package org.sonar.java.checks.spring;

import com.google.common.annotations.VisibleForTesting;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.annotation.CheckForNull;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.checks.helpers.MethodTreeUtils;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;

@Rule(key = "S4601")
/* loaded from: input_file:org/sonar/java/checks/spring/SpringAntMatcherOrderCheck.class */
public class SpringAntMatcherOrderCheck extends AbstractMethodDetection {
    private static final Pattern MATCHER_SPECIAL_CHAR = Pattern.compile("[?*{]");
    private static final MethodMatchers ANT_MATCHERS = MethodMatchers.create().ofSubTypes("org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry").names("antMatchers").addParametersMatcher("java.lang.String[]").build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/java/checks/spring/SpringAntMatcherOrderCheck$StringConstant.class */
    public static class StringConstant {
        private final ExpressionTree expression;
        private final String value;

        private StringConstant(ExpressionTree expressionTree, String str) {
            this.expression = expressionTree;
            this.value = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @CheckForNull
        public static StringConstant of(ExpressionTree expressionTree) {
            String value = ExpressionsHelper.getConstantValueAsString(expressionTree).value();
            if (value != null) {
                return new StringConstant(expressionTree, value);
            }
            return null;
        }
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected MethodMatchers getMethodInvocationMatchers() {
        return MethodMatchers.create().ofTypes("org.springframework.security.config.annotation.web.builders.HttpSecurity").names("authorizeRequests").withAnyParameters().build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        List<StringConstant> collectAntPatterns = collectAntPatterns(methodInvocationTree);
        for (int i = 1; i < collectAntPatterns.size(); i++) {
            checkAntPatternAt(collectAntPatterns, i);
        }
    }

    private void checkAntPatternAt(List<StringConstant> list, int i) {
        StringConstant stringConstant = list.get(i);
        StringConstant firstIncompatiblePreviousPattern = firstIncompatiblePreviousPattern(stringConstant, list, i);
        if (firstIncompatiblePreviousPattern != null) {
            reportIssue(stringConstant.expression, "Reorder the URL patterns from most to less specific, the pattern \"" + stringConstant.value + "\" should occurs before \"" + firstIncompatiblePreviousPattern.value + "\".", Collections.singletonList(new JavaFileScannerContext.Location("Less restrictive", firstIncompatiblePreviousPattern.expression)), null);
        }
    }

    @CheckForNull
    private static StringConstant firstIncompatiblePreviousPattern(StringConstant stringConstant, List<StringConstant> list, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            StringConstant stringConstant2 = list.get(i2);
            if (matches(stringConstant2.value, stringConstant.value)) {
                return stringConstant2;
            }
        }
        return null;
    }

    private static List<StringConstant> collectAntPatterns(MethodInvocationTree methodInvocationTree) {
        ArrayList arrayList = new ArrayList();
        Optional<MethodInvocationTree> consecutiveMethodInvocation = MethodTreeUtils.consecutiveMethodInvocation(methodInvocationTree);
        while (true) {
            Optional<MethodInvocationTree> optional = consecutiveMethodInvocation;
            if (!optional.isPresent()) {
                return arrayList;
            }
            if (ANT_MATCHERS.matches(optional.get())) {
                arrayList.addAll(antMatchersPatterns(optional.get()));
            }
            consecutiveMethodInvocation = MethodTreeUtils.consecutiveMethodInvocation(optional.get());
        }
    }

    @VisibleForTesting
    static boolean matches(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        if (str.endsWith(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS) && str2.startsWith(str.substring(0, str.length() - 2))) {
            return true;
        }
        boolean contains = str.contains("{");
        boolean find = MATCHER_SPECIAL_CHAR.matcher(str2).find();
        if (str.isEmpty() || contains || find) {
            return false;
        }
        return str2.matches(antMatcherToRegEx(str));
    }

    @VisibleForTesting
    static String antMatcherToRegEx(String str) {
        return escapeRegExpChars(str).replace("?", "[^/]").replace(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS, "$$").replace("*", "[^/]*").replace("$$", ".*");
    }

    @VisibleForTesting
    static String escapeRegExpChars(String str) {
        return str.replaceAll("([.(){}+|^$\\[\\]\\\\])", "\\\\$1");
    }

    private static List<StringConstant> antMatchersPatterns(MethodInvocationTree methodInvocationTree) {
        return (List) methodInvocationTree.arguments().stream().map(expressionTree -> {
            return StringConstant.of(expressionTree);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }
}
