package org.openrewrite.java.security.xml;

import fj.data.Option;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.openrewrite.Cursor;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Preconditions;
import org.openrewrite.TreeVisitor;
import org.openrewrite.analysis.InvocationMatcher;
import org.openrewrite.analysis.dataflow.DataFlowNode;
import org.openrewrite.analysis.dataflow.DataFlowSpec;
import org.openrewrite.analysis.dataflow.Dataflow;
import org.openrewrite.analysis.trait.expr.Expr;
import org.openrewrite.analysis.trait.expr.Literal;
import org.openrewrite.analysis.trait.expr.VarAccess;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.search.UsesType;
import org.openrewrite.java.tree.Expression;
import org.openrewrite.java.tree.J;

/* loaded from: input_file:org/openrewrite/java/security/xml/DocumentBuilderFactoryFixVisitor.class */
public class DocumentBuilderFactoryFixVisitor<P> extends XmlFactoryVisitor<P> {
    private static final String DBF_FQN = "javax.xml.parsers.DocumentBuilderFactory";
    private static final String SET_X_INCLUDE_AWARE_PROPERTY_NAME = "setXIncludeAware";
    private static final String SET_EXPAND_ENTITY_REFERENCES_PROPERTY_NAME = "setExpandEntityReferences";
    private static final String FEATURE_SECURE_PROCESSING_PROPERTY_NAME = "FEATURE_SECURE_PROCESSING";
    private static final String DBF_INITIALIZATION_METHOD = "dbf-initialization-method";
    private static final String DBF_VARIABLE_NAME = "dbf-variable-name";
    static final InvocationMatcher DBF_NEW_INSTANCE = InvocationMatcher.fromMethodMatcher(new MethodMatcher("javax.xml.parsers.DocumentBuilderFactory newInstance*()"));
    static final InvocationMatcher DBF_PARSER_SET_FEATURE = InvocationMatcher.fromMethodMatcher(new MethodMatcher("javax.xml.parsers.DocumentBuilderFactory setFeature(java.lang.String, boolean)"));
    static final InvocationMatcher DBF_PARSER_SET_X_INCLUDE_AWARE = InvocationMatcher.fromMethodMatcher(new MethodMatcher("javax.xml.parsers.DocumentBuilderFactory setXIncludeAware(boolean)"));
    static final InvocationMatcher DBF_PARSER_SET_EXPAND_ENTITY_REFERENCES = InvocationMatcher.fromMethodMatcher(new MethodMatcher("javax.xml.parsers.DocumentBuilderFactory setExpandEntityReferences(boolean)"));
    private static final String DISALLOW_DOCTYPE_DECLARATIONS = "http://apache.org/xml/features/disallow-doctype-decl";
    private static final String DISABLE_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
    private static final String DISABLE_PARAMETER_ENTITIES = "http://xml.org/sax/features/external-parameter-entities";
    private static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
    private static final List<String> DISALLOWED_DTD_FEATURES = Arrays.asList(DISALLOW_DOCTYPE_DECLARATIONS, DISABLE_GENERAL_ENTITIES, DISABLE_PARAMETER_ENTITIES, LOAD_EXTERNAL_DTD);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openrewrite/java/security/xml/DocumentBuilderFactoryFixVisitor$DBFArgumentsSpec.class */
    public static final class DBFArgumentsSpec extends DataFlowSpec {
        private DBFArgumentsSpec() {
        }

        public boolean isSource(DataFlowNode dataFlowNode) {
            return DocumentBuilderFactoryFixVisitor.findFeatureName(dataFlowNode).isSome();
        }

        public boolean isSink(DataFlowNode dataFlowNode) {
            return DocumentBuilderFactoryFixVisitor.DBF_PARSER_SET_FEATURE.advanced().isFirstParameter(dataFlowNode.getCursor());
        }
    }

    DocumentBuilderFactoryFixVisitor(ExternalDTDAccumulator externalDTDAccumulator) {
        super(DBF_NEW_INSTANCE, DBF_FQN, DBF_INITIALIZATION_METHOD, DBF_VARIABLE_NAME, externalDTDAccumulator);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Option<String> findFeatureName(DataFlowNode dataFlowNode) {
        return dataFlowNode.asExpr(VarAccess.class).map((v0) -> {
            return v0.getVariable();
        }).map((v0) -> {
            return v0.getAssignedValues();
        }).bind(collection -> {
            if (collection.size() > 1) {
                return Option.none();
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Literal literal = (Expr) it.next();
                if (literal instanceof Literal) {
                    Literal literal2 = literal;
                    if (DISALLOWED_DTD_FEATURES.contains(literal2.getValue().orSome(""))) {
                        Option value = literal2.getValue();
                        Class<String> cls = String.class;
                        Objects.requireNonNull(String.class);
                        return value.map(cls::cast);
                    }
                }
            }
            return Option.none();
        }).orElse(() -> {
            Option bind = dataFlowNode.asExprParent(Literal.class).bind((v0) -> {
                return v0.getValue();
            });
            List<String> list = DISALLOWED_DTD_FEATURES;
            Objects.requireNonNull(list);
            Option filter = bind.filter(list::contains);
            Class<String> cls = String.class;
            Objects.requireNonNull(String.class);
            return filter.map(cls::cast);
        });
    }

