package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaEvaluator;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.intellij.psi.JavaElementVisitor;
import com.intellij.psi.PsiElement;
import com.intellij.psi.PsiField;
import com.intellij.psi.PsiMethod;
import com.intellij.psi.PsiMethodCallExpression;
import com.intellij.psi.PsiNewExpression;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:patch-file.zip:lib/lint-checks-25.3.1.jar:com/android/tools/lint/checks/AllowAllHostnameVerifierDetector.class */
public class AllowAllHostnameVerifierDetector extends Detector implements Detector.JavaPsiScanner {
    private static final Implementation IMPLEMENTATION = new Implementation(AllowAllHostnameVerifierDetector.class, Scope.JAVA_FILE_SCOPE);
    public static final Issue ISSUE = Issue.create("AllowAllHostnameVerifier", "Insecure HostnameVerifier", "This check looks for use of HostnameVerifier implementations whose `verify` method always returns true (thus trusting any hostname) which could result in insecure network traffic caused by trusting arbitrary hostnames in TLS/SSL certificates presented by peers.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION);

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public List<String> getApplicableConstructorTypes() {
        return Collections.singletonList("org.apache.http.conn.ssl.AllowAllHostnameVerifier");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public void visitConstructor(JavaContext javaContext, JavaElementVisitor javaElementVisitor, PsiNewExpression psiNewExpression, PsiMethod psiMethod) {
        javaContext.report(ISSUE, (PsiElement) psiNewExpression, javaContext.getLocation((PsiElement) psiNewExpression), "Using the AllowAllHostnameVerifier HostnameVerifier is unsafe because it always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public List<String> getApplicableMethodNames() {
        return Arrays.asList("setHostnameVerifier", "setDefaultHostnameVerifier");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public void visitMethod(JavaContext javaContext, JavaElementVisitor javaElementVisitor, PsiMethodCallExpression psiMethodCallExpression, PsiMethod psiMethod) {
        JavaEvaluator evaluator = javaContext.getEvaluator();
        if (evaluator.methodMatches(psiMethod, null, false, "javax.net.ssl.HostnameVerifier")) {
            PsiElement psiElement = psiMethodCallExpression.getArgumentList().getExpressions()[0];
            PsiField resolve = evaluator.resolve(psiElement);
            if ((resolve instanceof PsiField) && "ALLOW_ALL_HOSTNAME_VERIFIER".equals(resolve.getName())) {
                javaContext.report(ISSUE, psiElement, javaContext.getLocation(psiElement), "Using the ALLOW_ALL_HOSTNAME_VERIFIER HostnameVerifier is unsafe because it always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames");
            }
        }
    }
}
