package com.floragunn.searchguard.authc.base;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.searchguard.authc.RequestMetaData;
import com.floragunn.searchguard.support.IPAddressCollection;
import inet.ipaddr.IPAddress;

/* loaded from: input_file:com/floragunn/searchguard/authc/base/IPAddressAcceptanceRules.class */
public class IPAddressAcceptanceRules {
    public static final IPAddressAcceptanceRules ANY = new IPAddressAcceptanceRules(null, null);
    private final Criteria accept;
    private final Criteria skip;

    /* loaded from: input_file:com/floragunn/searchguard/authc/base/IPAddressAcceptanceRules$Criteria.class */
    public static class Criteria {
        private final IPAddressCollection originatingIps;
        private final IPAddressCollection directIps;
        private final boolean trustedIps;

        public Criteria(IPAddressCollection iPAddressCollection, IPAddressCollection iPAddressCollection2, boolean z) {
            this.originatingIps = iPAddressCollection;
            this.directIps = iPAddressCollection2;
            this.trustedIps = z;
        }

        public static Criteria parse(DocNode docNode, Parser.Context context) throws ConfigValidationException {
            ValidationErrors validationErrors = new ValidationErrors();
            ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
            IPAddressCollection iPAddressCollection = (IPAddressCollection) validatingDocNode.get("originating_ips").by(IPAddressCollection::parse);
            IPAddressCollection iPAddressCollection2 = (IPAddressCollection) validatingDocNode.get("ips").by(IPAddressCollection::parse);
            boolean asBoolean = validatingDocNode.get("trusted_ips").withDefault(false).asBoolean();
            validationErrors.throwExceptionForPresentErrors();
            return new Criteria(iPAddressCollection, iPAddressCollection2, asBoolean);
        }

        public IPAddressCollection getOriginatingIps() {
            return this.originatingIps;
        }

        public IPAddressCollection getDirectIps() {
            return this.directIps;
        }

        public boolean isTrustedIps() {
            return this.trustedIps;
        }
    }

    public IPAddressAcceptanceRules(Criteria criteria, Criteria criteria2) {
        this.accept = criteria;
        this.skip = criteria2;
    }

    public boolean accept(RequestMetaData<?> requestMetaData) {
        IPAddress directIpAddress = requestMetaData.getDirectIpAddress();
        if (this.accept != null && this.accept.directIps != null && !this.accept.directIps.contains(directIpAddress)) {
            return false;
        }
        if (this.skip != null && this.skip.directIps != null && this.skip.directIps.contains(directIpAddress)) {
            return false;
        }
        IPAddress originatingIpAddress = requestMetaData.getOriginatingIpAddress();
        if (this.accept != null && this.accept.originatingIps != null && !this.accept.originatingIps.contains(originatingIpAddress)) {
            return false;
        }
        if (this.skip == null || this.skip.originatingIps == null || !this.skip.originatingIps.contains(originatingIpAddress)) {
            return this.accept == null || !this.accept.trustedIps || requestMetaData.isTrustedProxy();
        }
        return false;
    }
}
