package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaParser;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.Speed;
import java.util.Arrays;
import java.util.List;
import lombok.ast.AstVisitor;
import lombok.ast.Expression;
import lombok.ast.MethodInvocation;
import lombok.ast.StrictListAccessor;

/* loaded from: input_file:com/android/tools/lint/checks/SslCertificateSocketFactoryDetector.class */
public class SslCertificateSocketFactoryDetector extends Detector implements Detector.JavaScanner {
    private static final Implementation IMPLEMENTATION_JAVA = new Implementation(SslCertificateSocketFactoryDetector.class, Scope.JAVA_FILE_SCOPE);
    public static final Issue CREATE_SOCKET = Issue.create("SSLCertificateSocketFactoryCreateSocket", "Insecure call to `SSLCertificateSocketFactory.createSocket()`", "When `SSLCertificateSocketFactory.createSocket()` is called with an `InetAddress` as the first parameter, TLS/SSL hostname verification is not performed, which could result in insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL certificates presented by peers. In this case, developers must ensure that the `InetAddress` is explicitly verified against the certificate through other means, such as by calling `SSLCertificateSocketFactory.getDefaultHostnameVerifier() to get a `HostnameVerifier` and calling `HostnameVerifier.verify()`.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION_JAVA);
    public static final Issue GET_INSECURE = Issue.create("SSLCertificateSocketFactoryGetInsecure", "Call to `SSLCertificateSocketFactory.getInsecure()`", "The `SSLCertificateSocketFactory.getInsecure()` method returns an SSLSocketFactory with all TLS/SSL security checks disabled, which could result in insecure network traffic caused by trusting arbitrary TLS/SSL certificates presented by peers. This method should be avoided unless needed for a special circumstance such as debugging. Instead, `SSLCertificateSocketFactory.getDefault()` should be used.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION_JAVA);
    private static final String INET_ADDRESS_CLASS = "java.net.InetAddress";
    private static final String SSL_CERTIFICATE_SOCKET_FACTORY_CLASS = "android.net.SSLCertificateSocketFactory";

    @Override // com.android.tools.lint.detector.api.Detector
    public Speed getSpeed() {
        return Speed.FAST;
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaScanner
    public List<String> getApplicableMethodNames() {
        return Arrays.asList("createSocket", "getInsecure");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaScanner
    public void visitMethod(JavaContext javaContext, AstVisitor astVisitor, MethodInvocation methodInvocation) {
        JavaParser.TypeDescriptor type;
        JavaParser.ResolvedClass typeClass;
        JavaParser.ResolvedNode resolve = javaContext.resolve(methodInvocation);
        if (resolve instanceof JavaParser.ResolvedMethod) {
            String astValue = methodInvocation.astName().astValue();
            if (((JavaParser.ResolvedMethod) resolve).getContainingClass().isSubclassOf(SSL_CERTIFICATE_SOCKET_FACTORY_CLASS, false)) {
                if (!"createSocket".equals(astValue)) {
                    if ("getInsecure".equals(astValue)) {
                        javaContext.report(GET_INSECURE, methodInvocation, javaContext.getLocation(methodInvocation), "Use of `SSLCertificateSocketFactory.getInsecure()` can cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers");
                        return;
                    }
                    return;
                }
                StrictListAccessor<Expression, MethodInvocation> astArguments = methodInvocation.astArguments();
                if (astArguments == null || (type = javaContext.getType(astArguments.first())) == null || (typeClass = type.getTypeClass()) == null || !typeClass.isSubclassOf(INET_ADDRESS_CLASS, false)) {
                    return;
                }
                javaContext.report(CREATE_SOCKET, methodInvocation, javaContext.getLocation(methodInvocation), "Use of `SSLCertificateSocketFactory.createSocket()` with an InetAddress parameter can cause insecure network traffic due to trusting arbitrary hostnames in TLS/SSL certificates presented by peers");
            }
        }
    }
}
