package io.micronaut.security.rules;

import edu.umd.cs.findbugs.annotations.Nullable;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.config.SecurityConfiguration;
import io.micronaut.security.config.SecurityConfigurationProperties;
import io.micronaut.security.token.RolesFinder;
import io.micronaut.web.router.RouteMatch;
import java.net.InetSocketAddress;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/micronaut/security/rules/IpPatternsRule.class */
public class IpPatternsRule extends AbstractSecurityRule {
    public static final Integer ORDER = Integer.valueOf(SecuredAnnotationRule.ORDER.intValue() - 100);
    private static final Logger LOG = LoggerFactory.getLogger(InterceptUrlMapRule.class);
    private final List<Pattern> patternList;

    @Inject
    public IpPatternsRule(RolesFinder rolesFinder, SecurityConfiguration securityConfiguration) {
        super(rolesFinder);
        this.patternList = (List) securityConfiguration.getIpPatterns().stream().map(Pattern::compile).collect(Collectors.toList());
    }

    public int getOrder() {
        return ORDER.intValue();
    }

    @Override // io.micronaut.security.rules.SecurityRule
    public SecurityRuleResult check(HttpRequest<?> httpRequest, @Nullable RouteMatch<?> routeMatch, @Nullable Map<String, Object> map) {
        if (this.patternList.isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No IP patterns provided. Skipping host address check.");
            }
            return SecurityRuleResult.UNKNOWN;
        }
        InetSocketAddress remoteAddress = httpRequest.getRemoteAddress();
        if (remoteAddress == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Request remote address was not found. Continuing request processing.");
            }
            return SecurityRuleResult.UNKNOWN;
        }
        if (remoteAddress.getAddress() == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Could not resolve the InetAddress. Continuing request processing.");
            }
            return SecurityRuleResult.UNKNOWN;
        }
        String hostAddress = remoteAddress.getAddress().getHostAddress();
        if (this.patternList.stream().anyMatch(pattern -> {
            return pattern.pattern().equals(SecurityConfigurationProperties.ANYWHERE) || pattern.matcher(hostAddress).matches();
        })) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("One or more of the IP patterns matched the host address [{}]. Continuing request processing.", hostAddress);
            }
            return SecurityRuleResult.UNKNOWN;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("None of the IP patterns [{}] matched the host address [{}]. Rejecting the request.", this.patternList.stream().map((v0) -> {
                return v0.pattern();
            }).collect(Collectors.toList()), hostAddress);
        }
        return SecurityRuleResult.REJECTED;
    }
}
