package org.sonar.java.checks.security;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5332")
/* loaded from: input_file:org/sonar/java/checks/security/ClearTextProtocolCheck.class */
public class ClearTextProtocolCheck extends IssuableSubscriptionVisitor {
    private static final Map<String, Protocol> PROTOCOLS = new HashMap();
    private static final String MESSAGE = "Using %s protocol is insecure. Use %s instead.";
    private static final String MESSAGE_HTTP = "Using HTTP protocol is insecure. Use HTTPS instead.";
    private static final MethodMatchers UNSECURE_CLIENTS;
    private static final MethodMatchers OK_HTTP_CONNECTION_SPEC_BUILDERS;
    private static final MethodMatchers OK_HTTP_BUILDERS;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sonar/java/checks/security/ClearTextProtocolCheck$ClearTextVisitor.class */
    public class ClearTextVisitor extends BaseTreeVisitor {
        ClearTextVisitor() {
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitIdentifier(IdentifierTree identifierTree) {
            if ("CLEARTEXT".equals(identifierTree.name())) {
                ClearTextProtocolCheck.this.reportIssue(identifierTree, ClearTextProtocolCheck.MESSAGE_HTTP);
            }
        }
    }

    /* loaded from: input_file:org/sonar/java/checks/security/ClearTextProtocolCheck$Protocol.class */
    private static class Protocol {
        String protocolName;
        String alternatives;

        Protocol(String str, String str2) {
            this.protocolName = str;
            this.alternatives = str2;
        }
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD_INVOCATION, Tree.Kind.NEW_CLASS);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        if (!tree.is(Tree.Kind.NEW_CLASS)) {
            MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
            if (OK_HTTP_BUILDERS.matches(methodInvocationTree)) {
                reportIfUsesClearText(methodInvocationTree.arguments());
                return;
            }
            return;
        }
        NewClassTree newClassTree = (NewClassTree) tree;
        if (UNSECURE_CLIENTS.matches(newClassTree)) {
            Protocol protocol = PROTOCOLS.get(newClassTree.symbolType().fullyQualifiedName());
            reportIssue(newClassTree.identifier(), String.format(MESSAGE, protocol.protocolName, protocol.alternatives));
        } else if (OK_HTTP_CONNECTION_SPEC_BUILDERS.matches(newClassTree)) {
            reportIfUsesClearText(newClassTree.arguments());
        }
    }

    private void reportIfUsesClearText(Arguments arguments) {
        arguments.accept(new ClearTextVisitor());
    }

    static {
        PROTOCOLS.put("org.apache.commons.net.ftp.FTPClient", new Protocol("FTP", "SFTP, SCP or FTPS"));
        PROTOCOLS.put("org.apache.commons.net.smtp.SMTPClient", new Protocol("clear-text SMTP", "SMTP over SSL/TLS or SMTP with STARTTLS"));
        PROTOCOLS.put("org.apache.commons.net.telnet.TelnetClient", new Protocol("Telnet", "SSH"));
        UNSECURE_CLIENTS = MethodMatchers.create().ofTypes((String[]) PROTOCOLS.keySet().toArray(new String[0])).constructor().withAnyParameters().build();
        OK_HTTP_CONNECTION_SPEC_BUILDERS = MethodMatchers.create().ofTypes("okhttp3.ConnectionSpec$Builder").constructor().addParametersMatcher("okhttp3.ConnectionSpec").build();
        OK_HTTP_BUILDERS = MethodMatchers.create().ofTypes("okhttp3.OkHttpClient$Builder").names("connectionSpecs").addParametersMatcher("*").build();
    }
}
