package org.sonar.java.checks;

import java.util.Arrays;
import java.util.List;
import net.sf.cglib.core.Constants;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ConstantUtils;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.BinaryExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S2647")
/* loaded from: input_file:org/sonar/java/checks/BasicAuthCheck.class */
public class BasicAuthCheck extends AbstractMethodDetection {
    private static final String LANG_STRING = "java.lang.String";

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected List<MethodMatcher> getMethodInvocationMatchers() {
        return Arrays.asList(MethodMatcher.create().typeDefinition("org.apache.http.message.AbstractHttpMessage").name("setHeader").withAnyParameters(), MethodMatcher.create().typeDefinition("org.apache.http.message.AbstractHttpMessage").name("addHeader").addParameter(LANG_STRING).addParameter(LANG_STRING), MethodMatcher.create().typeDefinition("org.apache.http.message.BasicHeader").name(Constants.CONSTRUCTOR_NAME).addParameter(LANG_STRING).addParameter(LANG_STRING), MethodMatcher.create().typeDefinition("java.net.URLConnection").name("setRequestProperty").withAnyParameters(), MethodMatcher.create().typeDefinition("java.net.URLConnection").name("addRequestProperty").withAnyParameters());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        checkArguments(methodInvocationTree.arguments());
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected void onConstructorFound(NewClassTree newClassTree) {
        checkArguments(newClassTree.arguments());
    }

    private void checkArguments(Arguments arguments) {
        ExpressionTree mostLeft;
        String resolveAsStringConstant;
        if ("Authorization".equals(ConstantUtils.resolveAsStringConstant((ExpressionTree) arguments.get(0))) && (resolveAsStringConstant = ConstantUtils.resolveAsStringConstant((mostLeft = mostLeft((ExpressionTree) arguments.get(1))))) != null && resolveAsStringConstant.startsWith("Basic")) {
            reportIssue(mostLeft, "Use a more secure method than basic authentication.");
        }
    }

    private static ExpressionTree mostLeft(ExpressionTree expressionTree) {
        ExpressionTree skipParentheses = ExpressionUtils.skipParentheses(expressionTree);
        while (true) {
            ExpressionTree expressionTree2 = skipParentheses;
            if (!expressionTree2.is(Tree.Kind.PLUS)) {
                return expressionTree2;
            }
            skipParentheses = ExpressionUtils.skipParentheses(((BinaryExpressionTree) expressionTree2).leftOperand());
        }
    }
}
