package org.sonar.java.checks.security;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.java.checks.InvalidDateValuesCheck;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.semantic.Type;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S2092")
/* loaded from: input_file:org/sonar/java/checks/security/SecureCookieCheck.class */
public class SecureCookieCheck extends IssuableSubscriptionVisitor {
    private static final String MESSAGE = "Make sure creating this cookie without the \"secure\" flag is safe here.";
    private static final String JAX_RS_COOKIE = "javax.ws.rs.core.Cookie";
    private static final String JAX_RS_NEW_COOKIE = "javax.ws.rs.core.NewCookie";
    private static final String SPRING_SAVED_COOKIE = "org.springframework.security.web.savedrequest.SavedCookie";
    private static final String PLAY_COOKIE = "play.mvc.Http$Cookie";
    private static final List<String> COOKIES = Arrays.asList("javax.servlet.http.Cookie", "java.net.HttpCookie", JAX_RS_COOKIE, JAX_RS_NEW_COOKIE, "org.apache.shiro.web.servlet.SimpleCookie", SPRING_SAVED_COOKIE, PLAY_COOKIE, "play.mvc.Http$CookieBuilder");
    private static final List<String> SETTER_NAMES = Arrays.asList("setSecure", "withSecure");
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String INT = "int";
    private static final String BOOLEAN = "boolean";
    private static final List<MethodMatcher> CONSTRUCTORS_WITH_SECURE_PARAM_LAST = Arrays.asList(constructorMatcher(JAX_RS_NEW_COOKIE).parameters(new String[]{JAX_RS_COOKIE, JAVA_LANG_STRING, INT, BOOLEAN}), constructorMatcher(JAX_RS_NEW_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, JAVA_LANG_STRING, INT, BOOLEAN}), constructorMatcher(JAX_RS_NEW_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, BOOLEAN}));
    private static final List<MethodMatcher> CONSTRUCTORS_WITH_SECURE_PARAM_BEFORE_LAST = Arrays.asList(constructorMatcher(JAX_RS_NEW_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, JAVA_LANG_STRING, INT, InvalidDateValuesCheck.JAVA_UTIL_DATE, BOOLEAN, BOOLEAN}), constructorMatcher(JAX_RS_NEW_COOKIE).parameters(new String[]{JAX_RS_COOKIE, JAVA_LANG_STRING, INT, InvalidDateValuesCheck.JAVA_UTIL_DATE, BOOLEAN, BOOLEAN}), constructorMatcher(JAX_RS_NEW_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, BOOLEAN, BOOLEAN}), constructorMatcher(SPRING_SAVED_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, JAVA_LANG_STRING, BOOLEAN, INT}), constructorMatcher(PLAY_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, "java.lang.Integer", JAVA_LANG_STRING, JAVA_LANG_STRING, BOOLEAN, BOOLEAN}));
    private static final List<MethodMatcher> CONSTRUCTORS_WITH_SECURE_PARAM_BEFORE_BEFORE_LAST = Collections.singletonList(constructorMatcher(PLAY_COOKIE).parameters(new String[]{JAVA_LANG_STRING, JAVA_LANG_STRING, "java.lang.Integer", JAVA_LANG_STRING, JAVA_LANG_STRING, BOOLEAN, BOOLEAN, "play.mvc.Http$Cookie$SameSite"}));
    private final Map<Symbol.VariableSymbol, NewClassTree> unsecuredCookies = new HashMap();
    private final Set<NewClassTree> cookieConstructors = new HashSet();

    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.VARIABLE, Tree.Kind.ASSIGNMENT, Tree.Kind.METHOD_INVOCATION, Tree.Kind.NEW_CLASS);
    }

    public void setContext(JavaFileScannerContext javaFileScannerContext) {
        this.unsecuredCookies.clear();
        this.cookieConstructors.clear();
        super.setContext(javaFileScannerContext);
    }

    public void leaveFile(JavaFileScannerContext javaFileScannerContext) {
        this.cookieConstructors.forEach(newClassTree -> {
            reportIssue(newClassTree.identifier(), MESSAGE);
        });
    }

    public void visitNode(Tree tree) {
        if (hasSemantic()) {
            if (tree.is(new Tree.Kind[]{Tree.Kind.VARIABLE})) {
                addToUnsecuredCookies((VariableTree) tree);
                return;
            }
            if (tree.is(new Tree.Kind[]{Tree.Kind.ASSIGNMENT})) {
                addToUnsecuredCookies((AssignmentExpressionTree) tree);
            } else if (tree.is(new Tree.Kind[]{Tree.Kind.METHOD_INVOCATION})) {
                checkSecureCall((MethodInvocationTree) tree);
            } else {
                checkConstructor((NewClassTree) tree);
            }
        }
    }

