package com.sonatype.insight.maven;

import com.sonatype.clm.dto.model.ProprietaryConfig;
import com.sonatype.clm.dto.model.ScanReceipt;
import com.sonatype.clm.dto.model.policy.Action;
import com.sonatype.clm.dto.model.policy.PolicyAlert;
import com.sonatype.clm.dto.model.policy.PolicyEvaluationPollingResult;
import com.sonatype.clm.dto.model.policy.PolicyEvaluationResult;
import com.sonatype.clm.dto.model.policy.PolicyFact;
import com.sonatype.clm.dto.model.policy.Stage;
import com.sonatype.insight.brain.client.ConfigurationClient;
import com.sonatype.insight.brain.client.PolicyAction;
import com.sonatype.insight.brain.client.PolicyClient;
import com.sonatype.insight.brain.client.ScanClient;
import com.sonatype.insight.brain.client.UnsupportedServerVersionException;
import com.sonatype.insight.client.utils.HttpClientUtils;
import com.sonatype.insight.client.utils.SimpleAuthentication;
import com.sonatype.insight.scan.file.ScanSession;
import com.sonatype.insight.scan.model.ClientScanResult;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.project.MavenProject;
import org.apache.maven.settings.Proxy;
import org.apache.maven.settings.Server;
import org.codehaus.plexus.util.StringUtils;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.shaded.SecDispatcherException;

/* loaded from: input_file:com/sonatype/insight/maven/EvaluateMojo.class */
public class EvaluateMojo extends AbstractClmScanMojo {
    private static final String PROP_PROPRIETARY_PACKAGES = "proprietaryPackages";
    private static final String PROP_PROPRIETARY_REGEXES = "proprietaryRegexes";
    public static final String MINIMAL_SERVER_VERSION_REQUIRED = "1.69.0";
    private String executionId;
    private boolean offline;
    private List<MavenProject> reactorProjects;
    private MavenSession session;
    private boolean pkiAuthentication;
    private String serverUrl;
    private String serverId;
    private String username;
    private String password;
    private String applicationId;
    private Stage stage;
    private File resultFile;
    private SecDispatcher secDispatcher;
    private HttpClientUtils.Configuration configuration;

    public void setStage(String str) {
        this.stage = new Stage(str);
    }

    @Override // com.sonatype.insight.maven.AbstractClmMojo
    public void execute() throws MojoExecutionException {
        this.configuration = new HttpClientUtils.Configuration();
        this.configuration.setServerUrl(this.serverUrl);
        configureAuthentication(this.configuration);
        configureProxy(this.configuration);
        try {
            super.execute();
        } finally {
            this.configuration = null;
        }
    }

    private void verifyApplicationId(ConfigurationClient configurationClient) throws MojoExecutionException {
        try {
            if (configurationClient.verifyOrCreateApplication(this.applicationId)) {
            } else {
                throw new MojoExecutionException("Could not find or create an application with ID " + this.applicationId + ". Please check your application ID and permissions.");
            }
        } catch (MojoExecutionException e) {
            throw e;
        } catch (Exception e2) {
            throw new MojoExecutionException("Could not communicate with IQ Server", e2);
        }
    }

