package org.sonar.java.se.checks;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Predicate;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.java.annotations.VisibleForTesting;
import org.sonar.java.se.CheckerContext;
import org.sonar.java.se.FlowComputation;
import org.sonar.java.se.ProgramState;
import org.sonar.java.se.constraint.BooleanConstraint;
import org.sonar.java.se.constraint.Constraint;
import org.sonar.java.se.constraint.ConstraintManager;
import org.sonar.java.se.symbolicvalues.SymbolicValue;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S6377")
/* loaded from: input_file:org/sonar/java/se/checks/XmlValidatedSignatureCheck.class */
public class XmlValidatedSignatureCheck extends SECheck {
    private static final String JAVAX_XML_CRYPTO_VALIDATE_CONTEXT = "javax.xml.crypto.dsig.XMLValidateContext";
    private static final MethodMatchers DOM_VALIDATE_CONTEXT_CONSTRUCTOR = MethodMatchers.create().ofSubTypes(new String[]{JAVAX_XML_CRYPTO_VALIDATE_CONTEXT}).constructor().withAnyParameters().build();
    private static final MethodMatchers SET_PROPERTY = MethodMatchers.create().ofSubTypes(new String[]{JAVAX_XML_CRYPTO_VALIDATE_CONTEXT}).names(new String[]{"setProperty"}).addParametersMatcher(new String[]{"java.lang.String", "java.lang.Object"}).build();
    private static final MethodMatchers XML_SIGNATURE_VALIDATE = MethodMatchers.create().ofAnyType().names(new String[]{"validate"}).addParametersMatcher(new String[]{JAVAX_XML_CRYPTO_VALIDATE_CONTEXT}).build();
    private static final List<Class<? extends Constraint>> DOMAINS = Collections.singletonList(DomSecureValidation.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/java/se/checks/XmlValidatedSignatureCheck$DomSecureValidation.class */
    public enum DomSecureValidation implements Constraint {
        DISABLED,
        EXPLICITLY_DISABLED;

        private static final Predicate<Constraint> IS_EXPLICITLY_DISABLED = constraint -> {
            return constraint == EXPLICITLY_DISABLED;
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:org/sonar/java/se/checks/XmlValidatedSignatureCheck$DomValidateContextSymbolicValue.class */
    public static class DomValidateContextSymbolicValue extends SymbolicValue {
        private final Tree init;
        private boolean isField = false;

        DomValidateContextSymbolicValue(Tree tree) {
            this.init = tree;
        }

        @Override // org.sonar.java.se.symbolicvalues.SymbolicValue
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            DomValidateContextSymbolicValue domValidateContextSymbolicValue = (DomValidateContextSymbolicValue) obj;
            return this.isField == domValidateContextSymbolicValue.isField && this.init.equals(domValidateContextSymbolicValue.init);
        }

        @Override // org.sonar.java.se.symbolicvalues.SymbolicValue
        public int hashCode() {
            return Objects.hash(Integer.valueOf(super.hashCode()), this.init, Boolean.valueOf(this.isField));
        }

        public void setField(boolean z) {
            this.isField = z;
        }
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XmlValidatedSignatureCheck$PostStatementVisitor.class */
    private static class PostStatementVisitor extends CheckerTreeNodeVisitor {
        private PostStatementVisitor(CheckerContext checkerContext) {
            super(checkerContext.getState());
        }

        public void visitNewClass(NewClassTree newClassTree) {
            if (XmlValidatedSignatureCheck.DOM_VALIDATE_CONTEXT_CONSTRUCTOR.matches(newClassTree)) {
                this.programState = this.programState.addConstraint(this.programState.peekValue(0), DomSecureValidation.DISABLED);
            }
        }

        public void visitAssignmentExpression(AssignmentExpressionTree assignmentExpressionTree) {
            ProgramState.SymbolicValueSymbol peekValueSymbol = this.programState.peekValueSymbol();
            Symbol symbol = peekValueSymbol.symbol();
            SymbolicValue symbolicValue = peekValueSymbol.symbolicValue();
            if (symbol == null || !(symbolicValue instanceof DomValidateContextSymbolicValue)) {
                return;
            }
            ((DomValidateContextSymbolicValue) symbolicValue).setField(ProgramState.isField(symbol));
        }
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XmlValidatedSignatureCheck$PreStatementVisitor.class */
    private class PreStatementVisitor extends CheckerTreeNodeVisitor {
        private static final String SECURE_VALIDATION_PROPERTY = "org.jcp.xml.dsig.secureValidation";
        private final CheckerContext context;

        private PreStatementVisitor(CheckerContext checkerContext) {
            super(checkerContext.getState());
            this.context = checkerContext;
        }

        public void visitNewClass(NewClassTree newClassTree) {
            if (XmlValidatedSignatureCheck.DOM_VALIDATE_CONTEXT_CONSTRUCTOR.matches(newClassTree)) {
                this.context.getConstraintManager().setValueFactory(() -> {
                    return new DomValidateContextSymbolicValue(newClassTree.identifier());
                });
            }
        }

