package org.spdx.maven;

import java.io.File;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.model.DistributionManagement;
import org.apache.maven.model.Resource;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.DefaultProjectBuildingRequest;
import org.apache.maven.project.MavenProject;
import org.apache.maven.project.MavenProjectHelper;
import org.apache.maven.project.ProjectBuilder;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilder;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;
import org.apache.maven.shared.model.fileset.FileSet;
import org.spdx.library.InvalidSPDXAnalysisException;
import org.spdx.library.model.Checksum;
import org.spdx.library.model.SpdxDocument;
import org.spdx.library.model.enumerations.ChecksumAlgorithm;
import org.spdx.library.model.enumerations.Purpose;
import org.spdx.library.model.license.AnyLicenseInfo;
import org.spdx.library.model.license.InvalidLicenseStringException;
import org.spdx.library.model.license.LicenseInfoFactory;
import org.spdx.library.model.license.SpdxNoAssertionLicense;
import org.spdx.maven.utils.LicenseManagerException;
import org.spdx.maven.utils.LicenseMapperException;
import org.spdx.maven.utils.SpdxBuilderException;
import org.spdx.maven.utils.SpdxCollectionException;
import org.spdx.maven.utils.SpdxDefaultFileInformation;
import org.spdx.maven.utils.SpdxDependencyInformation;
import org.spdx.maven.utils.SpdxDocumentBuilder;
import org.spdx.maven.utils.SpdxFileCollector;
import org.spdx.maven.utils.SpdxProjectInformation;

@Mojo(name = "createSPDX", defaultPhase = LifecyclePhase.VERIFY, requiresOnline = true, threadSafe = true)
/* loaded from: input_file:org/spdx/maven/CreateSpdxMojo.class */
public class CreateSpdxMojo extends AbstractMojo {
    public static final String INCLUDE_ALL = "**/*";
    public static final String CREATOR_TOOL_MAVEN_PLUGIN = "Tool: spdx-maven-plugin";
    public static final String SPDX_RDF_ARTIFACT_TYPE = "spdx.rdf.xml";
    public static final String SPDX_JSON_ARTIFACT_TYPE = "spdx.json";
    public static final String JSON_OUTPUT_FORMAT = "JSON";
    public static final String RDF_OUTPUT_FORMAT = "RDF/XML";

    @Component
    private MavenProject mavenProject;

    @Component
    private MavenProjectHelper projectHelper;

    @Component
    private ProjectBuilder mavenProjectBuilder;

    @Component
    private MavenSession session;

    @Component(hint = "default")
    private DependencyGraphBuilder dependencyGraphBuilder;

    @Parameter(defaultValue = "${project.reporting.outputDirectory}/${project.groupId}_${project.artifactId}-${project.version}.spdx", property = "spdxFileName")
    private File spdxFile;

    @Parameter(defaultValue = "http://spdx.org/spdxpackages/${project.groupId}_${project.artifactId}-${project.version}")
    private String spdxDocumentNamespace;

    @Parameter(defaultValue = "${project.basedir}")
    private String componentName;

    @Parameter
    private NonStandardLicense[] nonStandardLicenses;

    @Parameter(defaultValue = "true")
    private boolean matchLicensesOnCrossReferenceUrls;

    @Parameter
    private String documentComment;

    @Parameter
    private Annotation[] documentAnnotations;

    @Parameter
    private Annotation[] packageAnnotations;

    @Parameter
    private String defaultFileComment;

    @Parameter
    private String[] defaultFileContributors;

    @Parameter(defaultValue = "NOASSERTION")
    private String defaultFileCopyright;

    @Parameter
    private String defaultFileLicenseComment;

    @Parameter
    private String defaultFileNotice;

    @Parameter(defaultValue = "NOASSERTION")
    private String defaultFileConcludedLicense;

    @Parameter(required = false)
    private String defaultLicenseInformationInFile;

    @Parameter
    private String licenseDeclared;

    @Parameter
    private String licenseConcluded;

    @Parameter
    private String creatorComment;