    private void verifyServerVersion(ConfigurationClient configurationClient) throws MojoExecutionException {
        try {
            configurationClient.validateServerVersion(MINIMAL_SERVER_VERSION_REQUIRED);
        } catch (UnsupportedServerVersionException e) {
            throw new MojoExecutionException(e.getMessage());
        } catch (Exception e2) {
            throw new MojoExecutionException("Could not communicate with IQ Server", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sonatype.insight.maven.AbstractClmMojo
    public boolean validatePreconditions() throws MojoExecutionException {
        if (!super.validatePreconditions()) {
            return false;
        }
        if (!Stage.isValidStageTypeId(this.stage.getStageTypeId())) {
            throw new MojoExecutionException("Stage '" + this.stage.getStageTypeId() + "' is not valid.");
        }
        if (!(this.username == null && this.serverId == null) && this.pkiAuthentication) {
            throw new MojoExecutionException("Only basic or PKI authentication can be enabled at a time, not both.");
        }
        if (this.executionId != null && !"default-cli".equals(this.executionId)) {
            getLog().warn("Goal 'evaluate' is not expected to be used as part of project lifecycle.");
        }
        if (this.offline) {
            getLog().warn("Maven is running in offline mode, skipping policy evaluation");
            return false;
        }
        ConfigurationClient configurationClient = new ConfigurationClient(this.configuration);
        verifyServerVersion(configurationClient);
        verifyApplicationId(configurationClient);
        boolean z = false;
        Iterator<MavenProject> it = this.reactorProjects.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (requireProducedArtifacts(it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            return true;
        }
        getLog().warn("It seems the build has not reached the 'package' lifecycle phase yet.");
        getLog().warn("As a result, this scan could not consider produced artifacts and might be incomplete.");
        getLog().warn("To ensure all output artifacts are scanned, please run this goal after 'package' phase.");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sonatype.insight.maven.AbstractClmScanMojo
    public Properties getScanConfigProps() throws Exception {
        Properties scanConfigProps = super.getScanConfigProps();
        ProprietaryConfig proprietaryConfigForApplicationEvaluation = new ConfigurationClient(this.configuration).getProprietaryConfigForApplicationEvaluation(this.applicationId);
        if (!scanConfigProps.containsKey("proprietaryPackages")) {
            scanConfigProps.put("proprietaryPackages", StringUtils.join(proprietaryConfigForApplicationEvaluation.getPackages().iterator(), ProprietaryConfig.PACKAGE_DELIM));
        }
        if (!scanConfigProps.containsKey("proprietaryRegexes")) {
            scanConfigProps.put("proprietaryRegexes", StringUtils.join(proprietaryConfigForApplicationEvaluation.getRegexes().iterator(), ProprietaryConfig.REGEX_DELIM));
        }
        return scanConfigProps;
    }

    @Override // com.sonatype.insight.maven.AbstractClmScanMojo
    protected void processScanFile(ClientScanResult clientScanResult) throws MojoExecutionException {
        ScanClient scanClient = new ScanClient(this.configuration, this.applicationId);
        PolicyClient policyClient = new PolicyClient(this.configuration, this.applicationId);
        try {
            getLog().info(String.format("Evaluating policies on %s ...", this.serverUrl));
            PolicyEvaluationPollingResult evaluateCI = policyClient.evaluateCI(clientScanResult, this.stage);
            ScanReceipt scanReceipt = evaluateCI.getScanReceipt();
            PolicyEvaluationResult result = evaluateCI.getResult();
            StringBuilder sb = new StringBuilder();
            PolicyAction policyAction = PolicyAction.NONE;
            for (PolicyAlert policyAlert : result.getAlerts()) {
                PolicyFact trigger = policyAlert.getTrigger();
                Iterator<Action> it = policyAlert.getActions().iterator();
                while (it.hasNext()) {
                    String actionTypeId = it.next().getActionTypeId();
                    if ("fail".equals(actionTypeId)) {
                        policyAction = policyAction.combine(PolicyAction.FAIL);
                        sb.append("Sonatype CLM reports policy failing due to ").append(trigger).append("\n");
                    } else if ("warn".equals(actionTypeId)) {
                        policyAction = policyAction.combine(PolicyAction.WARN);
                        sb.append("Sonatype CLM reports policy warning due to ").append(trigger).append("\n");
                    }
                }
            }
            if (this.resultFile != null) {
                try {
                    scanClient.saveResultData(this.resultFile, scanReceipt, result, policyAction.toString());
                    getLog().info("Saved evaluation results to " + this.resultFile);
                } catch (IOException e) {
                    throw new MojoExecutionException("Could not export evaluation results to " + this.resultFile, e);
                }
            }
            String resolveReportUrl = scanReceipt.resolveReportUrl(this.serverUrl);
            sb.append(String.format("Policy Action: %s\n", policyAction));
            sb.append(String.format("Number of components affected: %s critical, %s severe, %s moderate\n", Integer.valueOf(result.getCriticalComponentCount()), Integer.valueOf(result.getSevereComponentCount()), Integer.valueOf(result.getModerateComponentCount())));
            sb.append(String.format("Number of open policy violations: %s critical, %s severe, %s moderate\n", Integer.valueOf(result.getCriticalPolicyViolationCount()), Integer.valueOf(result.getSeverePolicyViolationCount()), Integer.valueOf(result.getModeratePolicyViolationCount())));
            sb.append(String.format("Number of grandfathered policy violations: %s\n", Integer.valueOf(result.getGrandfatheredPolicyViolationCount())));
            sb.append("The detailed report can be viewed online at ").append(resolveReportUrl).append("\n");
            if (PolicyAction.FAIL == policyAction) {
                throw new MojoExecutionException(sb.toString());
            }
            if (PolicyAction.WARN == policyAction) {
                getLog().warn(sb);
            } else {
                getLog().info(sb);
            }
        } catch (IOException e2) {
            throw new MojoExecutionException("Could not evaluate CLM policy", e2);
        }
    }

