package org.sonar.java.checks;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.sonar.java.checks.helpers.JavaPropertiesHelper;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.collections.MapBuilder;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;

/* loaded from: input_file:org/sonar/java/checks/AbstractHashAlgorithmChecker.class */
public abstract class AbstractHashAlgorithmChecker extends AbstractMethodDetection {
    public static final String GET_INSTANCE = "getInstance";
    public static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String CONSTRUCTOR = "<init>";
    protected static final Map<String, InsecureAlgorithm> ALGORITHM_BY_METHOD_NAME = MapBuilder.newMap().put("getMd2Digest", InsecureAlgorithm.MD2).put("getMd5Digest", InsecureAlgorithm.MD5).put("getShaDigest", InsecureAlgorithm.SHA1).put("getSha1Digest", InsecureAlgorithm.SHA1).put("md2", InsecureAlgorithm.MD2).put("md2Hex", InsecureAlgorithm.MD2).put("md5", InsecureAlgorithm.MD5).put("md5Hex", InsecureAlgorithm.MD5).put("sha1", InsecureAlgorithm.SHA1).put("sha1Hex", InsecureAlgorithm.SHA1).put("sha", InsecureAlgorithm.SHA1).put("shaHex", InsecureAlgorithm.SHA1).put("md5Digest", InsecureAlgorithm.MD5).put("md5DigestAsHex", InsecureAlgorithm.MD5).put("appendMd5DigestAsHex", InsecureAlgorithm.MD5).build();
    private static final String[] CRYPTO_APIS = {"java.security.AlgorithmParameters", "java.security.AlgorithmParameterGenerator", "java.security.MessageDigest", "java.security.KeyFactory", "java.security.KeyPairGenerator", "java.security.Signature", "javax.crypto.Mac", "javax.crypto.KeyGenerator"};

    /* loaded from: input_file:org/sonar/java/checks/AbstractHashAlgorithmChecker$DeprecatedSpringPasswordEncoder.class */
    public enum DeprecatedSpringPasswordEncoder {
        MD5("org.springframework.security.authentication.encoding.Md5PasswordEncoder", AbstractHashAlgorithmChecker.CONSTRUCTOR),
        SHA("org.springframework.security.authentication.encoding.ShaPasswordEncoder", AbstractHashAlgorithmChecker.CONSTRUCTOR),
        LDAP("org.springframework.security.crypto.password.LdapShaPasswordEncoder", AbstractHashAlgorithmChecker.CONSTRUCTOR),
        MD4("org.springframework.security.crypto.password.Md4PasswordEncoder", AbstractHashAlgorithmChecker.CONSTRUCTOR),
        MESSAGE_DIGEST("org.springframework.security.crypto.password.MessageDigestPasswordEncoder", AbstractHashAlgorithmChecker.CONSTRUCTOR),
        STANDARD("org.springframework.security.crypto.password.StandardPasswordEncoder", AbstractHashAlgorithmChecker.CONSTRUCTOR),
        NO_OP("org.springframework.security.crypto.password.NoOpPasswordEncoder", AbstractHashAlgorithmChecker.GET_INSTANCE);

        public final String classFqn;
        public final String methodName;
        public final String className;

        DeprecatedSpringPasswordEncoder(String str, String str2) {
            this.classFqn = str;
            this.methodName = str2;
            String[] split = str.split("\\.");
            this.className = split[split.length - 1];
        }
    }

    /* loaded from: input_file:org/sonar/java/checks/AbstractHashAlgorithmChecker$InsecureAlgorithm.class */
    public enum InsecureAlgorithm {
        MD2,
        MD4,
        MD5,
        MD6,
        RIPEMD,
        HAVAL128 { // from class: org.sonar.java.checks.AbstractHashAlgorithmChecker.InsecureAlgorithm.1
            @Override // java.lang.Enum
            public String toString() {
                return "HAVAL-128";
            }
        },
        SHA1 { // from class: org.sonar.java.checks.AbstractHashAlgorithmChecker.InsecureAlgorithm.2
            @Override // java.lang.Enum
            public String toString() {
                return "SHA-1";
            }
        },
        DSA { // from class: org.sonar.java.checks.AbstractHashAlgorithmChecker.InsecureAlgorithm.3
            @Override // org.sonar.java.checks.AbstractHashAlgorithmChecker.InsecureAlgorithm
            public boolean match(String str) {
                return "DSA".equals(str);
            }
        };

        public boolean match(String str) {
            return str.replace("-", "").toLowerCase(Locale.ENGLISH).contains(name().toLowerCase(Locale.ENGLISH));
        }
    }

    protected abstract Optional<String> getMessageForClass(String str);

    protected abstract String getMessageForAlgorithm(String str);