    @Parameter
    private String[] creators;

    @Parameter
    private String licenseComments;

    @Parameter
    private String originator;

    @Parameter
    private String sourceInfo;

    @Parameter(defaultValue = "NOASSERTION")
    private String copyrightText;

    @Parameter
    private boolean onlyUseLocalLicenses;

    @Parameter
    private String[] checksumAlgorithms;

    @Parameter
    private PathSpecificSpdxInfo[] pathsWithSpecificSpdxInfo;

    @Parameter
    private ExternalReference[] externalReferences;

    @Parameter(defaultValue = JSON_OUTPUT_FORMAT)
    private String outputFormat;

    @Parameter(defaultValue = "true")
    private boolean createExternalRefs;

    @Parameter(defaultValue = "true")
    private boolean includeTransitiveDependencies;

    @Parameter(property = "spdx.useArtifactID")
    private boolean useArtifactID;

    @Parameter(property = "spdx.skip")
    private boolean skip = false;

    @Parameter(property = "spdx.generatePurls")
    private boolean generatePurls = true;

    public void execute() throws MojoExecutionException {
        if (this.skip) {
            getLog().info("Skipping SPDX");
            return;
        }
        OutputFormat prepareOutput = prepareOutput();
        String artifactType = prepareOutput.getArtifactType();
        getLog().info("Creating SPDX File " + this.spdxFile.getPath());
        SpdxDocumentBuilder initSpdxDocumentBuilder = initSpdxDocumentBuilder(prepareOutput);
        SpdxDocument spdxDoc = initSpdxDocumentBuilder.getSpdxDoc();
        try {
            SpdxProjectInformation spdxProjectInfoFromParameters = getSpdxProjectInfoFromParameters(initSpdxDocumentBuilder);
            spdxProjectInfoFromParameters.logInfo(spdxDoc);
            initSpdxDocumentBuilder.fillSpdxDocumentInformation(spdxProjectInfoFromParameters);
            SpdxDefaultFileInformation defaultFileInfoFromParameters = getDefaultFileInfoFromParameters(spdxDoc);
            HashMap<String, SpdxDefaultFileInformation> pathSpecificInfoFromParameters = getPathSpecificInfoFromParameters(defaultFileInfoFromParameters, spdxDoc);
            List<FileSet> fileSet = toFileSet(this.mavenProject.getCompileSourceRoots(), this.mavenProject.getResources());
            fileSet.addAll(toFileSet(this.mavenProject.getTestCompileSourceRoots(), null));
            if (getLog().isDebugEnabled()) {
                logIncludedDirectories(fileSet);
                logNonStandardLicenses(this.nonStandardLicenses);
                defaultFileInfoFromParameters.logInfo();
                logFileSpecificInfo(pathSpecificInfoFromParameters);
            }
            initSpdxDocumentBuilder.collectSpdxFileInformation(fileSet, this.mavenProject.getBasedir().getAbsolutePath(), defaultFileInfoFromParameters, pathSpecificInfoFromParameters, getChecksumAlgorithms());
            try {
                initSpdxDocumentBuilder.addDependencyInformation(getSpdxDependencyInformation(initSpdxDocumentBuilder));
                initSpdxDocumentBuilder.saveSpdxDocumentToFile();
                this.projectHelper.attachArtifact(this.mavenProject, artifactType, this.spdxFile);
                List verify = initSpdxDocumentBuilder.getSpdxDoc().verify();
                if (verify == null || verify.size() <= 0) {
                    return;
                }
                getLog().warn("The following errors were found in the SPDX file:\n " + String.join("\n ", verify));
            } catch (DependencyGraphBuilderException e) {
                throw new MojoExecutionException("SPDX analysis error getting the dependencies", e);
            } catch (InvalidSPDXAnalysisException e2) {
                throw new MojoExecutionException("SPDX analysis error processing dependencies", e2);
            } catch (LicenseMapperException e3) {
                throw new MojoExecutionException("Error mapping licenses for dependencies", e3);
            }
        } catch (InvalidSPDXAnalysisException e4) {
            throw new MojoExecutionException("Error getting project information from parameters", e4);
        }
    }

