package org.sonar.java.checks.security;

import java.util.ArrayDeque;
import java.util.Deque;
import java.util.List;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.ThrowStatementTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5804")
/* loaded from: input_file:org/sonar/java/checks/security/UserEnumerationCheck.class */
public class UserEnumerationCheck extends IssuableSubscriptionVisitor {
    private static final String MESSAGE = "Make sure allowing user enumeration is safe here.";
    private static final String USERNAME_NOT_FOUND_EXCEPTION = "org.springframework.security.core.userdetails.UsernameNotFoundException";
    private static final String BOOLEAN = "boolean";
    private static final String STRING = "java.lang.String";
    private static final String THROWABLE = "java.lang.Throwable";
    private final Deque<MethodTree> stack = new ArrayDeque();
    private static final String ABSTRACT_USER_DETAILS_AUTHENTICATION_PROVIDER = "org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider";
    private static final String SPRING_SEC_LDAP_AUTHENTICATION_PROVIDER = "org.springframework.security.ldap.authentication.LdapAuthenticationProvider";
    private static final String HIDE_USER_NOT_FOUND_EXCEPTIONS = "setHideUserNotFoundExceptions";
    private static final MethodMatchers SET_HIDE_USER_MATCHER = MethodMatchers.create().ofSubTypes(ABSTRACT_USER_DETAILS_AUTHENTICATION_PROVIDER, SPRING_SEC_LDAP_AUTHENTICATION_PROVIDER).names(HIDE_USER_NOT_FOUND_EXCEPTIONS).addParametersMatcher("boolean").build();
    private static final String USER_DETAILS_SERVICE = "org.springframework.security.core.userdetails.UserDetailsService";
    private static final String LOAD_USER_BY_USERNAME = "loadUserByUsername";
    private static final MethodMatchers LOAD_USER_MATCHER = MethodMatchers.create().ofSubTypes(USER_DETAILS_SERVICE).names(LOAD_USER_BY_USERNAME).addParametersMatcher("java.lang.String").build();

    @Override // org.sonar.plugins.java.api.IssuableSubscriptionVisitor, org.sonar.java.ast.visitors.SubscriptionVisitor
    public void setContext(JavaFileScannerContext javaFileScannerContext) {
        super.setContext(javaFileScannerContext);
        this.stack.clear();
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return List.of(Tree.Kind.CONSTRUCTOR, Tree.Kind.METHOD_INVOCATION, Tree.Kind.THROW_STATEMENT, Tree.Kind.METHOD);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        if (tree instanceof MethodTree) {
            this.stack.push((MethodTree) tree);
            return;
        }
        if (tree instanceof ThrowStatementTree) {
            ThrowStatementTree throwStatementTree = (ThrowStatementTree) tree;
            if (!throwStatementTree.expression().symbolType().is(USERNAME_NOT_FOUND_EXCEPTION) || isInsideLoadUserByUserName()) {
                return;
            }
            reportIssue(throwStatementTree.expression(), MESSAGE);
            return;
        }
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        Arguments arguments = methodInvocationTree.arguments();
        if (arguments.isEmpty()) {
            return;
        }
        ExpressionTree expressionTree = (ExpressionTree) arguments.get(0);
        checkHiddenUserNotFoundException(methodInvocationTree, expressionTree);
        checkLoadUserArgUsedInExceptions(methodInvocationTree, expressionTree);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void leaveNode(Tree tree) {
        if (tree instanceof MethodTree) {
            this.stack.pop();
        }
    }

    private void checkLoadUserArgUsedInExceptions(MethodInvocationTree methodInvocationTree, ExpressionTree expressionTree) {
        if (LOAD_USER_MATCHER.matches(methodInvocationTree) && (expressionTree instanceof IdentifierTree)) {
            ((IdentifierTree) expressionTree).symbol().usages().stream().filter((v0) -> {
                return checkParentIsThrowable(v0);
            }).forEach(identifierTree -> {
                reportIssue(identifierTree, MESSAGE);
            });
        }
    }

    private void checkHiddenUserNotFoundException(MethodInvocationTree methodInvocationTree, ExpressionTree expressionTree) {
        if (!SET_HIDE_USER_MATCHER.matches(methodInvocationTree) || ((Boolean) expressionTree.asConstant(Boolean.class).orElse(true)).booleanValue()) {
            return;
        }
        reportIssue(methodInvocationTree, MESSAGE);
    }

    private static boolean checkParentIsThrowable(Tree tree) {
        Tree parent = tree.parent();
        while (true) {
            Tree tree2 = parent;
            if (!(tree2 instanceof ExpressionTree) && !(tree2 instanceof Arguments)) {
                return false;
            }
            if ((tree2 instanceof NewClassTree) && ((NewClassTree) tree2).symbolType().isSubtypeOf("java.lang.Throwable")) {
                return true;
            }
            parent = tree2.parent();
        }
    }

    private boolean isInsideLoadUserByUserName() {
        return LOAD_USER_MATCHER.matches(this.stack.peekFirst());
    }
}
