package com.h3xstream.findsecbugs.password;

import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;

/* loaded from: input_file:com/h3xstream/findsecbugs/password/ConstantPasswordDetector.class */
public class ConstantPasswordDetector extends OpcodeStackDetector {
    private static final String HARD_CODE_PASSWORD_TYPE = "HARD_CODE_PASSWORD";
    private final BugReporter bugReporter;
    private static final String PASSWORD_METHODS_DIR = "password-methods";
    private static final String CHAR_ARRAY_METHODS_FILENAME = "password-methods-char.txt";
    private static final String BYTE_ARRAY_METHODS_FILENAME = "password-methods-byte.txt";
    private static final String BIG_INTEGER_METHODS_FILENAME = "password-methods-biginteger.txt";
    private static final String STRING_METHODS_FILENAME = "password-methods-string.txt";
    private static final String PASSWORD_NAMES = ".*(pass|pwd|psw|secret|key|cipher|crypt|des|aes).*";
    private static final Pattern PASSWORD_PATTERN = Pattern.compile(PASSWORD_NAMES, 2);
    private static final int MIN_CONST_ARRAY_LENGTH = 4;
    private boolean staticInitializerSeen = false;
    private boolean constCharArraySeenLocally = false;
    private boolean charArrayFieldLoaded = false;
    private boolean constCharArrayFieldDefined = false;
    private Set<String> charMethods = new HashSet();
    private boolean constByteArraySeenLocally = false;
    private boolean byteArrayFieldLoaded = false;
    private boolean constByteArrayFieldDefined = false;
    private final Set<String> byteMethods = new HashSet();
    private int constArrayState = -1;
    private boolean isByteArray = false;
    private boolean constBigIntegerSeenLocally = false;
    private boolean bigIntegerFieldLoaded = false;
    private boolean constBigIntegerFieldDefined = false;
    private final Set<String> bigIntegerMethods = new HashSet();
    private final Map<String, Integer> stringMethods = new HashMap();

    public ConstantPasswordDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
        try {
            loadResources();
        } catch (IOException e) {
            throw new RuntimeException("cannot load resources", e);
        }
    }

    public void visit(JavaClass javaClass) {
        this.staticInitializerSeen = false;
        this.constCharArrayFieldDefined = false;
        this.constByteArrayFieldDefined = false;
        this.constBigIntegerFieldDefined = false;
        for (Method method : javaClass.getMethods()) {
            if (method.getName().equals("<clinit>")) {
                doVisitMethod(method);
                this.staticInitializerSeen = true;
                return;
            }
        }
    }

    public void visit(Method method) {
        this.constCharArraySeenLocally = false;
        this.charArrayFieldLoaded = false;
        this.constByteArraySeenLocally = false;
        this.byteArrayFieldLoaded = false;
        this.constArrayState = -1;
        this.constBigIntegerSeenLocally = false;
        this.bigIntegerFieldLoaded = false;
    }

    public void sawOpcode(int i) {
        if (getMethodName().equals("<clinit>") && this.staticInitializerSeen) {
            return;
        }
        checkArrayDeclaration(i);
        checkFieldLoaded(i);
        if ((i == 181 || i == 179) && "Ljava/math/BigInteger;".equals(getSigConstantOperand()) && this.constBigIntegerSeenLocally) {
            this.constBigIntegerFieldDefined = true;
        }
        if (i < 182 || i > 185) {
            return;
        }
        String calledMethodName = getCalledMethodName();
        checkArrayConversion(calledMethodName);
        checkBigIntegerDeclaration(calledMethodName);
        checkMethods(calledMethodName);
    }

    private void checkArrayDeclaration(int i) {
        if (this.constArrayState == -1) {
            if (i == 188) {
                this.constArrayState = 0;
                return;
            }
            return;
        }
        if (this.constArrayState >= MIN_CONST_ARRAY_LENGTH) {
            setArraySeen(i);
        }
        if (i == 85) {
            this.isByteArray = false;
            this.constArrayState++;
        } else if (i == 84) {
            this.isByteArray = true;
            this.constArrayState++;
        } else {
            if (i == 89 || i == 16 || i == 17 || i <= 8) {
                return;
            }
            this.constArrayState = -1;
        }
    }

    private void setArraySeen(int i) {
        if (this.isByteArray) {
            this.constByteArraySeenLocally = true;
        } else {
            this.constCharArraySeenLocally = true;
        }
        if (i == 181 || i == 179) {
            String nameConstantOperand = getNameConstantOperand();
            if (PASSWORD_PATTERN.matcher(nameConstantOperand).matches()) {
                reportBug(nameConstantOperand, 2);
            }
            this.constArrayState = -1;
            if (this.isByteArray) {
                this.constByteArrayFieldDefined = true;
            } else {
                this.constCharArrayFieldDefined = true;
            }
        }
    }

