package com.h3xstream.findsecbugs.crypto;

import com.h3xstream.findsecbugs.common.ByteCode;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.ICONST;
import org.apache.bcel.generic.INVOKESPECIAL;
import org.apache.bcel.generic.INVOKEVIRTUAL;

/* loaded from: input_file:com/h3xstream/findsecbugs/crypto/StaticIvDetector.class */
public class StaticIvDetector implements Detector {
    private static final boolean DEBUG = false;
    private static final String STATIC_IV = "STATIC_IV";
    private BugReporter bugReporter;

    public StaticIvDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        Method[] methods = classContext.getJavaClass().getMethods();
        int length = methods.length;
        for (int i = DEBUG; i < length; i++) {
            try {
                analyzeMethod(methods[i], classContext);
            } catch (CFGBuilderException e) {
            } catch (DataflowAnalysisException e2) {
            }
        }
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(method);
        boolean z = DEBUG;
        boolean z2 = DEBUG;
        boolean z3 = DEBUG;
        boolean z4 = DEBUG;
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location nextLocation = nextLocation(locationIterator, constantPoolGen);
            INVOKEVIRTUAL instruction = nextLocation.getHandle().getInstruction();
            if (instruction instanceof INVOKEVIRTUAL) {
                INVOKEVIRTUAL invokevirtual = instruction;
                if ("javax.crypto.Cipher".equals(invokevirtual.getClassName(constantPoolGen)) && "init".equals(invokevirtual.getMethodName(constantPoolGen))) {
                    ICONST iconst = (ICONST) ByteCode.getPrevInstruction(nextLocation.getHandle(), ICONST.class);
                    if (iconst != null) {
                        switch (iconst.getValue().intValue()) {
                            case 1:
                                z3 = true;
                                break;
                            case 2:
                                z2 = true;
                                break;
                        }
                    }
                } else if ("javax.crypto.Cipher".equals(invokevirtual.getClassName(constantPoolGen)) && "getIV".equals(invokevirtual.getMethodName(constantPoolGen))) {
                    z4 = true;
                }
            }
        }
        Iterator<Location> locationIterator2 = cfg.locationIterator();
        while (locationIterator2.hasNext()) {
            Location nextLocation2 = nextLocation(locationIterator2, constantPoolGen);
            INVOKESPECIAL instruction2 = nextLocation2.getHandle().getInstruction();
            if (instruction2 instanceof INVOKEVIRTUAL) {
                INVOKEVIRTUAL invokevirtual2 = (INVOKEVIRTUAL) instruction2;
                if ("java.security.SecureRandom".equals(invokevirtual2.getClassName(constantPoolGen)) && "nextBytes".equals(invokevirtual2.getMethodName(constantPoolGen))) {
                    z = true;
                }
            } else if ((instruction2 instanceof INVOKESPECIAL) && !z4 && (!z2 || z3)) {
                if (!z) {
                    INVOKESPECIAL invokespecial = instruction2;
                    if ("javax.crypto.spec.IvParameterSpec".equals(invokespecial.getClassName(constantPoolGen)) && "<init>".equals(invokespecial.getMethodName(constantPoolGen))) {
                        JavaClass javaClass = classContext.getJavaClass();
                        this.bugReporter.reportBug(new BugInstance(this, STATIC_IV, 2).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, nextLocation2));
                    }
                }
            }
        }
    }

    private Location nextLocation(Iterator<Location> it, ConstantPoolGen constantPoolGen) {
        return it.next();
    }

    public void report() {
    }
}