    private OutputFormat prepareOutput() throws MojoExecutionException {
        OutputFormat outputFormat = OutputFormat.JSON;
        try {
            outputFormat = OutputFormat.getOutputFormat(this.outputFormat, this.spdxFile);
        } catch (IllegalArgumentException e) {
            getLog().warn("Invalid SPDX output format, defaulting to JSON format.");
        }
        if (this.spdxFile.getName().endsWith(".spdx")) {
            String fileType = outputFormat.getFileType();
            getLog().info("spdx file type = " + fileType);
            this.spdxFile = new File(this.spdxFile.getAbsolutePath() + fileType);
        }
        File parentFile = this.spdxFile.getParentFile();
        if (parentFile == null) {
            throw new MojoExecutionException("Invalid path for SPDX output file.  Specify a configuration parameter spdxFile with a valid directory path to resolve.");
        }
        parentFile.mkdirs();
        return outputFormat;
    }

    private SpdxDocumentBuilder initSpdxDocumentBuilder(OutputFormat outputFormat) throws MojoExecutionException {
        if (this.onlyUseLocalLicenses) {
            System.setProperty("SPDXParser.OnlyUseLocalLicenses", "true");
        }
        if (this.defaultLicenseInformationInFile == null) {
            this.defaultLicenseInformationInFile = this.defaultFileConcludedLicense;
        }
        try {
            if (this.spdxDocumentNamespace.startsWith("http://spdx.org/spdxpackages/")) {
                this.spdxDocumentNamespace = this.spdxDocumentNamespace.replace(" ", "%20");
            }
            SpdxDocumentBuilder spdxDocumentBuilder = new SpdxDocumentBuilder(this.mavenProject, this.generatePurls, this.spdxFile, new URI(this.spdxDocumentNamespace), this.matchLicensesOnCrossReferenceUrls, outputFormat);
            if (this.nonStandardLicenses != null) {
                try {
                    spdxDocumentBuilder.addNonStandardLicenses(this.nonStandardLicenses);
                } catch (SpdxBuilderException e) {
                    throw new MojoExecutionException("Error adding non standard licenses", e);
                }
            }
            return spdxDocumentBuilder;
        } catch (URISyntaxException e2) {
            throw new MojoExecutionException("Invalid SPDX document namespace - not a valid URI: " + this.spdxDocumentNamespace, e2);
        } catch (LicenseMapperException e3) {
            throw new MojoExecutionException("License mapping error creating SPDX Document Builder", e3);
        } catch (SpdxBuilderException e4) {
            throw new MojoExecutionException("Error creating SPDX Document Builder", e4);
        }
    }

    private SpdxDependencyInformation getSpdxDependencyInformation(SpdxDocumentBuilder spdxDocumentBuilder) throws LicenseMapperException, InvalidSPDXAnalysisException, DependencyGraphBuilderException {
        SpdxDependencyInformation spdxDependencyInformation = new SpdxDependencyInformation(spdxDocumentBuilder.getLicenseManager(), spdxDocumentBuilder.getSpdxDoc(), this.createExternalRefs, this.generatePurls, this.useArtifactID, this.includeTransitiveDependencies);
        if (this.session != null) {
            DefaultProjectBuildingRequest defaultProjectBuildingRequest = new DefaultProjectBuildingRequest(this.session.getProjectBuildingRequest());
            defaultProjectBuildingRequest.setProject(this.mavenProject);
            spdxDependencyInformation.addMavenDependencies(this.mavenProjectBuilder, this.session, this.mavenProject, this.dependencyGraphBuilder.buildDependencyGraph(defaultProjectBuildingRequest, (ArtifactFilter) null), spdxDocumentBuilder.getProjectPackage());
        }
        return spdxDependencyInformation;
    }

    private void logFileSpecificInfo(HashMap<String, SpdxDefaultFileInformation> hashMap) {
        if (getLog().isDebugEnabled()) {
            for (Map.Entry<String, SpdxDefaultFileInformation> entry : hashMap.entrySet()) {
                getLog().debug("File Specific Information for " + entry.getKey());
                entry.getValue().logInfo();
            }
        }
    }

