package org.sonar.java.checks.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonar.java.Preconditions;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S2053")
/* loaded from: input_file:WEB-INF/lib/sonar-java-plugin-7.23.0.32023.jar:org/sonar/java/checks/security/UnpredictableSaltCheck.class */
public class UnpredictableSaltCheck extends IssuableSubscriptionVisitor {
    private static final String UNPREDICTABLE_SALT = "Make this salt unpredictable.";
    private static final String BYTE_ARRAY = "byte[]";
    private static final MethodMatchers NEW_PBE_KEY_SPEC = MethodMatchers.create().ofSubTypes("javax.crypto.spec.PBEKeySpec").constructor().addParametersMatcher("char[]", BYTE_ARRAY, SchemaSymbols.ATTVAL_INT, SchemaSymbols.ATTVAL_INT).addParametersMatcher("char[]", BYTE_ARRAY, SchemaSymbols.ATTVAL_INT).build();
    private static final MethodMatchers NEW_PBE_PARAM_SPEC = MethodMatchers.create().ofSubTypes("javax.crypto.spec.PBEParameterSpec").constructor().addParametersMatcher(BYTE_ARRAY, SchemaSymbols.ATTVAL_INT).addParametersMatcher(BYTE_ARRAY, SchemaSymbols.ATTVAL_INT, "java.security.spec.AlgorithmParameterSpec").build();
    private static final MethodMatchers GET_BYTES = MethodMatchers.create().ofTypes("java.lang.String").names("getBytes").withAnyParameters().build();

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Collections.singletonList(Tree.Kind.NEW_CLASS);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        NewClassTree newClassTree = (NewClassTree) tree;
        saltExpression((NewClassTree) tree).map(ExpressionUtils::skipParentheses).ifPresent(expressionTree -> {
            ArrayList arrayList = new ArrayList();
            if (isPredictable(expressionTree, arrayList)) {
                reportIssue(newClassTree, UNPREDICTABLE_SALT, arrayList, null);
            }
        });
    }

    private static Optional<ExpressionTree> saltExpression(NewClassTree newClassTree) {
        return NEW_PBE_KEY_SPEC.matches(newClassTree) ? Optional.of((ExpressionTree) newClassTree.arguments().get(1)) : NEW_PBE_PARAM_SPEC.matches(newClassTree) ? Optional.of((ExpressionTree) newClassTree.arguments().get(0)) : Optional.empty();
    }

    private static boolean isPredictable(ExpressionTree expressionTree, List<JavaFileScannerContext.Location> list) {
        return (expressionTree.is(Tree.Kind.METHOD_INVOCATION) && isInitializedWithGetBytes((MethodInvocationTree) expressionTree)) || (expressionTree.is(Tree.Kind.IDENTIFIER) && isInitializedWithLiteral((IdentifierTree) expressionTree, list));
    }

    private static boolean isInitializedWithLiteral(IdentifierTree identifierTree, List<JavaFileScannerContext.Location> list) {
        Optional filter = Optional.ofNullable(ExpressionsHelper.getSingleWriteUsage(identifierTree.symbol())).filter(expressionTree -> {
            return expressionTree.is(Tree.Kind.METHOD_INVOCATION);
        });
        Class<MethodInvocationTree> cls = MethodInvocationTree.class;
        Objects.requireNonNull(MethodInvocationTree.class);
        return ((Boolean) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(methodInvocationTree -> {
            list.add(new JavaFileScannerContext.Location("Salt initialized with a constant.", methodInvocationTree));
            return Boolean.valueOf(isInitializedWithGetBytes(methodInvocationTree));
        }).orElse(false)).booleanValue();
    }

    private static boolean isInitializedWithGetBytes(MethodInvocationTree methodInvocationTree) {
        if (!GET_BYTES.matches(methodInvocationTree)) {
            return false;
        }
        ExpressionTree methodSelect = methodInvocationTree.methodSelect();
        Preconditions.checkState(methodSelect.is(Tree.Kind.MEMBER_SELECT), "'getBytes' method invocation should have a MEMBER_SELECT kind as expression.");
        return ((MemberSelectExpressionTree) methodSelect).expression().asConstant().isPresent();
    }
}
