package org.sonar.java.checks.security;

import java.util.Collections;
import java.util.List;
import javax.annotation.CheckForNull;
import net.sf.cglib.core.Constants;
import org.sonar.check.Rule;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S3329")
/* loaded from: input_file:org/sonar/java/checks/security/CipherBlockChainingCheck.class */
public class CipherBlockChainingCheck extends AbstractMethodDetection {

    /* loaded from: input_file:org/sonar/java/checks/security/CipherBlockChainingCheck$MethodInvocationVisitor.class */
    private static class MethodInvocationVisitor extends BaseTreeVisitor {
        private boolean secureRandomFound = false;
        private NewClassTree ivParameterSpecInstantiation;
        private static final MethodMatcher SECURE_RANDOM_NEXT_BYTES = MethodMatcher.create().typeDefinition("java.security.SecureRandom").name("nextBytes").withAnyParameters();

        public MethodInvocationVisitor(NewClassTree newClassTree) {
            this.ivParameterSpecInstantiation = null;
            this.ivParameterSpecInstantiation = newClassTree;
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            Symbol symbol;
            if (SECURE_RANDOM_NEXT_BYTES.matches(methodInvocationTree) && (symbol = symbol((ExpressionTree) this.ivParameterSpecInstantiation.arguments().get(0))) != null && symbol.equals(symbol((ExpressionTree) methodInvocationTree.arguments().get(0)))) {
                this.secureRandomFound = true;
            }
            super.visitMethodInvocation(methodInvocationTree);
        }

        @CheckForNull
        private static Symbol symbol(ExpressionTree expressionTree) {
            Symbol symbol = null;
            if (expressionTree.is(Tree.Kind.IDENTIFIER)) {
                symbol = ((IdentifierTree) expressionTree).symbol();
            } else if (expressionTree.is(Tree.Kind.MEMBER_SELECT)) {
                symbol = ((MemberSelectExpressionTree) expressionTree).identifier().symbol();
            }
            return symbol;
        }
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected List<MethodMatcher> getMethodInvocationMatchers() {
        return Collections.singletonList(MethodMatcher.create().typeDefinition("javax.crypto.spec.IvParameterSpec").name(Constants.CONSTRUCTOR_NAME).withAnyParameters());
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected void onConstructorFound(NewClassTree newClassTree) {
        MethodTree enclosingMethod = ExpressionUtils.getEnclosingMethod(newClassTree);
        if (enclosingMethod != null) {
            MethodInvocationVisitor methodInvocationVisitor = new MethodInvocationVisitor(newClassTree);
            enclosingMethod.accept(methodInvocationVisitor);
            if (methodInvocationVisitor.secureRandomFound) {
                return;
            }
            reportIssue(newClassTree, "Use a dynamically-generated, random IV.");
        }
    }
}
