package com.metaeffekt.artifact.analysis.bom.spdx.mapper;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.metaeffekt.artifact.analysis.bom.LicenseProcessor;
import com.metaeffekt.artifact.analysis.bom.spdx.DocumentSpec;
import com.metaeffekt.artifact.analysis.bom.spdx.LicenseStringConverter;
import com.metaeffekt.artifact.analysis.bom.spdx.facade.SpdxApiFacade;
import com.metaeffekt.artifact.analysis.metascan.Constants;
import com.metaeffekt.artifact.terms.model.TermsMetaData;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringJoiner;
import org.apache.commons.lang3.StringUtils;
import org.metaeffekt.common.notice.model.ComponentDefinition;
import org.metaeffekt.common.notice.model.NoticeParameters;
import org.metaeffekt.core.inventory.processor.model.AbstractModelBase;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.AssetMetaData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spdx.library.InvalidSPDXAnalysisException;
import org.spdx.library.SpdxConstants;
import org.spdx.library.model.ReferenceType;
import org.spdx.library.model.SpdxDocument;
import org.spdx.library.model.SpdxPackage;
import org.spdx.library.model.enumerations.AnnotationType;
import org.spdx.library.model.enumerations.ChecksumAlgorithm;
import org.spdx.library.model.enumerations.Purpose;
import org.spdx.library.model.enumerations.ReferenceCategory;
import org.spdx.library.model.license.SpdxNoAssertionLicense;
import org.spdx.storage.IModelStore;

/* loaded from: input_file:com/metaeffekt/artifact/analysis/bom/spdx/mapper/SpdxPackageMapper.class */
public class SpdxPackageMapper {
    private static final Logger log = LoggerFactory.getLogger(SpdxPackageMapper.class);
    private final SpdxDocument spdxDocument;
    private final DocumentSpec documentSpec;
    private final LicenseStringConverter licenseStringConverter;
    private final Set<String> approvedAttributes;
    private final HashSet<String> writtenAttributes = new HashSet<>();
    private final HashSet<TermsMetaData> referencedLicenses = new HashSet<>();

    public SpdxPackageMapper(DocumentSpec documentSpec, Set<String> set, SpdxDocument spdxDocument, LicenseStringConverter licenseStringConverter) {
        this.spdxDocument = spdxDocument;
        this.documentSpec = documentSpec;
        this.licenseStringConverter = licenseStringConverter;
        this.approvedAttributes = set;
    }

    public SpdxPackage map(AbstractModelBase abstractModelBase) throws InvalidSPDXAnalysisException {
        SpdxPackage.SpdxPackageBuilder spdxPackageBuilder = null;
        if (abstractModelBase instanceof Artifact) {
            spdxPackageBuilder = this.spdxDocument.createPackage(this.spdxDocument.getModelStore().getNextId(IModelStore.IdType.SpdxId, this.documentSpec.getDocumentUri()), abstractModelBase.get("Id"), new SpdxNoAssertionLicense(), SpdxConstants.NOASSERTION_VALUE, new SpdxNoAssertionLicense());
        } else if (abstractModelBase instanceof AssetMetaData) {
            spdxPackageBuilder = this.spdxDocument.createPackage(this.spdxDocument.getModelStore().getNextId(IModelStore.IdType.SpdxId, this.documentSpec.getDocumentUri()), abstractModelBase.get("Asset Id"), new SpdxNoAssertionLicense(), SpdxConstants.NOASSERTION_VALUE, new SpdxNoAssertionLicense());
        }
        mapAdditionals(abstractModelBase, spdxPackageBuilder);
        mapPrimaryPackagePurpose(abstractModelBase, spdxPackageBuilder);
        mapUrls(abstractModelBase, spdxPackageBuilder);
        mapFileTypeInformation(abstractModelBase, spdxPackageBuilder);
        mapVersionInfo(abstractModelBase, spdxPackageBuilder);
        mapChecksums(abstractModelBase, spdxPackageBuilder);
        mapAuthors(abstractModelBase, spdxPackageBuilder);
        mapOverflowKeyValueAnnotation(abstractModelBase, spdxPackageBuilder, this.approvedAttributes);
        mapExternalRefs(abstractModelBase, spdxPackageBuilder);
        mapNotesAnnotation(abstractModelBase, spdxPackageBuilder);
        this.writtenAttributes.removeAll(this.writtenAttributes);
        if (spdxPackageBuilder == null) {
            throw new RuntimeException("AbstractModelBase: " + abstractModelBase + " is neither an asset or artifact.");
        }
        SpdxPackage build = spdxPackageBuilder.build();
        mapLicensesAndCopyrights(abstractModelBase, this.referencedLicenses, build);
        return build;
    }

