package net.jlxxw.wechat.event.netty.handler;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.util.CharsetUtil;
import java.net.InetSocketAddress;
import java.util.Set;
import net.jlxxw.wechat.log.util.LoggerUtils;
import net.jlxxw.wechat.repository.ip.IpSegmentRepository;
import net.jlxxw.wechat.security.blacklist.BlackList;
import net.jlxxw.wechat.security.template.SecurityFilterTemplate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:net/jlxxw/wechat/event/netty/handler/SecurityHandler.class */
public class SecurityHandler extends ChannelInboundHandlerAdapter implements SecurityFilterTemplate {
    private static final Logger logger = LoggerFactory.getLogger(SecurityHandler.class);
    private final IpSegmentRepository ipSegmentRepository;
    private final BlackList blackList;

    public SecurityHandler(IpSegmentRepository ipSegmentRepository, BlackList blackList) {
        this.ipSegmentRepository = ipSegmentRepository;
        this.blackList = blackList;
        LoggerUtils.info(logger, "公众号组件 ---> netty模式 ip 安全检查器已启动", new Object[0]);
    }

    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        String hostAddress = ((InetSocketAddress) channelHandlerContext.channel().remoteAddress()).getAddress().getHostAddress();
        LoggerUtils.debug("公众号组件 ---> netty模式 ip 安全检查,发现请求ip地址:{}", new Object[]{hostAddress});
        LoggerUtils.debug("公众号组件 ---> netty模式 ip 安全检查,发现请求ip地址:{},开始进行安全检查", new Object[]{hostAddress});
        boolean security = security(hostAddress);
        LoggerUtils.debug("公众号组件 ---> netty模式 ip 安全检查,发现请求ip地址:{},安全检查结束,是否允许通过:{}", new Object[]{hostAddress, Boolean.valueOf(security)});
        if (security) {
            super.channelActive(channelHandlerContext);
        } else {
            reject(hostAddress);
            channelHandlerContext.writeAndFlush(response(Unpooled.copiedBuffer("IP FORBIDDEN", CharsetUtil.UTF_8))).addListener(ChannelFutureListener.CLOSE);
        }
    }

    public boolean blacklisted(String str) {
        return this.blackList.include(str);
    }

    public Set<String> loadAllIpSegments() {
        return this.ipSegmentRepository.findAll();
    }

    public void reject(String str) {
        LoggerUtils.info(logger, "公众号组件 ---> netty模式 ip 安全检查,发现请求ip地址:{},执行拒绝处理", new Object[]{str});
        this.blackList.add(str);
    }

    private FullHttpResponse response(ByteBuf byteBuf) {
        DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.FORBIDDEN, byteBuf);
        defaultFullHttpResponse.headers().set("Content-Type", "application/xml;charset=UTF-8");
        defaultFullHttpResponse.headers().set("Content_Length", Integer.valueOf(defaultFullHttpResponse.content().readableBytes()));
        return defaultFullHttpResponse;
    }
}