    private void configureProxy(HttpClientUtils.Configuration configuration) throws MojoExecutionException {
        try {
            Proxy selectProxy = MavenSettingsHelper.selectProxy(this.session.getSettings(), this.serverUrl);
            if (selectProxy == null) {
                getLog().debug("No proxy configured");
                return;
            }
            try {
                Proxy decrypt = MavenSettingsHelper.decrypt(this.secDispatcher, selectProxy);
                configuration.setProxy(decrypt.getHost());
                configuration.setProxyPort(decrypt.getPort());
                getLog().debug("Using proxy " + decrypt.getHost() + ':' + decrypt.getPort());
                if (decrypt.getUsername() != null) {
                    SimpleAuthentication simpleAuthentication = new SimpleAuthentication();
                    simpleAuthentication.setUsername(decrypt.getUsername());
                    simpleAuthentication.setPassword(decrypt.getPassword());
                    configuration.setProxyAuth(simpleAuthentication);
                }
            } catch (SecDispatcherException e) {
                throw new MojoExecutionException("Could not decrypt proxy credentials", e);
            }
        } catch (MalformedURLException e2) {
            throw new MojoExecutionException(String.format("Could not parse serverUrl '%s'", this.serverUrl), e2);
        }
    }

    private void configureAuthentication(HttpClientUtils.Configuration configuration) throws MojoExecutionException {
        SimpleAuthentication simpleAuthentication = new SimpleAuthentication();
        if (this.username != null) {
            getLog().debug("Authentication configured via clm.username/clm.password properties.");
            simpleAuthentication.setUsername(this.username);
            simpleAuthentication.setPassword(this.password);
        } else if (this.serverId != null) {
            getLog().debug("Authentication configured via clm.serverId property.");
            Server server = this.session.getSettings().getServer(this.serverId);
            if (server == null) {
                throw new MojoExecutionException("Could not find a server with id " + this.serverId + " in settings.xml.");
            }
            try {
                Server decrypt = MavenSettingsHelper.decrypt(this.secDispatcher, server);
                simpleAuthentication.setUsername(decrypt.getUsername());
                simpleAuthentication.setPassword(decrypt.getPassword());
            } catch (SecDispatcherException e) {
                throw new MojoExecutionException("Could not decrypt server credentials", e);
            }
        } else {
            if (!this.pkiAuthentication) {
                getLog().debug("Authentication not configured.");
                return;
            }
            getLog().debug("Authentication configured via clm.pkiAuthentication property.");
        }
        configuration.setServerAuth(simpleAuthentication);
    }

    @Override // com.sonatype.insight.maven.AbstractClmScanMojo
    protected void scanModules(ScanSession scanSession) throws Exception {
        Iterator<MavenProject> it = this.reactorProjects.iterator();
        while (it.hasNext()) {
            scanModules(scanSession, it.next());
        }
    }
}