    private void mapAdditionals(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) {
        if (StringUtils.isNotBlank(abstractModelBase.get("Deployable URL"))) {
            spdxPackageBuilder.setDownloadLocation(abstractModelBase.get("Deployable URL"));
        } else {
            spdxPackageBuilder.setDownloadLocation(SpdxConstants.NOASSERTION_VALUE);
        }
        if (StringUtils.isNotEmpty(abstractModelBase.get("Component Source Type"))) {
            spdxPackageBuilder.setSourceInfo(abstractModelBase.get("Component Source Type"));
        }
        if (StringUtils.isNotEmpty(abstractModelBase.get(Artifact.Attribute.PROJECTS))) {
            spdxPackageBuilder.setPackageFileName(SpdxApiFacade.getFilePathFromProjectLocations(abstractModelBase.get(Artifact.Attribute.PROJECTS)));
        }
        if (StringUtils.isNotBlank(abstractModelBase.get("Primary"))) {
            spdxPackageBuilder.setComment("Primary");
        }
    }

    private void mapPrimaryPackagePurpose(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) {
        if (StringUtils.isBlank(abstractModelBase.get("Type"))) {
            return;
        }
        try {
            Iterator fields = new ObjectMapper().readTree(SpdxPackageMapper.class.getClassLoader().getResourceAsStream("sbom/typeMap.json")).fields();
            while (fields.hasNext()) {
                Map.Entry entry = (Map.Entry) fields.next();
                ArrayList arrayList = new ArrayList();
                if (((JsonNode) entry.getValue()).isArray()) {
                    ((JsonNode) entry.getValue()).forEach(jsonNode -> {
                        arrayList.add(jsonNode.asText());
                    });
                }
                if (arrayList.contains(abstractModelBase.get("Type"))) {
                    try {
                        spdxPackageBuilder.setPrimaryPurpose(Purpose.valueOf((String) entry.getKey()));
                    } catch (IllegalArgumentException e) {
                        spdxPackageBuilder.setPrimaryPurpose(Purpose.OTHER);
                    }
                    this.writtenAttributes.add("Type");
                }
            }
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    private void mapUrls(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) {
        String str = abstractModelBase.get("URL");
        String str2 = abstractModelBase.get("Organization URL");
        String str3 = abstractModelBase.get("Source Code URL");
        if (StringUtils.isNotEmpty(str)) {
            try {
                new URL(str);
                spdxPackageBuilder.setHomepage(str);
                this.writtenAttributes.add("URL");
            } catch (MalformedURLException e) {
                log.warn("URL: {} value is not a valid URL: {}", str, abstractModelBase);
            }
        } else if (StringUtils.isNotBlank(str2)) {
            try {
                new URL(str2);
                spdxPackageBuilder.setHomepage(str2);
                this.writtenAttributes.add("Organization URL");
            } catch (MalformedURLException e2) {
                log.warn("URL: {} value is not a valid URL: {}", str2, abstractModelBase);
            }
        } else {
            spdxPackageBuilder.setHomepage(SpdxConstants.NOASSERTION_VALUE);
        }
        if (StringUtils.isNotBlank(str3)) {
            spdxPackageBuilder.setSourceInfo(str3);
        } else {
            spdxPackageBuilder.setSourceInfo(SpdxConstants.NOASSERTION_VALUE);
        }
    }

    private void mapFileTypeInformation(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) {
        String str = abstractModelBase.get("Archive");
        String str2 = abstractModelBase.get("Structured");
        String str3 = abstractModelBase.get("Executable");
        String str4 = StringUtils.isNotBlank(str) ? "Archive: " + str + "\n" : "Archive: " + SpdxConstants.NOASSERTION_VALUE + "\n";
        String str5 = StringUtils.isNotBlank(str2) ? str4 + "Structured: " + str2 + "\n" : str4 + "Structured: " + SpdxConstants.NOASSERTION_VALUE + "\n";
        String str6 = StringUtils.isNotBlank(str3) ? str5 + "Executable: " + str3 + "\n" : str5 + "Executable: " + SpdxConstants.NOASSERTION_VALUE + "\n";
        if (StringUtils.isNotBlank(str6)) {
            spdxPackageBuilder.setComment(str6);
        }
    }

