleValue() < vulnerability.getCvssv3().getBaseScore().doubleValue())) {
            if (vulnerability.getCvssv3().getImpactScore() != null) {
                vulnerability3.setImpactScore(vulnerability.getCvssv3().getImpactScore());
            }
            if (vulnerability.getCvssv3().getExploitabilityScore() != null) {
                vulnerability3.setExploitabilityScore(vulnerability.getCvssv3().getExploitabilityScore());
            }
            vulnerability3.setScoreType(Vulnerability.ScoreType.CVSS_V3);
            vulnerability3.setScore(vulnerability.getCvssv3().getBaseScore());
            z = true;
        }
        if (z) {
            VulnerableSoftware vulnerableSoftware = null;
            if (vulnerability.getVulnerableSoftware() != null && !vulnerability.getVulnerableSoftware().isEmpty()) {
                for (VulnerableSoftware vulnerableSoftware2 : vulnerability.getVulnerableSoftware()) {
                    if (vulnerableSoftware2.getSoftware() != null && set.contains(parseVulnerabilityArtifactId(vulnerableSoftware2.getSoftware().getId())) && "true".equalsIgnoreCase(vulnerableSoftware2.getSoftware().getVulnerabilityIdMatched())) {
                        vulnerableSoftware = vulnerableSoftware2;
                    }
                }
            }
            vulnerability3.setSeverity(vulnerability.getSeverity());
            vulnerability3.setSource(vulnerability.getSource());
            vulnerability3.setDescription(vulnerability.getDescription());
            if (vulnerableSoftware != null && vulnerableSoftware.getSoftware() != null) {
                vulnerability3.setEndExcludingVersion(vulnerableSoftware.getSoftware().getVersionEndExcluding());
            }
            if (vulnerabilityId != null) {
                vulnerability3.setUrl(vulnerabilityId.getUrl());
                vulnerability3.setConfidence(vulnerabilityId.getConfidence());
            }
        }
        return vulnerability3;
    }

    protected List<DependencyArtifact> convertIncludeByList(List<IncludedBy> list) {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        for (IncludedBy includedBy : list) {
            if (includedBy.getReference() != null && !includedBy.getReference().isBlank()) {
                DependencyArtifact dependencyArtifact = DependencyArtifact.toDependencyArtifact(includedBy.getReference());
                if (!arrayList.contains(dependencyArtifact)) {
                    arrayList.add(dependencyArtifact);
                }
            }
        }
        return arrayList;
    }

    protected List<VulnerabilityDependencyArtifact> convertPackageList(List<Package> list) {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.isEmpty()) {
            return arrayList;
        }
        for (Package r0 : list) {
            VulnerabilityDependencyArtifact vulnerabilityDependencyArtifact = new VulnerabilityDependencyArtifact(this);
            if (r0.getId() != null && !r0.getId().isBlank()) {
                vulnerabilityDependencyArtifact.setDependencyArtifact(DependencyArtifact.toDependencyArtifact(r0.getId()));
            }
            vulnerabilityDependencyArtifact.setConfidence(r0.getConfidence());
            vulnerabilityDependencyArtifact.setUrl(r0.getUrl());
            arrayList.add(vulnerabilityDependencyArtifact);
        }
        return arrayList;
    }

    protected String parseVulnerabilityArtifactId(String str) {
        if (str == null || str.isBlank()) {
            return null;
        }
        String[] split = str.trim().split(COLON);
        if (split.length > 4) {
            return split[0] + ":" + split[1] + ":" + split[2] + ":" + split[3] + ":" + split[4];
        }
        return null;
    }
}
