package com.h3xstream.findsecbugs.crypto;

import com.h3xstream.findsecbugs.common.ByteCode;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKESPECIAL;
import org.apache.bcel.generic.INVOKESTATIC;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.SIPUSH;

/* loaded from: input_file:com/h3xstream/findsecbugs/crypto/InsufficientKeySizeRsaDetector.class */
public class InsufficientKeySizeRsaDetector implements Detector {
    private static final boolean DEBUG = false;
    private static final String RSA_KEY_SIZE_TYPE = "RSA_KEY_SIZE";
    private BugReporter bugReporter;

    public InsufficientKeySizeRsaDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        Method[] methods = classContext.getJavaClass().getMethods();
        int length = methods.length;
        for (int i = DEBUG; i < length; i++) {
            try {
                analyzeMethod(methods[i], classContext);
            } catch (CFGBuilderException e) {
            } catch (DataflowAnalysisException e2) {
            }
        }
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
        String str;
        SIPUSH sipush;
        SIPUSH sipush2;
        boolean z = DEBUG;
        boolean z2 = DEBUG;
        Location location = DEBUG;
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator locationIterator = classContext.getCFG(method).locationIterator();
        while (locationIterator.hasNext()) {
            Location location2 = (Location) locationIterator.next();
            INVOKESPECIAL instruction = location2.getHandle().getInstruction();
            if (instruction instanceof INVOKESTATIC) {
                INVOKESTATIC invokestatic = (INVOKESTATIC) instruction;
                if ("java.security.KeyPairGenerator".equals(invokestatic.getClassName(constantPoolGen)) && "getInstance".equals(invokestatic.getMethodName(constantPoolGen)) && (str = (String) ByteCode.getConstantLDC(location2.getHandle().getPrev(), constantPoolGen, String.class)) != null && str.toUpperCase().startsWith("RSA")) {
                    z = true;
                }
            } else if (instruction instanceof INVOKEVIRTUAL) {
                INVOKEVIRTUAL invokevirtual = (INVOKEVIRTUAL) instruction;
                if ("java.security.KeyPairGenerator".equals(invokevirtual.getClassName(constantPoolGen)) && "initialize".equals(invokevirtual.getMethodName(constantPoolGen))) {
                    Number number = DEBUG;
                    if ("(I)V".equals(invokevirtual.getSignature(constantPoolGen))) {
                        number = ByteCode.getPushNumber(location2.getHandle().getPrev());
                    } else if ("(ILjava/security/SecureRandom;)V".equals(invokevirtual.getSignature(constantPoolGen)) && (sipush = (SIPUSH) ByteCode.getPrevInstruction(location2.getHandle(), SIPUSH.class)) != null) {
                        number = sipush.getValue();
                    }
                    if (number != null && number.intValue() < 1024) {
                        z2 = true;
                        location = location2;
                    }
                }
            } else if (instruction instanceof INVOKESPECIAL) {
                INVOKESPECIAL invokespecial = instruction;
                if ("java.security.spec.RSAKeyGenParameterSpec".equals(invokespecial.getClassName(constantPoolGen)) && "<init>".equals(invokespecial.getMethodName(constantPoolGen))) {
                    Number number2 = DEBUG;
                    if ("(ILjava/math/BigInteger;)V".equals(invokespecial.getSignature(constantPoolGen)) && (sipush2 = (SIPUSH) ByteCode.getPrevInstruction(location2.getHandle(), SIPUSH.class)) != null) {
                        number2 = sipush2.getValue();
                    }
                    if (number2 != null && number2.intValue() < 1024) {
                        z2 = true;
                        location = location2;
                    }
                }
            }
        }
        if (z && z2) {
            JavaClass javaClass = classContext.getJavaClass();
            this.bugReporter.reportBug(new BugInstance(this, RSA_KEY_SIZE_TYPE, 2).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, location));
        }
    }

    public void report() {
    }
}
