package org.sonar.java.checks.security;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S4499")
/* loaded from: input_file:org/sonar/java/checks/security/SMTPSSLServerIdentityCheck.class */
public class SMTPSSLServerIdentityCheck extends AbstractMethodDetection {
    private static final String APACHE_EMAIL = "org.apache.commons.mail.Email";
    private static final String BOOLEAN = "boolean";
    private static final String HASHTABLE = "java.util.Hashtable";
    private static final Set<String> ENABLING_SSL_METHOD_NAMES = new HashSet(Arrays.asList("setSSL", "setSSLOnConnect", "setTLS", "setStartTLSEnabled", "setStartTLSRequired"));
    private static final MethodMatchers ENABLING_SSL_METHODS;
    private static final MethodMatchers HASHTABLE_PUT;

    /* loaded from: input_file:org/sonar/java/checks/security/SMTPSSLServerIdentityCheck$MethodBodyApacheVisitor.class */
    private static class MethodBodyApacheVisitor extends BaseTreeVisitor {
        private boolean isSecured;
        private static final MethodMatchers SET_SSL_CHECK_SERVER_ID = MethodMatchers.create().ofSubTypes(new String[]{SMTPSSLServerIdentityCheck.APACHE_EMAIL}).names(new String[]{"setSSLCheckServerIdentity"}).addParametersMatcher(new String[]{SMTPSSLServerIdentityCheck.BOOLEAN}).build();

        private MethodBodyApacheVisitor() {
            this.isSecured = false;
        }

        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            if (SET_SSL_CHECK_SERVER_ID.matches(methodInvocationTree) && SMTPSSLServerIdentityCheck.isNotFalse((ExpressionTree) methodInvocationTree.arguments().get(0))) {
                this.isSecured = true;
            }
            super.visitMethodInvocation(methodInvocationTree);
        }
    }

    /* loaded from: input_file:org/sonar/java/checks/security/SMTPSSLServerIdentityCheck$MethodBodyHashtableVisitor.class */
    private static class MethodBodyHashtableVisitor extends BaseTreeVisitor {
        private boolean isSecured;

        private MethodBodyHashtableVisitor() {
            this.isSecured = false;
        }

        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            Arguments arguments = methodInvocationTree.arguments();
            if (SMTPSSLServerIdentityCheck.HASHTABLE_PUT.matches(methodInvocationTree) && "mail.smtp.ssl.checkserveridentity".equals(ExpressionsHelper.getConstantValueAsString((ExpressionTree) arguments.get(0)).value()) && SMTPSSLServerIdentityCheck.isNotFalse((ExpressionTree) arguments.get(1))) {
                this.isSecured = true;
            }
            super.visitMethodInvocation(methodInvocationTree);
        }
    }

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected MethodMatchers getMethodInvocationMatchers() {
        return MethodMatchers.or(new MethodMatchers[]{ENABLING_SSL_METHODS, HASHTABLE_PUT});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        MethodTree enclosingMethod = ExpressionUtils.getEnclosingMethod(methodInvocationTree);
        if (enclosingMethod != null) {
            Arguments arguments = methodInvocationTree.arguments();
            if (ENABLING_SSL_METHODS.matches(methodInvocationTree) && LiteralUtils.isTrue((Tree) arguments.get(0))) {
                MethodBodyApacheVisitor methodBodyApacheVisitor = new MethodBodyApacheVisitor();
                enclosingMethod.accept(methodBodyApacheVisitor);
                if (!methodBodyApacheVisitor.isSecured) {
                    reportIssue(methodInvocationTree, "Enable server identity validation on this SMTP SSL connection.");
                }
            } else if (HASHTABLE_PUT.matches(methodInvocationTree) && "mail.smtp.socketFactory.class".equals(ExpressionsHelper.getConstantValueAsString((ExpressionTree) arguments.get(0)).value()) && "javax.net.ssl.SSLSocketFactory".equals(ExpressionsHelper.getConstantValueAsString((ExpressionTree) arguments.get(1)).value())) {
                MethodBodyHashtableVisitor methodBodyHashtableVisitor = new MethodBodyHashtableVisitor();
                enclosingMethod.accept(methodBodyHashtableVisitor);
                if (!methodBodyHashtableVisitor.isSecured) {
                    reportIssue(methodInvocationTree, "Enable server identity validation, set \"mail.smtp.ssl.checkserveridentity\" to true");
                }
            }
        }
        super.onMethodInvocationFound(methodInvocationTree);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isNotFalse(ExpressionTree expressionTree) {
        return !LiteralUtils.isFalse(expressionTree);
    }

    static {
        MethodMatchers.NameBuilder ofSubTypes = MethodMatchers.create().ofSubTypes(new String[]{APACHE_EMAIL});
        Set<String> set = ENABLING_SSL_METHOD_NAMES;
        Objects.requireNonNull(set);
        ENABLING_SSL_METHODS = ofSubTypes.name((v1) -> {
            return r1.contains(v1);
        }).addParametersMatcher(new String[]{BOOLEAN}).build();
        HASHTABLE_PUT = MethodMatchers.create().ofSubTypes(new String[]{HASHTABLE}).names(new String[]{"put"}).withAnyParameters().build();
    }
}
