package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.ApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;
import net.sourceforge.pmd.lang.apex.rule.internal.Helper;
import net.sourceforge.pmd.lang.rule.RuleTargetSelector;

/* loaded from: input_file:target/lib/net.sourceforge.pmd.pmd-apex.jar:net/sourceforge/pmd/lang/apex/rule/security/ApexBadCryptoRule.class */
public class ApexBadCryptoRule extends AbstractApexRule {
    private static final String VALUE_OF = "valueOf";
    private static final String BLOB = "Blob";
    private static final String ENCRYPT = "encrypt";
    private static final String DECRYPT = "decrypt";
    private static final String CRYPTO = "Crypto";
    private static final String ENCRYPT_WITH_MANAGED_IV = "encryptWithManagedIV";
    private static final String DECRYPT_WITH_MANAGED_IV = "decryptWithManagedIV";
    private final Set<String> potentiallyStaticBlob = new HashSet();

    @Override // net.sourceforge.pmd.lang.rule.AbstractRule
    protected RuleTargetSelector buildTargetSelector() {
        return RuleTargetSelector.forTypes(ASTUserClass.class, new Class[0]);
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (Helper.isTestMethodOrClass(aSTUserClass)) {
            return obj;
        }
        Iterator it = aSTUserClass.descendants(ASTFieldDeclaration.class).toList().iterator();
        while (it.hasNext()) {
            findSafeVariables((ASTFieldDeclaration) it.next());
        }
        Iterator it2 = aSTUserClass.descendants(ASTVariableDeclaration.class).toList().iterator();
        while (it2.hasNext()) {
            findSafeVariables((ASTVariableDeclaration) it2.next());
        }
        for (T t : aSTUserClass.descendants(ASTMethodCallExpression.class).toList()) {
            if (Helper.isMethodName(t, CRYPTO, ENCRYPT) || Helper.isMethodName(t, CRYPTO, DECRYPT) || Helper.isMethodName(t, CRYPTO, ENCRYPT_WITH_MANAGED_IV) || Helper.isMethodName(t, CRYPTO, DECRYPT_WITH_MANAGED_IV)) {
                validateStaticIVorKey(t, obj);
            }
        }
        this.potentiallyStaticBlob.clear();
        return obj;
    }

    private void findSafeVariables(ApexNode<?> apexNode) {
        ASTVariableExpression aSTVariableExpression;
        ASTMethodCallExpression aSTMethodCallExpression = (ASTMethodCallExpression) apexNode.firstChild(ASTMethodCallExpression.class);
        if (aSTMethodCallExpression == null || !Helper.isMethodName(aSTMethodCallExpression, BLOB, "valueOf") || (aSTVariableExpression = (ASTVariableExpression) apexNode.firstChild(ASTVariableExpression.class)) == null) {
            return;
        }
        this.potentiallyStaticBlob.add(Helper.getFQVariableName(aSTVariableExpression));
    }

    private void validateStaticIVorKey(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        switch (aSTMethodCallExpression.getNumChildren()) {
            case 4:
                reportIfHardCoded(obj, aSTMethodCallExpression.getChild(2));
                return;
            case 5:
                reportIfHardCoded(obj, aSTMethodCallExpression.getChild(3));
                reportIfHardCoded(obj, aSTMethodCallExpression.getChild(2));
                return;
            default:
                return;
        }
    }

    private void reportIfHardCoded(Object obj, Object obj2) {
        if (!(obj2 instanceof ASTMethodCallExpression)) {
            if (obj2 instanceof ASTVariableExpression) {
                ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) obj2;
                if (this.potentiallyStaticBlob.contains(Helper.getFQVariableName(aSTVariableExpression))) {
                    asCtx(obj).addViolation(aSTVariableExpression);
                    return;
                }
                return;
            }
            return;
        }
        ASTMethodCallExpression aSTMethodCallExpression = (ASTMethodCallExpression) obj2;
        if (aSTMethodCallExpression.getNumChildren() > 1) {
            ApexNode<?> child = aSTMethodCallExpression.getChild(1);
            if (child instanceof ASTLiteralExpression) {
                ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) child;
                if (aSTLiteralExpression.isString()) {
                    asCtx(obj).addViolation(aSTLiteralExpression);
                }
            }
        }
    }
}