        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            if (!XmlValidatedSignatureCheck.SET_PROPERTY.matches(methodInvocationTree)) {
                if (XmlValidatedSignatureCheck.XML_SIGNATURE_VALIDATE.matches(methodInvocationTree)) {
                    XmlValidatedSignatureCheck.this.reportIfNotSecured(this.context, this.programState, this.programState.peekValue(0));
                    return;
                }
                return;
            }
            Arguments arguments = methodInvocationTree.arguments();
            Optional asConstant = ((ExpressionTree) arguments.get(0)).asConstant(String.class);
            String str = SECURE_VALIDATION_PROPERTY;
            if (asConstant.filter(str::equalsIgnoreCase).isEmpty()) {
                return;
            }
            SymbolicValue peekValue = this.programState.peekValue(arguments.size());
            if (this.programState.getConstraint(this.programState.peekValue(0), BooleanConstraint.class) == BooleanConstraint.FALSE) {
                this.programState = this.programState.addConstraint(peekValue, DomSecureValidation.EXPLICITLY_DISABLED);
            } else {
                this.programState = this.programState.removeConstraintsOnDomain(peekValue, DomSecureValidation.class);
            }
        }
    }

    @Override // org.sonar.java.se.checks.SECheck
    public ProgramState checkPostStatement(CheckerContext checkerContext, Tree tree) {
        PostStatementVisitor postStatementVisitor = new PostStatementVisitor(checkerContext);
        tree.accept(postStatementVisitor);
        return postStatementVisitor.programState;
    }

    @Override // org.sonar.java.se.checks.SECheck
    public ProgramState checkPreStatement(CheckerContext checkerContext, Tree tree) {
        PreStatementVisitor preStatementVisitor = new PreStatementVisitor(checkerContext);
        tree.accept(preStatementVisitor);
        return preStatementVisitor.programState;
    }

    @Override // org.sonar.java.se.checks.SECheck
    public void checkEndOfExecutionPath(CheckerContext checkerContext, ConstraintManager constraintManager) {
        ProgramState state = checkerContext.getState();
        if (state.exitingOnRuntimeException()) {
            return;
        }
        reportIfNotSecured(checkerContext, state, state.peekValue());
    }

    private void reportIfNotSecured(CheckerContext checkerContext, ProgramState programState, @Nullable SymbolicValue symbolicValue) {
        if (symbolicValue instanceof DomValidateContextSymbolicValue) {
            DomValidateContextSymbolicValue domValidateContextSymbolicValue = (DomValidateContextSymbolicValue) symbolicValue;
            if (domValidateContextSymbolicValue.isField) {
                return;
            }
            Optional.ofNullable((DomSecureValidation) programState.getConstraint(domValidateContextSymbolicValue, DomSecureValidation.class)).map(domSecureValidation -> {
                return getIssueLocation(checkerContext, domValidateContextSymbolicValue, domSecureValidation);
            }).ifPresent(tree -> {
                checkerContext.reportIssue(tree, this, "Use the secure validation mode when validating this XML signature.");
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Tree getIssueLocation(CheckerContext checkerContext, DomValidateContextSymbolicValue domValidateContextSymbolicValue, DomSecureValidation domSecureValidation) {
        return domSecureValidation == DomSecureValidation.DISABLED ? domValidateContextSymbolicValue.init : (Tree) FlowComputation.flowWithoutExceptions(checkerContext.getNode(), domValidateContextSymbolicValue, DomSecureValidation.IS_EXPLICITLY_DISABLED, DOMAINS, 1).stream().findFirst().flatMap(flow -> {
            return flow.elements().stream().findFirst();
        }).map(location -> {
            return location.syntaxNode;
        }).orElse(domValidateContextSymbolicValue.init);
    }
}
