package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaParser;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.ClassContext;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import lombok.ast.ClassDeclaration;
import lombok.ast.MethodDeclaration;
import lombok.ast.Node;
import lombok.ast.NormalTypeBody;
import lombok.ast.Return;
import lombok.ast.Statement;
import lombok.ast.TypeMember;
import org.objectweb.asm.tree.AbstractInsnNode;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.InsnList;
import org.objectweb.asm.tree.MethodNode;

/* loaded from: input_file:com/android/tools/lint/checks/TrustAllX509TrustManagerDetector.class */
public class TrustAllX509TrustManagerDetector extends Detector implements Detector.JavaScanner, Detector.ClassScanner {
    private static final Implementation IMPLEMENTATION = new Implementation(TrustAllX509TrustManagerDetector.class, EnumSet.of(Scope.JAVA_LIBRARIES, Scope.JAVA_FILE), Scope.JAVA_FILE_SCOPE);
    public static final Issue ISSUE = Issue.create("TrustAllX509TrustManager", "Insecure TLS/SSL trust manager", "This check looks for X509TrustManager implementations whose `checkServerTrusted` or `checkClientTrusted` methods do nothing (thus trusting any certificate chain) which could result in insecure network traffic caused by trusting arbitrary TLS/SSL certificates presented by peers.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION);

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaScanner
    public List<String> applicableSuperClasses() {
        return Collections.singletonList("javax.net.ssl.X509TrustManager");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaScanner
    public void checkClass(JavaContext javaContext, ClassDeclaration classDeclaration, Node node, JavaParser.ResolvedClass resolvedClass) {
        NormalTypeBody astBody;
        if (node instanceof NormalTypeBody) {
            astBody = (NormalTypeBody) node;
        } else if (classDeclaration == null) {
            return;
        } else {
            astBody = classDeclaration.astBody();
        }
        Iterator<T> it = astBody.astMembers().iterator();
        while (it.hasNext()) {
            TypeMember typeMember = (TypeMember) it.next();
            if (typeMember instanceof MethodDeclaration) {
                MethodDeclaration methodDeclaration = (MethodDeclaration) typeMember;
                String astValue = methodDeclaration.astMethodName().astValue();
                if ("checkServerTrusted".equals(astValue) || "checkClientTrusted".equals(astValue)) {
                    boolean z = false;
                    Iterator<T> it2 = methodDeclaration.astBody().astContents().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        } else if (!(((Statement) it2.next()) instanceof Return)) {
                            z = true;
                            break;
                        }
                    }
                    if (!z) {
                        javaContext.report(ISSUE, methodDeclaration, javaContext.getNameLocation(methodDeclaration), getErrorMessage(astValue));
                    }
                }
            }
        }
    }

    private static String getErrorMessage(String str) {
        return "`" + str + "` is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers";
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.ClassScanner
    public void checkClass(ClassContext classContext, ClassNode classNode) {
        if (classContext.isFromClassLibrary() && classNode.interfaces.contains("javax/net/ssl/X509TrustManager")) {
            for (MethodNode methodNode : classNode.methods) {
                if ("checkServerTrusted".equals(methodNode.name) || "checkClientTrusted".equals(methodNode.name)) {
                    InsnList insnList = methodNode.instructions;
                    boolean z = true;
                    int size = insnList.size();
                    for (int i = 0; i < size; i++) {
                        AbstractInsnNode abstractInsnNode = insnList.get(i);
                        int type = abstractInsnNode.getType();
                        if (type != 8 && type != 15 && (type != 0 || abstractInsnNode.getOpcode() != 177)) {
                            z = false;
                            break;
                        }
                    }
                    if (z) {
                        classContext.report(ISSUE, classContext.getLocation(methodNode, classNode), getErrorMessage(methodNode.name));
                    }
                }
            }
        }
    }
}
