package org.openscoring.service.filters;

import com.google.common.collect.ImmutableSet;
import com.typesafe.config.Config;
import jakarta.annotation.Priority;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.PreMatching;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import java.net.InetAddress;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@PreMatching
@Provider
@Priority(1000)
/* loaded from: input_file:WEB-INF/lib/openscoring-service-2.1.0.jar:org/openscoring/service/filters/NetworkSecurityContextFilter.class */
public class NetworkSecurityContextFilter implements ContainerRequestFilter {

    @Context
    private HttpServletRequest request = null;
    private Set<String> userAddresses;
    private Set<String> adminAddresses;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) NetworkSecurityContextFilter.class);
    private static final Set<String> localAddresses;

    @Inject
    public NetworkSecurityContextFilter(@Named("openscoring") Config config) {
        this.userAddresses = Collections.emptySet();
        this.adminAddresses = Collections.emptySet();
        Config config2 = config.getConfig("networkSecurityContextFilter");
        this.userAddresses = prepareAddresses(config2, "userAddresses");
        this.adminAddresses = prepareAddresses(config2, "adminAddresses");
        logger.info("User network addresses: {}", this.userAddresses);
        logger.info("Admin network addresses: {}", this.adminAddresses);
    }

    @Override // jakarta.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        final HttpServletRequest request = getRequest();
        final SecurityContext securityContext = containerRequestContext.getSecurityContext();
        containerRequestContext.setSecurityContext(new SecurityContext() { // from class: org.openscoring.service.filters.NetworkSecurityContextFilter.1
            @Override // jakarta.ws.rs.core.SecurityContext
            public Principal getUserPrincipal() {
                return Anonymous.INSTANCE;
            }

            @Override // jakarta.ws.rs.core.SecurityContext
            public boolean isUserInRole(String str) {
                Set<String> adminAddresses;
                String address = getAddress();
                boolean z = -1;
                switch (str.hashCode()) {
                    case 3599307:
                        if (str.equals("user")) {
                            z = false;
                            break;
                        }
                        break;
                    case 92668751:
                        if (str.equals("admin")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        adminAddresses = NetworkSecurityContextFilter.this.getUserAddresses();
                        break;
                    case true:
                        adminAddresses = NetworkSecurityContextFilter.this.getAdminAddresses();
                        break;
                    default:
                        return false;
                }
                return adminAddresses.contains(address) || adminAddresses.contains("*");
            }

            @Override // jakarta.ws.rs.core.SecurityContext
            public boolean isSecure() {
                return securityContext != null && securityContext.isSecure();
            }

            @Override // jakarta.ws.rs.core.SecurityContext
            public String getAuthenticationScheme() {
                return "REMOTE_ADDR";
            }

            private String getAddress() {
                if (request == null) {
                    return null;
                }
                return request.getRemoteAddr();
            }
        });
    }

    private HttpServletRequest getRequest() {
        return this.request;
    }

    private Set<String> getUserAddresses() {
        return this.userAddresses;
    }

    private Set<String> getAdminAddresses() {
        return this.adminAddresses;
    }

    private static Set<String> prepareAddresses(Config config, String str) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(config.getStringList(str));
        if (linkedHashSet.remove("localhost")) {
            linkedHashSet.addAll(localAddresses);
        }
        return ImmutableSet.copyOf((Collection) linkedHashSet);
    }

    private static Set<String> discoverLocalAddresses() throws IOException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(InetAddress.getLocalHost().getHostAddress());
        for (InetAddress inetAddress : InetAddress.getAllByName("localhost")) {
            linkedHashSet.add(inetAddress.getHostAddress());
        }
        logger.info("Local network addresses: {}", linkedHashSet);
        return linkedHashSet;
    }

    static {
        try {
            localAddresses = ImmutableSet.copyOf((Collection) discoverLocalAddresses());
        } catch (IOException e) {
            throw new ExceptionInInitializerError(e);
        }
    }
}
