package ai.traceable.agent.filter.opa.evaluator;

import ai.traceable.agent.filter.opa.data.EvaluatorResult;
import ai.traceable.agent.filter.opa.helper.IpAddressMatcher;
import ai.traceable.javaagent.shaded.platform.opa.v1.Status;
import ai.traceable.javaagent.shaded.platform.opa.v1.data.AllowBlockingInfo;
import ai.traceable.javaagent.shaded.platform.opa.v1.data.BlockingData;
import ai.traceable.javaagent.shaded.platform.opa.v1.data.DenyBlockingInfo;
import ai.traceable.javaagent.shaded.platform.opa.v1.data.SnoozedBlockingInfo;
import ai.traceable.javaagent.shaded.platform.opa.v1.data.SuspendedBlockingInfo;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.faces.validator.BeanValidator;

/* JADX WARN: Classes with same name are omitted:
  input_file:inst/ai/traceable/agent/filter/opa/evaluator/IpAddressPolicyEvaluator.classdata
 */
/* loaded from: input_file:ai/traceable/agent/filter/opa/evaluator/IpAddressPolicyEvaluator.class */
public class IpAddressPolicyEvaluator {
    public static final String X_REAL_IP_KEY = "http.request.header.x-real-ip";
    public static final String X_FORWARDED_FOR_KEY = "http.request.header.x-forwarded-for";
    public static final String X_PROXYUSER_IP_KEY = "http.request.header.x-proxyuser-ip";
    public static final String HTTP_FORWARDED_KEY = "http.request.header.forwarded";
    public static final String PROXY_CLIENT_KEY = "proxy.client.addr";

    public EvaluatorResult allow(BlockingData blockingData, Map<String, String> map) {
        if (blockingData == null) {
            return new EvaluatorResult(true, new ArrayList(), new ArrayList());
        }
        long currentTimeMillis = System.currentTimeMillis();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        HashSet hashSet = new HashSet();
        extractXRealIps(map, hashSet);
        extractXForwardedForIps(map, hashSet);
        extractXProxyUserIps(map, hashSet);
        extractHttpForwardedIps(map, hashSet);
        extractProxyClientIps(map, hashSet);
        hashSet.forEach(str -> {
            evaluate(str, blockingData, currentTimeMillis, arrayList, arrayList2);
        });
        return new EvaluatorResult(!arrayList.isEmpty() || arrayList2.isEmpty(), arrayList, arrayList2);
    }

    private void evaluate(String str, BlockingData blockingData, long j, List<EvaluatorResult.ExemptionDetails> list, List<EvaluatorResult.ViolationDetails> list2) {
        Iterator<AllowBlockingInfo> it = blockingData.getAllowList().iterator();
        while (it.hasNext()) {
            evaluateAllowList(str, it.next(), list);
        }
        Iterator<SnoozedBlockingInfo> it2 = blockingData.getSnoozedList().iterator();
        while (it2.hasNext()) {
            evaluateSnoozedList(str, it2.next(), list, j);
        }
        Iterator<DenyBlockingInfo> it3 = blockingData.getDenyList().iterator();
        while (it3.hasNext()) {
            evaluateDenyList(str, it3.next(), list2);
        }
        Iterator<SuspendedBlockingInfo> it4 = blockingData.getSuspendedList().iterator();
        while (it4.hasNext()) {
            evaluateSuspendedList(str, it4.next(), list2, j);
        }
    }

    private void evaluateAllowList(String str, AllowBlockingInfo allowBlockingInfo, List<EvaluatorResult.ExemptionDetails> list) {
        if (allowBlockingInfo.getIpAddresses() == null || !allowBlockingInfo.getIpAddresses().contains(str)) {
            return;
        }
        list.add(new EvaluatorResult.ExemptionDetails(allowBlockingInfo.getInfo(), allowBlockingInfo.getCategory(), Status.ALLOWED));
    }

