package org.openrewrite.java.security.search;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.openrewrite.Cursor;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Option;
import org.openrewrite.Recipe;
import org.openrewrite.TreeVisitor;
import org.openrewrite.internal.lang.Nullable;
import org.openrewrite.java.AnnotationMatcher;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.security.table.SensitiveApiEndpoints;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaType;
import org.openrewrite.java.tree.TypeTree;
import org.openrewrite.java.tree.TypeUtils;
import org.openrewrite.marker.SearchResult;

/* loaded from: input_file:org/openrewrite/java/security/search/FindSensitiveApiEndpoints.class */
public final class FindSensitiveApiEndpoints extends Recipe {

    @Option(displayName = "Field names", description = "Field names to search for.", example = "password,dateOfBirth,dob,ssn")
    private final List<String> fieldNames;

    @Option(displayName = "Transitive", description = "Find model objects that contain other model objects that contain sensitive data.", required = false)
    @Nullable
    private final Boolean transitive;
    private final transient SensitiveApiEndpoints endpoints = new SensitiveApiEndpoints(this);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openrewrite/java/security/search/FindSensitiveApiEndpoints$Endpoint.class */
    public static final class Endpoint {
        private static final List<AnnotationMatcher> SPRING_ENDPOINTS;
        private static final List<AnnotationMatcher> JAXRS_PATH;
        private final String method;
        private final String path;
        static final /* synthetic */ boolean $assertionsDisabled;

        public static Optional<Endpoint> spring(Cursor cursor) {
            AtomicReference atomicReference = new AtomicReference();
            StringBuilder sb = new StringBuilder();
            Stream pathAsStream = cursor.getPathAsStream();
            Class<J.ClassDeclaration> cls = J.ClassDeclaration.class;
            Objects.requireNonNull(J.ClassDeclaration.class);
            StringBuilder append = sb.append((String) pathAsStream.filter(cls::isInstance).map(obj -> {
                return (String) ((J.ClassDeclaration) obj).getAllAnnotations().stream().filter(annotation -> {
                    return hasRequestMapping(annotation, SPRING_ENDPOINTS);
                }).findAny().map(annotation2 -> {
                    atomicReference.set(annotation2);
                    return getArg(annotation2, "value", "");
                }).orElse(null);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.joining("/")));
            Stream pathAsStream2 = cursor.getPathAsStream();
            Class<J.MethodDeclaration> cls2 = J.MethodDeclaration.class;
            Objects.requireNonNull(J.MethodDeclaration.class);
            String replace = append.append((String) pathAsStream2.filter(cls2::isInstance).map(obj2 -> {
                return (String) ((J.MethodDeclaration) obj2).getAllAnnotations().stream().filter(annotation -> {
                    return hasRequestMapping(annotation, SPRING_ENDPOINTS);
                }).findAny().map(annotation2 -> {
                    atomicReference.set(annotation2);
                    return getArg(annotation2, "value", "");
                }).orElse(null);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.joining("/"))).toString().replace("//", "/");
            if (atomicReference.get() == null) {
                return Optional.empty();
            }
            JavaType.FullyQualified asFullyQualified = TypeUtils.asFullyQualified(((J.Annotation) atomicReference.get()).getType());
            if ($assertionsDisabled || asFullyQualified != null) {
                return Optional.of(new Endpoint(asFullyQualified.getClassName().startsWith("Request") ? getArg((J.Annotation) atomicReference.get(), "method", "GET") : asFullyQualified.getClassName().replace("Mapping", "").toUpperCase(), replace));
            }
            throw new AssertionError();
        }

