package com.h3xstream.findsecbugs.crypto;

import com.h3xstream.findsecbugs.common.ByteCode;
import ctrip.foundation.util.RSAUtil;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKESPECIAL;
import org.apache.bcel.generic.INVOKESTATIC;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.SIPUSH;

/* loaded from: classes2.dex */
public class InsufficientKeySizeRsaDetector implements Detector {
    private static final boolean a = false;
    private static final String b = "RSA_KEY_SIZE";
    private BugReporter c;

    public InsufficientKeySizeRsaDetector(BugReporter bugReporter) {
        this.c = bugReporter;
    }

    private void a(Method method, ClassContext classContext) {
        String str;
        SIPUSH sipush;
        SIPUSH sipush2;
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator locationIterator = classContext.getCFG(method).locationIterator();
        boolean z = false;
        while (locationIterator.hasNext()) {
            Location location = (Location) locationIterator.next();
            INVOKESPECIAL instruction = location.getHandle().getInstruction();
            if (instruction instanceof INVOKESTATIC) {
                INVOKESTATIC invokestatic = (INVOKESTATIC) instruction;
                if ("java.security.KeyPairGenerator".equals(invokestatic.getClassName(constantPoolGen)) && "getInstance".equals(invokestatic.getMethodName(constantPoolGen)) && (str = (String) ByteCode.a(location.getHandle().getPrev(), constantPoolGen, String.class)) != null && str.toUpperCase().startsWith(RSAUtil.KEY_ALGORITHM)) {
                    z = true;
                }
            } else {
                Number number = null;
                if (instruction instanceof INVOKEVIRTUAL) {
                    INVOKEVIRTUAL invokevirtual = (INVOKEVIRTUAL) instruction;
                    if ("java.security.KeyPairGenerator".equals(invokevirtual.getClassName(constantPoolGen)) && "initialize".equals(invokevirtual.getMethodName(constantPoolGen))) {
                        if ("(I)V".equals(invokevirtual.getSignature(constantPoolGen))) {
                            number = ByteCode.b(location.getHandle().getPrev());
                        } else if ("(ILjava/security/SecureRandom;)V".equals(invokevirtual.getSignature(constantPoolGen)) && (sipush = (SIPUSH) ByteCode.a(location.getHandle(), SIPUSH.class)) != null) {
                            number = sipush.getValue();
                        }
                        if (number != null && number.intValue() < 2048 && z) {
                            a(method, classContext, location, number);
                        }
                    }
                } else if (instruction instanceof INVOKESPECIAL) {
                    INVOKESPECIAL invokespecial = instruction;
                    if ("java.security.spec.RSAKeyGenParameterSpec".equals(invokespecial.getClassName(constantPoolGen)) && "<init>".equals(invokespecial.getMethodName(constantPoolGen))) {
                        if ("(ILjava/math/BigInteger;)V".equals(invokespecial.getSignature(constantPoolGen)) && (sipush2 = (SIPUSH) ByteCode.a(location.getHandle(), SIPUSH.class)) != null) {
                            number = sipush2.getValue();
                        }
                        if (number != null && number.intValue() < 2048 && z) {
                            a(method, classContext, location, number);
                        }
                    }
                }
            }
        }
    }

    private void a(Method method, ClassContext classContext, Location location, Number number) {
        JavaClass javaClass = classContext.getJavaClass();
        this.c.reportBug(new BugInstance(this, b, number.intValue() < 1024 ? 2 : 3).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, location));
    }

    public void a() {
    }

    public void a(ClassContext classContext) {
        for (Method method : classContext.getJavaClass().getMethods()) {
            try {
                a(method, classContext);
            } catch (CFGBuilderException | DataflowAnalysisException unused) {
            }
        }
    }
}
