# Copyright (C) 2024 The Qt Company Ltd.
# SPDX-License-Identifier: BSD-3-Clause

# Computes a security CPE for a given set of attributes.
#
# When a part is not specified, a wildcard is added.
#
# References:
# https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/#f22-cpe23type
# https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
# https://nvd.nist.gov/products/cpe
#
# Each attribute means:
# 1. part
# 2. vendor
# 3. product
# 4. version
# 5. update
# 6. edition
# 7. language
# 8. sw_edition
# 9. target_sw
# 10. target_hw
# 11. other
function(_qt_internal_sbom_compute_security_cpe out_cpe)
    set(opt_args "")
    set(single_args
        PART
        VENDOR
        PRODUCT
        VERSION
        UPDATE
        EDITION
    )
    set(multi_args "")
    cmake_parse_arguments(PARSE_ARGV 1 arg "${opt_args}" "${single_args}" "${multi_args}")
    _qt_internal_validate_all_args_are_parsed(arg)

    set(cpe_template "cpe:2.3:PART:VENDOR:PRODUCT:VERSION:UPDATE:EDITION:*:*:*:*:*")

    set(cpe "${cpe_template}")
    foreach(attribute_name IN LISTS single_args)
        if(arg_${attribute_name})
            set(${attribute_name}_value "${arg_${attribute_name}}")
        else()
            if(attribute_name STREQUAL "PART")
                set(${attribute_name}_value "a")
            else()
                set(${attribute_name}_value "*")
            endif()
        endif()
        string(REPLACE "${attribute_name}" "${${attribute_name}_value}" cpe "${cpe}")
    endforeach()

    set(${out_cpe} "${cpe}" PARENT_SCOPE)
endfunction()

# Computes the default security CPE for the Qt framework.
function(_qt_internal_sbom_get_cpe_qt out_var)
    _qt_internal_sbom_get_root_project_name_lower_case(repo_project_name_lowercase)
    _qt_internal_sbom_compute_security_cpe(repo_cpe
        VENDOR "qt"
        PRODUCT "${repo_project_name_lowercase}"
        VERSION "${QT_REPO_MODULE_VERSION}"
    )
    set(${out_var} "${repo_cpe}" PARENT_SCOPE)
endfunction()

# Computes the default security CPE for a given qt repository.
function(_qt_internal_sbom_get_cpe_qt_repo out_var)
    _qt_internal_sbom_compute_security_cpe(qt_cpe
        VENDOR "qt"
        PRODUCT "qt"
        VERSION "${QT_REPO_MODULE_VERSION}"
    )
    set(${out_var} "${qt_cpe}" PARENT_SCOPE)
endfunction()

# Computes the list of security CPEs for Qt, including both the repo-specific one and generic one.
function(_qt_internal_sbom_compute_security_cpe_for_qt out_cpe_list)
    set(cpe_list "")

    _qt_internal_sbom_get_cpe_qt(repo_cpe)
    list(APPEND cpe_list "${repo_cpe}")

    _qt_internal_sbom_get_cpe_qt_repo(qt_cpe)
    list(APPEND cpe_list "${qt_cpe}")

    set(${out_cpe_list} "${cpe_list}" PARENT_SCOPE)
endfunction()