package org.sonar.java.checks.security;

import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.java.checks.MathClampRangeCheck;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonarsource.analyzer.commons.collections.MapBuilder;

@Rule(key = "S4426")
/* loaded from: input_file:org/sonar/java/checks/security/CryptographicKeySizeCheck.class */
public class CryptographicKeySizeCheck extends AbstractMethodDetection {
    private static final String EC_GEN_PARAMETER_SPEC = "java.security.spec.ECGenParameterSpec";
    private static final String GET_INSTANCE_METHOD = "getInstance";
    private static final String STRING = "java.lang.String";
    private static final int EC_MIN_KEY = 224;
    private static final Pattern EC_KEY_PATTERN = Pattern.compile("^(secp|prime|sect|c2tnb)(\\d+)");
    private static final Map<String, Integer> ALGORITHM_KEY_SIZE_MAP = MapBuilder.newMap().put("RSA", 2048).put("DH", 2048).put("DIFFIEHELLMAN", 2048).put("DSA", 2048).put("AES", 128).build();
    private static final String KEY_GENERATOR = "javax.crypto.KeyGenerator";
    private static final String KEY_PAIR_GENERATOR = "java.security.KeyPairGenerator";
    private static final MethodMatchers KEY_GEN = MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofTypes(new String[]{KEY_GENERATOR}).names(new String[]{"init"}).addParametersMatcher(new String[]{MathClampRangeCheck.INT}).build(), MethodMatchers.create().ofTypes(new String[]{KEY_PAIR_GENERATOR}).names(new String[]{"initialize"}).addParametersMatcher(new String[]{MathClampRangeCheck.INT}).addParametersMatcher(new String[]{MathClampRangeCheck.INT, "java.security.SecureRandom"}).build()});

    /* loaded from: input_file:org/sonar/java/checks/security/CryptographicKeySizeCheck$MethodVisitor.class */
    private class MethodVisitor extends BaseTreeVisitor {
        private final String algorithm;
        private final Integer minKeySize;
        private final Symbol variable;

        public MethodVisitor(String str, @Nullable Symbol symbol) {
            this.algorithm = str;
            this.minKeySize = CryptographicKeySizeCheck.ALGORITHM_KEY_SIZE_MAP.get(this.algorithm.toUpperCase(Locale.ENGLISH));
            this.variable = symbol;
        }

        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            Integer intLiteralValue;
            if (this.minKeySize == null || !CryptographicKeySizeCheck.KEY_GEN.matches(methodInvocationTree) || (intLiteralValue = LiteralUtils.intLiteralValue((ExpressionTree) methodInvocationTree.arguments().get(0))) == null || intLiteralValue.intValue() >= this.minKeySize.intValue() || !ExpressionUtils.isInvocationOnVariable(methodInvocationTree, this.variable, false)) {
                return;
            }
            CryptographicKeySizeCheck.this.reportIssue(methodInvocationTree, "Use a key length of at least " + this.minKeySize + " bits for " + this.algorithm + " cipher algorithm.");
        }
    }

    protected MethodMatchers getMethodInvocationMatchers() {
        return MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofTypes(new String[]{KEY_GENERATOR, KEY_PAIR_GENERATOR}).names(new String[]{"getInstance"}).addParametersMatcher(new String[]{"java.lang.String"}).build(), MethodMatchers.create().ofTypes(new String[]{EC_GEN_PARAMETER_SPEC}).constructor().addParametersMatcher(new String[]{"java.lang.String"}).build()});
    }

    protected void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        MethodTree enclosingMethod = ExpressionUtils.getEnclosingMethod(methodInvocationTree);
        String str = (String) ExpressionsHelper.getConstantValueAsString((ExpressionTree) methodInvocationTree.arguments().get(0)).value();
        if (enclosingMethod == null || str == null) {
            return;
        }
        enclosingMethod.accept(new MethodVisitor(str, (Symbol) ExpressionUtils.getAssignedSymbol(methodInvocationTree).orElse(null)));
    }

    protected void onConstructorFound(NewClassTree newClassTree) {
        String str = (String) ExpressionsHelper.getConstantValueAsString((ExpressionTree) newClassTree.arguments().get(0)).value();
        if (str != null) {
            Matcher matcher = EC_KEY_PATTERN.matcher(str);
            if (!matcher.find() || Integer.valueOf(matcher.group(2)).intValue() >= EC_MIN_KEY) {
                return;
            }
            reportIssue(newClassTree, "Use a key length of at least 224 bits for EC cipher algorithm.");
        }
    }
}
