package org.sonar.java.checks.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.check.Rule;
import org.sonar.java.annotations.VisibleForTesting;
import org.sonar.java.checks.DepthOfInheritanceTreeCheck;
import org.sonar.java.checks.helpers.CredentialMethod;
import org.sonar.java.checks.helpers.CredentialMethodsLoader;
import org.sonar.java.checks.helpers.ReassignmentFinder;
import org.sonar.java.checks.security.ExcessiveContentRequestCheck;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.model.JUtils;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.BinaryExpressionTree;
import org.sonar.plugins.java.api.tree.ConditionalExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.ListTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewArrayTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.TypeCastTree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S6437")
/* loaded from: input_file:org/sonar/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheck.class */
public class HardCodedCredentialsShouldNotBeUsedCheck extends IssuableSubscriptionVisitor {
    public static final String CREDENTIALS_METHODS_FILE = "/org/sonar/java/checks/security/S6437-methods.json";
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String ISSUE_MESSAGE = "Revoke and change this password, as it is compromised.";
    private Map<String, List<CredentialMethod>> methods;
    private static final Logger LOG = Loggers.get(HardCodedCredentialsShouldNotBeUsedCheck.class);
    private static final MethodMatchers STRING_TO_ARRAY_METHODS = MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofTypes(new String[]{"java.lang.String"}).names(new String[]{"getBytes", "toLowerCase", "toUpperCase"}).withAnyParameters().build(), MethodMatchers.create().ofTypes(new String[]{"java.lang.String"}).names(new String[]{"toCharArray", "trim", "strip", "stripIndent", "stripLeading", "stripTrailing", "intern", "translateEscapes"}).addWithoutParametersMatcher().build(), MethodMatchers.create().ofTypes(new String[]{"java.lang.String"}).names(new String[]{"subSequence", "substring"}).addParametersMatcher(new String[]{"int"}).addParametersMatcher(new String[]{"int", "int"}).build(), MethodMatchers.create().ofAnyType().names(new String[]{"toString"}).addWithoutParametersMatcher().build()});
    private static final MethodMatchers SUPPORTED_CONSTRUCTORS = MethodMatchers.create().ofTypes(new String[]{"java.lang.String"}).constructor().addParametersMatcher(list -> {
        return !list.isEmpty();
    }).build();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.sonar.java.checks.security.HardCodedCredentialsShouldNotBeUsedCheck$1, reason: invalid class name */
    /* loaded from: input_file:org/sonar/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheck$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind = new int[Tree.Kind.values().length];

        static {
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.IDENTIFIER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.NEW_ARRAY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.NEW_CLASS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.METHOD_INVOCATION.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.CONDITIONAL_EXPRESSION.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.MEMBER_SELECT.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.STRING_LITERAL.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.TYPE_CAST.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.BOOLEAN_LITERAL.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.CHAR_LITERAL.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.DOUBLE_LITERAL.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.FLOAT_LITERAL.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.INT_LITERAL.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[Tree.Kind.LONG_LITERAL.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
        }
    }

    public HardCodedCredentialsShouldNotBeUsedCheck() {
        this(CREDENTIALS_METHODS_FILE);
    }

    @VisibleForTesting
    HardCodedCredentialsShouldNotBeUsedCheck(String str) {
        try {
            this.methods = CredentialMethodsLoader.load(str);
        } catch (IOException e) {
            LOG.error(e.getMessage());
            this.methods = Collections.emptyMap();
        }
    }

    public Map<String, List<CredentialMethod>> getMethods() {
        return this.methods;
    }

    public List<Tree.Kind> nodesToVisit() {
        return List.of(Tree.Kind.METHOD_INVOCATION, Tree.Kind.NEW_CLASS);
    }

    public void visitNode(Tree tree) {
        boolean is = tree.is(new Tree.Kind[]{Tree.Kind.NEW_CLASS});
        List<CredentialMethod> list = this.methods.get(is ? ((NewClassTree) tree).symbolType().name() : ((MethodInvocationTree) tree).symbol().name());
        if (list == null) {
            return;
        }
        for (CredentialMethod credentialMethod : list) {
            MethodMatchers methodMatcher = credentialMethod.methodMatcher();
            if (is) {
                NewClassTree newClassTree = (NewClassTree) tree;
                if (methodMatcher.matches(newClassTree)) {
                    checkArguments(newClassTree.arguments(), credentialMethod);
                }
            } else {
                MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
                if (methodMatcher.matches(methodInvocationTree)) {
                    checkArguments(methodInvocationTree.arguments(), credentialMethod);
                }
            }
        }
    }

