package com.android.tools.lint.checks;

import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.intellij.psi.PsiField;
import com.intellij.psi.PsiMethod;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.jetbrains.uast.UCallExpression;
import org.jetbrains.uast.UExpression;
import org.jetbrains.uast.UastUtils;

/* loaded from: input_file:com/android/tools/lint/checks/AllowAllHostnameVerifierDetector.class */
public class AllowAllHostnameVerifierDetector extends Detector implements Detector.UastScanner {
    private static final Implementation IMPLEMENTATION = new Implementation(AllowAllHostnameVerifierDetector.class, Scope.JAVA_FILE_SCOPE);
    public static final Issue ISSUE = Issue.create("AllowAllHostnameVerifier", "Insecure HostnameVerifier", "This check looks for use of HostnameVerifier implementations whose `verify` method always returns true (thus trusting any hostname) which could result in insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL certificates presented by peers.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION);

    public List<String> getApplicableConstructorTypes() {
        return Collections.singletonList("org.apache.http.conn.ssl.AllowAllHostnameVerifier");
    }

    public void visitConstructor(JavaContext javaContext, UCallExpression uCallExpression, PsiMethod psiMethod) {
        javaContext.report(ISSUE, uCallExpression, javaContext.getLocation(uCallExpression), "Using the AllowAllHostnameVerifier HostnameVerifier is unsafe because it always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames");
    }

    public List<String> getApplicableMethodNames() {
        return Arrays.asList("setHostnameVerifier", "setDefaultHostnameVerifier");
    }

    public void visitMethod(JavaContext javaContext, UCallExpression uCallExpression, PsiMethod psiMethod) {
        if (javaContext.getEvaluator().methodMatches(psiMethod, (String) null, false, new String[]{"javax.net.ssl.HostnameVerifier"})) {
            UExpression uExpression = (UExpression) uCallExpression.getValueArguments().get(0);
            PsiField tryResolve = UastUtils.tryResolve(uExpression);
            if ((tryResolve instanceof PsiField) && "ALLOW_ALL_HOSTNAME_VERIFIER".equals(tryResolve.getName())) {
                javaContext.report(ISSUE, uExpression, javaContext.getLocation(uExpression), "Using the ALLOW_ALL_HOSTNAME_VERIFIER HostnameVerifier is unsafe because it always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames");
            }
        }
    }
}