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected MethodMatchers getMethodInvocationMatchers() {
        return getWeakHashMethodInvocationMatchers();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        IdentifierTree methodName = ExpressionUtils.methodName(methodInvocationTree);
        Optional<String> messageForClass = getMessageForClass(methodName.symbol().owner().type().fullyQualifiedName());
        if (messageForClass.isPresent()) {
            reportIssue(methodName, messageForClass.get());
            return;
        }
        InsecureAlgorithm insecureAlgorithm = ALGORITHM_BY_METHOD_NAME.get(methodName.name());
        if (insecureAlgorithm == null) {
            insecureAlgorithm = algorithm((ExpressionTree) methodInvocationTree.arguments().get(0)).orElse(null);
        }
        if (insecureAlgorithm != null) {
            reportIssue(methodName, getMessageForAlgorithm(insecureAlgorithm.toString()));
        }
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected void onConstructorFound(NewClassTree newClassTree) {
        getMessageForClass(newClassTree.identifier().symbolType().fullyQualifiedName()).ifPresent(str -> {
            reportIssue(newClassTree.identifier(), str);
        });
    }

    private static MethodMatchers getWeakHashMethodInvocationMatchers() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MethodMatchers.create().ofTypes(new String[]{"org.apache.commons.codec.digest.DigestUtils"}).names(new String[]{"getDigest"}).addParametersMatcher(new String[]{"java.lang.String"}).build());
        MethodMatchers.NameBuilder ofTypes = MethodMatchers.create().ofTypes(new String[]{"org.apache.commons.codec.digest.DigestUtils"});
        Map<String, InsecureAlgorithm> map = ALGORITHM_BY_METHOD_NAME;
        Objects.requireNonNull(map);
        arrayList.add(ofTypes.name((v1) -> {
            return r2.containsKey(v1);
        }).withAnyParameters().build());
        arrayList.add(MethodMatchers.create().ofTypes(CRYPTO_APIS).names(new String[]{GET_INSTANCE}).addParametersMatcher(new String[]{"java.lang.String"}).addParametersMatcher(new String[]{"java.lang.String", "*"}).build());
        arrayList.add(MethodMatchers.create().ofTypes(new String[]{"org.springframework.util.DigestUtils"}).names(new String[]{"appendMd5DigestAsHex", "md5Digest", "md5DigestAsHex"}).withAnyParameters().build());
        for (DeprecatedSpringPasswordEncoder deprecatedSpringPasswordEncoder : DeprecatedSpringPasswordEncoder.values()) {
            arrayList.add(MethodMatchers.create().ofTypes(new String[]{deprecatedSpringPasswordEncoder.classFqn}).names(new String[]{deprecatedSpringPasswordEncoder.methodName}).withAnyParameters().build());
        }
        arrayList.add(MethodMatchers.create().ofTypes(new String[]{"com.google.common.hash.Hashing"}).names(new String[]{"md5", "sha1"}).addWithoutParametersMatcher().build());
        return MethodMatchers.or(arrayList);
    }

    private static Optional<InsecureAlgorithm> algorithm(ExpressionTree expressionTree) {
        ExpressionTree expressionTree2 = expressionTree;
        ExpressionTree retrievedPropertyDefaultValue = JavaPropertiesHelper.retrievedPropertyDefaultValue(expressionTree);
        if (retrievedPropertyDefaultValue != null) {
            expressionTree2 = retrievedPropertyDefaultValue;
        }
        Optional asConstant = expressionTree2.asConstant(String.class);
        if (!asConstant.isPresent()) {
            return Optional.empty();
        }
        String str = (String) asConstant.get();
        return Arrays.stream(InsecureAlgorithm.values()).filter(insecureAlgorithm -> {
            return insecureAlgorithm.match(str);
        }).findFirst();
    }
}
