package org.sonar.java.checks;

import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import net.sf.cglib.core.Constants;
import org.apache.commons.lang.StringUtils;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.java.checks.helpers.ConstantUtils;
import org.sonar.java.checks.helpers.IdentifierUtils;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S2068")
/* loaded from: input_file:org/sonar/java/checks/HardCodedCredentialsCheck.class */
public class HardCodedCredentialsCheck extends IssuableSubscriptionVisitor {
    private static final String DEFAULT_CREDENTIAL_WORDS = "password,passwd,pwd,passphrase,java.naming.security.credentials";
    private static final int GET_CONNECTION_PASSWORD_ARGUMENT = 2;

    @RuleProperty(key = "credentialWords", description = "Comma separated list of words identifying potential credentials", defaultValue = DEFAULT_CREDENTIAL_WORDS)
    public String credentialWords = DEFAULT_CREDENTIAL_WORDS;
    private List<Pattern> variablePatterns = null;
    private List<Pattern> literalPatterns = null;
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final MethodMatcher PASSWORD_AUTHENTICATION_CONSTRUCTOR = MethodMatcher.create().typeDefinition("java.net.PasswordAuthentication").name(Constants.CONSTRUCTOR_NAME).addParameter(JAVA_LANG_STRING).addParameter("char[]");
    private static final MethodMatcher STRING_TO_CHAR_ARRAY = MethodMatcher.create().typeDefinition(JAVA_LANG_STRING).name("toCharArray").withoutParameter();
    private static final String JAVA_LANG_OBJECT = "java.lang.Object";
    private static final MethodMatcher EQUALS_MATCHER = MethodMatcher.create().name("equals").parameters(JAVA_LANG_OBJECT);
    private static final MethodMatcher GET_CONNECTION_MATCHER = MethodMatcher.create().typeDefinition("java.sql.DriverManager").name("getConnection").withAnyParameters();

    private Stream<Pattern> variablePatterns() {
        if (this.variablePatterns == null) {
            this.variablePatterns = toPatterns(StringUtils.EMPTY);
        }
        return this.variablePatterns.stream();
    }

    private Stream<Pattern> literalPatterns() {
        if (this.literalPatterns == null) {
            this.literalPatterns = toPatterns("=\\S.");
        }
        return this.literalPatterns.stream();
    }

    private List<Pattern> toPatterns(String str) {
        return (List) Stream.of((Object[]) this.credentialWords.split(",")).map((v0) -> {
            return v0.trim();
        }).map(str2 -> {
            return Pattern.compile("(" + str2 + ")" + str, 2);
        }).collect(Collectors.toList());
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.STRING_LITERAL, Tree.Kind.VARIABLE, Tree.Kind.ASSIGNMENT, Tree.Kind.NEW_CLASS, Tree.Kind.METHOD_INVOCATION);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        if (tree.is(Tree.Kind.STRING_LITERAL)) {
            handleStringLiteral((LiteralTree) tree);
            return;
        }
        if (tree.is(Tree.Kind.VARIABLE)) {
            handleVariable((VariableTree) tree);
            return;
        }
        if (tree.is(Tree.Kind.ASSIGNMENT)) {
            handleAssignment((AssignmentExpressionTree) tree);
        } else if (tree.is(Tree.Kind.NEW_CLASS)) {
            handleConstructor((NewClassTree) tree);
        } else {
            handleMethodInvocation((MethodInvocationTree) tree);
        }
    }

    private Optional<String> isSettingPassword(MethodInvocationTree methodInvocationTree) {
        Arguments arguments = methodInvocationTree.arguments();
        return (arguments.size() == 2 && isArgumentsSuperTypeOfString(arguments) && isNotEmptyString((ExpressionTree) arguments.get(1))) ? isPassword((ExpressionTree) arguments.get(0)) : Optional.empty();
    }

    private Optional<String> isPassword(ExpressionTree expressionTree) {
        String str = (String) IdentifierUtils.getValue(expressionTree, ConstantUtils::resolveAsStringConstant);
        return StringUtils.isEmpty(str) ? Optional.empty() : variablePatterns().map(pattern -> {
            return pattern.matcher(str);
        }).filter((v0) -> {
            return v0.matches();
        }).map(matcher -> {
            return matcher.group(1);
        }).findAny();
    }

    private Optional<String> isPasswordVariableName(IdentifierTree identifierTree) {
        String name = identifierTree.name();
        return variablePatterns().map(pattern -> {
            return pattern.matcher(name);
        }).filter((v0) -> {
            return v0.find();
        }).map(matcher -> {
            return matcher.group(1);
        }).findAny();
    }

    private Optional<String> isPasswordVariable(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.MEMBER_SELECT) ? isPasswordVariableName(((MemberSelectExpressionTree) expressionTree).identifier()) : expressionTree.is(Tree.Kind.IDENTIFIER) ? isPasswordVariableName((IdentifierTree) expressionTree) : Optional.empty();
    }

