package org.sonar.java.checks.security;

import java.util.Collections;
import java.util.List;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.BlockTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.ThrowStatementTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S4830")
/* loaded from: input_file:org/sonar/java/checks/security/ServerCertificatesCheck.class */
public class ServerCertificatesCheck extends IssuableSubscriptionVisitor {
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String X509_CERTIFICATE_ARRAY = "java.security.cert.X509Certificate[]";
    private static final MethodMatchers TRUST_MANAGER_MATCHER = MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofSubTypes(new String[]{"javax.net.ssl.X509TrustManager"}).names(new String[]{"checkClientTrusted", "checkServerTrusted"}).addParametersMatcher(new String[]{X509_CERTIFICATE_ARRAY, "java.lang.String"}).build(), MethodMatchers.create().ofSubTypes(new String[]{"javax.net.ssl.X509ExtendedTrustManager"}).names(new String[]{"checkClientTrusted", "checkServerTrusted"}).addParametersMatcher(new String[]{X509_CERTIFICATE_ARRAY, "java.lang.String", "java.net.Socket"}).addParametersMatcher(new String[]{X509_CERTIFICATE_ARRAY, "java.lang.String", "javax.net.ssl.SSLEngine"}).build()});

    /* loaded from: input_file:org/sonar/java/checks/security/ServerCertificatesCheck$ThrowExceptionVisitor.class */
    private static class ThrowExceptionVisitor extends BaseTreeVisitor {
        boolean throwsException = false;

        private ThrowExceptionVisitor() {
        }

        private static boolean throwsException(Tree tree) {
            ThrowExceptionVisitor throwExceptionVisitor = new ThrowExceptionVisitor();
            tree.accept(throwExceptionVisitor);
            return throwExceptionVisitor.throwsException;
        }

        public void visitThrowStatement(ThrowStatementTree throwStatementTree) {
            super.visitThrowStatement(throwStatementTree);
            this.throwsException = true;
        }

        public void visitNewClass(NewClassTree newClassTree) {
            super.visitNewClass(newClassTree);
            visitMethodSymbol(newClassTree.constructorSymbol());
        }

        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            super.visitMethodInvocation(methodInvocationTree);
            visitMethodSymbol(methodInvocationTree.symbol());
        }

        private void visitMethodSymbol(Symbol symbol) {
            if (symbol.isMethodSymbol()) {
                this.throwsException |= !((Symbol.MethodSymbol) symbol).thrownTypes().isEmpty();
            } else {
                this.throwsException = true;
            }
        }
    }

    public List<Tree.Kind> nodesToVisit() {
        return Collections.singletonList(Tree.Kind.METHOD);
    }

    public void visitNode(Tree tree) {
        MethodTree methodTree = (MethodTree) tree;
        BlockTree block = methodTree.block();
        if (block != null && TRUST_MANAGER_MATCHER.matches(methodTree)) {
            if (block.body().isEmpty() || !ThrowExceptionVisitor.throwsException(block)) {
                reportIssue(methodTree.simpleName(), "Enable server certificate validation on this SSL/TLS connection.");
            }
        }
    }
}
