package de.tum.in.test.api.security;

import de.tum.in.test.api.TrustedThreads;
import de.tum.in.test.api.context.TestContext;
import de.tum.in.test.api.localization.Messages;
import de.tum.in.test.api.util.PackageRule;
import de.tum.in.test.api.util.PathRule;
import java.io.IOException;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apiguardian.api.API;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@API(status = API.Status.INTERNAL)
/* loaded from: input_file:de/tum/in/test/api/security/AresSecurityConfigurationBuilder.class */
public final class AresSecurityConfigurationBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(AresSecurityConfigurationBuilder.class);
    private static final Path EXPECTED_MAVEN_POM_PATH = Path.of(System.getProperty(AresSystemProperties.ARES_MAVEN_POM, "pom.xml"), new String[0]);
    private static final Path EXPECTED_GRADLE_BUILD_PATH = Path.of(System.getProperty(AresSystemProperties.ARES_GRADLE_BUILD, "build.gradle"), new String[0]);
    private static final String MAVEN_ENFORCER_FILE_ENTRY = "<file>${project.build.outputDirectory}%s</file>";
    private static final String GRADLE_ENFORCER_FILE_ENTRY = "\"$studentOutputDir%s\"";
    private static final boolean IS_MAVEN;
    private static final boolean IS_GRADLE;
    private static String buildConfigurationFileContent;
    private Path executionPath;
    private Set<PathRule> whitelistedPaths;
    private Optional<Class<?>> testClass = Optional.empty();
    private Optional<Method> testMethod = Optional.empty();
    private Set<String> whitelistedClassNames = new HashSet();
    private Set<PathRule> blacklistedPaths = Set.of();
    private Set<PackageRule> blacklistedPackages = Set.of();
    private Set<PackageRule> whitelistedPackages = Set.of();
    private Set<Integer> allowedLocalPorts = Set.of();
    private OptionalInt allowLocalPortsAbove = OptionalInt.empty();
    private Set<Integer> excludedLocalPorts = Set.of();
    private OptionalInt allowedThreadCount = OptionalInt.empty();
    private Set<PackageRule> trustedPackages = Set.of();
    private TrustedThreads.TrustScope threadTrustScope = TrustedThreads.TrustScope.MINIMAL;

    private AresSecurityConfigurationBuilder() {
    }

    public AresSecurityConfigurationBuilder withPath(Path path) {
        this.executionPath = (Path) Objects.requireNonNull(path);
        return this;
    }

    public AresSecurityConfigurationBuilder withPathWhitelist(Collection<PathRule> collection) {
        this.whitelistedPaths = Set.copyOf(collection);
        return this;
    }

    public AresSecurityConfigurationBuilder withPathBlacklist(Collection<PathRule> collection) {
        this.blacklistedPaths = Set.copyOf(collection);
        return this;
    }

    public AresSecurityConfigurationBuilder withAllowedLocalPorts(Set<Integer> set) {
        this.allowedLocalPorts = (Set) Objects.requireNonNull(set);
        return this;
    }

    public AresSecurityConfigurationBuilder withAllowLocalPortsAbove(OptionalInt optionalInt) {
        this.allowLocalPortsAbove = (OptionalInt) Objects.requireNonNull(optionalInt);
        return this;
    }

    public AresSecurityConfigurationBuilder withExcludedLocalPorts(Set<Integer> set) {
        this.excludedLocalPorts = (Set) Objects.requireNonNull(set);
        return this;
    }

    public AresSecurityConfigurationBuilder withAllowedThreadCount(OptionalInt optionalInt) {
        this.allowedThreadCount = (OptionalInt) Objects.requireNonNull(optionalInt);
        return this;
    }

    public AresSecurityConfigurationBuilder configureFromContext(TestContext testContext) {
        this.testClass = (Optional) Objects.requireNonNull(testContext.testClass());
        this.testMethod = (Optional) Objects.requireNonNull(testContext.testMethod());
        return this;
    }

    public AresSecurityConfigurationBuilder addWhitelistedClassNames(Collection<String> collection) {
        this.whitelistedClassNames.addAll(collection);
        return this;
    }

    public AresSecurityConfigurationBuilder withPackageBlacklist(Collection<PackageRule> collection) {
        this.blacklistedPackages = Set.copyOf(collection);
        return this;
    }

    public AresSecurityConfigurationBuilder withPackageWhitelist(Collection<PackageRule> collection) {
        this.whitelistedPackages = Set.copyOf(collection);
        return this;
    }

    public AresSecurityConfigurationBuilder withTrustedPackages(Set<PackageRule> set) {
        this.trustedPackages = Set.copyOf(set);
        return this;
    }

    public AresSecurityConfigurationBuilder withThreadTrustScope(TrustedThreads.TrustScope trustScope) {
        this.threadTrustScope = (TrustedThreads.TrustScope) Objects.requireNonNull(trustScope);
        return this;
    }

