package com.bitegarden.sonar.plugins.security;

import com.bitegarden.sonar.plugins.security.asvs.ASVSPageActionHandler;
import com.bitegarden.sonar.plugins.security.asvs.ASVSPdfActionHandler;
import com.bitegarden.sonar.plugins.security.cwe.CweMeasureHandler;
import com.bitegarden.sonar.plugins.security.cwe.CwePageActionHandler;
import com.bitegarden.sonar.plugins.security.cwe.CwePdfActionHandler;
import com.bitegarden.sonar.plugins.security.iso.ISO5055PageActionHandler;
import com.bitegarden.sonar.plugins.security.iso.ISO5055PdfActionHandler;
import com.bitegarden.sonar.plugins.security.owasp.OwaspMeasuresHandler;
import com.bitegarden.sonar.plugins.security.owasp.OwaspPageActionHandler;
import com.bitegarden.sonar.plugins.security.owasp.OwaspPdfActionHandler;
import com.bitegarden.sonar.plugins.security.util.CweUtils;
import com.bitegarden.sonar.plugins.security.util.OwaspUtils;
import com.bitegarden.sonar.plugins.security.util.ParamUtils;
import com.google.common.net.HttpHeaders;
import es.sonarqube.security.utils.SecurityUtils;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import org.apache.velocity.runtime.VelocityEngineVersion;
import org.sonar.api.config.Configuration;
import org.sonar.api.platform.Server;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/SecurityWebService.class */
public class SecurityWebService implements WebService {
    private static final Logger LOG = Loggers.get(SecurityWebService.class);
    private Configuration settings;
    private Server server;

    public SecurityWebService(Configuration configuration, Server server) {
        this.settings = configuration;
        this.server = server;
    }

    public void define(WebService.Context context) {
        WebService.NewController createController = context.createController("api/bitegarden/security");
        createController.setDescription("Security Assessment Web Service");
        createController.setSince("6.7");
        defineResourcesAction(createController);
        createController.done();
    }

