package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaEvaluator;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.SourceCodeScanner;
import com.intellij.psi.PsiMethod;
import java.util.Collections;
import java.util.List;
import org.jetbrains.uast.UCallExpression;
import org.jetbrains.uast.UClass;
import org.jetbrains.uast.UExpression;
import org.jetbrains.uast.UReturnExpression;
import org.jetbrains.uast.UThrowExpression;
import org.jetbrains.uast.UastLiteralUtils;
import org.jetbrains.uast.visitor.AbstractUastVisitor;

/* loaded from: input_file:com/android/tools/lint/checks/BadHostnameVerifierDetector.class */
public class BadHostnameVerifierDetector extends Detector implements SourceCodeScanner {
    private static final Implementation IMPLEMENTATION = new Implementation(BadHostnameVerifierDetector.class, Scope.JAVA_FILE_SCOPE);
    public static final Issue ISSUE = Issue.create("BadHostnameVerifier", "Insecure HostnameVerifier", "This check looks for implementations of `HostnameVerifier` whose `verify` method always returns true (thus trusting any hostname) which could result in insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL certificates presented by peers.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION).addMoreInfo("https://goo.gle/BadHostnameVerifier");

    /* loaded from: input_file:com/android/tools/lint/checks/BadHostnameVerifierDetector$ComplexVisitor.class */
    private static class ComplexVisitor extends AbstractUastVisitor {
        private final JavaContext context;
        private boolean complex;

        public ComplexVisitor(JavaContext javaContext) {
            this.context = javaContext;
        }

        @Override // org.jetbrains.uast.visitor.UastVisitor
        public boolean visitThrowExpression(UThrowExpression uThrowExpression) {
            this.complex = true;
            return true;
        }

        @Override // org.jetbrains.uast.visitor.UastVisitor
        public boolean visitCallExpression(UCallExpression uCallExpression) {
            this.complex = true;
            return true;
        }

        @Override // org.jetbrains.uast.visitor.UastVisitor
        public boolean visitReturnExpression(UReturnExpression uReturnExpression) {
            UExpression returnExpression = uReturnExpression.getReturnExpression();
            if (returnExpression != null) {
                if (UastLiteralUtils.isTrueLiteral(returnExpression)) {
                    this.complex = false;
                } else {
                    this.complex = true;
                }
            }
            return super.visitReturnExpression(uReturnExpression);
        }

        public boolean isComplex() {
            return this.complex;
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.SourceCodeScanner
    public List<String> applicableSuperClasses() {
        return Collections.singletonList("javax.net.ssl.HostnameVerifier");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.SourceCodeScanner
    public void visitClass(JavaContext javaContext, UClass uClass) {
        JavaEvaluator evaluator = javaContext.getEvaluator();
        for (PsiMethod psiMethod : uClass.findMethodsByName("verify", false)) {
            if (evaluator.methodMatches(psiMethod, null, false, "java.lang.String", "javax.net.ssl.SSLSession")) {
                ComplexVisitor complexVisitor = new ComplexVisitor(javaContext);
                uClass.accept(complexVisitor);
                if (complexVisitor.isComplex()) {
                    return;
                }
                javaContext.report(ISSUE, psiMethod, javaContext.getNameLocation(psiMethod), String.format("`%1$s` always returns `true`, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames", psiMethod.getName()));
                return;
            }
        }
    }
}
