package org.sonar.iac.terraform.checks.azure;

import java.util.List;
import javax.annotation.Nullable;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.terraform.api.tree.BlockTree;
import org.sonar.iac.terraform.checks.AbstractNewResourceCheck;
import org.sonar.iac.terraform.checks.AbstractResourceCheck;
import org.sonar.iac.terraform.checks.ClearTextProtocolsCheck;
import org.sonar.iac.terraform.checks.utils.ExpressionPredicate;
import org.sonar.iac.terraform.symbols.BlockSymbol;

/* loaded from: input_file:org/sonar/iac/terraform/checks/azure/AzureClearTextProtocolsCheckPart.class */
public class AzureClearTextProtocolsCheckPart extends AbstractNewResourceCheck {
    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    public void initialize(InitContext initContext) {
        initContext.register(BlockTree.class, this::checkStorageAccountDataSource);
        super.initialize(initContext);
    }

    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    protected void registerResourceConsumer() {
        register(List.of("azurerm_spring_cloud_app", "azurerm_function_app", "azurerm_function_app_slot", "azurerm_app_service"), resourceSymbol -> {
            resourceSymbol.attribute("https_only").reportIf(ExpressionPredicate.isFalse(), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]).reportIfAbsent2(ClearTextProtocolsCheck.MESSAGE_OMITTING, new SecondaryLocation[0]);
        });
        register("azurerm_app_service", resourceSymbol2 -> {
            resourceSymbol2.block("site_config").attribute("ftps_state").reportIf(ExpressionPredicate.equalTo("AllAllowed"), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]);
        });
        register("azurerm_cdn_endpoint", resourceSymbol3 -> {
            resourceSymbol3.attribute("is_http_allowed").reportIf(ExpressionPredicate.isTrue(), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]).reportIfAbsent2(ClearTextProtocolsCheck.MESSAGE_OMITTING, new SecondaryLocation[0]);
        });
        register("azurerm_redis_enterprise_database", resourceSymbol4 -> {
            resourceSymbol4.attribute("client_protocol").reportIf(ExpressionPredicate.equalTo("PLAINTEXT"), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]);
        });
        register(List.of("azurerm_mysql_server", "azurerm_postgresql_server"), resourceSymbol5 -> {
            resourceSymbol5.attribute("ssl_enforcement_enabled").reportIf(ExpressionPredicate.isFalse(), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]);
        });
        register("azurerm_storage_account", resourceSymbol6 -> {
            resourceSymbol6.attribute("enable_https_traffic_only").reportIf(ExpressionPredicate.isFalse(), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]);
        });
        register("azurerm_api_management_api", resourceSymbol7 -> {
            resourceSymbol7.list("protocols").reportItemIf(ExpressionPredicate.equalTo("http"), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]);
        });
    }

    private void checkStorageAccountDataSource(CheckContext checkContext, BlockTree blockTree) {
        if ("azurerm_storage_account_blob_container_sas".equals(getDataSourceType(blockTree))) {
            BlockSymbol.fromPresent(checkContext, blockTree, null).attribute("https_only").reportIf(ExpressionPredicate.isFalse(), ClearTextProtocolsCheck.MESSAGE_CLEAR_TEXT, new SecondaryLocation[0]);
        }
    }

    @Nullable
    private static String getDataSourceType(BlockTree blockTree) {
        if ("data".equals(blockTree.mo4key().value())) {
            return AbstractResourceCheck.getResourceType(blockTree);
        }
        return null;
    }
}
