package org.sonar.php.checks;

import java.util.Optional;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.tree.visitors.AssignmentExpressionVisitor;
import org.sonar.php.utils.LiteralUtils;
import org.sonar.plugins.php.api.tree.CompilationUnitTree;
import org.sonar.plugins.php.api.tree.SeparatedList;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.expression.ArrayInitializerTree;
import org.sonar.plugins.php.api.tree.expression.ArrayPairTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = CryptographicKeySizeCheck.KEY)
/* loaded from: input_file:org/sonar/php/checks/CryptographicKeySizeCheck.class */
public class CryptographicKeySizeCheck extends PHPVisitorCheck {
    public static final String KEY = "S4426";
    private static final int MIN_KEY_LENGTH = 2048;
    private static final String MESSAGE = "Use a key length of at least 2048 bits";
    private AssignmentExpressionVisitor assignmentExpressionVisitor;

    public void visitCompilationUnit(CompilationUnitTree compilationUnitTree) {
        this.assignmentExpressionVisitor = new AssignmentExpressionVisitor(context().symbolTable());
        compilationUnitTree.accept(this.assignmentExpressionVisitor);
        super.visitCompilationUnit(compilationUnitTree);
    }

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        if ("openssl_pkey_new".equals(CheckUtils.getLowerCaseFunctionName(functionCallTree))) {
            SeparatedList arguments = functionCallTree.arguments();
            if (arguments.size() == 1) {
                getKeySize((ExpressionTree) arguments.get(0)).filter(this::lessThanMinKeyLength).ifPresent(expressionTree -> {
                    context().newIssue(this, expressionTree, MESSAGE);
                });
            }
        }
        super.visitFunctionCall(functionCallTree);
    }

    private boolean lessThanMinKeyLength(ExpressionTree expressionTree) {
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.NUMERIC_LITERAL})) {
            return LiteralUtils.longLiteralValue(((LiteralTree) expressionTree).value()) < 2048;
        }
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.VARIABLE_IDENTIFIER})) {
            return ((Boolean) this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree)).map(this::lessThanMinKeyLength).orElse(false)).booleanValue();
        }
        return false;
    }

    private Optional<ExpressionTree> getKeySize(ExpressionTree expressionTree) {
        return (expressionTree.is(new Tree.Kind[]{Tree.Kind.ARRAY_INITIALIZER_FUNCTION, Tree.Kind.ARRAY_INITIALIZER_BRACKET}) && isRSA((ArrayInitializerTree) expressionTree)) ? ((ArrayInitializerTree) expressionTree).arrayPairs().stream().filter(arrayPairTree -> {
            return hasKey(arrayPairTree, "private_key_bits");
        }).map((v0) -> {
            return v0.value();
        }).findFirst() : this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree)).flatMap(this::getKeySize);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasKey(ArrayPairTree arrayPairTree, String str) {
        return arrayPairTree.key() != null && arrayPairTree.key().is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) && str.equals(CheckUtils.trimQuotes(arrayPairTree.key()));
    }

    private static boolean isRSA(ArrayInitializerTree arrayInitializerTree) {
        return arrayInitializerTree.arrayPairs().stream().anyMatch(arrayPairTree -> {
            if (hasKey(arrayPairTree, "private_key_type") && arrayPairTree.value().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
                return "OPENSSL_KEYTYPE_RSA".equals(arrayPairTree.value().name().text());
            }
            return false;
        });
    }
}
