package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaEvaluator;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.ClassContext;
import com.android.tools.lint.detector.api.ClassScanner;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.SourceCodeScanner;
import com.intellij.psi.PsiModifierListOwner;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import org.jetbrains.uast.UBlockExpression;
import org.jetbrains.uast.UClass;
import org.jetbrains.uast.UElement;
import org.jetbrains.uast.UExpression;
import org.jetbrains.uast.UReturnExpression;
import org.jetbrains.uast.UastEmptyExpression;
import org.jetbrains.uast.UastFacade;
import org.jetbrains.uast.visitor.AbstractUastVisitor;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.InsnList;
import org.objectweb.asm.tree.MethodNode;

/* loaded from: input_file:com/android/tools/lint/checks/TrustAllX509TrustManagerDetector.class */
public class TrustAllX509TrustManagerDetector extends Detector implements SourceCodeScanner, ClassScanner {
    private static final Implementation IMPLEMENTATION = new Implementation(TrustAllX509TrustManagerDetector.class, EnumSet.of(Scope.JAVA_LIBRARIES, Scope.JAVA_FILE), new EnumSet[]{Scope.JAVA_FILE_SCOPE});
    public static final Issue ISSUE = Issue.create("TrustAllX509TrustManager", "Insecure TLS/SSL trust manager", "This check looks for X509TrustManager implementations whose `checkServerTrusted` or `checkClientTrusted` methods do nothing (thus trusting any certificate chain) which could result in insecure network traffic caused by trusting arbitrary TLS/SSL certificates presented by peers.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION).setAndroidSpecific(true);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/tools/lint/checks/TrustAllX509TrustManagerDetector$ComplexBodyVisitor.class */
    public static class ComplexBodyVisitor extends AbstractUastVisitor {
        private boolean isComplex;

        private ComplexBodyVisitor() {
            this.isComplex = false;
        }

        public boolean visitElement(UElement uElement) {
            if ((uElement instanceof UExpression) && !(uElement instanceof UReturnExpression) && !(uElement instanceof UBlockExpression) && !(uElement instanceof UastEmptyExpression)) {
                this.isComplex = true;
            }
            return this.isComplex || super.visitElement(uElement);
        }

        boolean isComplex() {
            return this.isComplex;
        }
    }

    public List<String> applicableSuperClasses() {
        return Collections.singletonList("javax.net.ssl.X509TrustManager");
    }

    public void visitClass(JavaContext javaContext, UClass uClass) {
        checkMethod(javaContext, uClass, "checkServerTrusted");
        checkMethod(javaContext, uClass, "checkClientTrusted");
    }

    private static void checkMethod(JavaContext javaContext, UClass uClass, String str) {
        JavaEvaluator evaluator = javaContext.getEvaluator();
        for (PsiModifierListOwner psiModifierListOwner : uClass.findMethodsByName(str, true)) {
            if (!evaluator.isAbstract(psiModifierListOwner)) {
                UExpression methodBody = UastFacade.INSTANCE.getMethodBody(psiModifierListOwner);
                ComplexBodyVisitor complexBodyVisitor = new ComplexBodyVisitor();
                if (methodBody != null) {
                    methodBody.accept(complexBodyVisitor);
                }
                if (!complexBodyVisitor.isComplex()) {
                    javaContext.report(ISSUE, psiModifierListOwner, javaContext.getNameLocation(psiModifierListOwner), getErrorMessage(str));
                }
            }
        }
    }

    private static String getErrorMessage(String str) {
        return "`" + str + "` is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers";
    }

    public void checkClass(ClassContext classContext, ClassNode classNode) {
        if (classContext.isFromClassLibrary() && classNode.interfaces.contains("javax/net/ssl/X509TrustManager")) {
            for (MethodNode methodNode : classNode.methods) {
                if ("checkServerTrusted".equals(methodNode.name) || "checkClientTrusted".equals(methodNode.name)) {
                    InsnList insnList = methodNode.instructions;
                    boolean z = true;
                    int size = insnList.size();
                    for (int i = 0; i < size; i++) {
                        AbstractInsnNode abstractInsnNode = insnList.get(i);
                        int type = abstractInsnNode.getType();
                        if (type != 8 && type != 15 && (type != 0 || abstractInsnNode.getOpcode() != 177)) {
                            z = false;
                            break;
                        }
                    }
                    if (z) {
                        classContext.report(ISSUE, classContext.getLocation(methodNode, classNode), getErrorMessage(methodNode.name));
                    }
                }
            }
        }
    }
}