    private void mapVersionInfo(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) {
        if (StringUtils.isBlank(abstractModelBase.get("Version"))) {
            spdxPackageBuilder.setVersionInfo(SpdxConstants.NOASSERTION_VALUE);
        } else {
            spdxPackageBuilder.setVersionInfo(abstractModelBase.get("Version"));
            this.writtenAttributes.add(Artifact.Attribute.VERSION.getKey());
        }
    }

    private void mapChecksums(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) throws InvalidSPDXAnalysisException {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        hashMap.put(ChecksumAlgorithm.MD5, Arrays.asList("Checksum", "Checksum (MD5)"));
        hashMap.put(ChecksumAlgorithm.SHA1, Arrays.asList("Checksum (SHA-1)", "Hash (SHA-1)"));
        hashMap.put(ChecksumAlgorithm.SHA256, Arrays.asList("Checksum (SHA-256)", "Hash (SHA-256)", Constants.KEY_BINARY_ARTIFACT_HASH_SHA256));
        hashMap.put(ChecksumAlgorithm.SHA512, Arrays.asList("Checksum (SHA-512)", "HASH (SHA-512)"));
        for (Map.Entry entry : hashMap.entrySet()) {
            ChecksumAlgorithm checksumAlgorithm = (ChecksumAlgorithm) entry.getKey();
            List<String> list = (List) entry.getValue();
            String firstNonBlankValue = getFirstNonBlankValue(abstractModelBase, list);
            if (StringUtils.isNotBlank(firstNonBlankValue)) {
                arrayList.add(this.spdxDocument.createChecksum(checksumAlgorithm, firstNonBlankValue));
                this.writtenAttributes.addAll(list);
            }
        }
        if (!arrayList.isEmpty()) {
            spdxPackageBuilder.setChecksums(arrayList);
        }
        String str = abstractModelBase.get("Digest");
        if (StringUtils.isNotBlank(str) && str.startsWith("sha256:")) {
            arrayList.add(this.spdxDocument.createChecksum(ChecksumAlgorithm.SHA256, str.substring(7)));
            spdxPackageBuilder.setChecksums(arrayList);
        }
    }

    private void mapAuthors(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) {
        String str = abstractModelBase.get("Extracted Authors (ScanCode-1)");
        if (StringUtils.isNotBlank(str)) {
            spdxPackageBuilder.setAttributionText(Arrays.asList(str.split("\\|\n")));
        }
        this.writtenAttributes.add("Extracted Authors (ScanCode-1)");
        if (StringUtils.isNotBlank(abstractModelBase.get("Supplier"))) {
            spdxPackageBuilder.setSupplier("Organization: " + abstractModelBase.get("Supplier"));
        }
    }

    private void mapOverflowKeyValueAnnotation(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder, Collection<String> collection) throws InvalidSPDXAnalysisException {
        HashMap hashMap = new HashMap();
        if (collection != null) {
            for (String str : collection) {
                if (!this.writtenAttributes.contains(str)) {
                    String str2 = abstractModelBase.get(str);
                    if (StringUtils.isNotBlank(str2)) {
                        hashMap.put(str, str2);
                    }
                    this.writtenAttributes.add(str);
                }
            }
        }
        if (hashMap.isEmpty()) {
            return;
        }
        spdxPackageBuilder.addAnnotation(MappingUtils.getOverflowAnnotation(this.spdxDocument, this.documentSpec, hashMap));
    }

    private void mapExternalRefs(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) throws InvalidSPDXAnalysisException {
        String str = abstractModelBase.get("PURL");
        if (StringUtils.isNotBlank(str)) {
            spdxPackageBuilder.addExternalRef(this.spdxDocument.createExternalRef(ReferenceCategory.PACKAGE_MANAGER, new ReferenceType(new ReferenceType("http://spdx.org/rdf/references/purl")), str, (String) null));
        }
        if (StringUtils.isNotBlank(abstractModelBase.get("Repository"))) {
            spdxPackageBuilder.addExternalRef(this.spdxDocument.createExternalRef(ReferenceCategory.OTHER, new ReferenceType("http://spdx.org/rdf/references/url"), abstractModelBase.get("Repository"), (String) null));
        }
    }