    private HashMap<String, SpdxDefaultFileInformation> getPathSpecificInfoFromParameters(SpdxDefaultFileInformation spdxDefaultFileInformation, SpdxDocument spdxDocument) throws MojoExecutionException {
        HashMap<String, SpdxDefaultFileInformation> hashMap = new HashMap<>();
        if (this.pathsWithSpecificSpdxInfo != null) {
            for (PathSpecificSpdxInfo pathSpecificSpdxInfo : this.pathsWithSpecificSpdxInfo) {
                try {
                    SpdxDefaultFileInformation defaultFileInformation = pathSpecificSpdxInfo.getDefaultFileInformation(spdxDefaultFileInformation, spdxDocument);
                    if (hashMap.containsKey(pathSpecificSpdxInfo.getPath())) {
                        getLog().warn("Multiple file path specific SPDX data for " + pathSpecificSpdxInfo.getPath());
                    }
                    hashMap.put(pathSpecificSpdxInfo.getPath(), defaultFileInformation);
                } catch (InvalidSPDXAnalysisException e) {
                    throw new MojoExecutionException("Invalid license string used in the path specific SPDX information for file " + pathSpecificSpdxInfo.getPath(), e);
                }
            }
        }
        return hashMap;
    }

    private void logNonStandardLicenses(NonStandardLicense[] nonStandardLicenseArr) {
        if (nonStandardLicenseArr == null || !getLog().isDebugEnabled()) {
            return;
        }
        for (NonStandardLicense nonStandardLicense : nonStandardLicenseArr) {
            getLog().debug("Non standard license ID: " + nonStandardLicense.getLicenseId());
            getLog().debug("Non standard license Text: " + nonStandardLicense.getExtractedText());
            getLog().debug("Non standard license Comment: " + nonStandardLicense.getComment());
            getLog().debug("Non standard license Name: " + nonStandardLicense.getName());
            String[] crossReference = nonStandardLicense.getCrossReference();
            if (crossReference != null) {
                for (String str : crossReference) {
                    getLog().debug("Non standard license cross reference: " + str);
                }
            }
        }
    }

    private void logIncludedDirectories(List<FileSet> list) {
        if (list == null || !getLog().isDebugEnabled()) {
            return;
        }
        getLog().debug("Logging " + list.size() + " filesets.");
        for (FileSet fileSet : list) {
            StringBuilder sb = new StringBuilder("Included Directory: " + fileSet.getDirectory());
            List includes = fileSet.getIncludes();
            if (!includes.isEmpty()) {
                sb.append("; Included=");
                sb.append(String.join(",", includes));
            }
            List excludes = fileSet.getExcludes();
            if (!excludes.isEmpty()) {
                sb.append("; Excluded=");
                sb.append(String.join(",", excludes));
            }
            getLog().debug(sb.toString());
        }
    }

    private SpdxDefaultFileInformation getDefaultFileInfoFromParameters(SpdxDocument spdxDocument) throws MojoExecutionException {
        try {
            SpdxDefaultFileInformation spdxDefaultFileInformation = new SpdxDefaultFileInformation();
            spdxDefaultFileInformation.setComment(this.defaultFileComment);
            try {
                spdxDefaultFileInformation.setConcludedLicense(LicenseInfoFactory.parseSPDXLicenseString(this.defaultFileConcludedLicense.trim(), spdxDocument.getModelStore(), spdxDocument.getDocumentUri(), spdxDocument.getCopyManager()));
                spdxDefaultFileInformation.setContributors(this.defaultFileContributors);
                spdxDefaultFileInformation.setCopyright(this.defaultFileCopyright);
                try {
                    spdxDefaultFileInformation.setDeclaredLicense(LicenseInfoFactory.parseSPDXLicenseString(this.defaultLicenseInformationInFile.trim(), spdxDocument.getModelStore(), spdxDocument.getDocumentUri(), spdxDocument.getCopyManager()));
                    spdxDefaultFileInformation.setLicenseComment(this.defaultFileLicenseComment);
                    spdxDefaultFileInformation.setNotice(this.defaultFileNotice);
                    return spdxDefaultFileInformation;
                } catch (InvalidLicenseStringException e) {
                    throw new MojoExecutionException("Invalid default file declared license", e);
                }
            } catch (InvalidLicenseStringException e2) {
                throw new MojoExecutionException("Invalid default file concluded license", e2);
            }
        } catch (InvalidSPDXAnalysisException e3) {
            throw new MojoExecutionException("Error getting default file information", e3);
        }
    }