    private void evaluateSnoozedList(String str, SnoozedBlockingInfo snoozedBlockingInfo, List<EvaluatorResult.ExemptionDetails> list, long j) {
        if (snoozedBlockingInfo.getExpiry() <= j || snoozedBlockingInfo.getIpAddresses() == null || !snoozedBlockingInfo.getIpAddresses().contains(str)) {
            return;
        }
        list.add(new EvaluatorResult.ExemptionDetails(snoozedBlockingInfo.getInfo(), snoozedBlockingInfo.getCategory(), Status.SNOOZED));
    }

    private void evaluateDenyList(String str, DenyBlockingInfo denyBlockingInfo, List<EvaluatorResult.ViolationDetails> list) {
        if (denyBlockingInfo.getIpAddresses() != null && denyBlockingInfo.getIpAddresses().contains(str)) {
            list.add(new EvaluatorResult.ViolationDetails(denyBlockingInfo.getInfo(), denyBlockingInfo.getCategory(), Status.DENIED));
            return;
        }
        if (denyBlockingInfo.getIpRanges() != null) {
            Iterator<String> it = denyBlockingInfo.getIpRanges().iterator();
            while (it.hasNext()) {
                if (IpAddressMatcher.matches(str, it.next())) {
                    list.add(new EvaluatorResult.ViolationDetails(denyBlockingInfo.getInfo(), denyBlockingInfo.getCategory(), Status.DENIED));
                    return;
                }
            }
        }
    }

    private void evaluateSuspendedList(String str, SuspendedBlockingInfo suspendedBlockingInfo, List<EvaluatorResult.ViolationDetails> list, long j) {
        if (suspendedBlockingInfo.getExpiry() > j) {
            if (suspendedBlockingInfo.getIpAddresses() != null && suspendedBlockingInfo.getIpAddresses().contains(str)) {
                list.add(new EvaluatorResult.ViolationDetails(suspendedBlockingInfo.getInfo(), suspendedBlockingInfo.getCategory(), Status.SUSPENDED));
                return;
            }
            if (suspendedBlockingInfo.getIpRanges() != null) {
                Iterator<String> it = suspendedBlockingInfo.getIpRanges().iterator();
                while (it.hasNext()) {
                    if (IpAddressMatcher.matches(str, it.next())) {
                        list.add(new EvaluatorResult.ViolationDetails(suspendedBlockingInfo.getInfo(), suspendedBlockingInfo.getCategory(), Status.SUSPENDED));
                        return;
                    }
                }
            }
        }
    }

    void extractXRealIps(Map<String, String> map, Set<String> set) {
        String str = map.get(X_REAL_IP_KEY);
        if (str != null) {
            String trim = str.trim();
            if (trim.isEmpty()) {
                return;
            }
            set.add(trim);
        }
    }

    void extractXForwardedForIps(Map<String, String> map, Set<String> set) {
        String str = map.get(X_FORWARDED_FOR_KEY);
        String trim = (str == null || str.isEmpty()) ? "" : str.split(BeanValidator.VALIDATION_GROUPS_DELIMITER)[0].trim();
        if (trim.isEmpty()) {
            return;
        }
        set.add(trim);
    }

    void extractXProxyUserIps(Map<String, String> map, Set<String> set) {
        String str = map.get(X_PROXYUSER_IP_KEY);
        if (str != null) {
            String trim = str.trim();
            if (trim.isEmpty()) {
                return;
            }
            set.add(trim);
        }
    }

    void extractHttpForwardedIps(Map<String, String> map, Set<String> set) {
        String str = map.get(HTTP_FORWARDED_KEY);
        if (str == null || str.isEmpty()) {
            return;
        }
        for (String str2 : str.split(";")) {
            String[] split = str2.split("=");
            if (split.length > 1 && split[0].equals("for")) {
                String trim = split[1].trim();
                if (!trim.isEmpty()) {
                    set.add(trim);
                }
            }
        }
    }

    void extractProxyClientIps(Map<String, String> map, Set<String> set) {
        String str = map.get(PROXY_CLIENT_KEY);
        if (str != null) {
            String trim = str.trim();
            if (trim.isEmpty()) {
                return;
            }
            set.add(trim);
        }
    }
}