    private void addToUnsecuredCookies(VariableTree variableTree) {
        NewClassTree initializer = variableTree.initializer();
        Symbol.VariableSymbol symbol = variableTree.symbol();
        if (initializer == null || !symbol.isVariableSymbol()) {
            return;
        }
        boolean is = initializer.is(new Tree.Kind[]{Tree.Kind.NEW_CLASS});
        boolean z = isCookieClass(symbol.type()) || isCookieClass(initializer.symbolType());
        if (is && z && isSecureParamFalse(initializer)) {
            this.unsecuredCookies.put(symbol, initializer);
        }
    }

    private void addToUnsecuredCookies(AssignmentExpressionTree assignmentExpressionTree) {
        if (assignmentExpressionTree.expression().is(new Tree.Kind[]{Tree.Kind.NEW_CLASS}) && assignmentExpressionTree.variable().is(new Tree.Kind[]{Tree.Kind.IDENTIFIER})) {
            IdentifierTree variable = assignmentExpressionTree.variable();
            Symbol.VariableSymbol symbol = variable.symbol();
            if ((isCookieClass(variable.symbolType()) || isCookieClass(assignmentExpressionTree.expression().symbolType())) && isSecureParamFalse(assignmentExpressionTree.expression())) {
                this.unsecuredCookies.put(symbol, (NewClassTree) assignmentExpressionTree.expression());
            }
        }
    }

    private void checkSecureCall(MethodInvocationTree methodInvocationTree) {
        if (isSetSecureCall(methodInvocationTree) && methodInvocationTree.methodSelect().is(new Tree.Kind[]{Tree.Kind.MEMBER_SELECT})) {
            ExpressionsHelper.ValueResolution<Boolean> constantValueAsBoolean = ExpressionsHelper.getConstantValueAsBoolean((ExpressionTree) methodInvocationTree.arguments().get(0));
            Boolean value = constantValueAsBoolean.value();
            if ((value == null || value.booleanValue()) ? false : true) {
                reportIssue(methodInvocationTree.arguments(), MESSAGE, constantValueAsBoolean.valuePath(), null);
            }
            IdentifierTree expression = methodInvocationTree.methodSelect().expression();
            if (expression.is(new Tree.Kind[]{Tree.Kind.IDENTIFIER})) {
                this.cookieConstructors.remove(this.unsecuredCookies.remove(expression.symbol()));
            }
        }
    }

    private void checkConstructor(NewClassTree newClassTree) {
        if (isCookieClass(newClassTree.symbolType()) && isSecureParamFalse(newClassTree)) {
            this.cookieConstructors.add(newClassTree);
        }
    }

    private static boolean isSecureParamFalse(NewClassTree newClassTree) {
        ExpressionTree expressionTree = null;
        Arguments arguments = newClassTree.arguments();
        if (CONSTRUCTORS_WITH_SECURE_PARAM_LAST.stream().anyMatch(methodMatcher -> {
            return methodMatcher.matches(newClassTree);
        })) {
            expressionTree = (ExpressionTree) arguments.get(arguments.size() - 1);
        } else if (CONSTRUCTORS_WITH_SECURE_PARAM_BEFORE_LAST.stream().anyMatch(methodMatcher2 -> {
            return methodMatcher2.matches(newClassTree);
        })) {
            expressionTree = (ExpressionTree) arguments.get(arguments.size() - 2);
        } else if (CONSTRUCTORS_WITH_SECURE_PARAM_BEFORE_BEFORE_LAST.stream().anyMatch(methodMatcher3 -> {
            return methodMatcher3.matches(newClassTree);
        })) {
            expressionTree = (ExpressionTree) arguments.get(arguments.size() - 3);
        }
        if (expressionTree != null) {
            return LiteralUtils.isFalse(expressionTree);
        }
        return true;
    }

    private static boolean isSetSecureCall(MethodInvocationTree methodInvocationTree) {
        if (methodInvocationTree.arguments().size() == 1 && !methodInvocationTree.symbol().isUnknown() && !methodInvocationTree.symbol().owner().isUnknown() && isCookieClass(methodInvocationTree.symbol().owner().type())) {
            Stream<String> stream = SETTER_NAMES.stream();
            String name = getIdentifier(methodInvocationTree).name();
            Objects.requireNonNull(name);
            if (stream.anyMatch((v1) -> {
                return r1.equals(v1);
            })) {
                return true;
            }
        }
        return false;
    }

    private static boolean isCookieClass(Type type) {
        Stream<String> stream = COOKIES.stream();
        Objects.requireNonNull(type);
        return stream.anyMatch(type::isSubtypeOf);
    }

    private static IdentifierTree getIdentifier(MethodInvocationTree methodInvocationTree) {
        return methodInvocationTree.methodSelect().is(new Tree.Kind[]{Tree.Kind.IDENTIFIER}) ? (IdentifierTree) methodInvocationTree.methodSelect() : methodInvocationTree.methodSelect().identifier();
    }

    private static MethodMatcher constructorMatcher(String str) {
        return MethodMatcher.create().typeDefinition(str).name("<init>");
    }
}