    private void checkFieldLoaded(int i) {
        if ((i == 178 || i == 180) && getClassName().equals(getClassConstantOperand())) {
            String sigConstantOperand = getSigConstantOperand();
            if ("[C".equals(sigConstantOperand)) {
                this.charArrayFieldLoaded = true;
            } else if ("[B".equals(sigConstantOperand)) {
                this.byteArrayFieldLoaded = true;
            } else if ("Ljava/math/BigInteger;".equals(sigConstantOperand)) {
                this.bigIntegerFieldLoaded = true;
            }
        }
    }

    private void checkArrayConversion(String str) {
        if ("java/lang/String.toCharArray()[C".equals(str) && hasConstantOnStack(0)) {
            this.constCharArraySeenLocally = true;
        }
        if (str.startsWith("java/lang/String.getBytes(") && hasConstantOnStack(0)) {
            this.constByteArraySeenLocally = true;
        }
    }

    private void checkBigIntegerDeclaration(String str) {
        if (("java/math/BigInteger.<init>(Ljava/lang/String;)V".equals(str) && hasConstantOnStack(0)) || ("java/math/BigInteger.<init>(Ljava/lang/String;I)V".equals(str) && hasConstantOnStack(1))) {
            this.constBigIntegerSeenLocally = true;
        }
        if (("java/math/BigInteger.<init>([B)V".equals(str) || "java/math/BigInteger.<init>(I[B)V".equals(str)) && hasConstByteArray()) {
            this.constBigIntegerSeenLocally = true;
        }
    }

    private void checkMethods(String str) {
        if (hasConstCharArray()) {
            reportIfInSet(str, this.charMethods);
        }
        if (hasConstByteArray()) {
            reportIfInSet(str, this.byteMethods);
        }
        if (hasBigInteger()) {
            reportIfInSet(str, this.bigIntegerMethods);
        }
        if (this.stringMethods.containsKey(str) && hasConstantOnStack(this.stringMethods.get(str).intValue())) {
            reportBug(str, 1);
        }
    }

    private boolean hasConstCharArray() {
        return this.constCharArraySeenLocally || (this.charArrayFieldLoaded && this.constCharArrayFieldDefined);
    }

    private boolean hasConstByteArray() {
        return this.constByteArraySeenLocally || (this.byteArrayFieldLoaded && this.constByteArrayFieldDefined);
    }

    private boolean hasBigInteger() {
        return this.constBigIntegerSeenLocally || (this.bigIntegerFieldLoaded && this.constBigIntegerFieldDefined);
    }

    private boolean hasConstantOnStack(int i) {
        return this.stack.getStackItem(i).getConstant() != null;
    }

    private String getCalledMethodName() {
        return getClassConstantOperand() + "." + (getNameConstantOperand() + getSigConstantOperand());
    }

    private void reportIfInSet(String str, Set<String> set) {
        if (set.contains(str)) {
            reportBug(str, 1);
        }
    }

    private void reportBug(String str, int i) {
        this.bugReporter.reportBug(new BugInstance(this, HARD_CODE_PASSWORD_TYPE, i).addClass(this).addMethod(this).addSourceLine(this).addString(str));
    }

    private void loadResources() throws IOException {
        loadCollection(CHAR_ARRAY_METHODS_FILENAME, this.charMethods);
        loadCollection(BYTE_ARRAY_METHODS_FILENAME, this.byteMethods);
        loadCollection(BIG_INTEGER_METHODS_FILENAME, this.bigIntegerMethods);
        loadMap(STRING_METHODS_FILENAME, this.stringMethods, "#");
    }

    private void loadCollection(String str, Collection<String> collection) throws IOException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = getReader(str);
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                String trim = readLine.trim();
                if (!trim.isEmpty()) {
                    collection.add(trim);
                }
            }
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    private void loadMap(String str, Map<String, Integer> map, String str2) throws IOException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = getReader(str);
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                String trim = readLine.trim();
                if (!trim.isEmpty()) {
                    String[] split = trim.split(str2);
                    map.put(split[0], Integer.valueOf(Integer.parseInt(split[1])));
                }
            }
            if (bufferedReader != null) {
                bufferedReader.close();
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    private BufferedReader getReader(String str) {
        return new BufferedReader(new InputStreamReader(getClass().getClassLoader().getResourceAsStream("password-methods/" + str)));
    }
}
