package io.imunity.furms.domain.ssh_keys;

import com.google.common.base.CharMatcher;
import com.google.common.net.InternetDomainName;
import io.imunity.furms.domain.ssh_keys.InvalidSSHKeyFromOptionException;
import java.util.stream.Stream;

/* loaded from: input_file:io/imunity/furms/domain/ssh_keys/SSHKeyFromOptionValidator.class */
public class SSHKeyFromOptionValidator {
    private static final int VALID_IPv4_SUBNET_MASK = 16;
    private static final int VALID_IPv6_SUBNET_MASK = 60;

    public static void validateFromOption(String str) {
        if (str == null) {
            return;
        }
        if (str.isBlank() || str.length() <= 2) {
            throw new InvalidSSHKeyFromOptionException("At least one host is required", str, InvalidSSHKeyFromOptionException.ErrorType.INVALID_HOST);
        }
        if (!str.startsWith("\"") || !str.endsWith("\"")) {
            throw new InvalidSSHKeyFromOptionException("Address has to be provided in quotation marks", str, InvalidSSHKeyFromOptionException.ErrorType.MISSING_QUOTATION_MARKS);
        }
        String[] split = str.replaceAll("\"", "").split(",");
        if (Stream.of((Object[]) split).filter(str2 -> {
            return !str2.trim().startsWith("!");
        }).findAny().isEmpty()) {
            throw new InvalidSSHKeyFromOptionException("Host in from option required", str, InvalidSSHKeyFromOptionException.ErrorType.INVALID_HOST);
        }
        for (String str3 : split) {
            if (CharMatcher.anyOf("?*").matchesAllOf(str3)) {
                throw new InvalidSSHKeyFromOptionException("Using \"*\" or \"?\" as an allowed host address is prohibited.", str, InvalidSSHKeyFromOptionException.ErrorType.WILDCARD);
            }
            if (isIPv4(str3)) {
                isValidIPv4(str3);
            } else if (isIPv6(str3)) {
                isValidIPv6(str3);
            } else {
                isValidHostname(str3);
            }
        }
    }

    private static boolean isIPv4(String str) {
        return CharMatcher.anyOf("0123456789.?*\\/").matchesAllOf(str);
    }

    private static boolean isIPv6(String str) {
        return CharMatcher.anyOf(":").matchesAnyOf(str);
    }

    private static void isValidIPv4(String str) {
        if (str.startsWith("0.0.0.0")) {
            throw new InvalidSSHKeyFromOptionException("Using \"0.0.0.0\" as an allowed host address is prohibited.", str, InvalidSSHKeyFromOptionException.ErrorType.NON_ROUTEABLE_HOST);
        }
        if (str.contains("/")) {
            String[] split = str.split("\\/");
            if (split.length != 2) {
                throw new InvalidSSHKeyFromOptionException("Invalid CIDR notation", str, InvalidSSHKeyFromOptionException.ErrorType.CIDR_MASK);
            }
            try {
                if (Integer.parseInt(split[1]) < VALID_IPv4_SUBNET_MASK) {
                    throw new InvalidSSHKeyFromOptionException("The subnet mask must be greater than or equal to 16", str, InvalidSSHKeyFromOptionException.ErrorType.CIDR_MASK);
                }
            } catch (Exception e) {
                throw new InvalidSSHKeyFromOptionException("Invalid CIDR notation", str, InvalidSSHKeyFromOptionException.ErrorType.CIDR_MASK);
            }
        }
        if (CharMatcher.anyOf("?*").matchesAnyOf(str)) {
            String[] split2 = str.split("\\.");
            if (split2.length < 2 || CharMatcher.anyOf("?*").matchesAnyOf(split2[0]) || CharMatcher.anyOf("?*").matchesAnyOf(split2[1])) {
                throw new InvalidSSHKeyFromOptionException("*? can be used after 16 bit in host address", str, InvalidSSHKeyFromOptionException.ErrorType.WILDCARD_IN_ADDRESS);
            }
        }
    }

    private static void isValidIPv6(String str) {
        if (str.startsWith("::") || str.startsWith("0000:0000:0000:0000:0000:0000:0000:0000")) {
            throw new InvalidSSHKeyFromOptionException("Using \"::\" as an allowed host address is prohibited.", str, InvalidSSHKeyFromOptionException.ErrorType.NON_ROUTEABLE_HOST);
        }
        if (str.contains("/")) {
            String[] split = str.split("\\/");
            if (split.length != 2) {
                throw new InvalidSSHKeyFromOptionException("Invalid CIDR notation", str, InvalidSSHKeyFromOptionException.ErrorType.CIDR_MASK);
            }
            if (Integer.parseInt(split[1]) < VALID_IPv6_SUBNET_MASK) {
                throw new InvalidSSHKeyFromOptionException("The subnet mask must be greater than or equal to 60", str, InvalidSSHKeyFromOptionException.ErrorType.CIDR_MASK);
            }
            return;
        }
        if (CharMatcher.anyOf("?*").matchesAnyOf(str)) {
            String[] split2 = str.split("\\:");
            if (split2.length < 4 || CharMatcher.anyOf("?*").matchesAnyOf(split2[0]) || CharMatcher.anyOf("?*").matchesAnyOf(split2[1]) || CharMatcher.anyOf("?*").matchesAnyOf(split2[2]) || CharMatcher.anyOf("?*").matchesAnyOf(split2[3])) {
                throw new InvalidSSHKeyFromOptionException("*? can be used after 60 bit in host address", str, InvalidSSHKeyFromOptionException.ErrorType.WILDCARD_IN_ADDRESS);
            }
        }
    }

    private static void isValidHostname(String str) {
        if (CharMatcher.anyOf("*").matchesAnyOf(str)) {
            String[] split = str.split("\\*");
            String str2 = split[split.length - 1];
            if (str2.isEmpty()) {
                throw new InvalidSSHKeyFromOptionException("* wildcard can be used only with domain name", str, InvalidSSHKeyFromOptionException.ErrorType.WILDCARD_WITH_TLD);
            }
            try {
                if (InternetDomainName.from(CharMatcher.is('.').trimLeadingFrom(str2)).isRegistrySuffix()) {
                    throw new InvalidSSHKeyFromOptionException("* wildcard can not be used with top level domain name", str, InvalidSSHKeyFromOptionException.ErrorType.WILDCARD_WITH_TLD);
                }
            } catch (Exception e) {
                throw new InvalidSSHKeyFromOptionException("* wildcard can be used only with domain name", str, InvalidSSHKeyFromOptionException.ErrorType.WILDCARD_WITH_TLD);
            }
        }
    }
}
