package tech.mgl.boot.common.security;

import jakarta.annotation.Resource;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.yaml.snakeyaml.Yaml;
import tech.mgl.boot.config.properties.MGLNetworkPermission;
import tech.mgl.core.utils.MGL_StringUtils;

@Component
/* loaded from: input_file:tech/mgl/boot/common/security/NetworkAccessProxySelector.class */
public class NetworkAccessProxySelector extends ProxySelector {
    private final Logger logger;

    @Resource
    private MGLNetworkPermission networkAccessProperties;
    private static final Map<String, String> DOMAIN_IP = new HashMap();

    public NetworkAccessProxySelector() {
        this("application.yml");
    }

    public static <T> T getYamlToBean(String str, String str2, Class<T> cls) {
        Object nestedValue;
        Yaml yaml = new Yaml();
        try {
            InputStream resourceAsStream = NetworkAccessProxySelector.class.getClassLoader().getResourceAsStream(str);
            try {
                if (resourceAsStream == null) {
                    System.out.println("File not found: " + str);
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return null;
                }
                for (T t : yaml.loadAll(resourceAsStream)) {
                    if ((t instanceof Map) && (nestedValue = getNestedValue((Map) t, str2)) != null) {
                        T t2 = (T) mapToBean((Map) nestedValue, cls);
                        if (resourceAsStream != null) {
                            resourceAsStream.close();
                        }
                        return t2;
                    }
                }
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return null;
            } finally {
            }
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static Object getNestedValue(Map<?, ?> map, String str) {
        Object obj = map;
        for (String str2 : str.split("\\.")) {
            if (!(obj instanceof Map)) {
                return null;
            }
            Map<?, ?> map2 = (Map) obj;
            if (!map2.containsKey(str2)) {
                return null;
            }
            obj = map2.get(str2);
        }
        return obj;
    }

    private static <T> T mapToBean(Map<String, Object> map, Class<T> cls) throws Exception {
        T newInstance = cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            try {
                Field declaredField = cls.getDeclaredField(key);
                declaredField.setAccessible(true);
                if (declaredField.getType() == value.getClass()) {
                    declaredField.set(newInstance, value);
                } else if (declaredField.getType() == List.class && (value instanceof List)) {
                    declaredField.set(newInstance, value);
                } else {
                    System.out.println("Field type mismatch: " + key);
                }
            } catch (NoSuchFieldException e) {
                System.out.println("No field found: " + key);
            }
        }
        return newInstance;
    }

    public NetworkAccessProxySelector(String str) {
        this.logger = LoggerFactory.getLogger(NetworkAccessProxySelector.class);
        System.out.println("NetworkAccessProxySelector");
        String str2 = str;
        if (MGL_StringUtils.isBlank(str)) {
            String property = System.getProperty("spring.profiles.active");
            property = property == null ? System.getenv("SPRING_PROFILES_ACTIVE") : property;
            str2 = String.format("application-%s.yml", property == null ? "dev" : property);
        }
        this.logger.info("springProfile: {}", str2);
        this.networkAccessProperties = (MGLNetworkPermission) getYamlToBean(str2, "mgl.network.rules", MGLNetworkPermission.class);
    }

    @Override // java.net.ProxySelector
    public List<Proxy> select(URI uri) {
        String host = uri.getHost();
        Logger logger = this.logger;
        Object[] objArr = new Object[3];
        objArr[0] = host;
        objArr[1] = Boolean.valueOf(null == this.networkAccessProperties);
        objArr[2] = uri;
        logger.info("Try to connect to network : {}, e: {} , {}", objArr);
        if (null == this.networkAccessProperties || !this.networkAccessProperties.getEnabled().booleanValue()) {
            this.logger.info("properties empty or not enabled firewall: {}", this.networkAccessProperties != null ? this.networkAccessProperties.getEnabled() : null);
            return Collections.singletonList(Proxy.NO_PROXY);
        }
        if (isBlocked(host)) {
            throw new SecurityException("Network access blocked InList: " + host);
        }
        if (isInternalNetwork(host) || isAllowed(host)) {
            return Collections.singletonList(Proxy.NO_PROXY);
        }
        String str = host;
        if (DOMAIN_IP.containsKey(host)) {
            str = DOMAIN_IP.get(host);
        } else {
            InetAddress resolveDomainToIp = resolveDomainToIp(host);
            if (resolveDomainToIp != null) {
                str = resolveDomainToIp.getHostAddress();
                DOMAIN_IP.put(host, str);
            }
        }
        if (!isInternalNetwork(str)) {
            throw new SecurityException("Network access blocked final: " + host);
        }
        this.logger.info("Network domain and allowed: {}", host);
        return Collections.singletonList(Proxy.NO_PROXY);
    }

    public static boolean isDomainUsingRegex(String str) {
        return str.matches("^(?!\\d)(?!\\d+\\.\\d+\\.\\d+\\.\\d+$)[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*$");
    }

    @Override // java.net.ProxySelector
    public void connectFailed(URI uri, SocketAddress socketAddress, IOException iOException) {
    }

    private boolean isBlocked(String str) {
        Stream stream = this.networkAccessProperties.getBlockList().stream();
        Objects.requireNonNull(str);
        return stream.anyMatch(str::matches);
    }

    private boolean isAllowed(String str) {
        Stream stream = this.networkAccessProperties.getAllowList().stream();
        Objects.requireNonNull(str);
        return stream.anyMatch(str::matches);
    }

    private boolean isInternalNetwork(String str) {
        try {
            String hostAddress = InetAddress.getByName(str).getHostAddress();
            if (!hostAddress.startsWith("10.") && !hostAddress.startsWith("192.168.") && !hostAddress.startsWith("172.16.")) {
                if (!hostAddress.equals("localhost")) {
                    return false;
                }
            }
            return true;
        } catch (UnknownHostException e) {
            return false;
        }
    }

    private InetAddress resolveDomainToIp(String str) {
        try {
            return InetAddress.getByName(str);
        } catch (UnknownHostException e) {
            return null;
        }
    }
}