    private void defineResourcesAction(WebService.NewController newController) {
        WebService.NewAction handler = newController.createAction("owasp_report").setDescription("Security Assessment OWASP Top 10 Report HTML Page").setSince("2.0.3").setInternal(true).setHandler(new OwaspPageActionHandler(this.settings, this.server));
        handler.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler.createParam(ParamUtils.OWASP_YEAR_PARAM_KEY).setPossibleValues(new String[]{"2017", "2021"}).setDescription(ParamUtils.OWASP_YEAR_PARAM_DESCRIPTION).setRequired(false).setDefaultValue("2021").setSince("2.11");
        handler.createParam("branch").setDescription("The Project Branch to retrieve information from").setSince(VelocityEngineVersion.VERSION).setRequired(false);
        handler.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler2 = newController.createAction("owasp_pdf").setDescription("Security Assessment OWASP Top 10 PDF Report").setSince("2.1").setHandler(new OwaspPdfActionHandler(this.settings, this.server));
        handler2.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler2.createParam(ParamUtils.OWASP_YEAR_PARAM_KEY).setPossibleValues(new String[]{"2017", "2021"}).setDescription(ParamUtils.OWASP_YEAR_PARAM_DESCRIPTION).setRequired(false);
        handler2.createParam("branch").setDescription("The Project Branch to retrieve information from").setSince(VelocityEngineVersion.VERSION).setRequired(false);
        handler2.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler3 = newController.createAction("owasp_measures").setDescription("Security Assessment OWASP Top 10 Measures").setSince("2.15").setResponseExample(getClass().getResource("/static/response-examples/owasp-measures-response.json")).setHandler(new OwaspMeasuresHandler(this.settings));
        handler3.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler3.createParam(ParamUtils.OWASP_YEAR_PARAM_KEY).setPossibleValues(new String[]{"2017", "2021"}).setDescription(ParamUtils.OWASP_YEAR_PARAM_DESCRIPTION).setRequired(false).setDefaultValue("2021");
        handler3.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler3.createParam(ParamUtils.METRIC_KEYS_PARAM_KEY).setDescription("Comma-separated list of metric keys").setPossibleValues(OwaspUtils.getOwaspMetricsKeys()).setRequired(true);
        handler3.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler4 = newController.createAction("cwe_report").setDescription("Security Assessment CWE Top 25 Report HTML Page").setSince("2.4").setInternal(true).setHandler(new CwePageActionHandler(this.settings, this.server));
        handler4.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler4.createParam(ParamUtils.CWE_YEAR_PARAM_KEY).setPossibleValues(new String[]{SecurityUtils.CWE_2019, SecurityUtils.CWE_2020, "2021", SecurityUtils.CWE_2022, "2023"}).setDefaultValue("2023").setDescription(ParamUtils.CWE_YEAR_PARAM_DESCRIPTION).setSince("2.10").setRequired(false);
        handler4.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler4.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler5 = newController.createAction("cwe_measures").setDescription("Security Assessment CWE Top 25 Measures Report").setSince("2.15").setHandler(new CweMeasureHandler(this.settings));
        handler5.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler5.createParam(ParamUtils.CWE_YEAR_PARAM_KEY).setPossibleValues(new String[]{SecurityUtils.CWE_2019, SecurityUtils.CWE_2020, "2021", SecurityUtils.CWE_2022, "2023"}).setDefaultValue("2023").setDescription(ParamUtils.CWE_YEAR_PARAM_DESCRIPTION).setRequired(false);
        handler5.createParam(ParamUtils.METRIC_KEYS_PARAM_KEY).setPossibleValues(CweUtils.getMetricList()).setDescription("Comma-separated list of metric keys").setRequired(true);
        handler5.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler5.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        handler5.setResponseExample(getClass().getResource("/static/response-examples/cwe-measures-response.json"));
        WebService.NewAction handler6 = newController.createAction("cwe_pdf").setDescription("Security Assessment CWE Top 25 PDF Report").setSince("2.6").setHandler(new CwePdfActionHandler(this.server, this.settings));
        handler6.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler6.createParam(ParamUtils.CWE_YEAR_PARAM_KEY).setPossibleValues(new String[]{SecurityUtils.CWE_2019, SecurityUtils.CWE_2020, "2021", SecurityUtils.CWE_2022, "2023"}).setDefaultValue("2023").setDescription(ParamUtils.CWE_YEAR_PARAM_DESCRIPTION).setSince("2.10").setRequired(false);
        handler6.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler6.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler7 = newController.createAction("asvs_report").setDescription("Security Assessment ASVS Report HTML Page").setSince("2.8").setInternal(true).setHandler(new ASVSPageActionHandler(this.settings));
        handler7.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler7.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler7.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler8 = newController.createAction("asvs_pdf").setDescription("Security Assessment ASVS PDF Report").setSince("2.12").setHandler(new ASVSPdfActionHandler(this.settings));
        handler8.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler8.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler8.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler9 = newController.createAction("iso_5055_report").setDescription("Security Assessment ISO 5055 Report HTML Page").setSince("2.9").setInternal(true).setHandler(new ISO5055PageActionHandler(this.settings));
        handler9.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler9.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler9.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
        WebService.NewAction handler10 = newController.createAction("iso_5055_pdf").setDescription("Security Assessment ISO 5055 PDF Report").setSince("2.14").setHandler(new ISO5055PdfActionHandler());
        handler10.createParam(ParamUtils.RESOURCE_PARAM_KEY).setDescription(ParamUtils.RESOURCE_PARAM_DESCRIPTION).setRequired(true);
        handler10.createParam("branch").setDescription("The Project Branch to retrieve information from").setRequired(false);
        handler10.createParam("pullRequest").setDescription("The Project Pull Request to retrieve information from").setRequired(false);
    }

    public static Locale getUserLocaleFromRequest(Request request) {
        Locale locale = Locale.getDefault();
        Optional header = request.header(HttpHeaders.ACCEPT_LANGUAGE);
        if (header.isPresent()) {
            LOG.debug("Accept-Language header: " + header);
            List<Locale.LanguageRange> parse = Locale.LanguageRange.parse((String) header.get());
            if (!parse.isEmpty()) {
                Locale.LanguageRange languageRange = parse.get(0);
                LOG.debug("Locale Language Range: " + languageRange.getRange());
                locale = new Locale(languageRange.getRange().substring(0, 2));
            }
        }
        LOG.debug("User locale language:  " + locale.getLanguage());
        LOG.debug("User locale country:  " + locale.getCountry());
        LOG.debug("User display language: " + locale.getDisplayLanguage());
        return locale;
    }
}
