package org.sonar.java.checks;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.checks.helpers.HardcodedStringExpressionChecker;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.model.expression.MemberSelectExpressionTreeImpl;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S6432")
/* loaded from: input_file:org/sonar/java/checks/CounterModeIVShouldNotBeReusedCheck.class */
public class CounterModeIVShouldNotBeReusedCheck extends IssuableSubscriptionVisitor {
    private static final String PRIMARY_LOCATION_ISSUE_MESSAGE = "Use a dynamically-generated initialization vector (IV) to avoid IV-key pair reuse.";
    private static final String SECONDARY_LOCATION_ISSUE_MESSAGE = "The static value is defined here.";
    private static final MethodMatchers JCA_CHIPER_INIT_METHODS = MethodMatchers.create().ofTypes("javax.crypto.Cipher").names("init").addParametersMatcher(SchemaSymbols.ATTVAL_INT, "*", "java.security.spec.AlgorithmParameterSpec").build();
    private static final MethodMatchers BC_CHIPER_INIT_METHODS = MethodMatchers.create().ofTypes("org.bouncycastle.crypto.modes.GCMBlockCipher", "org.bouncycastle.crypto.modes.CCMBlockCipher").names("init").addParametersMatcher(SchemaSymbols.ATTVAL_BOOLEAN, "org.bouncycastle.crypto.CipherParameters").build();
    private static final MethodMatchers GCM_CONSTRUCTOR = MethodMatchers.create().ofTypes("javax.crypto.spec.GCMParameterSpec").constructor().addParametersMatcher(list -> {
        return !list.isEmpty();
    }).build();
    private static final MethodMatchers AEAD_CONSTRUCTOR = MethodMatchers.create().ofTypes("org.bouncycastle.crypto.params.AEADParameters").constructor().addParametersMatcher(list -> {
        return !list.isEmpty();
    }).build();

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Collections.singletonList(Tree.Kind.METHOD_INVOCATION);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        ArrayList arrayList = new ArrayList();
        if (isJCAOperationModeEncrypt(methodInvocationTree)) {
            checkForHardcodedIVInitialization(methodInvocationTree, 2, arrayList);
        } else if (isBCCipherForEncryption(methodInvocationTree)) {
            checkForHardcodedIVInitialization(methodInvocationTree, 1, arrayList);
        }
    }

    private void checkForHardcodedIVInitialization(MethodInvocationTree methodInvocationTree, int i, List<JavaFileScannerContext.Location> list) {
        if (checkForJCAHardcodedIVInitialization((ExpressionTree) methodInvocationTree.arguments().get(i), list)) {
            reportIssue(((MemberSelectExpressionTreeImpl) methodInvocationTree.methodSelect()).identifier(), PRIMARY_LOCATION_ISSUE_MESSAGE, list, null);
        }
    }

    private static boolean isJCAOperationModeEncrypt(MethodInvocationTree methodInvocationTree) {
        if (!JCA_CHIPER_INIT_METHODS.matches(methodInvocationTree)) {
            return false;
        }
        Optional asConstant = ((ExpressionTree) methodInvocationTree.arguments().get(0)).asConstant(Integer.class);
        return asConstant.isPresent() && ((Integer) asConstant.get()).intValue() == 1;
    }

    private static boolean isBCCipherForEncryption(MethodInvocationTree methodInvocationTree) {
        if (!BC_CHIPER_INIT_METHODS.matches(methodInvocationTree)) {
            return false;
        }
        Optional asConstant = ((ExpressionTree) methodInvocationTree.arguments().get(0)).asConstant(Boolean.class);
        return asConstant.isPresent() && ((Boolean) asConstant.get()).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean checkForJCAHardcodedIVInitialization(ExpressionTree expressionTree, List<JavaFileScannerContext.Location> list) {
        ExpressionTree skipParentheses = ExpressionUtils.skipParentheses(expressionTree);
        switch (skipParentheses.kind()) {
            case IDENTIFIER:
                List<ExpressionTree> identifierAssignments = ExpressionsHelper.getIdentifierAssignments((IdentifierTree) skipParentheses);
                list.add(new JavaFileScannerContext.Location(SECONDARY_LOCATION_ISSUE_MESSAGE, skipParentheses));
                return identifierAssignments.stream().allMatch(expressionTree2 -> {
                    return checkForJCAHardcodedIVInitialization(expressionTree2, list);
                });
            case NEW_CLASS:
                NewClassTree newClassTree = (NewClassTree) skipParentheses;
                if (GCM_CONSTRUCTOR.matches(newClassTree)) {
                    ExpressionTree expressionTree3 = (ExpressionTree) newClassTree.arguments().get(1);
                    list.add(new JavaFileScannerContext.Location(SECONDARY_LOCATION_ISSUE_MESSAGE, expressionTree3));
                    return HardcodedStringExpressionChecker.isExpressionDerivedFromPlainText(expressionTree3, list, new HashSet());
                }
                if (!AEAD_CONSTRUCTOR.matches(newClassTree)) {
                    return false;
                }
                ExpressionTree expressionTree4 = (ExpressionTree) newClassTree.arguments().get(2);
                list.add(new JavaFileScannerContext.Location(SECONDARY_LOCATION_ISSUE_MESSAGE, expressionTree4));
                return HardcodedStringExpressionChecker.isExpressionDerivedFromPlainText(expressionTree4, list, new HashSet());
            default:
                return false;
        }
    }
}