    private void mapNotesAnnotation(AbstractModelBase abstractModelBase, SpdxPackage.SpdxPackageBuilder spdxPackageBuilder) throws InvalidSPDXAnalysisException {
        NoticeParameters readNoticeParameters = LicenseProcessor.readNoticeParameters(abstractModelBase);
        if (readNoticeParameters == null) {
            return;
        }
        String buildNotesAnnotation = buildNotesAnnotation(readNoticeParameters);
        if (StringUtils.isNotBlank(buildNotesAnnotation)) {
            spdxPackageBuilder.addAnnotation(this.spdxDocument.createAnnotation("Tool: " + this.documentSpec.getTool(), AnnotationType.OTHER, new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date()), buildNotesAnnotation));
        }
    }

    private String buildNotesAnnotation(NoticeParameters noticeParameters) {
        StringJoiner stringJoiner = new StringJoiner("\n\n");
        if (noticeParameters.getComponent() != null && noticeParameters.getComponent().getNote() != null) {
            stringJoiner.add("The component \"" + noticeParameters.getComponent().getName() + "\" has notes:\n" + noticeParameters.getComponent().getNote());
        }
        if (noticeParameters.getSubcomponents() != null) {
            for (ComponentDefinition componentDefinition : noticeParameters.getSubcomponents()) {
                if (componentDefinition.getNote() != null) {
                    stringJoiner.add("The subcomponent \"" + componentDefinition.getName() + "\" has notes:\n" + componentDefinition.getNote());
                }
            }
        }
        return stringJoiner.toString();
    }

    private void mapLicensesAndCopyrights(AbstractModelBase abstractModelBase, Set<TermsMetaData> set, SpdxPackage spdxPackage) throws InvalidSPDXAnalysisException {
        NoticeParameters readNoticeParameters = LicenseProcessor.readNoticeParameters(abstractModelBase);
        spdxPackage.setLicenseConcluded(SpdxLicenseMapper.deriveConcludedLicense(readNoticeParameters, set, this.spdxDocument, this.licenseStringConverter));
        spdxPackage.setLicenseDeclared(SpdxLicenseMapper.deriveDeclaredLicense(readNoticeParameters, set, this.spdxDocument, this.licenseStringConverter));
        spdxPackage.setCopyrightText(SpdxLicenseMapper.deriveCopyrightText(readNoticeParameters));
        this.writtenAttributes.add(Artifact.Attribute.LICENSE.getKey());
        this.writtenAttributes.add(Constants.KEY_DERIVED_NOTICE_PARAMETER);
        this.writtenAttributes.add("Inherited Notice Parameter");
        this.writtenAttributes.add("Inherited License");
        this.writtenAttributes.add(Constants.KEY_DERIVED_LICENSES);
        this.writtenAttributes.add(Constants.KEY_BINARY_ARTIFACT_DERIVED_LICENSES);
        this.writtenAttributes.add(Constants.KEY_DESCRIPTOR_DERIVED_LICENSES);
        this.writtenAttributes.add(Constants.KEY_SOURCE_ARCHIVE_DERIVED_LICENSES);
        this.writtenAttributes.add(Constants.KEY_SOURCE_ARTIFACT_DERIVED_LICENSES);
        this.writtenAttributes.add(Constants.KEY_DERIVED_MARKERS);
        this.writtenAttributes.add(Constants.KEY_BINARY_ARTIFACT_DERIVED_MARKERS);
        this.writtenAttributes.add(Constants.KEY_SOURCE_ARTIFACT_DERIVED_MARKERS);
        this.writtenAttributes.add(Constants.KEY_SOURCE_ARCHIVE_DERIVED_MARKERS);
        this.writtenAttributes.add(Constants.KEY_DESCRIPTOR_DERIVED_MARKERS);
    }

    private String getFirstNonBlankValue(AbstractModelBase abstractModelBase, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String str = abstractModelBase.get(it.next());
            if (StringUtils.isNotBlank(str)) {
                return str;
            }
        }
        return null;
    }

    public HashSet<TermsMetaData> getReferencedLicenses() {
        return this.referencedLicenses;
    }
}
