package org.openrewrite.java.security;

import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.openrewrite.Cursor;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Parser;
import org.openrewrite.Preconditions;
import org.openrewrite.Recipe;
import org.openrewrite.TreeVisitor;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.JavaParser;
import org.openrewrite.java.JavaTemplate;
import org.openrewrite.java.format.AutoFormatVisitor;
import org.openrewrite.java.tree.J;
import org.openrewrite.marker.SearchResult;

/* loaded from: input_file:org/openrewrite/java/security/FixCwe338.class */
public class FixCwe338 extends Recipe {
    private static final String COMMONS_LANG_2 = "COMMONS_LANG_2";

    public String getDisplayName() {
        return "Fix CWE-338 with `SecureRandom`";
    }

    public String getDescription() {
        return "Use a cryptographically strong pseudo-random number generator (PRNG).";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public JavaParser.Builder<?, ?> javaParser() {
        return JavaParser.fromJavaVersion().dependsOn(Arrays.asList(Parser.Input.fromString("package org.apache.commons.lang;\nimport java.util.Random;\npublic class RandomStringUtils {\n  public static String random(int count, int start, int end, boolean letters, boolean numbers, char[] chars, Random random) {}\n}\n"), Parser.Input.fromString("package org.apache.commons.lang3;\nimport java.util.Random;\npublic class RandomStringUtils {\n  public static String random(int count, int start, int end, boolean letters, boolean numbers, char[] chars, Random random) {}\n}\n")));
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        return Preconditions.check(new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.FixCwe338.1
            /* renamed from: visitCompilationUnit, reason: merged with bridge method [inline-methods] */
            public J.CompilationUnit m2visitCompilationUnit(J.CompilationUnit compilationUnit, ExecutionContext executionContext) {
                return compilationUnit.getPackageDeclaration() == null ? compilationUnit : super.visitCompilationUnit(compilationUnit, executionContext);
            }

            /* renamed from: visitClassDeclaration, reason: merged with bridge method [inline-methods] */
            public J.ClassDeclaration m3visitClassDeclaration(J.ClassDeclaration classDeclaration, ExecutionContext executionContext) {
                return "RandomUtil".equals(classDeclaration.getSimpleName()) ? SearchResult.found(classDeclaration) : classDeclaration;
            }
        }, new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.FixCwe338.2
            /* renamed from: visitClassDeclaration, reason: merged with bridge method [inline-methods] */
            public J.ClassDeclaration m6visitClassDeclaration(J.ClassDeclaration classDeclaration, ExecutionContext executionContext) {
                Stream stream = classDeclaration.getBody().getStatements().stream();
                Class<J.VariableDeclarations> cls = J.VariableDeclarations.class;
                Objects.requireNonNull(J.VariableDeclarations.class);
                Stream filter = stream.filter((v1) -> {
                    return r1.isInstance(v1);
                });
                Class<J.VariableDeclarations> cls2 = J.VariableDeclarations.class;
                Objects.requireNonNull(J.VariableDeclarations.class);
                if (filter.map((v1) -> {
                    return r1.cast(v1);
                }).filter(variableDeclarations -> {
                    return variableDeclarations.getVariables().size() == 1;
                }).map(variableDeclarations2 -> {
                    return (J.VariableDeclarations.NamedVariable) variableDeclarations2.getVariables().get(0);
                }).anyMatch(namedVariable -> {
                    return "SECURE_RANDOM".equals(namedVariable.getSimpleName());
                })) {
                    return classDeclaration;
                }
                J.ClassDeclaration visitClassDeclaration = super.visitClassDeclaration(classDeclaration, executionContext);
                J.ClassDeclaration withBody = visitClassDeclaration.withBody(visitClassDeclaration.getBody().withStatements((List) visitClassDeclaration.getBody().getStatements().stream().filter(statement -> {
                    return !(statement instanceof J.VariableDeclarations);
                }).collect(Collectors.toList())));
                J.ClassDeclaration withBody2 = withBody.withBody(JavaTemplate.builder("private static String generateRandomAlphanumericString() {\n    return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, SECURE_RANDOM);\n}\nprivate static final SecureRandom SECURE_RANDOM = new SecureRandom();\nprivate static final int DEF_COUNT = 20;\n\nstatic {\n    SECURE_RANDOM.nextBytes(new byte[64]);\n}\n").contextSensitive().javaParser(FixCwe338.this.javaParser()).imports(new String[]{"java.security.SecureRandom"}).build().apply(new Cursor(new Cursor(getCursor().getParent(), withBody), withBody.getBody()), withBody.getBody().getCoordinates().lastStatement(), new Object[0]));
                maybeAddImport("java.security.SecureRandom");
                List statements = withBody2.getBody().getStatements();
                J.ClassDeclaration withBody3 = withBody2.withBody(withBody2.getBody().withStatements((List) Stream.concat(statements.subList(statements.size() - 3, statements.size()).stream(), statements.subList(0, statements.size() - 3).stream()).collect(Collectors.toList())));
                maybeAddImport(getCursor().pollMessage(FixCwe338.COMMONS_LANG_2) == null ? "org.apache.commons.lang3.RandomStringUtils" : "org.apache.commons.lang.RandomStringUtils");
                doAfterVisit(new AutoFormatVisitor());
                return withBody3;
            }

            /* renamed from: visitImport, reason: merged with bridge method [inline-methods] */
            public J.Import m5visitImport(J.Import r5, ExecutionContext executionContext) {
                if ("org.apache.commons.lang".equals(r5.getPackageName())) {
                    getCursor().putMessage(FixCwe338.COMMONS_LANG_2, true);
                }
                return r5;
            }

            /* renamed from: visitMethodInvocation, reason: merged with bridge method [inline-methods] */
            public J.MethodInvocation m4visitMethodInvocation(J.MethodInvocation methodInvocation, ExecutionContext executionContext) {
                return JavaTemplate.builder("generateRandomAlphanumericString()").contextSensitive().javaParser(FixCwe338.this.javaParser()).build().apply(getCursor(), methodInvocation.getCoordinates().replace(), new Object[0]);
            }
        });
    }
}
