package org.sonar.php.checks;

import com.google.common.collect.ImmutableSet;
import java.util.Locale;
import java.util.Optional;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.tree.visitors.AssignmentExpressionVisitor;
import org.sonar.plugins.php.api.tree.CompilationUnitTree;
import org.sonar.plugins.php.api.tree.SeparatedList;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = SSLCertificatesVerificationDisabledCheck.KEY)
/* loaded from: input_file:org/sonar/php/checks/SSLCertificatesVerificationDisabledCheck.class */
public class SSLCertificatesVerificationDisabledCheck extends PHPVisitorCheck {
    public static final String KEY = "S4830";
    private static final String CURL_SETOPT = "curl_setopt";
    private static final String CURLOPT_SSL_VERIFYHOST = "CURLOPT_SSL_VERIFYHOST";
    private static final String CURLOPT_SSL_VERIFYPEER = "CURLOPT_SSL_VERIFYPEER";
    private static final Set<String> VERIFY_HOST_COMPLIANT_VALUES = ImmutableSet.of("2");
    private static final Set<String> VERIFY_PEER_COMPLIANT_VALUES = ImmutableSet.of("true", "1");
    private static final String MESSAGE = "Activate SSL/TLS certificates chain of trust verification.";
    private AssignmentExpressionVisitor assignmentExpressionVisitor;

    public void visitCompilationUnit(CompilationUnitTree compilationUnitTree) {
        this.assignmentExpressionVisitor = new AssignmentExpressionVisitor(context().symbolTable());
        compilationUnitTree.accept(this.assignmentExpressionVisitor);
        super.visitCompilationUnit(compilationUnitTree);
    }

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        String functionName = CheckUtils.getFunctionName(functionCallTree);
        SeparatedList arguments = functionCallTree.arguments();
        if (CURL_SETOPT.equals(functionName) && arguments.size() > 2) {
            ExpressionTree expressionTree = (ExpressionTree) arguments.get(1);
            ExpressionTree expressionTree2 = (ExpressionTree) arguments.get(2);
            nameOf(expressionTree).ifPresent(str -> {
                if (str.equals(CURLOPT_SSL_VERIFYHOST)) {
                    checkCURLSSLVerify(expressionTree2, VERIFY_HOST_COMPLIANT_VALUES);
                } else if (str.equals(CURLOPT_SSL_VERIFYPEER)) {
                    checkCURLSSLVerify(expressionTree2, VERIFY_PEER_COMPLIANT_VALUES);
                }
            });
        }
        super.visitFunctionCall(functionCallTree);
    }

    private static Optional<String> nameOf(Tree tree) {
        String nameOf = CheckUtils.nameOf(tree);
        return nameOf != null ? Optional.of(nameOf) : Optional.empty();
    }

    private void checkCURLSSLVerify(ExpressionTree expressionTree, Set<String> set) {
        LiteralTree assignedValue = getAssignedValue(expressionTree);
        if (!(assignedValue instanceof LiteralTree) || set.contains(CheckUtils.trimQuotes(assignedValue.value()).toLowerCase(Locale.ENGLISH))) {
            return;
        }
        context().newIssue(this, expressionTree, MESSAGE);
    }

    private ExpressionTree getAssignedValue(ExpressionTree expressionTree) {
        return expressionTree.is(new Tree.Kind[]{Tree.Kind.VARIABLE_IDENTIFIER}) ? (ExpressionTree) this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree)).orElse(expressionTree) : expressionTree;
    }
}
