package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTField;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.ApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;
import net.sourceforge.pmd.lang.apex.rule.internal.Helper;
import net.sourceforge.pmd.lang.rule.RuleTargetSelector;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexSuggestUsingNamedCredRule.class */
public class ApexSuggestUsingNamedCredRule extends AbstractApexRule {
    private static final String SET_HEADER = "setHeader";
    private static final String AUTHORIZATION = "Authorization";
    private static final String CREDENTIAL_PREFIX = "{!$Credential.";
    private final Set<String> listOfAuthorizationVariables = new HashSet();
    private final Set<String> listOfCredentialVariables = new HashSet();

    protected RuleTargetSelector buildTargetSelector() {
        return RuleTargetSelector.forTypes(ASTUserClass.class, new Class[0]);
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (Helper.isTestMethodOrClass(aSTUserClass)) {
            return obj;
        }
        for (ASTVariableDeclaration aSTVariableDeclaration : aSTUserClass.descendants(ASTVariableDeclaration.class)) {
            findAuthVariables(aSTVariableDeclaration);
            findCredentialVariables(aSTVariableDeclaration);
        }
        for (ASTField aSTField : aSTUserClass.descendants(ASTField.class)) {
            findAuthFields(aSTField);
            findCredentialFields(aSTField);
        }
        Iterator it = aSTUserClass.descendants(ASTMethodCallExpression.class).iterator();
        while (it.hasNext()) {
            flagAuthorizationHeaders((ASTMethodCallExpression) it.next(), obj);
        }
        this.listOfAuthorizationVariables.clear();
        this.listOfCredentialVariables.clear();
        return obj;
    }

    private void findAuthVariables(ApexNode<?> apexNode) {
        ASTVariableExpression firstChild;
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) apexNode.firstChild(ASTLiteralExpression.class);
        if (aSTLiteralExpression == null || (firstChild = apexNode.firstChild(ASTVariableExpression.class)) == null || !isAuthorizationLiteral(aSTLiteralExpression)) {
            return;
        }
        this.listOfAuthorizationVariables.add(Helper.getFQVariableName(firstChild));
    }

    private void findCredentialVariables(ApexNode<?> apexNode) {
        ASTVariableExpression firstChild;
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) apexNode.firstChild(ASTLiteralExpression.class);
        if (aSTLiteralExpression == null || (firstChild = apexNode.firstChild(ASTVariableExpression.class)) == null || !isCredentialLiteral(aSTLiteralExpression)) {
            return;
        }
        this.listOfCredentialVariables.add(Helper.getFQVariableName(firstChild));
    }

    private void findAuthFields(ASTField aSTField) {
        if ("String".equals(aSTField.getType()) && AUTHORIZATION.equalsIgnoreCase(aSTField.getValue())) {
            this.listOfAuthorizationVariables.add(Helper.getFQVariableName(aSTField));
        }
    }

    private void findCredentialFields(ASTField aSTField) {
        String value;
        if ("String".equals(aSTField.getType()) && (value = aSTField.getValue()) != null && value.contains(CREDENTIAL_PREFIX)) {
            this.listOfCredentialVariables.add(Helper.getFQVariableName(aSTField));
        }
    }

    private void flagAuthorizationHeaders(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        if (Helper.isMethodName(aSTMethodCallExpression, SET_HEADER)) {
            runChecks(aSTMethodCallExpression, obj);
        }
    }

    private void runChecks(ApexNode<?> apexNode, Object obj) {
        ApexNode<?> apexNode2 = (ApexNode) apexNode.getChild(1);
        ApexNode<?> apexNode3 = (ApexNode) apexNode.getChild(2);
        if (apexNode2 == null || !isAuthorizationReference(apexNode2)) {
            return;
        }
        if (apexNode3 == null || !isCredentialReference(apexNode3)) {
            asCtx(obj).addViolation(apexNode2);
        }
    }

    private boolean isAuthorizationReference(ApexNode<?> apexNode) {
        return apexNode instanceof ASTLiteralExpression ? isAuthorizationLiteral((ASTLiteralExpression) apexNode) : apexNode instanceof ASTVariableExpression ? isAuthorizationVariable((ASTVariableExpression) apexNode) : (apexNode instanceof ASTBinaryExpression) && isAuthorizationReference((ApexNode) apexNode.getChild(0));
    }

    private boolean isAuthorizationLiteral(ASTLiteralExpression aSTLiteralExpression) {
        return aSTLiteralExpression.isString() && AUTHORIZATION.equalsIgnoreCase(aSTLiteralExpression.getImage());
    }

    private boolean isAuthorizationVariable(ASTVariableExpression aSTVariableExpression) {
        return this.listOfAuthorizationVariables.contains(Helper.getFQVariableName(aSTVariableExpression));
    }

    private boolean isCredentialReference(ApexNode<?> apexNode) {
        return apexNode instanceof ASTLiteralExpression ? isCredentialLiteral((ASTLiteralExpression) apexNode) : apexNode instanceof ASTVariableExpression ? isCredentialVariable((ASTVariableExpression) apexNode) : (apexNode instanceof ASTBinaryExpression) && isCredentialBinaryExpression((ASTBinaryExpression) apexNode);
    }

    private boolean isCredentialLiteral(ASTLiteralExpression aSTLiteralExpression) {
        return aSTLiteralExpression.isString() && aSTLiteralExpression.getImage().contains(CREDENTIAL_PREFIX);
    }

    private boolean isCredentialVariable(ASTVariableExpression aSTVariableExpression) {
        return this.listOfCredentialVariables.contains(Helper.getFQVariableName(aSTVariableExpression));
    }

    private boolean isCredentialBinaryExpression(ASTBinaryExpression aSTBinaryExpression) {
        for (int i = 0; i < aSTBinaryExpression.getNumChildren(); i++) {
            if (isCredentialReference((ApexNode) aSTBinaryExpression.getChild(i))) {
                return true;
            }
        }
        return false;
    }
}