        public static Optional<Endpoint> jaxrs(Cursor cursor) {
            JavaType.FullyQualified asFullyQualified;
            StringBuilder sb = new StringBuilder();
            Stream pathAsStream = cursor.getPathAsStream();
            Class<J.ClassDeclaration> cls = J.ClassDeclaration.class;
            Objects.requireNonNull(J.ClassDeclaration.class);
            StringBuilder append = sb.append((String) pathAsStream.filter(cls::isInstance).map(obj -> {
                return (String) ((J.ClassDeclaration) obj).getAllAnnotations().stream().filter(annotation -> {
                    return hasRequestMapping(annotation, JAXRS_PATH);
                }).findAny().map(annotation2 -> {
                    return getArg(annotation2, "value", "");
                }).orElse(null);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.joining("/")));
            Stream pathAsStream2 = cursor.getPathAsStream();
            Class<J.MethodDeclaration> cls2 = J.MethodDeclaration.class;
            Objects.requireNonNull(J.MethodDeclaration.class);
            String replace = append.append((String) pathAsStream2.filter(cls2::isInstance).map(obj2 -> {
                return (String) ((J.MethodDeclaration) obj2).getAllAnnotations().stream().filter(annotation -> {
                    return hasRequestMapping(annotation, JAXRS_PATH);
                }).findAny().map(annotation2 -> {
                    return getArg(annotation2, "value", "");
                }).orElse(null);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.joining("/"))).toString().replace("//", "/");
            String str = null;
            Iterator it = ((J.MethodDeclaration) cursor.firstEnclosingOrThrow(J.MethodDeclaration.class)).getAllAnnotations().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                J.Annotation annotation = (J.Annotation) it.next();
                asFullyQualified = TypeUtils.asFullyQualified(annotation.getType());
                if (asFullyQualified != null) {
                    if (asFullyQualified.getClassName().equals("GET") || asFullyQualified.getClassName().equals("POST") || asFullyQualified.getClassName().equals("DELETE")) {
                        break;
                    }
                    if (TypeUtils.isOfClassType(asFullyQualified, "javax.ws.rs.HttpMethod")) {
                        str = getArg(annotation, "value", "GET");
                        break;
                    }
                }
            }
            str = asFullyQualified.getClassName();
            return str == null ? Optional.empty() : Optional.of(new Endpoint(str, replace));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String getArg(J.Annotation annotation, String str, String str2) {
            if (annotation.getArguments() != null) {
                for (J.Assignment assignment : annotation.getArguments()) {
                    if (assignment instanceof J.Literal) {
                        return (String) ((J.Literal) assignment).getValue();
                    }
                    if (assignment instanceof J.Assignment) {
                        J.Assignment assignment2 = assignment;
                        if (!assignment2.getVariable().getSimpleName().equals(str)) {
                            continue;
                        } else {
                            if (assignment2.getAssignment() instanceof J.FieldAccess) {
                                return assignment2.getAssignment().getSimpleName();
                            }
                            if (assignment2.getAssignment() instanceof J.Identifier) {
                                return assignment2.getAssignment().getSimpleName();
                            }
                            if (assignment2.getAssignment() instanceof J.Literal) {
                                return (String) assignment2.getAssignment().getValue();
                            }
                        }
                    }
                }
            }
            return str2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static boolean hasRequestMapping(J.Annotation annotation, List<AnnotationMatcher> list) {
            Iterator<AnnotationMatcher> it = list.iterator();
            while (it.hasNext()) {
                if (it.next().matches(annotation)) {
                    return true;
                }
            }
            return false;
        }

        public Endpoint(String str, String str2) {
            this.method = str;
            this.path = str2;
        }

        public String getMethod() {
            return this.method;
        }

        public String getPath() {
            return this.path;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Endpoint)) {
                return false;
            }
            Endpoint endpoint = (Endpoint) obj;
            String method = getMethod();
            String method2 = endpoint.getMethod();
            if (method == null) {
                if (method2 != null) {
                    return false;
                }
            } else if (!method.equals(method2)) {
                return false;
            }
            String path = getPath();
            String path2 = endpoint.getPath();
            return path == null ? path2 == null : path.equals(path2);
        }

        public int hashCode() {
            String method = getMethod();
            int hashCode = (1 * 59) + (method == null ? 43 : method.hashCode());
            String path = getPath();
            return (hashCode * 59) + (path == null ? 43 : path.hashCode());
        }

        public String toString() {
            return "FindSensitiveApiEndpoints.Endpoint(method=" + getMethod() + ", path=" + getPath() + ")";
        }

        static {
            $assertionsDisabled = !FindSensitiveApiEndpoints.class.desiredAssertionStatus();
            SPRING_ENDPOINTS = (List) Stream.of((Object[]) new String[]{"Request", "Get", "Post", "Put", "Delete", "Patch"}).map(str -> {
                return new AnnotationMatcher("@org.springframework.web.bind.annotation." + str + "Mapping");
            }).collect(Collectors.toList());
            JAXRS_PATH = Collections.singletonList(new AnnotationMatcher("@javax.ws.rs.Path"));
        }
    }

    public String getDisplayName() {
        return "Find sensitive API endpoints";
    }