    public Expression visitExpression(Expression expression, P p) {
        Dataflow.startingAt(getCursor()).findSinks(new DBFArgumentsSpec()).forEach(sinkFlowSummary -> {
            Option bind = DataFlowNode.of(getCursor()).bind(dataFlowNode -> {
                return findFeatureName(dataFlowNode);
            });
            sinkFlowSummary.getSinkCursors().forEach(cursor -> {
                String str = (String) bind.some();
                Class<J.Block> cls = J.Block.class;
                Objects.requireNonNull(J.Block.class);
                addMessage(str, cursor.dropParentUntil(cls::isInstance));
            });
        });
        return super.visitExpression(expression, (Object) p);
    }

    @Override // org.openrewrite.java.security.xml.XmlFactoryVisitor
    public J.MethodInvocation visitMethodInvocation(J.MethodInvocation methodInvocation, P p) {
        J.MethodInvocation visitMethodInvocation = super.visitMethodInvocation(methodInvocation, (J.MethodInvocation) p);
        if (DBF_PARSER_SET_X_INCLUDE_AWARE.matches(visitMethodInvocation)) {
            addMessage(SET_X_INCLUDE_AWARE_PROPERTY_NAME);
        } else if (DBF_PARSER_SET_EXPAND_ENTITY_REFERENCES.matches(visitMethodInvocation)) {
            addMessage(SET_EXPAND_ENTITY_REFERENCES_PROPERTY_NAME);
        }
        return visitMethodInvocation;
    }

    public J.Block visitBlock(J.Block block, P p) {
        if (J.Block.isInitBlock(getCursor())) {
            addMessage(DBF_INITIALIZATION_METHOD);
        }
        return super.visitBlock(block, (Object) p);
    }

    public J.ClassDeclaration visitClassDeclaration(J.ClassDeclaration classDeclaration, P p) {
        J.ClassDeclaration visitClassDeclaration = super.visitClassDeclaration(classDeclaration, (Object) p);
        for (int i = 1; i <= getCount(); i++) {
            Cursor cursor = (Cursor) getCursor().getMessage(DBF_INITIALIZATION_METHOD + i);
            XmlFactoryVariable xmlFactoryVariable = (XmlFactoryVariable) getCursor().getMessage(DBF_VARIABLE_NAME + i);
            Cursor cursor2 = (Cursor) getCursor().getMessage(DISALLOW_DOCTYPE_DECLARATIONS + i);
            Cursor cursor3 = (Cursor) getCursor().getMessage(DISABLE_GENERAL_ENTITIES + i);
            Cursor cursor4 = (Cursor) getCursor().getMessage(DISABLE_PARAMETER_ENTITIES + i);
            Cursor cursor5 = (Cursor) getCursor().getMessage(LOAD_EXTERNAL_DTD + i);
            Cursor cursor6 = (Cursor) getCursor().getMessage(SET_X_INCLUDE_AWARE_PROPERTY_NAME + i);
            Cursor cursor7 = (Cursor) getCursor().getMessage(SET_EXPAND_ENTITY_REFERENCES_PROPERTY_NAME + i);
            Cursor cursor8 = null;
            if (cursor2 == null) {
                cursor8 = cursor;
            } else if (cursor2 != null) {
                cursor8 = cursor2;
            }
            if (cursor8 != null && xmlFactoryVariable != null) {
                doAfterVisit(new DBFInsertPropertyStatementVisitor((J.Block) cursor8.getValue(), xmlFactoryVariable, getAcc().getExternalDTDs().isEmpty(), cursor2 == null, cursor3 == null, cursor4 == null, cursor5 == null, cursor6 == null, cursor7 == null));
            }
        }
        return visitClassDeclaration;
    }

    public static TreeVisitor<?, ExecutionContext> create(ExternalDTDAccumulator externalDTDAccumulator) {
        return Preconditions.check(new UsesType(DBF_FQN, true), new DocumentBuilderFactoryFixVisitor(externalDTDAccumulator));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.openrewrite.java.security.xml.XmlFactoryVisitor
    /* renamed from: visitMethodInvocation, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ J mo67visitMethodInvocation(J.MethodInvocation methodInvocation, Object obj) {
        return visitMethodInvocation(methodInvocation, (J.MethodInvocation) obj);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: visitClassDeclaration, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ J m68visitClassDeclaration(J.ClassDeclaration classDeclaration, Object obj) {
        return visitClassDeclaration(classDeclaration, (J.ClassDeclaration) obj);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: visitBlock, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ J m69visitBlock(J.Block block, Object obj) {
        return visitBlock(block, (J.Block) obj);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: visitExpression, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ J m70visitExpression(Expression expression, Object obj) {
        return visitExpression(expression, (Expression) obj);
    }
}
