package com.google.errorprone.bugpatterns;

import com.google.errorprone.BugPattern;
import com.google.errorprone.VisitorState;
import com.google.errorprone.bugpatterns.BugChecker;
import com.google.errorprone.matchers.Description;
import com.google.errorprone.matchers.Matcher;
import com.google.errorprone.matchers.method.MethodMatchers;
import com.google.errorprone.util.ASTHelpers;
import com.sun.source.tree.ExpressionTree;
import com.sun.source.tree.MethodInvocationTree;
import com.sun.tools.javac.tree.JCTree;

@BugPattern(name = "InsecureCipherMode", summary = "Cipher.getInstance() is invoked using either the default settings or ECB mode", category = BugPattern.Category.JDK, severity = BugPattern.SeverityLevel.ERROR, documentSuppression = false, maturity = BugPattern.MaturityLevel.MATURE)
/* loaded from: input_file:com/google/errorprone/bugpatterns/InsecureCipherMode.class */
public class InsecureCipherMode extends BugChecker implements BugChecker.MethodInvocationTreeMatcher {
    private static final String MESSAGE_BASE = "Insecure usage of Cipher.getInstance(): ";
    private static final Matcher<ExpressionTree> GETINSTANCE_MATCHER = MethodMatchers.staticMethod().onClass("javax.crypto.Cipher").named("getInstance");

    private Description buildErrorMessage(MethodInvocationTree methodInvocationTree, String str) {
        Description.Builder buildDescription = buildDescription(methodInvocationTree);
        buildDescription.setMessage(MESSAGE_BASE + str + ".");
        return buildDescription.build();
    }

    @Override // com.google.errorprone.bugpatterns.BugChecker.MethodInvocationTreeMatcher
    public Description matchMethodInvocation(MethodInvocationTree methodInvocationTree, VisitorState visitorState) {
        if (!GETINSTANCE_MATCHER.matches(methodInvocationTree, visitorState)) {
            return Description.NO_MATCH;
        }
        Object constValue = ASTHelpers.constValue((JCTree) methodInvocationTree.getArguments().get(0));
        if (constValue == null) {
            return buildErrorMessage(methodInvocationTree, "the transformation is not a compile-time constant expression");
        }
        String str = (String) constValue;
        return (str.matches("ARCFOUR.*") || str.matches("ARC4.*") || str.matches("RC4.*")) ? Description.NO_MATCH : !str.matches(".*/.*/.*") ? buildErrorMessage(methodInvocationTree, "the mode and padding must be explicitly specified") : (!str.matches(".*/ECB/.*") || str.matches("RSA/.*") || str.matches("AESWrap/.*")) ? (str.matches("ECIES.*") || str.matches("DHIES.*")) ? buildErrorMessage(methodInvocationTree, "IES-based algorithms use ECB mode and are insecure") : Description.NO_MATCH : buildErrorMessage(methodInvocationTree, "ECB mode must not be used");
    }
}
