package org.owasp.dependencycheck.analyzer;

import java.net.SocketTimeoutException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.utils.Settings;
import org.sonatype.goodies.packageurl.PackageUrl;
import org.sonatype.ossindex.service.api.componentreport.ComponentReport;
import org.sonatype.ossindex.service.client.OssindexClient;
import org.sonatype.ossindex.service.client.transport.Transport;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest.class */
class OssIndexAnalyzerTest extends BaseTest {

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$OssIndexAnalyzerThrowing403.class */
    static final class OssIndexAnalyzerThrowing403 extends OssIndexAnalyzer {
        OssIndexAnalyzerThrowing403() {
        }

        OssindexClient newOssIndexClient() {
            return new OssIndexClient403();
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$OssIndexAnalyzerThrowing502.class */
    static final class OssIndexAnalyzerThrowing502 extends OssIndexAnalyzer {
        OssIndexAnalyzerThrowing502() {
        }

        OssindexClient newOssIndexClient() {
            return new OssIndexClient502();
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$OssIndexAnalyzerThrowingSocketTimeout.class */
    static final class OssIndexAnalyzerThrowingSocketTimeout extends OssIndexAnalyzer {
        OssIndexAnalyzerThrowingSocketTimeout() {
        }

        OssindexClient newOssIndexClient() {
            return new OssIndexClientSocketTimeoutException();
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$OssIndexClient403.class */
    private static final class OssIndexClient403 implements OssindexClient {
        private OssIndexClient403() {
        }

        public Map<PackageUrl, ComponentReport> requestComponentReports(List<PackageUrl> list) throws Exception {
            throw new Transport.TransportException("Unexpected response; status: 403");
        }

        public ComponentReport requestComponentReport(PackageUrl packageUrl) throws Exception {
            throw new Transport.TransportException("Unexpected response; status: 403");
        }

        public void close() {
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$OssIndexClient502.class */
    private static final class OssIndexClient502 implements OssindexClient {
        private OssIndexClient502() {
        }

        public Map<PackageUrl, ComponentReport> requestComponentReports(List<PackageUrl> list) throws Exception {
            throw new Transport.TransportException("Unexpected response; status: 502");
        }

        public ComponentReport requestComponentReport(PackageUrl packageUrl) throws Exception {
            throw new Transport.TransportException("Unexpected response; status: 502");
        }

        public void close() {
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$OssIndexClientSocketTimeoutException.class */
    private static final class OssIndexClientSocketTimeoutException implements OssindexClient {
        private OssIndexClientSocketTimeoutException() {
        }

        public Map<PackageUrl, ComponentReport> requestComponentReports(List<PackageUrl> list) throws Exception {
            throw new SocketTimeoutException("Read timed out");
        }

        public ComponentReport requestComponentReport(PackageUrl packageUrl) throws Exception {
            throw new SocketTimeoutException("Read timed out");
        }

        public void close() {
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/OssIndexAnalyzerTest$SproutOssIndexAnalyzer.class */
    static final class SproutOssIndexAnalyzer extends OssIndexAnalyzer {
        private Future<?> pendingClosureTask;

        SproutOssIndexAnalyzer() {
        }

        void enrich(Dependency dependency) {
            this.pendingClosureTask = Executors.newSingleThreadExecutor().submit(() -> {
                try {
                    closeAnalyzer();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            });
            super.enrich(dependency);
        }

        void awaitPendingClosure() throws ExecutionException, InterruptedException {
            this.pendingClosureTask.get();
        }
    }

    OssIndexAnalyzerTest() {
    }

    @Test
    void should_enrich_be_included_in_mutex_to_prevent_NPE() throws Exception {
        SproutOssIndexAnalyzer sproutOssIndexAnalyzer = new SproutOssIndexAnalyzer();
        PurlIdentifier purlIdentifier = new PurlIdentifier("maven", "test", "test", "1.0", Confidence.HIGHEST);
        Dependency dependency = new Dependency();
        dependency.addSoftwareIdentifier(purlIdentifier);
        Settings settings = getSettings();
        Engine engine = new Engine(settings);
        engine.setDependencies(Collections.singletonList(dependency));
        sproutOssIndexAnalyzer.initialize(settings);
        sproutOssIndexAnalyzer.analyzeDependency(dependency, engine);
        Assertions.assertTrue(purlIdentifier.getUrl().startsWith("https://ossindex.sonatype.org/component/pkg:maven/test/test@1.0"));
        sproutOssIndexAnalyzer.awaitPendingClosure();
    }

