package org.sonar.java.checks.security;

import edu.umd.cs.findbugs.util.Values;
import java.util.Collections;
import java.util.List;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.MethodTreeUtils;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S6291")
/* loaded from: input_file:org/sonar/java/checks/security/AndroidUnencryptedDatabaseCheck.class */
public class AndroidUnencryptedDatabaseCheck extends IssuableSubscriptionVisitor {
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String ANDROID_CONTENT_CONTEXT = "android.content.Context";
    private static final MethodMatchers UNSAFE_DATABASE_CALL = MethodMatchers.or(MethodMatchers.create().ofSubTypes("android.app.Activity").names("getPreferences").addParametersMatcher("int").build(), MethodMatchers.create().ofSubTypes("android.preference.PreferenceManager").names("getDefaultSharedPreferences").addParametersMatcher(ANDROID_CONTENT_CONTEXT).build(), MethodMatchers.create().ofSubTypes(ANDROID_CONTENT_CONTEXT).names("getSharedPreferences").addParametersMatcher("java.lang.String", "int").addParametersMatcher(Values.DOTTED_JAVA_IO_FILE, "int").build(), MethodMatchers.create().ofSubTypes(ANDROID_CONTENT_CONTEXT).names("openOrCreateDatabase").addParametersMatcher("java.lang.String", "int", "android.database.sqlite.SQLiteDatabase$CursorFactory").addParametersMatcher("java.lang.String", "int", "android.database.sqlite.SQLiteDatabase$CursorFactory", "android.database.DatabaseErrorHandler").build());
    private static final String REALM_CONFIGURATION_BUILDER_TYPE = "io.realm.RealmConfiguration$Builder";
    private static final MethodMatchers REALM_CONFIGURATION_BUILDER_BUILD = MethodMatchers.create().ofSubTypes(REALM_CONFIGURATION_BUILDER_TYPE).names("build").addWithoutParametersMatcher().build();
    private static final MethodMatchers REALM_CONFIGURATION_BUILDER_ENCRYPTION_KEY = MethodMatchers.create().ofSubTypes(REALM_CONFIGURATION_BUILDER_TYPE).names("encryptionKey").withAnyParameters().build();
    private static final MethodMatchers REALM_CONFIGURATION_BUILDER_BUILDER = MethodMatchers.create().ofSubTypes(REALM_CONFIGURATION_BUILDER_TYPE).constructor().withAnyParameters().build();

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Collections.singletonList(Tree.Kind.METHOD_INVOCATION);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        if (UNSAFE_DATABASE_CALL.matches(methodInvocationTree) || (REALM_CONFIGURATION_BUILDER_BUILD.matches(methodInvocationTree) && !isEncrypted(methodInvocationTree.methodSelect()))) {
            reportIssue(ExpressionUtils.methodName(methodInvocationTree), "Make sure using an unencrypted database is safe here.");
        }
    }

    private static boolean isEncrypted(ExpressionTree expressionTree) {
        if (expressionTree.is(Tree.Kind.MEMBER_SELECT)) {
            expressionTree = ((MemberSelectExpressionTree) expressionTree).expression();
        }
        if (expressionTree.is(Tree.Kind.METHOD_INVOCATION)) {
            MethodInvocationTree methodInvocationTree = (MethodInvocationTree) expressionTree;
            if (REALM_CONFIGURATION_BUILDER_ENCRYPTION_KEY.matches(methodInvocationTree)) {
                return true;
            }
            return isEncrypted(methodInvocationTree.methodSelect());
        }
        if (!expressionTree.is(Tree.Kind.IDENTIFIER)) {
            return (expressionTree.is(Tree.Kind.NEW_CLASS) && REALM_CONFIGURATION_BUILDER_BUILDER.matches((NewClassTree) expressionTree)) ? false : true;
        }
        Symbol symbol = ((IdentifierTree) expressionTree).symbol();
        if (symbol.usages().stream().anyMatch(AndroidUnencryptedDatabaseCheck::canEncryptToken)) {
            return true;
        }
        return declarationIsEncrypted(symbol);
    }

    private static boolean canEncryptToken(IdentifierTree identifierTree) {
        Tree parent = identifierTree.parent();
        return (parent != null && parent.is(Tree.Kind.ARGUMENTS)) || MethodTreeUtils.subsequentMethodInvocation(identifierTree, REALM_CONFIGURATION_BUILDER_ENCRYPTION_KEY).isPresent();
    }

    private static boolean declarationIsEncrypted(Symbol symbol) {
        if (!symbol.isLocalVariable()) {
            return true;
        }
        Tree declaration = symbol.declaration();
        if (!(declaration instanceof VariableTree)) {
            return true;
        }
        ExpressionTree initializer = ((VariableTree) declaration).initializer();
        return (initializer instanceof MethodInvocationTree) && isEncrypted(initializer);
    }
}
