package org.sonar.iac.terraform.checks;

import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.terraform.checks.aws.AwsIpRestrictedAdminAccessCheckPart;
import org.sonar.iac.terraform.checks.azure.AzureIpRestrictedAdminAccessCheckPart;
import org.sonar.iac.terraform.checks.gcp.GcpIpRestrictedAdminAccessCheckPart;

@Rule(key = "S6321")
/* loaded from: input_file:org/sonar/iac/terraform/checks/IpRestrictedAdminAccessCheck.class */
public class IpRestrictedAdminAccessCheck implements IacCheck {
    public static final String MESSAGE = "Restrict IP addresses authorized to access administration services.";
    public static final String SECONDARY_MSG = "Related protocol setting.";
    public static final String ALL_IPV4 = "0.0.0.0/0";
    public static final String ALL_IPV6 = "::/0";
    public static final int SSH_PORT = 22;
    private static final Pattern PORT_RANGE_PATTERN = Pattern.compile("^(?<from>\\d{1,5})-(?<to>\\d{1,5})$");
    public static final int RDP_PORT = 3389;
    private static final Set<String> SENSITIVE_PORTS = Set.of("*", String.valueOf(22), String.valueOf(RDP_PORT));

    public void initialize(InitContext initContext) {
        new AwsIpRestrictedAdminAccessCheckPart().initialize(initContext);
        new AzureIpRestrictedAdminAccessCheckPart().initialize(initContext);
        new GcpIpRestrictedAdminAccessCheckPart().initialize(initContext);
    }

    public static boolean rangeContainsSshOrRdpPort(String str) {
        if (!str.contains("-")) {
            return SENSITIVE_PORTS.contains(str);
        }
        Matcher matcher = PORT_RANGE_PATTERN.matcher(str);
        if (matcher.find()) {
            return rangeContainsSshOrRdpPort(portFromMatch(matcher, "from"), portFromMatch(matcher, "to"));
        }
        return false;
    }

    private static int portFromMatch(Matcher matcher, String str) {
        return Integer.parseInt(matcher.group(str));
    }

    public static boolean rangeContainsSshOrRdpPort(int i, int i2) {
        return (22 >= i && 22 <= i2) || (3389 >= i && 3389 <= i2);
    }
}
