package com.networknt.whitelist;

import com.networknt.config.Config;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.utility.ModuleRegistry;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/whitelist/WhitelistHandler.class */
public class WhitelistHandler implements MiddlewareHandler {
    private static final String INVALID_IP_FOR_PATH = "ERR10049";
    private volatile HttpHandler next;
    private static final Logger logger = LoggerFactory.getLogger(WhitelistHandler.class);
    private static final String CONFIG_NAME = "whitelist";
    public static WhitelistConfig config = (WhitelistConfig) Config.getInstance().getJsonObjectConfig(CONFIG_NAME, WhitelistConfig.class);

    /* loaded from: input_file:com/networknt/whitelist/WhitelistHandler$ExactIpV4PeerMatch.class */
    static class ExactIpV4PeerMatch extends PeerMatch {
        private final byte[] address;

        /* JADX INFO: Access modifiers changed from: protected */
        public ExactIpV4PeerMatch(boolean z, String str, byte[] bArr) {
            super(z, str);
            this.address = bArr;
        }

        @Override // com.networknt.whitelist.WhitelistHandler.PeerMatch
        boolean matches(InetAddress inetAddress) {
            return Arrays.equals(inetAddress.getAddress(), this.address);
        }
    }

    /* loaded from: input_file:com/networknt/whitelist/WhitelistHandler$ExactIpV6PeerMatch.class */
    static class ExactIpV6PeerMatch extends PeerMatch {
        private final byte[] address;

        /* JADX INFO: Access modifiers changed from: protected */
        public ExactIpV6PeerMatch(boolean z, String str, byte[] bArr) {
            super(z, str);
            this.address = bArr;
        }

        @Override // com.networknt.whitelist.WhitelistHandler.PeerMatch
        boolean matches(InetAddress inetAddress) {
            return Arrays.equals(inetAddress.getAddress(), this.address);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/networknt/whitelist/WhitelistHandler$PeerMatch.class */
    public static abstract class PeerMatch {
        private final boolean deny;
        private final String pattern;

        protected PeerMatch(boolean z, String str) {
            this.deny = z;
            this.pattern = str;
        }

        abstract boolean matches(InetAddress inetAddress);

        boolean isDeny() {
            return this.deny;
        }

        public String toString() {
            return getClass().getSimpleName() + "{deny=" + this.deny + ", pattern='" + this.pattern + "'}";
        }
    }

    /* loaded from: input_file:com/networknt/whitelist/WhitelistHandler$PrefixIpV4PeerMatch.class */
    static class PrefixIpV4PeerMatch extends PeerMatch {
        private final int mask;
        private final int prefix;

        /* JADX INFO: Access modifiers changed from: protected */
        public PrefixIpV4PeerMatch(boolean z, String str, int i, int i2) {
            super(z, str);
            this.mask = i;
            this.prefix = i2;
        }

        @Override // com.networknt.whitelist.WhitelistHandler.PeerMatch
        boolean matches(InetAddress inetAddress) {
            byte[] address = inetAddress.getAddress();
            return address != null && ((((((address[0] & 255) << 24) | ((address[1] & 255) << 16)) | ((address[2] & 255) << 8)) | (address[3] & 255)) & this.mask) == this.prefix;
        }
    }

    /* loaded from: input_file:com/networknt/whitelist/WhitelistHandler$PrefixIpV6PeerMatch.class */
    static class PrefixIpV6PeerMatch extends PeerMatch {
        private final byte[] mask;
        private final byte[] prefix;
        static final /* synthetic */ boolean $assertionsDisabled;

        /* JADX INFO: Access modifiers changed from: protected */
        public PrefixIpV6PeerMatch(boolean z, String str, byte[] bArr, byte[] bArr2) {
            super(z, str);
            this.mask = bArr;
            this.prefix = bArr2;
            if (!$assertionsDisabled && bArr.length != bArr2.length) {
                throw new AssertionError();
            }
        }

        @Override // com.networknt.whitelist.WhitelistHandler.PeerMatch
        boolean matches(InetAddress inetAddress) {
            byte[] address = inetAddress.getAddress();
            if (address == null || address.length != this.mask.length) {
                return false;
            }
            for (int i = 0; i < this.mask.length; i++) {
                if ((address[i] & this.mask[i]) != this.prefix[i]) {
                    return false;
                }
            }
            return true;
        }

        static {
            $assertionsDisabled = !WhitelistHandler.class.desiredAssertionStatus();
        }
    }

    public WhitelistHandler() {
        if (logger.isInfoEnabled()) {
            logger.info("WhitelistHandler is constructed.");
        }
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        InetSocketAddress sourceAddress = httpServerExchange.getSourceAddress();
        String str = httpServerExchange.getRelativePath() + "@" + httpServerExchange.getRequestMethod().toString().toLowerCase();
        if (isAllowed(sourceAddress.getAddress(), str)) {
            Handler.next(httpServerExchange, this.next);
        } else {
            setExchangeStatus(httpServerExchange, INVALID_IP_FOR_PATH, new Object[]{sourceAddress.toString(), str});
        }
    }

    public HttpHandler getNext() {
        return this.next;
    }

    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    public boolean isEnabled() {
        return config.isEnabled();
    }

    public void register() {
        ModuleRegistry.registerModule(WhitelistHandler.class.getName(), Config.getInstance().getJsonMapConfigNoCache(CONFIG_NAME), (List) null);
    }

    boolean isAllowed(InetAddress inetAddress, String str) {
        IpAcl ipAcl;
        boolean z = false;
        if (inetAddress instanceof Inet4Address) {
            IpAcl ipAcl2 = config.endpointAcl.get(str);
            if (ipAcl2 != null) {
                for (PeerMatch peerMatch : ipAcl2.getIpv4acl()) {
                    if (peerMatch.matches(inetAddress)) {
                        return !peerMatch.isDeny();
                    }
                }
                z = true;
            }
        } else if ((inetAddress instanceof Inet6Address) && (ipAcl = config.endpointAcl.get(str)) != null) {
            for (PeerMatch peerMatch2 : ipAcl.getIpv6acl()) {
                if (peerMatch2.matches(inetAddress)) {
                    return !peerMatch2.isDeny();
                }
            }
            z = true;
        }
        return !z && config.defaultAllow;
    }
}