    @Test
    void should_analyzeDependency_return_a_dedicated_error_message_when_403_response_from_sonatype() throws Exception {
        OssIndexAnalyzerThrowing403 ossIndexAnalyzerThrowing403 = new OssIndexAnalyzerThrowing403();
        ossIndexAnalyzerThrowing403.initialize(getSettings());
        PurlIdentifier purlIdentifier = new PurlIdentifier("maven", "test", "test", "1.0", Confidence.HIGHEST);
        Dependency dependency = new Dependency();
        dependency.addSoftwareIdentifier(purlIdentifier);
        Engine engine = new Engine(getSettings());
        engine.setDependencies(Collections.singletonList(dependency));
        AnalysisException analysisException = new AnalysisException();
        try {
            ossIndexAnalyzerThrowing403.analyzeDependency(dependency, engine);
        } catch (AnalysisException e) {
            analysisException = e;
        }
        Assertions.assertEquals("OSS Index access forbidden", analysisException.getMessage());
        ossIndexAnalyzerThrowing403.close();
    }

    @Test
    void should_analyzeDependency_only_warn_when_transport_error_from_sonatype() throws Exception {
        OssIndexAnalyzerThrowing502 ossIndexAnalyzerThrowing502 = new OssIndexAnalyzerThrowing502();
        getSettings().setBoolean("analyzer.ossindex.remote-error.warn-only", true);
        ossIndexAnalyzerThrowing502.initialize(getSettings());
        PurlIdentifier purlIdentifier = new PurlIdentifier("maven", "test", "test", "1.0", Confidence.HIGHEST);
        Dependency dependency = new Dependency();
        dependency.addSoftwareIdentifier(purlIdentifier);
        Engine engine = new Engine(getSettings());
        try {
            try {
                engine.setDependencies(Collections.singletonList(dependency));
                Assertions.assertDoesNotThrow(() -> {
                    ossIndexAnalyzerThrowing502.analyzeDependency(dependency, engine);
                }, "Analysis exception thrown upon remote error although only a warning should have been logged");
                if (engine != null) {
                    engine.close();
                }
            } finally {
            }
        } finally {
            ossIndexAnalyzerThrowing502.close();
        }
    }

    @Test
    void should_analyzeDependency_only_warn_when_socket_error_from_sonatype() throws Exception {
        OssIndexAnalyzerThrowingSocketTimeout ossIndexAnalyzerThrowingSocketTimeout = new OssIndexAnalyzerThrowingSocketTimeout();
        getSettings().setBoolean("analyzer.ossindex.remote-error.warn-only", true);
        ossIndexAnalyzerThrowingSocketTimeout.initialize(getSettings());
        PurlIdentifier purlIdentifier = new PurlIdentifier("maven", "test", "test", "1.0", Confidence.HIGHEST);
        Dependency dependency = new Dependency();
        dependency.addSoftwareIdentifier(purlIdentifier);
        Engine engine = new Engine(getSettings());
        try {
            try {
                engine.setDependencies(Collections.singletonList(dependency));
                Assertions.assertDoesNotThrow(() -> {
                    ossIndexAnalyzerThrowingSocketTimeout.analyzeDependency(dependency, engine);
                }, "Analysis exception thrown upon remote error although only a warning should have been logged");
                if (engine != null) {
                    engine.close();
                }
            } finally {
            }
        } finally {
            ossIndexAnalyzerThrowingSocketTimeout.close();
        }
    }

    @Test
    void should_analyzeDependency_fail_when_socket_error_from_sonatype() throws Exception {
        OssIndexAnalyzerThrowingSocketTimeout ossIndexAnalyzerThrowingSocketTimeout = new OssIndexAnalyzerThrowingSocketTimeout();
        getSettings().setBoolean("analyzer.ossindex.remote-error.warn-only", false);
        ossIndexAnalyzerThrowingSocketTimeout.initialize(getSettings());
        PurlIdentifier purlIdentifier = new PurlIdentifier("maven", "test", "test", "1.0", Confidence.HIGHEST);
        Dependency dependency = new Dependency();
        dependency.addSoftwareIdentifier(purlIdentifier);
        Engine engine = new Engine(getSettings());
        engine.setDependencies(Collections.singletonList(dependency));
        AnalysisException analysisException = new AnalysisException();
        try {
            ossIndexAnalyzerThrowingSocketTimeout.analyzeDependency(dependency, engine);
        } catch (AnalysisException e) {
            analysisException = e;
        }
        Assertions.assertEquals("Failed to establish socket to OSS Index", analysisException.getMessage());
        ossIndexAnalyzerThrowingSocketTimeout.close();
    }
}
