package org.sonar.iac.terraform.checks.aws;

import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.common.checks.PropertyUtils;
import org.sonar.iac.terraform.api.tree.AttributeTree;
import org.sonar.iac.terraform.api.tree.BlockTree;
import org.sonar.iac.terraform.checks.AbstractResourceCheck;
import org.sonar.iac.terraform.checks.WeakSSLProtocolCheck;

/* loaded from: input_file:org/sonar/iac/terraform/checks/aws/AwsWeakSSLProtocolCheckPart.class */
public class AwsWeakSSLProtocolCheckPart extends AbstractResourceCheck {
    private static final String STRONG_SSL_PROTOCOL = "TLS_1_2";
    private static final String ELASTIC_STRONG_POLICY = "Policy-Min-TLS-1-2-2019-07";
    private static final String SECURITY_POLICY = "security_policy";

    @Override // org.sonar.iac.terraform.checks.AbstractResourceCheck
    protected void registerResourceChecks() {
        register(AwsWeakSSLProtocolCheckPart::checkApiGatewayDomainName, "aws_api_gateway_domain_name");
        register(AwsWeakSSLProtocolCheckPart::checkApiGatewayV2DomainName, "aws_apigatewayv2_domain_name");
        register(AwsWeakSSLProtocolCheckPart::checkElasticsearchDomain, "aws_elasticsearch_domain");
    }

    private static void checkApiGatewayDomainName(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, SECURITY_POLICY, AttributeTree.class).ifPresentOrElse(attributeTree -> {
            reportUnexpectedValue(checkContext, attributeTree, STRONG_SSL_PROTOCOL, WeakSSLProtocolCheck.WEAK_SSL_MESSAGE, new SecondaryLocation[0]);
        }, () -> {
            reportResource(checkContext, blockTree, String.format(WeakSSLProtocolCheck.OMITTING_WEAK_SSL_MESSAGE, SECURITY_POLICY));
        });
    }

    private static void checkApiGatewayV2DomainName(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, "domain_name_configuration", BlockTree.class).ifPresentOrElse(blockTree2 -> {
            checkDomainNameConfiguration(checkContext, blockTree2);
        }, () -> {
            reportResource(checkContext, blockTree, String.format(WeakSSLProtocolCheck.OMITTING_WEAK_SSL_MESSAGE, "domain_name_configuration.security_policy"));
        });
    }

    private static void checkElasticsearchDomain(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, "domain_endpoint_options", BlockTree.class).ifPresentOrElse(blockTree2 -> {
            checkDomainEndpointOptions(checkContext, blockTree2);
        }, () -> {
            reportResource(checkContext, blockTree, String.format(WeakSSLProtocolCheck.OMITTING_WEAK_SSL_MESSAGE, "domain_endpoint_options.tls_security_policy"));
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkDomainNameConfiguration(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, SECURITY_POLICY, AttributeTree.class).ifPresentOrElse(attributeTree -> {
            reportUnexpectedValue(checkContext, attributeTree, STRONG_SSL_PROTOCOL, WeakSSLProtocolCheck.WEAK_SSL_MESSAGE, new SecondaryLocation[0]);
        }, () -> {
            checkContext.reportIssue(blockTree.mo4key(), String.format(WeakSSLProtocolCheck.OMITTING_WEAK_SSL_MESSAGE, SECURITY_POLICY));
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkDomainEndpointOptions(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, "tls_security_policy", AttributeTree.class).ifPresentOrElse(attributeTree -> {
            reportUnexpectedValue(checkContext, attributeTree, ELASTIC_STRONG_POLICY, WeakSSLProtocolCheck.WEAK_SSL_MESSAGE, new SecondaryLocation[0]);
        }, () -> {
            checkContext.reportIssue(blockTree.mo4key(), String.format(WeakSSLProtocolCheck.OMITTING_WEAK_SSL_MESSAGE, "tls_security_policy"));
        });
    }
}
