package org.sonar.java.checks.security;

import com.google.common.collect.ImmutableList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.annotation.CheckForNull;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ConstantUtils;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.matcher.TypeCriteria;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S4499")
/* loaded from: input_file:org/sonar/java/checks/security/SMTPSSLServerIdentityCheck.class */
public class SMTPSSLServerIdentityCheck extends AbstractMethodDetection {
    private static final String APACHE_EMAIL = "org.apache.commons.mail.Email";
    private static final String BOOLEAN = "boolean";
    private static final String HASHTABLE = "java.util.Hashtable";
    private static final Set<String> ENABLING_SSL_METHOD_NAMES = new HashSet(Arrays.asList("setSSL", "setSSLOnConnect", "setTLS", "setStartTLSEnabled", "setStartTLSRequired"));
    private static final MethodMatcher ENABLING_SSL_METHODS;
    private static final MethodMatcher HASHTABLE_PUT;

    /* loaded from: input_file:org/sonar/java/checks/security/SMTPSSLServerIdentityCheck$MethodBodyApacheVisitor.class */
    private static class MethodBodyApacheVisitor extends BaseTreeVisitor {
        private boolean isSecured;
        private static final MethodMatcher SET_SSL_CHECK_SERVER_ID = MethodMatcher.create().typeDefinition(SMTPSSLServerIdentityCheck.APACHE_EMAIL).name("setSSLCheckServerIdentity").addParameter(SMTPSSLServerIdentityCheck.BOOLEAN);

        private MethodBodyApacheVisitor() {
            this.isSecured = false;
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            if (SET_SSL_CHECK_SERVER_ID.matches(methodInvocationTree) && SMTPSSLServerIdentityCheck.isNotFalse((ExpressionTree) methodInvocationTree.arguments().get(0))) {
                this.isSecured = true;
            }
            super.visitMethodInvocation(methodInvocationTree);
        }
    }

    /* loaded from: input_file:org/sonar/java/checks/security/SMTPSSLServerIdentityCheck$MethodBodyHashtableVisitor.class */
    private static class MethodBodyHashtableVisitor extends BaseTreeVisitor {
        private boolean isSecured;

        private MethodBodyHashtableVisitor() {
            this.isSecured = false;
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            Arguments arguments = methodInvocationTree.arguments();
            if (SMTPSSLServerIdentityCheck.HASHTABLE_PUT.matches(methodInvocationTree) && "mail.smtp.ssl.checkserveridentity".equals(ConstantUtils.resolveAsStringConstant((ExpressionTree) arguments.get(0))) && SMTPSSLServerIdentityCheck.isNotFalse((ExpressionTree) arguments.get(1))) {
                this.isSecured = true;
            }
            super.visitMethodInvocation(methodInvocationTree);
        }
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected List<MethodMatcher> getMethodInvocationMatchers() {
        return ImmutableList.of(ENABLING_SSL_METHODS, HASHTABLE_PUT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        MethodTree findEnclosingMethod = findEnclosingMethod(methodInvocationTree);
        if (findEnclosingMethod != null) {
            Arguments arguments = methodInvocationTree.arguments();
            if (ENABLING_SSL_METHODS.matches(methodInvocationTree) && LiteralUtils.isTrue((Tree) arguments.get(0))) {
                MethodBodyApacheVisitor methodBodyApacheVisitor = new MethodBodyApacheVisitor();
                findEnclosingMethod.accept(methodBodyApacheVisitor);
                if (!methodBodyApacheVisitor.isSecured) {
                    reportIssue(methodInvocationTree, "Enable server identity validation on this SMTP SSL connection.");
                }
            } else if (HASHTABLE_PUT.matches(methodInvocationTree) && "mail.smtp.socketFactory.class".equals(ConstantUtils.resolveAsStringConstant((ExpressionTree) arguments.get(0))) && "javax.net.ssl.SSLSocketFactory".equals(ConstantUtils.resolveAsStringConstant((ExpressionTree) arguments.get(1)))) {
                MethodBodyHashtableVisitor methodBodyHashtableVisitor = new MethodBodyHashtableVisitor();
                findEnclosingMethod.accept(methodBodyHashtableVisitor);
                if (!methodBodyHashtableVisitor.isSecured) {
                    reportIssue(methodInvocationTree, "Enable server identity validation, set \"mail.smtp.ssl.checkserveridentity\" to true");
                }
            }
        }
        super.onMethodInvocationFound(methodInvocationTree);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isNotFalse(ExpressionTree expressionTree) {
        return !LiteralUtils.isFalse(expressionTree);
    }

    @CheckForNull
    private static MethodTree findEnclosingMethod(Tree tree) {
        while (!tree.is(Tree.Kind.CLASS, Tree.Kind.METHOD)) {
            tree = tree.parent();
        }
        if (tree.is(Tree.Kind.CLASS)) {
            return null;
        }
        return (MethodTree) tree;
    }

    static {
        MethodMatcher typeDefinition = MethodMatcher.create().typeDefinition(TypeCriteria.is(APACHE_EMAIL));
        Set<String> set = ENABLING_SSL_METHOD_NAMES;
        Objects.requireNonNull(set);
        ENABLING_SSL_METHODS = typeDefinition.name((v1) -> {
            return r1.contains(v1);
        }).addParameter(BOOLEAN);
        HASHTABLE_PUT = MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf(HASHTABLE)).name("put").withAnyParameters();
    }
}