    public AresSecurityConfiguration build() {
        validate();
        return new AresSecurityConfiguration(this.testClass, this.testMethod, this.executionPath, this.whitelistedClassNames, Optional.ofNullable(this.whitelistedPaths), this.blacklistedPaths, this.allowedLocalPorts, this.allowLocalPortsAbove, this.excludedLocalPorts, this.allowedThreadCount, this.blacklistedPackages, this.whitelistedPackages, this.trustedPackages, this.threadTrustScope);
    }

    private void validate() {
        if (this.allowedThreadCount.orElse(0) < 0) {
            throw new ConfigurationException(Messages.localized("security.configuration_invalid_negative_threads", new Object[0]));
        }
        if (!Collections.disjoint(this.allowedLocalPorts, this.excludedLocalPorts)) {
            throw new ConfigurationException(Messages.localized("security.configuration_invalid_port_rule_intersection", new Object[0]));
        }
        this.allowedLocalPorts.forEach((v0) -> {
            validatePortRange(v0);
        });
        this.excludedLocalPorts.forEach((v0) -> {
            validatePortRange(v0);
        });
        this.allowLocalPortsAbove.ifPresent(i -> {
            validatePortRange(i);
            if (this.allowedLocalPorts.stream().anyMatch(num -> {
                return num.intValue() > i;
            })) {
                throw new ConfigurationException(Messages.localized("security.configuration_invalid_port_allowed_in_rage", new Object[0]));
            }
            if (this.excludedLocalPorts.stream().anyMatch(num2 -> {
                return num2.intValue() <= i;
            })) {
                throw new ConfigurationException(Messages.localized("security.configuration_invalid_port_exclude_outside_rage", new Object[0]));
            }
        });
        validateTrustedPackages(this.trustedPackages);
    }

    private static void validatePortRange(int i) {
        if (i < 0) {
            throw new ConfigurationException(Messages.localized("security.configuration_invalid_port_negative", new Object[0]));
        }
        if (i > 65535) {
            throw new ConfigurationException(Messages.localized("security.configuration_invalid_port_over_max", new Object[0]));
        }
    }

    private static void validateTrustedPackages(Set<PackageRule> set) {
        String str;
        Path path;
        if (IS_MAVEN) {
            str = MAVEN_ENFORCER_FILE_ENTRY;
            path = EXPECTED_MAVEN_POM_PATH;
        } else {
            if (!IS_GRADLE) {
                return;
            }
            str = GRADLE_ENFORCER_FILE_ENTRY;
            path = EXPECTED_GRADLE_BUILD_PATH;
        }
        try {
            if (buildConfigurationFileContent == null) {
                buildConfigurationFileContent = Files.readString(path);
            }
            String str2 = str;
            Stream map = Stream.concat(SecurityConstants.STACK_WHITELIST.stream(), set.stream().map(packageRule -> {
                return packageRule.getPackagePattern().split("\\*", 2)[0];
            }).filter(Predicate.not((v0) -> {
                return v0.isEmpty();
            }))).map(str3 -> {
                return "/" + String.join("/", str3.split("\\.")) + "/";
            }).map(str4 -> {
                return String.format(str2, str4);
            });
            String str5 = buildConfigurationFileContent;
            Objects.requireNonNull(str5);
            List list = (List) map.filter(Predicate.not((v1) -> {
                return r1.contains(v1);
            })).sorted().collect(Collectors.toList());
            LOG.debug("Validated build configuration regarding trusted package rules, {} are missing.", Integer.valueOf(list.size()));
            if (list.isEmpty()) {
            } else {
                throw new ConfigurationException("Ares has detected that the build configuration is probably incomplete. The following file-must-not-exist rules seem to be missing:\n    " + String.join("\n    ", list) + "\n    See https://github.com/ls1intum/Ares#what-you-need-to-do-outside-ares for more information.");
            }
        } catch (IOException e) {
            LOG.error("Ares cannot read pom.xml", e);
            throw new ConfigurationException("Ares cannot read pom.xml and validate the configuration. Please make sure " + path.getFileName() + " can be read or otherwise set the 'ares.maven.ignore'/'ares.gradle.ignore' system property to true");
        }
    }

    public static AresSecurityConfigurationBuilder create() {
        return new AresSecurityConfigurationBuilder();
    }

    static {
        IS_MAVEN = (((Boolean) StackWalker.getInstance().walk(stream -> {
            return Boolean.valueOf(stream.anyMatch(stackFrame -> {
                return stackFrame.getClassName().contains("maven");
            }));
        })).booleanValue() || Files.exists(EXPECTED_MAVEN_POM_PATH, new LinkOption[0])) && !Boolean.getBoolean(AresSystemProperties.ARES_MAVEN_IGNORE);
        IS_GRADLE = (((Boolean) StackWalker.getInstance().walk(stream2 -> {
            return Boolean.valueOf(stream2.anyMatch(stackFrame -> {
                return stackFrame.getClassName().contains("gradle");
            }));
        })).booleanValue() || Files.exists(EXPECTED_GRADLE_BUILD_PATH, new LinkOption[0])) && !Boolean.getBoolean(AresSystemProperties.ARES_GRADLE_IGNORE);
    }
}
