package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaParser;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import lombok.ast.AstVisitor;
import lombok.ast.ConstructorInvocation;
import lombok.ast.Expression;
import lombok.ast.MethodInvocation;

/* loaded from: input_file:com/android/tools/lint/checks/AllowAllHostnameVerifierDetector.class */
public class AllowAllHostnameVerifierDetector extends Detector implements Detector.JavaScanner {
    private static final Implementation IMPLEMENTATION = new Implementation(AllowAllHostnameVerifierDetector.class, Scope.JAVA_FILE_SCOPE);
    public static final Issue ISSUE = Issue.create("AllowAllHostnameVerifier", "Insecure HostnameVerifier", "This check looks for use of HostnameVerifier implementations whose `verify` method always returns true (thus trusting any hostname) which could result in insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL certificates presented by peers.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION);

    public List<String> getApplicableConstructorTypes() {
        return Collections.singletonList("org.apache.http.conn.ssl.AllowAllHostnameVerifier");
    }

    public void visitConstructor(JavaContext javaContext, AstVisitor astVisitor, ConstructorInvocation constructorInvocation, JavaParser.ResolvedMethod resolvedMethod) {
        javaContext.report(ISSUE, constructorInvocation, javaContext.getLocation(constructorInvocation), "Using the AllowAllHostnameVerifier HostnameVerifier is unsafe because it always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames");
    }

    public List<String> getApplicableMethodNames() {
        return Arrays.asList("setHostnameVerifier", "setDefaultHostnameVerifier");
    }

    public void visitMethod(JavaContext javaContext, AstVisitor astVisitor, MethodInvocation methodInvocation) {
        JavaParser.ResolvedMethod resolve = javaContext.resolve(methodInvocation);
        if (resolve instanceof JavaParser.ResolvedMethod) {
            JavaParser.ResolvedMethod resolvedMethod = resolve;
            if (resolvedMethod.getArgumentCount() == 1 && methodInvocation.astArguments().size() == 1 && resolvedMethod.getArgumentType(0).matchesName("javax.net.ssl.HostnameVerifier")) {
                Expression first = methodInvocation.astArguments().first();
                JavaParser.ResolvedField resolve2 = javaContext.resolve(first);
                if ((resolve2 instanceof JavaParser.ResolvedField) && resolve2.getName().equals("ALLOW_ALL_HOSTNAME_VERIFIER")) {
                    javaContext.report(ISSUE, first, javaContext.getLocation(first), "Using the ALLOW_ALL_HOSTNAME_VERIFIER HostnameVerifier is unsafe because it always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames");
                }
            }
        }
    }
}
