package com.floragunn.searchguard.authc.blocking;

import com.floragunn.searchguard.authc.blocking.Blocks;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigMap;
import com.floragunn.searchguard.configuration.ConfigurationChangeListener;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.google.common.collect.ImmutableList;
import inet.ipaddr.AddressStringException;
import inet.ipaddr.IPAddress;
import inet.ipaddr.IPAddressString;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.collect.Tuple;

/* loaded from: input_file:com/floragunn/searchguard/authc/blocking/BlockedIpRegistry.class */
public class BlockedIpRegistry {
    protected static final Logger log = LogManager.getLogger(BlockedIpRegistry.class);
    private volatile List<ClientBlockRegistry<IPAddress>> blockedNetmasks;
    private volatile List<ClientBlockRegistry<InetAddress>> ipClientBlockRegistries;

    public BlockedIpRegistry(ConfigurationRepository configurationRepository) {
        configurationRepository.subscribeOnChange(new ConfigurationChangeListener() { // from class: com.floragunn.searchguard.authc.blocking.BlockedIpRegistry.1
            @Override // com.floragunn.searchguard.configuration.ConfigurationChangeListener
            public void onChange(ConfigMap configMap) {
                SgDynamicConfiguration sgDynamicConfiguration = configMap.get(CType.BLOCKS);
                if (sgDynamicConfiguration != null) {
                    BlockedIpRegistry.this.blockedNetmasks = ImmutableList.of(BlockedIpRegistry.this.reloadBlockedNetmasks(sgDynamicConfiguration));
                    BlockedIpRegistry.this.ipClientBlockRegistries = ImmutableList.of(BlockedIpRegistry.this.reloadBlockedIpAddresses(sgDynamicConfiguration));
                    if (BlockedIpRegistry.log.isDebugEnabled()) {
                        BlockedIpRegistry.log.debug("Updated confiuration: " + sgDynamicConfiguration + "\nBlockedNetmasks: " + BlockedIpRegistry.this.blockedNetmasks + "; ips: " + BlockedIpRegistry.this.ipClientBlockRegistries);
                    }
                }
            }
        });
    }

    public boolean isIpBlocked(IPAddress iPAddress) {
        if (iPAddress == null) {
            return false;
        }
        if ((this.ipClientBlockRegistries == null || this.ipClientBlockRegistries.isEmpty()) && (this.blockedNetmasks == null || this.blockedNetmasks.isEmpty())) {
            return false;
        }
        InetAddress inetAddress = iPAddress.toInetAddress();
        if (this.ipClientBlockRegistries != null) {
            Iterator<ClientBlockRegistry<InetAddress>> it = this.ipClientBlockRegistries.iterator();
            while (it.hasNext()) {
                if (it.next().isBlocked(inetAddress)) {
                    return true;
                }
            }
        }
        if (this.blockedNetmasks == null) {
            return false;
        }
        Iterator<ClientBlockRegistry<IPAddress>> it2 = this.blockedNetmasks.iterator();
        while (it2.hasNext()) {
            if (it2.next().isBlocked(iPAddress)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ClientBlockRegistry<IPAddress> reloadBlockedNetmasks(SgDynamicConfiguration<Blocks> sgDynamicConfiguration) {
        Function function = str -> {
            IPAddressString iPAddressString = new IPAddressString(str);
            try {
                iPAddressString.validate();
                return Optional.of(iPAddressString.toAddress());
            } catch (AddressStringException e) {
                log.error("Reloading blocked IP addresses failed ", e);
                return Optional.empty();
            }
        };
        Tuple<Set<String>, Set<String>> readBlocks = readBlocks(sgDynamicConfiguration, Blocks.Type.net_mask);
        return new IpRangeVerdictBasedBlockRegistry((Set) ((Set) readBlocks.v1()).stream().map(function).flatMap(optional -> {
            return (Stream) optional.map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        }).collect(Collectors.toSet()), (Set) ((Set) readBlocks.v2()).stream().map(function).flatMap(optional2 -> {
            return (Stream) optional2.map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        }).collect(Collectors.toSet()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ClientBlockRegistry<InetAddress> reloadBlockedIpAddresses(SgDynamicConfiguration<Blocks> sgDynamicConfiguration) {
        Function function = str -> {
            try {
                return Optional.of(InetAddress.getByName(str));
            } catch (UnknownHostException e) {
                log.error("Reloading blocked IP addresses failed", e);
                return Optional.empty();
            }
        };
        Tuple<Set<String>, Set<String>> readBlocks = readBlocks(sgDynamicConfiguration, Blocks.Type.ip);
        return new VerdictBasedBlockRegistry(InetAddress.class, (Set) ((Set) readBlocks.v1()).stream().map(function).flatMap(optional -> {
            return (Stream) optional.map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        }).collect(Collectors.toSet()), (Set) ((Set) readBlocks.v2()).stream().map(function).flatMap(optional2 -> {
            return (Stream) optional2.map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty);
        }).collect(Collectors.toSet()));
    }

    private Tuple<Set<String>, Set<String>> readBlocks(SgDynamicConfiguration<Blocks> sgDynamicConfiguration, Blocks.Type type) {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (Blocks blocks : (List) sgDynamicConfiguration.getCEntries().values().stream().filter(blocks2 -> {
            return blocks2.getType() == type;
        }).collect(Collectors.toList())) {
            if (blocks.getVerdict() == null) {
                log.error("No verdict type found in blocks");
            } else if (blocks.getVerdict() == Blocks.Verdict.disallow) {
                hashSet2.addAll(blocks.getValue());
            } else if (blocks.getVerdict() == Blocks.Verdict.allow) {
                hashSet.addAll(blocks.getValue());
            } else {
                log.error("Found unknown verdict type: " + blocks.getVerdict());
            }
        }
        return new Tuple<>(hashSet, hashSet2);
    }
}
