package org.sonar.java.checks;

import com.google.common.collect.ImmutableList;
import java.util.List;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.ClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;

@SqaleSubCharacteristic("SECURITY_FEATURES")
@Rule(key = "S2257", name = "Only standard cryptographic algorithms should be used", tags = {"cwe", "owasp-top10", "sans-top25", "security"}, priority = Priority.BLOCKER)
@SqaleConstantRemediation("1d")
/* loaded from: input_file:org/sonar/java/checks/CustomCryptographicAlgorithmCheck.class */
public class CustomCryptographicAlgorithmCheck extends SubscriptionBaseVisitor {
    private static final String MESSAGE_DIGEST_QUALIFIED_NAME = "java.security.MessageDigest";

    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.CLASS);
    }

    public void visitNode(Tree tree) {
        if (hasSemantic() && isJavaSecurityMessageDigestSubClass((ClassTree) tree)) {
            addIssue(tree, "Use a standard algorithm instead of creating a custom one.");
        }
    }

    private boolean isJavaSecurityMessageDigestSubClass(ClassTree classTree) {
        Symbol.TypeSymbol symbol = classTree.symbol();
        return (symbol == null || symbol.type().is(MESSAGE_DIGEST_QUALIFIED_NAME) || !symbol.type().isSubtypeOf(MESSAGE_DIGEST_QUALIFIED_NAME)) ? false : true;
    }
}