    private SpdxProjectInformation getSpdxProjectInfoFromParameters(SpdxDocumentBuilder spdxDocumentBuilder) throws MojoExecutionException, InvalidSPDXAnalysisException {
        AnyLicenseInfo parseSPDXLicenseString;
        AnyLicenseInfo parseSPDXLicenseString2;
        String name;
        SpdxDocument spdxDoc = spdxDocumentBuilder.getSpdxDoc();
        SpdxProjectInformation spdxProjectInformation = new SpdxProjectInformation();
        if (this.documentComment != null) {
            spdxProjectInformation.setDocumentComment(this.documentComment);
        }
        if (this.licenseDeclared == null) {
            try {
                parseSPDXLicenseString = spdxDocumentBuilder.getLicenseManager().mavenLicenseListToSpdxLicense(this.mavenProject.getLicenses());
            } catch (LicenseManagerException e) {
                getLog().warn("Unable to map maven licenses to a declared license.  Using NOASSERTION");
                parseSPDXLicenseString = new SpdxNoAssertionLicense();
            }
        } else {
            try {
                parseSPDXLicenseString = LicenseInfoFactory.parseSPDXLicenseString(this.licenseDeclared.trim(), spdxDoc.getModelStore(), spdxDoc.getDocumentUri(), spdxDoc.getCopyManager());
            } catch (InvalidLicenseStringException e2) {
                throw new MojoExecutionException("Invalid declared license: " + this.licenseDeclared.trim(), e2);
            }
        }
        if (this.licenseConcluded == null) {
            parseSPDXLicenseString2 = parseSPDXLicenseString;
        } else {
            try {
                parseSPDXLicenseString2 = LicenseInfoFactory.parseSPDXLicenseString(this.licenseConcluded.trim(), spdxDoc.getModelStore(), spdxDoc.getDocumentUri(), spdxDoc.getCopyManager());
            } catch (InvalidLicenseStringException e3) {
                throw new MojoExecutionException("Invalid concluded license: " + this.licenseConcluded.trim(), e3);
            }
        }
        spdxProjectInformation.setConcludedLicense(parseSPDXLicenseString2);
        spdxProjectInformation.setCreatorComment(this.creatorComment);
        if (this.creators == null) {
            this.creators = new String[0];
        }
        String[] strArr = (String[]) Arrays.copyOf(this.creators, this.creators.length + 1);
        strArr[strArr.length - 1] = CREATOR_TOOL_MAVEN_PLUGIN;
        spdxProjectInformation.setCreators(strArr);
        spdxProjectInformation.setCopyrightText(this.copyrightText);
        spdxProjectInformation.setDeclaredLicense(parseSPDXLicenseString);
        String name2 = this.mavenProject.getName();
        if (name2 == null || name2.isEmpty() || this.useArtifactID) {
            name2 = getDefaultProjectName();
        }
        spdxProjectInformation.setName(name2);
        spdxProjectInformation.setDescription(this.mavenProject.getDescription());
        String str = "NOASSERTION";
        DistributionManagement distributionManagement = this.mavenProject.getDistributionManagement();
        if (distributionManagement != null && distributionManagement.getDownloadUrl() != null && !distributionManagement.getDownloadUrl().isEmpty()) {
            str = distributionManagement.getDownloadUrl();
        }
        spdxProjectInformation.setDownloadUrl(str);
        spdxProjectInformation.setHomePage(this.mavenProject.getUrl());
        spdxProjectInformation.setLicenseComment(this.licenseComments);
        if (this.originator == null && this.mavenProject.getOrganization() != null && this.mavenProject.getOrganization().getName() != null && !this.mavenProject.getOrganization().getName().isEmpty()) {
            this.originator = "Organization:" + this.mavenProject.getOrganization().getName();
        }
        spdxProjectInformation.setOriginator(this.originator);
        String str2 = null;
        File file = null;
        Artifact artifact = this.mavenProject.getArtifact();
        if (artifact != null && artifact.getFile() != null) {
            str2 = artifact.getArtifactId() + "-" + artifact.getVersion() + "." + artifact.getType();
            file = new File(artifact.getFile().getParent() + File.separator + str2);
        }
        Set<Checksum> set = null;
        if (file == null || !file.exists()) {
            getLog().warn(file == null ? "Null package file" : "Package file " + file.getAbsolutePath() + " does not exist");
            str2 = "NOASSERTION";
        } else {
            try {
                getLog().debug("Generating checksum for file " + file.getAbsolutePath());
                set = SpdxFileCollector.generateChecksum(file, getChecksumAlgorithms(), spdxDoc);
            } catch (SpdxCollectionException | InvalidSPDXAnalysisException e4) {
                getLog().warn("Unable to compute checksum for " + file.getName() + ":" + e4.getMessage());
                getLog().debug("Exception information for checksum error", e4);
            }
        }
        spdxProjectInformation.setPackageArchiveFileName(str2);
        spdxProjectInformation.setChecksums(set);
        spdxProjectInformation.setShortDescription(this.mavenProject.getDescription());
        if (this.mavenProject.getOrganization() != null && (name = this.mavenProject.getOrganization().getName()) != null && !name.isEmpty()) {
            spdxProjectInformation.setSupplier("Organization: " + name);
        }
        spdxProjectInformation.setSourceInfo(this.sourceInfo);
        spdxProjectInformation.setVersionInfo(this.mavenProject.getVersion());
        spdxProjectInformation.setDocumentAnnotations(this.documentAnnotations);
        spdxProjectInformation.setPackageAnnotations(this.packageAnnotations);
        spdxProjectInformation.setExternalRefs(this.externalReferences);
        Packaging valueOfPackaging = Packaging.valueOfPackaging(this.mavenProject.getPackaging());
        spdxProjectInformation.setPrimaryPurpose(valueOfPackaging != null ? valueOfPackaging.getPurpose() : Purpose.LIBRARY);
        return spdxProjectInformation;
    }