    public String getDescription() {
        return "Find data models exposed by REST APIs that contain sensitive information like PII and secrets.";
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        return new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.search.FindSensitiveApiEndpoints.1
            /* renamed from: visitMethodDeclaration, reason: merged with bridge method [inline-methods] */
            public J.MethodDeclaration m58visitMethodDeclaration(J.MethodDeclaration methodDeclaration, ExecutionContext executionContext) {
                Endpoint orElse = Endpoint.spring(getCursor()).orElse(Endpoint.jaxrs(getCursor()).orElse(null));
                if (orElse == null) {
                    return super.visitMethodDeclaration(methodDeclaration, executionContext);
                }
                if (methodDeclaration.getReturnTypeExpression() == null) {
                    return methodDeclaration;
                }
                List sensitiveFieldPaths = FindSensitiveApiEndpoints.this.sensitiveFieldPaths(((TypeTree) Objects.requireNonNull(methodDeclaration.getReturnTypeExpression())).getType());
                if (sensitiveFieldPaths.isEmpty()) {
                    return methodDeclaration;
                }
                List<String> list = (List) sensitiveFieldPaths.stream().map(list2 -> {
                    return (String) list2.stream().map(method -> {
                        return ((JavaType.FullyQualified) Objects.requireNonNull(TypeUtils.asFullyQualified(method.getDeclaringType()))).getFullyQualifiedName() + "#" + method.getName();
                    }).collect(Collectors.joining("->"));
                }).collect(Collectors.toList());
                for (String str : list) {
                    String str2 = (String) list.get(list.size() - 1);
                    FindSensitiveApiEndpoints.this.endpoints.insertRow(executionContext, new SensitiveApiEndpoints.Row(((J.CompilationUnit) getCursor().firstEnclosingOrThrow(J.CompilationUnit.class)).getSourcePath().toString(), methodDeclaration.getSimpleName(), orElse.getMethod(), orElse.getPath(), str2.substring(str2.lastIndexOf("#") + 1), str));
                }
                return methodDeclaration.withReturnTypeExpression(SearchResult.found(methodDeclaration.getReturnTypeExpression(), String.join("\n", list)));
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<List<JavaType.Method>> sensitiveFieldPaths(@Nullable JavaType javaType) {
        ArrayList arrayList = new ArrayList(1);
        sensitiveFieldPathsRecursive(javaType, Collections.emptyList(), arrayList, new HashSet());
        return arrayList;
    }

    private void sensitiveFieldPathsRecursive(@Nullable JavaType javaType, List<JavaType.Method> list, List<List<JavaType.Method>> list2, Set<String> set) {
        JavaType.FullyQualified asFullyQualified = TypeUtils.asFullyQualified(javaType);
        if (javaType instanceof JavaType.Parameterized) {
            Iterator it = ((JavaType.Parameterized) javaType).getTypeParameters().iterator();
            while (it.hasNext()) {
                sensitiveFieldPathsRecursive((JavaType) it.next(), list, list2, set);
            }
            return;
        }
        if (asFullyQualified == null || !set.add(asFullyQualified.getFullyQualifiedName())) {
            return;
        }
        Iterator visibleMethods = asFullyQualified.getVisibleMethods();
        while (visibleMethods.hasNext()) {
            JavaType.Method method = (JavaType.Method) visibleMethods.next();
            if (method.getName().startsWith("get")) {
                ArrayList arrayList = new ArrayList(list);
                arrayList.add(method);
                Iterator<String> it2 = this.fieldNames.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        if (method.getName().substring(3).equalsIgnoreCase(it2.next())) {
                            list2.add(arrayList);
                            break;
                        }
                    } else if (!Boolean.FALSE.equals(this.transitive)) {
                        sensitiveFieldPathsRecursive(method.getReturnType(), arrayList, list2, set);
                    }
                }
            }
        }
    }

    public FindSensitiveApiEndpoints(List<String> list, Boolean bool) {
        this.fieldNames = list;
        this.transitive = bool;
    }

    public List<String> getFieldNames() {
        return this.fieldNames;
    }

    public Boolean getTransitive() {
        return this.transitive;
    }

    public SensitiveApiEndpoints getEndpoints() {
        return this.endpoints;
    }

    public String toString() {
        return "FindSensitiveApiEndpoints(fieldNames=" + getFieldNames() + ", transitive=" + getTransitive() + ", endpoints=" + getEndpoints() + ")";
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof FindSensitiveApiEndpoints)) {
            return false;
        }
        FindSensitiveApiEndpoints findSensitiveApiEndpoints = (FindSensitiveApiEndpoints) obj;
        if (!findSensitiveApiEndpoints.canEqual(this)) {
            return false;
        }
        Boolean transitive = getTransitive();
        Boolean transitive2 = findSensitiveApiEndpoints.getTransitive();
        if (transitive == null) {
            if (transitive2 != null) {
                return false;
            }
        } else if (!transitive.equals(transitive2)) {
            return false;
        }
        List<String> fieldNames = getFieldNames();
        List<String> fieldNames2 = findSensitiveApiEndpoints.getFieldNames();
        return fieldNames == null ? fieldNames2 == null : fieldNames.equals(fieldNames2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof FindSensitiveApiEndpoints;
    }

    public int hashCode() {
        Boolean transitive = getTransitive();
        int hashCode = (1 * 59) + (transitive == null ? 43 : transitive.hashCode());
        List<String> fieldNames = getFieldNames();
        return (hashCode * 59) + (fieldNames == null ? 43 : fieldNames.hashCode());
    }
}