    private static boolean isCallOnStringLiteral(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.MEMBER_SELECT) && isNotEmptyString(((MemberSelectExpressionTree) expressionTree).expression());
    }

    private void handleStringLiteral(LiteralTree literalTree) {
        String trimQuotes = LiteralUtils.trimQuotes(literalTree.value());
        literalPatterns().map(pattern -> {
            return pattern.matcher(trimQuotes);
        }).filter((v0) -> {
            return v0.find();
        }).map(matcher -> {
            return matcher.group(1);
        }).findAny().ifPresent(str -> {
            report(literalTree, str);
        });
    }

    private void handleVariable(VariableTree variableTree) {
        IdentifierTree simpleName = variableTree.simpleName();
        isPasswordVariableName(simpleName).filter(str -> {
            return isNotEmptyStringOrCharArrayFromString(variableTree.initializer());
        }).ifPresent(str2 -> {
            report(simpleName, str2);
        });
    }

    private void handleAssignment(AssignmentExpressionTree assignmentExpressionTree) {
        ExpressionTree variable = assignmentExpressionTree.variable();
        isPasswordVariable(variable).filter(str -> {
            return isNotEmptyStringOrCharArrayFromString(assignmentExpressionTree.expression());
        }).ifPresent(str2 -> {
            report(variable, str2);
        });
    }

    private static boolean isArgumentsSuperTypeOfString(List<ExpressionTree> list) {
        return list.stream().allMatch(expressionTree -> {
            return expressionTree.symbolType().is(JAVA_LANG_STRING) || expressionTree.symbolType().is(JAVA_LANG_OBJECT);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isNotEmptyStringOrCharArrayFromString(@Nullable ExpressionTree expressionTree) {
        if (expressionTree == null || !expressionTree.is(Tree.Kind.METHOD_INVOCATION)) {
            return isNotEmptyString(expressionTree);
        }
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) expressionTree;
        return STRING_TO_CHAR_ARRAY.matches(methodInvocationTree) && isCallOnStringLiteral(methodInvocationTree.methodSelect());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isNotEmptyString(@Nullable ExpressionTree expressionTree) {
        String str;
        return (expressionTree == null || (str = (String) IdentifierUtils.getValue(expressionTree, ConstantUtils::resolveAsStringConstant)) == null || str.trim().isEmpty()) ? false : true;
    }

    private void handleConstructor(NewClassTree newClassTree) {
        if (PASSWORD_AUTHENTICATION_CONSTRUCTOR.matches(newClassTree)) {
            ExpressionTree expressionTree = (ExpressionTree) newClassTree.arguments().get(1);
            if (expressionTree.is(Tree.Kind.METHOD_INVOCATION)) {
                MethodInvocationTree methodInvocationTree = (MethodInvocationTree) expressionTree;
                if (STRING_TO_CHAR_ARRAY.matches(methodInvocationTree) && isCallOnStringLiteral(methodInvocationTree.methodSelect())) {
                    reportIssue(newClassTree, "Remove this hard-coded password.");
                }
            }
        }
    }

    private void handleMethodInvocation(MethodInvocationTree methodInvocationTree) {
        ExpressionTree methodSelect = methodInvocationTree.methodSelect();
        if (EQUALS_MATCHER.matches(methodInvocationTree) && methodSelect.is(Tree.Kind.MEMBER_SELECT)) {
            handleEqualsMethod(methodInvocationTree, (MemberSelectExpressionTree) methodSelect);
        } else if (GET_CONNECTION_MATCHER.matches(methodInvocationTree)) {
            handleGetConnectionMethod(methodInvocationTree);
        } else {
            isSettingPassword(methodInvocationTree).ifPresent(str -> {
                report(methodSelect, str);
            });
        }
    }

    private void handleEqualsMethod(MethodInvocationTree methodInvocationTree, MemberSelectExpressionTree memberSelectExpressionTree) {
        ExpressionTree expression = memberSelectExpressionTree.expression();
        ExpressionTree expressionTree = (ExpressionTree) methodInvocationTree.arguments().get(0);
        isPasswordVariable(expression).filter(str -> {
            return isNotEmptyString(expressionTree);
        }).ifPresent(str2 -> {
            report(expression, str2);
        });
        isPasswordVariable(expressionTree).filter(str3 -> {
            return isNotEmptyString(expression);
        }).ifPresent(str4 -> {
            report(expressionTree, str4);
        });
    }

    private void handleGetConnectionMethod(MethodInvocationTree methodInvocationTree) {
        if (methodInvocationTree.arguments().size() > 2) {
            ExpressionTree expressionTree = (ExpressionTree) methodInvocationTree.arguments().get(2);
            if (isNotEmptyString(expressionTree)) {
                reportIssue(expressionTree, "Remove this hard-coded password.");
            }
        }
    }

    private void report(Tree tree, String str) {
        reportIssue(tree, "'" + str + "' detected in this expression, review this potentially hard-coded credential.");
    }
}