    private String getDefaultProjectName() {
        return this.mavenProject.getGroupId() + ":" + this.mavenProject.getArtifactId();
    }

    private static List<FileSet> toFileSet(List<String> list, List<Resource> list2) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            for (String str : list) {
                FileSet fileSet = new FileSet();
                fileSet.setDirectory(new File(str).getAbsolutePath());
                fileSet.addInclude(INCLUDE_ALL);
                arrayList.add(fileSet);
            }
        }
        if (list2 != null) {
            for (Resource resource : list2) {
                FileSet fileSet2 = new FileSet();
                fileSet2.setDirectory(new File(resource.getDirectory()).getAbsolutePath());
                fileSet2.setExcludes(resource.getExcludes());
                fileSet2.setIncludes(resource.getIncludes());
                arrayList.add(fileSet2);
            }
        }
        return arrayList;
    }

    private Set<ChecksumAlgorithm> getChecksumAlgorithms() {
        HashSet hashSet = new HashSet();
        hashSet.add(ChecksumAlgorithm.SHA1);
        if (this.checksumAlgorithms != null) {
            for (String str : this.checksumAlgorithms) {
                try {
                    hashSet.add(ChecksumAlgorithm.valueOf(str.toUpperCase()));
                } catch (IllegalArgumentException e) {
                    getLog().warn("Ignoring unsupported checksum algorithm: " + str);
                }
            }
        }
        return hashSet;
    }
}
