package io.undertow.server.handlers;

import com.networknt.oas.model.impl.XmlImpl;
import io.undertow.UndertowMessages;
import io.undertow.attribute.ExchangeAttribute;
import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.builder.HandlerBuilder;
import io.undertow.util.StatusCodes;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;

/* loaded from: input_file:io/undertow/server/handlers/AccessControlListHandler.class */
public class AccessControlListHandler implements HttpHandler {
    private volatile HttpHandler next;
    private volatile boolean defaultAllow;
    private final ExchangeAttribute attribute;
    private final List<AclMatch> acl;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/undertow/server/handlers/AccessControlListHandler$AclMatch.class */
    public static class AclMatch {
        private final boolean deny;
        private final Pattern pattern;

        protected AclMatch(boolean z, String str) {
            this.deny = z;
            this.pattern = createPattern(str);
        }

        private Pattern createPattern(String str) {
            try {
                return Pattern.compile(str);
            } catch (PatternSyntaxException e) {
                throw UndertowMessages.MESSAGES.notAValidRegularExpressionPattern(str);
            }
        }

        boolean matches(String str) {
            return this.pattern.matcher(str).matches();
        }

        boolean isDeny() {
            return this.deny;
        }

        public String toString() {
            return getClass().getSimpleName() + "{deny=" + this.deny + ", pattern='" + this.pattern + "'}";
        }
    }

    /* loaded from: input_file:io/undertow/server/handlers/AccessControlListHandler$Builder.class */
    public static class Builder implements HandlerBuilder {
        @Override // io.undertow.server.handlers.builder.HandlerBuilder
        public String name() {
            return "access-control";
        }

        @Override // io.undertow.server.handlers.builder.HandlerBuilder
        public Map<String, Class<?>> parameters() {
            HashMap hashMap = new HashMap();
            hashMap.put("acl", String[].class);
            hashMap.put("default-allow", Boolean.TYPE);
            hashMap.put(XmlImpl.F_attribute, ExchangeAttribute.class);
            return hashMap;
        }

        @Override // io.undertow.server.handlers.builder.HandlerBuilder
        public Set<String> requiredParameters() {
            HashSet hashSet = new HashSet();
            hashSet.add("acl");
            hashSet.add(XmlImpl.F_attribute);
            return hashSet;
        }

        @Override // io.undertow.server.handlers.builder.HandlerBuilder
        public String defaultParameter() {
            return null;
        }

        @Override // io.undertow.server.handlers.builder.HandlerBuilder
        public HandlerWrapper build(Map<String, Object> map) {
            String[] strArr = (String[]) map.get("acl");
            Boolean bool = (Boolean) map.get("default-allow");
            ExchangeAttribute exchangeAttribute = (ExchangeAttribute) map.get(XmlImpl.F_attribute);
            ArrayList arrayList = new ArrayList();
            for (String str : strArr) {
                String[] split = str.split(" ");
                if (split.length != 2) {
                    throw UndertowMessages.MESSAGES.invalidAclRule(str);
                }
                if (split[1].trim().equals("allow")) {
                    arrayList.add(new AclMatch(false, split[0].trim()));
                } else {
                    if (!split[1].trim().equals("deny")) {
                        throw UndertowMessages.MESSAGES.invalidAclRule(str);
                    }
                    arrayList.add(new AclMatch(true, split[0].trim()));
                }
            }
            return new Wrapper(arrayList, bool == null ? false : bool.booleanValue(), exchangeAttribute);
        }
    }

    /* loaded from: input_file:io/undertow/server/handlers/AccessControlListHandler$Wrapper.class */
    private static class Wrapper implements HandlerWrapper {
        private final List<AclMatch> peerMatches;
        private final boolean defaultAllow;
        private final ExchangeAttribute attribute;

        private Wrapper(List<AclMatch> list, boolean z, ExchangeAttribute exchangeAttribute) {
            this.peerMatches = list;
            this.defaultAllow = z;
            this.attribute = exchangeAttribute;
        }

        @Override // io.undertow.server.HandlerWrapper
        public HttpHandler wrap(HttpHandler httpHandler) {
            AccessControlListHandler accessControlListHandler = new AccessControlListHandler(httpHandler, this.attribute);
            for (AclMatch aclMatch : this.peerMatches) {
                if (aclMatch.deny) {
                    accessControlListHandler.addDeny(aclMatch.pattern.pattern());
                } else {
                    accessControlListHandler.addAllow(aclMatch.pattern.pattern());
                }
            }
            accessControlListHandler.setDefaultAllow(this.defaultAllow);
            return accessControlListHandler;
        }
    }

    public AccessControlListHandler(HttpHandler httpHandler, ExchangeAttribute exchangeAttribute) {
        this.defaultAllow = false;
        this.acl = new CopyOnWriteArrayList();
        this.next = httpHandler;
        this.attribute = exchangeAttribute;
    }

    public AccessControlListHandler(ExchangeAttribute exchangeAttribute) {
        this.defaultAllow = false;
        this.acl = new CopyOnWriteArrayList();
        this.attribute = exchangeAttribute;
        this.next = ResponseCodeHandler.HANDLE_404;
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (isAllowed(this.attribute.readAttribute(httpServerExchange))) {
            this.next.handleRequest(httpServerExchange);
        } else {
            httpServerExchange.setStatusCode(StatusCodes.FORBIDDEN);
            httpServerExchange.endExchange();
        }
    }

    boolean isAllowed(String str) {
        if (str != null) {
            for (AclMatch aclMatch : this.acl) {
                if (aclMatch.matches(str)) {
                    return !aclMatch.isDeny();
                }
            }
        }
        return this.defaultAllow;
    }

    public boolean isDefaultAllow() {
        return this.defaultAllow;
    }

    public AccessControlListHandler setDefaultAllow(boolean z) {
        this.defaultAllow = z;
        return this;
    }

    public HttpHandler getNext() {
        return this.next;
    }

    public AccessControlListHandler setNext(HttpHandler httpHandler) {
        this.next = httpHandler;
        return this;
    }

    public AccessControlListHandler addAllow(String str) {
        return addRule(str, false);
    }

    public AccessControlListHandler addDeny(String str) {
        return addRule(str, true);
    }

    public AccessControlListHandler clearRules() {
        this.acl.clear();
        return this;
    }

    private AccessControlListHandler addRule(String str, boolean z) {
        this.acl.add(new AclMatch(z, str));
        return this;
    }
}