    private void checkArguments(Arguments arguments, CredentialMethod credentialMethod) {
        Iterator<Integer> it = credentialMethod.indices.iterator();
        while (it.hasNext()) {
            ExpressionTree expressionTree = (ExpressionTree) arguments.get(it.next().intValue());
            ArrayList arrayList = new ArrayList();
            if (isExpressionDerivedFromPlainText(expressionTree, arrayList, new HashSet())) {
                reportIssue(expressionTree, ISSUE_MESSAGE, arrayList, null);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isExpressionDerivedFromPlainText(ExpressionTree expressionTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        IdentifierTree skipParentheses = ExpressionUtils.skipParentheses(expressionTree);
        switch (AnonymousClass1.$SwitchMap$org$sonar$plugins$java$api$tree$Tree$Kind[skipParentheses.kind().ordinal()]) {
            case ExcessiveContentRequestCheck.CachedResult.INSTANTIATES_VALUE /* 1 */:
                return isDerivedFromPlainText(skipParentheses, list, set);
            case 2:
                return isDerivedFromPlainText((NewArrayTree) skipParentheses, list, set);
            case 3:
                return isDerivedFromPlainText((NewClassTree) skipParentheses, list, set);
            case 4:
                return isDerivedFromPlainText((MethodInvocationTree) skipParentheses, list, set);
            case DepthOfInheritanceTreeCheck.DEFAULT_MAX_DEPTH /* 5 */:
                return isDerivedFromPlainText((ConditionalExpressionTree) skipParentheses, list, set);
            case 6:
                return isDerivedFromPlainText(((MemberSelectExpressionTree) skipParentheses).identifier(), list, set);
            case 7:
                return !LiteralUtils.isEmptyString(skipParentheses);
            case 8:
                return isExpressionDerivedFromPlainText(((TypeCastTree) skipParentheses).expression(), list, set);
            case 9:
            case 10:
            case 11:
            case 12:
            case 13:
            case 14:
                return true;
            default:
                if (skipParentheses instanceof BinaryExpressionTree) {
                    return isDerivedFromPlainText((BinaryExpressionTree) skipParentheses, list, set);
                }
                return false;
        }
    }

    private static boolean isDerivedFromPlainText(BinaryExpressionTree binaryExpressionTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        return isExpressionDerivedFromPlainText(binaryExpressionTree.rightOperand(), list, set) && isExpressionDerivedFromPlainText(binaryExpressionTree.leftOperand(), list, set);
    }

    private static boolean isDerivedFromPlainText(IdentifierTree identifierTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        Symbol.VariableSymbol symbol = identifierTree.symbol();
        if (!set.add(symbol) || !symbol.isVariableSymbol() || JUtils.isParameter(symbol) || isNonFinalField(symbol)) {
            return false;
        }
        VariableTree declaration = symbol.declaration();
        if (declaration == null) {
            return JUtils.constantValue(symbol).isPresent();
        }
        ExpressionTree initializer = declaration.initializer();
        ArrayList arrayList = new ArrayList();
        Optional ofNullable = Optional.ofNullable(initializer);
        Objects.requireNonNull(arrayList);
        ofNullable.ifPresent((v1) -> {
            r1.add(v1);
        });
        Stream<R> map = ReassignmentFinder.getReassignments(declaration, symbol.usages()).stream().map((v0) -> {
            return v0.expression();
        });
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        if (!(!arrayList.isEmpty() && arrayList.stream().allMatch(expressionTree -> {
            return isExpressionDerivedFromPlainText(expressionTree, list, set);
        }))) {
            return false;
        }
        list.add(new JavaFileScannerContext.Location("", declaration));
        return true;
    }

    private static boolean isNonFinalField(Symbol symbol) {
        return symbol.isVariableSymbol() && symbol.owner().isTypeSymbol() && !symbol.isFinal();
    }

    private static boolean isDerivedFromPlainText(NewArrayTree newArrayTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        ListTree initializers = newArrayTree.initializers();
        return !initializers.isEmpty() && initializers.stream().allMatch(expressionTree -> {
            return isExpressionDerivedFromPlainText(expressionTree, list, set);
        });
    }

    private static boolean isDerivedFromPlainText(NewClassTree newClassTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        return SUPPORTED_CONSTRUCTORS.matches(newClassTree) && isExpressionDerivedFromPlainText((ExpressionTree) newClassTree.arguments().get(0), list, set);
    }

    private static boolean isDerivedFromPlainText(MethodInvocationTree methodInvocationTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        if (!STRING_TO_ARRAY_METHODS.matches(methodInvocationTree)) {
            return false;
        }
        MemberSelectExpressionTree skipParentheses = ExpressionUtils.skipParentheses(methodInvocationTree.methodSelect());
        return skipParentheses.is(new Tree.Kind[]{Tree.Kind.MEMBER_SELECT}) && isExpressionDerivedFromPlainText(skipParentheses.expression(), list, set);
    }

    private static boolean isDerivedFromPlainText(ConditionalExpressionTree conditionalExpressionTree, List<JavaFileScannerContext.Location> list, Set<Symbol> set) {
        return isExpressionDerivedFromPlainText(conditionalExpressionTree.trueExpression(), list, set) && isExpressionDerivedFromPlainText(conditionalExpressionTree.falseExpression(), list, set);
    }
}
