package org.sonar.iac.terraform.checks.gcp;

import java.util.List;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.common.checks.PropertyUtils;
import org.sonar.iac.terraform.api.tree.AttributeTree;
import org.sonar.iac.terraform.api.tree.ObjectElementTree;
import org.sonar.iac.terraform.api.tree.ObjectTree;
import org.sonar.iac.terraform.checks.AbstractNewResourceCheck;
import org.sonar.iac.terraform.checks.utils.ExpressionPredicate;
import org.sonar.iac.terraform.symbols.AttributeSymbol;
import org.sonar.iac.terraform.symbols.ResourceSymbol;

@Rule(key = "S6405")
/* loaded from: input_file:org/sonar/iac/terraform/checks/gcp/ComputeInstanceSshKeysCheck.class */
public class ComputeInstanceSshKeysCheck extends AbstractNewResourceCheck {
    private static final String MESSAGE = "Make sure that enabling project-wide SSH keys is safe here.";
    private static final String OMITTING_MESSAGE = "Omitting metadata.block-project-ssh-keys enables project-wide SSH keys. Make sure it is safe here.";

    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    protected void registerResourceConsumer() {
        register(List.of("google_compute_instance", "google_compute_instance_template"), resourceSymbol -> {
            checkMetadata(resourceSymbol, true);
        });
        register("google_compute_instance_from_template", resourceSymbol2 -> {
            checkMetadata(resourceSymbol2, false);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkMetadata(ResourceSymbol resourceSymbol, boolean z) {
        AttributeSymbol attribute = resourceSymbol.attribute("metadata");
        if (attribute.isAbsent()) {
            if (z) {
                attribute.reportIfAbsent(OMITTING_MESSAGE, new SecondaryLocation[0]);
            }
        } else if (((AttributeTree) attribute.tree).mo0value() instanceof ObjectTree) {
            PropertyUtils.get((ObjectTree) ((AttributeTree) attribute.tree).mo0value(), "block-project-ssh-keys", ObjectElementTree.class).ifPresentOrElse(objectElementTree -> {
                if (ExpressionPredicate.isFalse().test(objectElementTree.mo2value())) {
                    attribute.ctx.reportIssue(objectElementTree, MESSAGE);
                }
            }, () -> {
                if (z) {
                    attribute.ctx.reportIssue(((AttributeTree) attribute.tree).mo4key(), OMITTING_MESSAGE);
                }
            });
        }
    }
}
