package org.sonar.java.checks;

import com.google.common.collect.ImmutableList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import net.sf.cglib.core.Constants;
import org.sonar.check.Rule;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S2068")
/* loaded from: input_file:META-INF/lib/java-checks-4.8.0.9441.jar:org/sonar/java/checks/HardCodedCredentialsCheck.class */
public class HardCodedCredentialsCheck extends IssuableSubscriptionVisitor {
    private static final Pattern PASSWORD_LITERAL_PATTERN = Pattern.compile("(password|passwd|pwd)=\\S.", 2);
    private static final Pattern PASSWORD_VARIABLE_PATTERN = Pattern.compile("(password|passwd|pwd)", 2);
    private static final MethodMatcher PASSWORD_AUTHENTICATION_CONSTRUCTOR = MethodMatcher.create().typeDefinition("java.net.PasswordAuthentication").name(Constants.CONSTRUCTOR_NAME).addParameter("java.lang.String").addParameter("char[]");
    private static final MethodMatcher STRING_TO_CHAR_ARRAY = MethodMatcher.create().typeDefinition("java.lang.String").name("toCharArray").withoutParameter();

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.STRING_LITERAL, Tree.Kind.VARIABLE, Tree.Kind.ASSIGNMENT, Tree.Kind.NEW_CLASS, Tree.Kind.METHOD_INVOCATION);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        if (tree.is(Tree.Kind.STRING_LITERAL)) {
            handleStringLiteral((LiteralTree) tree);
            return;
        }
        if (tree.is(Tree.Kind.VARIABLE)) {
            handleVariable((VariableTree) tree);
            return;
        }
        if (tree.is(Tree.Kind.ASSIGNMENT)) {
            handleAssignement((AssignmentExpressionTree) tree);
        } else if (tree.is(Tree.Kind.NEW_CLASS)) {
            handleConstructor((NewClassTree) tree);
        } else {
            handleMethodInvocation((MethodInvocationTree) tree);
        }
    }

    private void handleStringLiteral(LiteralTree literalTree) {
        if (PASSWORD_LITERAL_PATTERN.matcher(literalTree.value()).find()) {
            reportIssue(literalTree);
        }
    }

    private void handleVariable(VariableTree variableTree) {
        IdentifierTree simpleName = variableTree.simpleName();
        if (isStringLiteral(variableTree.initializer()) && isPasswordVariableName(simpleName)) {
            reportIssue(simpleName);
        }
    }

    private void handleAssignement(AssignmentExpressionTree assignmentExpressionTree) {
        ExpressionTree variable = assignmentExpressionTree.variable();
        if (isStringLiteral(assignmentExpressionTree.expression()) && isPasswordVariable(variable)) {
            reportIssue(variable);
        }
    }

    private void handleConstructor(NewClassTree newClassTree) {
        if (PASSWORD_AUTHENTICATION_CONSTRUCTOR.matches(newClassTree)) {
            ExpressionTree expressionTree = (ExpressionTree) newClassTree.arguments().get(1);
            if (expressionTree.is(Tree.Kind.METHOD_INVOCATION)) {
                MethodInvocationTree methodInvocationTree = (MethodInvocationTree) expressionTree;
                if (isCallOnStringLiteral(methodInvocationTree.methodSelect()) && STRING_TO_CHAR_ARRAY.matches(methodInvocationTree)) {
                    reportIssue(expressionTree);
                }
            }
        }
    }

    private static boolean isCallOnStringLiteral(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.MEMBER_SELECT) && ((MemberSelectExpressionTree) expressionTree).expression().is(Tree.Kind.STRING_LITERAL);
    }

    private void handleMethodInvocation(MethodInvocationTree methodInvocationTree) {
        if (isSettingPassword(methodInvocationTree)) {
            reportIssue(methodInvocationTree.methodSelect());
        }
    }

    private static boolean isSettingPassword(MethodInvocationTree methodInvocationTree) {
        Arguments arguments = methodInvocationTree.arguments();
        return arguments.size() == 2 && argumentsAreLiterals(arguments) && isPassword((LiteralTree) arguments.get(0));
    }

    private static boolean isPassword(LiteralTree literalTree) {
        return literalTree.is(Tree.Kind.STRING_LITERAL) && PASSWORD_VARIABLE_PATTERN.matcher(LiteralUtils.trimQuotes(literalTree.value())).matches();
    }

    private static boolean argumentsAreLiterals(List<ExpressionTree> list) {
        Iterator<ExpressionTree> it = list.iterator();
        while (it.hasNext()) {
            if (!it.next().is(Tree.Kind.INT_LITERAL, Tree.Kind.LONG_LITERAL, Tree.Kind.FLOAT_LITERAL, Tree.Kind.DOUBLE_LITERAL, Tree.Kind.BOOLEAN_LITERAL, Tree.Kind.CHAR_LITERAL, Tree.Kind.STRING_LITERAL, Tree.Kind.NULL_LITERAL)) {
                return false;
            }
        }
        return true;
    }

    private static boolean isStringLiteral(@Nullable ExpressionTree expressionTree) {
        return expressionTree != null && expressionTree.is(Tree.Kind.STRING_LITERAL);
    }

    private static boolean isPasswordVariableName(IdentifierTree identifierTree) {
        return PASSWORD_VARIABLE_PATTERN.matcher(identifierTree.name()).find();
    }

    private static boolean isPasswordVariable(ExpressionTree expressionTree) {
        if (expressionTree.is(Tree.Kind.MEMBER_SELECT)) {
            return isPasswordVariableName(((MemberSelectExpressionTree) expressionTree).identifier());
        }
        if (expressionTree.is(Tree.Kind.IDENTIFIER)) {
            return isPasswordVariableName((IdentifierTree) expressionTree);
        }
        return false;
    }

    private void reportIssue(Tree tree) {
        reportIssue(tree, "Remove this hard-coded password.");
    }
}
