package org.sonar.java.checks.security;

import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.checks.helpers.JavaPropertiesHelper;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5542")
/* loaded from: input_file:org/sonar/java/checks/security/EncryptionAlgorithmCheck.class */
public class EncryptionAlgorithmCheck extends AbstractMethodDetection {
    private static final Pattern ALGORITHM_PATTERN = Pattern.compile("(.+)/(.+)/(.+)");

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected MethodMatchers getMethodInvocationMatchers() {
        return MethodMatchers.create().ofTypes("javax.crypto.Cipher").names("getInstance").withAnyParameters().build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        Tree declaration;
        if (methodInvocationTree.arguments().isEmpty()) {
            return;
        }
        ExpressionTree expressionTree = (ExpressionTree) methodInvocationTree.arguments().get(0);
        ExpressionTree expressionTree2 = expressionTree;
        List<JavaFileScannerContext.Location> arrayList = new ArrayList<>();
        ExpressionTree retrievedPropertyDefaultValue = JavaPropertiesHelper.retrievedPropertyDefaultValue(expressionTree);
        if (retrievedPropertyDefaultValue != null) {
            expressionTree2 = retrievedPropertyDefaultValue;
            arrayList.add(new JavaFileScannerContext.Location("Default transformation", retrievedPropertyDefaultValue));
        } else if (expressionTree.is(Tree.Kind.IDENTIFIER) && (declaration = ((IdentifierTree) expressionTree).symbol().declaration()) != null) {
            arrayList.add(new JavaFileScannerContext.Location("Transformation definition", declaration));
        }
        String value = ExpressionsHelper.getConstantValueAsString(expressionTree2).value();
        if (value == null || !isInsecureAlgorithm(value)) {
            return;
        }
        reportIssue(expressionTree, "Use secure mode and padding scheme.", arrayList, null);
    }

    private static boolean isInsecureAlgorithm(String str) {
        Matcher matcher = ALGORITHM_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return true;
        }
        String group = matcher.group(1);
        String group2 = matcher.group(2);
        String group3 = matcher.group(3);
        boolean equalsIgnoreCase = "RSA".equalsIgnoreCase(group);
        if (!"ECB".equalsIgnoreCase(group2) || equalsIgnoreCase) {
            return "CBC".equalsIgnoreCase(group2) ? "PKCS5Padding".equalsIgnoreCase(group3) || "PKCS7Padding".equalsIgnoreCase(group3) : equalsIgnoreCase && !group3.toUpperCase(Locale.ROOT).startsWith("OAEP");
        }
        return true;
    }
}
