package org.sonar.java.checks;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.checks.methods.MethodInvocationMatcher;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;
import org.sonar.squidbridge.annotations.Tags;

@SqaleSubCharacteristic("SECURITY_FEATURES")
@Rule(key = "S2070", name = "SHA-1 and Message-Digest hash algorithms should not be used", tags = {Tags.CWE, Tags.OWASP_TOP10, "sans-top25", Tags.SECURITY}, priority = Priority.CRITICAL)
@SqaleConstantRemediation("30min")
/* loaded from: input_file:META-INF/lib/java-checks-3.0.jar:org/sonar/java/checks/DeprecatedHashAlgorithmCheck.class */
public class DeprecatedHashAlgorithmCheck extends AbstractMethodDetection {
    private static final String MD5 = "MD5";
    private static final String SHA1 = "SHA-1";
    private static final Map<String, String> ALGORITHM_BY_METHOD_NAME = ImmutableMap.builder().put("getMd5Digest", MD5).put("getShaDigest", SHA1).put("getSha1Digest", SHA1).put("md5", MD5).put("md5Hex", MD5).put("sha1", SHA1).put("sha1Hex", SHA1).put("sha", SHA1).put("shaHex", SHA1).build();

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected List<MethodInvocationMatcher> getMethodInvocationMatchers() {
        ImmutableList.Builder add = ImmutableList.builder().add(MethodInvocationMatcher.create().typeDefinition("java.security.MessageDigest").name("getInstance").addParameter("java.lang.String")).add(MethodInvocationMatcher.create().typeDefinition("org.apache.commons.codec.digest.DigestUtils").name("getDigest").addParameter("java.lang.String"));
        Iterator<String> it = ALGORITHM_BY_METHOD_NAME.keySet().iterator();
        while (it.hasNext()) {
            add.add(MethodInvocationMatcher.create().typeDefinition("org.apache.commons.codec.digest.DigestUtils").name(it.next()).withNoParameterConstraint());
        }
        Iterator it2 = ImmutableList.of("md5", "sha1").iterator();
        while (it2.hasNext()) {
            add.add(MethodInvocationMatcher.create().typeDefinition("com.google.common.hash.Hashing").name((String) it2.next()));
        }
        return add.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodFound(MethodInvocationTree methodInvocationTree) {
        String str = ALGORITHM_BY_METHOD_NAME.get(methodName(methodInvocationTree));
        if (str == null) {
            str = algorithm(methodInvocationTree.arguments().get(0));
        }
        if (MD5.equals(str) || SHA1.equals(str)) {
            addIssue(methodInvocationTree, "Use a stronger encryption algorithm than " + str + ".");
        }
    }

    private String methodName(MethodInvocationTree methodInvocationTree) {
        String str = null;
        ExpressionTree methodSelect = methodInvocationTree.methodSelect();
        if (methodSelect.is(Tree.Kind.MEMBER_SELECT)) {
            str = ((MemberSelectExpressionTree) methodSelect).identifier().name();
        } else if (methodSelect.is(Tree.Kind.IDENTIFIER)) {
            str = ((IdentifierTree) methodSelect).name();
        }
        return str;
    }

    private String algorithm(ExpressionTree expressionTree) {
        if (!expressionTree.is(Tree.Kind.STRING_LITERAL)) {
            return null;
        }
        String value = ((LiteralTree) expressionTree).value();
        return value.substring(1, value.length() - 1);
    }
}
