package org.sonar.python.checks.cdk;

import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.Predicate;
import javax.annotation.Nullable;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.DictionaryLiteral;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.python.checks.cdk.CdkUtils;

/* loaded from: input_file:org/sonar/python/checks/cdk/AbstractIamPolicyStatementCheck.class */
public abstract class AbstractIamPolicyStatementCheck extends AbstractCdkResourceCheck {
    @Override // org.sonar.python.checks.cdk.AbstractCdkResourceCheck
    protected void registerFqnConsumer() {
        checkFqn("aws_cdk.aws_iam.PolicyStatement", (subscriptionContext, callExpression) -> {
            checkPolicyStatement(PolicyStatement.build(subscriptionContext, callExpression));
        });
        checkFqn("aws_cdk.aws_iam.PolicyStatement.from_json", (subscriptionContext2, callExpression2) -> {
            getDictionaryFromJson(subscriptionContext2, callExpression2).ifPresent(dictionaryLiteral -> {
                checkPolicyStatementFromJson(PolicyStatement.build(subscriptionContext2, dictionaryLiteral));
            });
        });
        checkFqn("aws_cdk.aws_iam.PolicyDocument.from_json", (subscriptionContext3, callExpression3) -> {
            getDictionaryFromJson(subscriptionContext3, callExpression3).ifPresent(dictionaryLiteral -> {
                getPolicyStatements(subscriptionContext3, dictionaryLiteral).forEach(dictionaryLiteral -> {
                    checkPolicyStatementFromJson(PolicyStatement.build(subscriptionContext3, dictionaryLiteral));
                });
            });
        });
    }

    protected void checkPolicyStatement(PolicyStatement policyStatement) {
        if (hasAllowEffect(policyStatement.effect())) {
            checkAllowingPolicyStatement(policyStatement);
        }
    }

    protected void checkPolicyStatementFromJson(PolicyStatement policyStatement) {
        checkPolicyStatement(policyStatement);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean hasAllowEffect(@Nullable CdkUtils.ExpressionFlow expressionFlow) {
        if (expressionFlow == null) {
            return true;
        }
        return expressionFlow.hasExpression(CdkPredicate.isFqn("aws_cdk.aws_iam.Effect.ALLOW").or(isJsonAllow()));
    }

    protected abstract void checkAllowingPolicyStatement(PolicyStatement policyStatement);

    protected static Optional<DictionaryLiteral> getDictionaryFromJson(SubscriptionContext subscriptionContext, CallExpression callExpression) {
        return CdkUtils.getArgument(subscriptionContext, callExpression, "obj", 0).flatMap(CdkUtils::getDictionary);
    }

    protected static List<DictionaryLiteral> getPolicyStatements(SubscriptionContext subscriptionContext, DictionaryLiteral dictionaryLiteral) {
        return (List) CdkUtils.getDictionaryPair(subscriptionContext, dictionaryLiteral, "Statement").map(resolvedKeyValuePair -> {
            return resolvedKeyValuePair.value;
        }).flatMap(CdkUtils::getList).map(listLiteral -> {
            return CdkUtils.getDictionaryInList(subscriptionContext, listLiteral);
        }).orElse(Collections.emptyList());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CdkUtils.ExpressionFlow getSensitiveExpression(CdkUtils.ExpressionFlow expressionFlow, Predicate<Expression> predicate) {
        return expressionFlow.hasExpression(predicate) ? expressionFlow : (CdkUtils.ExpressionFlow) ((List) CdkUtils.getList(expressionFlow).map(listLiteral -> {
            return CdkUtils.getListElements(expressionFlow.ctx(), listLiteral);
        }).orElse(Collections.emptyList())).stream().filter(expressionFlow2 -> {
            return expressionFlow2.hasExpression(predicate);
        }).findAny().orElse(null);
    }

    private static Predicate<Expression> isJsonAllow() {
        return expression -> {
            String str = "allow";
            return CdkUtils.getString(expression).filter(str::equalsIgnoreCase).isPresent();
        };
    }
}
