package org.xillium.gear.auth;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Supplier;
import org.xillium.base.beans.Strings;
import org.xillium.core.AuthorizationException;
import org.xillium.core.Authorizer;
import org.xillium.core.Service;
import org.xillium.core.management.ManagedComponent;
import org.xillium.data.DataBinder;
import org.xillium.data.persistence.Persistence;

/* loaded from: input_file:org/xillium/gear/auth/ClientAddressAuthorizer.class */
public class ClientAddressAuthorizer extends ManagedComponent implements Authorizer {
    private static final Logger _log = LogManager.getLogger(ClientAddressAuthorizer.class);
    private static final Pattern IPv4_ADDRESS_PATTERN = Pattern.compile("([0-9*]{1,3})\\.([0-9*]{1,3})\\.([0-9*]{1,3})\\.([0-9*]{1,3})");
    private static final Pattern IPv6_ADDRESS_PATTERN = Pattern.compile("([0-9a-f*]{1,4}):([0-9a-f*]{1,4}):([0-9a-f*]{1,4}):([0-9a-f*]{1,4}):([0-9a-f*]{1,4}):([0-9a-f*]{1,4}):([0-9a-f*]{1,4}):([0-9a-f*]{1,4})", 2);
    private final List<short[]> _ipv4patterns = new ArrayList();
    private final List<short[]> _ipv6patterns = new ArrayList();
    private boolean _allowingPrivate;

    public ClientAddressAuthorizer() {
    }

    public ClientAddressAuthorizer(String[] strArr) {
        setAuthorizedPatternArray(strArr);
    }

    public void setAuthorizedPatterns(String str) {
        setAuthorizedPatternArray(str.split(" *, *"));
    }

    public void setAllowingPrivate(boolean z) {
        this._allowingPrivate = z;
    }

    public void setAuthorizedPatternArray(String[] strArr) {
        for (String str : strArr) {
            Matcher matcher = IPv4_ADDRESS_PATTERN.matcher(str);
            if (matcher.matches()) {
                short[] sArr = new short[4];
                int i = 0;
                while (true) {
                    if (i >= sArr.length) {
                        _log.trace("normalized ipv4 address pattern = {}", new Supplier[]{() -> {
                            return Strings.join(sArr, '.', new Object[0]);
                        }});
                        this._ipv4patterns.add(sArr);
                        break;
                    }
                    String group = matcher.group(i + 1);
                    try {
                        sArr[i] = Short.parseShort(group);
                    } catch (Exception e) {
                        if (!"*".equals(group)) {
                            _log.warn("Invalid pattern ignored: {}", str);
                            break;
                        }
                        sArr[i] = 256;
                    }
                    if (sArr[i] > 255) {
                        _log.warn("Invalid pattern ignored: {}", str);
                        break;
                    }
                    i++;
                }
            } else {
                Matcher matcher2 = IPv6_ADDRESS_PATTERN.matcher(str);
                if (matcher2.matches()) {
                    short[] sArr2 = new short[16];
                    int i2 = 0;
                    while (true) {
                        if (i2 >= sArr2.length) {
                            _log.trace("normalized ipv6 address pattern = {}", new Supplier[]{() -> {
                                return Strings.join(sArr2, '.', new Object[0]);
                            }});
                            this._ipv6patterns.add(sArr2);
                            break;
                        }
                        String group2 = matcher2.group((i2 / 2) + 1);
                        try {
                            int parseInt = Integer.parseInt(group2, 16);
                            sArr2[i2] = (short) (parseInt >> 8);
                            sArr2[i2 + 1] = (short) (parseInt & 255);
                        } catch (Exception e2) {
                            if (!"*".equals(group2)) {
                                _log.warn("Invalid pattern ignored: {}", str);
                                break;
                            } else {
                                sArr2[i2] = 256;
                                sArr2[i2 + 1] = 256;
                            }
                        }
                        i2 += 2;
                    }
                } else {
                    _log.warn("Invalid pattern ignored: {}", str);
                }
            }
        }
    }

    public void authorize(Service service, String str, DataBinder dataBinder, Persistence persistence) throws AuthorizationException {
        int i;
        String str2 = (String) dataBinder.get("#client_addr#");
        _log.trace("checking address {}", str2);
        try {
            InetAddress byName = InetAddress.getByName(str2);
            if (this._allowingPrivate && (byName.isLoopbackAddress() || byName.isLinkLocalAddress() || byName.isSiteLocalAddress())) {
                return;
            }
            byte[] address = byName.getAddress();
            for (short[] sArr : address.length == 4 ? this._ipv4patterns : this._ipv6patterns) {
                for (0; i < sArr.length; i + 1) {
                    i = (sArr[i] >= 256 || sArr[i] == (address[i] & 255)) ? i + 1 : 0;
                }
                _log.trace("pattern match {}", new Supplier[]{() -> {
                    return Strings.join(sArr, '.', new Object[0]);
                }});
                return;
            }
            throw new AuthorizationException(str2);
        } catch (UnknownHostException e) {
            throw new AuthorizationException(e.getMessage(), e);
        }
    }
}
