package io.micronaut.security.rules;

import io.micronaut.core.annotation.Nullable;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.config.SecurityConfiguration;
import io.micronaut.security.config.SecurityConfigurationProperties;
import io.micronaut.security.token.RolesFinder;
import io.micronaut.security.utils.LoggingUtils;
import io.micronaut.web.router.RouteMatch;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.net.InetSocketAddress;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;

@Singleton
/* loaded from: input_file:io/micronaut/security/rules/IpPatternsRule.class */
public class IpPatternsRule extends AbstractSecurityRule {
    public static final Integer ORDER = Integer.valueOf(SecuredAnnotationRule.ORDER.intValue() - 100);
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) IpPatternsRule.class);
    private final List<Pattern> patternList;

    @Inject
    public IpPatternsRule(RolesFinder rolesFinder, SecurityConfiguration securityConfiguration) {
        super(rolesFinder);
        this.patternList = (List) securityConfiguration.getIpPatterns().stream().map(Pattern::compile).collect(Collectors.toList());
    }

    @Override // io.micronaut.core.order.Ordered
    public int getOrder() {
        return ORDER.intValue();
    }

    @Override // io.micronaut.security.rules.SecurityRule
    public Publisher<SecurityRuleResult> check(HttpRequest<?> httpRequest, @Nullable RouteMatch<?> routeMatch, @Nullable Authentication authentication) {
        if (this.patternList.isEmpty()) {
            LoggingUtils.debug(LOG, "No IP patterns provided. Skipping host address check.", new Object[0]);
            return Mono.just(SecurityRuleResult.UNKNOWN);
        }
        try {
            InetSocketAddress remoteAddress = httpRequest.getRemoteAddress();
            if (remoteAddress == null) {
                LoggingUtils.debug(LOG, "Request remote address was not found. Continuing request processing.", new Object[0]);
                return Mono.just(SecurityRuleResult.UNKNOWN);
            }
            if (remoteAddress.getAddress() == null) {
                LoggingUtils.debug(LOG, "Could not resolve the InetAddress. Continuing request processing.", new Object[0]);
                return Mono.just(SecurityRuleResult.UNKNOWN);
            }
            String hostAddress = remoteAddress.getAddress().getHostAddress();
            if (this.patternList.stream().anyMatch(pattern -> {
                return pattern.pattern().equals(SecurityConfigurationProperties.ANYWHERE) || pattern.matcher(hostAddress).matches();
            })) {
                LoggingUtils.debug(LOG, "One or more of the IP patterns matched the host address [{}]. Continuing request processing.", hostAddress);
                return Mono.just(SecurityRuleResult.UNKNOWN);
            }
            LoggingUtils.debug(LOG, "None of the IP patterns [{}] matched the host address [{}]. Rejecting the request.", this.patternList.stream().map((v0) -> {
                return v0.pattern();
            }).collect(Collectors.toList()), hostAddress);
            return Mono.just(SecurityRuleResult.REJECTED);
        } catch (IllegalArgumentException e) {
            LoggingUtils.debug(LOG, "IllegalArgumentException thrown while getting the request remote address. Continuing request processing.", new Object[0]);
            return Mono.just(SecurityRuleResult.UNKNOWN);
        }
    }
}
