package io.swagger.v3.parser.urlresolver;

import io.swagger.v3.parser.urlresolver.exceptions.HostDeniedException;
import io.swagger.v3.parser.urlresolver.matchers.UrlPatternMatcher;
import io.swagger.v3.parser.urlresolver.models.ResolvedUrl;
import io.swagger.v3.parser.urlresolver.utils.NetUtils;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.List;
import org.apache.http.HttpHost;

/* loaded from: input_file:io/swagger/v3/parser/urlresolver/PermittedUrlsChecker.class */
public class PermittedUrlsChecker {
    protected final UrlPatternMatcher allowlistMatcher;
    protected final UrlPatternMatcher denylistMatcher;

    public PermittedUrlsChecker() {
        this.allowlistMatcher = new UrlPatternMatcher(Collections.emptyList());
        this.denylistMatcher = new UrlPatternMatcher(Collections.emptyList());
    }

    public PermittedUrlsChecker(List<String> list, List<String> list2) {
        if (list != null) {
            this.allowlistMatcher = new UrlPatternMatcher(list);
        } else {
            this.allowlistMatcher = new UrlPatternMatcher(Collections.emptyList());
        }
        if (list2 != null) {
            this.denylistMatcher = new UrlPatternMatcher(list2);
        } else {
            this.denylistMatcher = new UrlPatternMatcher(Collections.emptyList());
        }
    }

    public ResolvedUrl verify(String str) throws HostDeniedException {
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals(HttpHost.DEFAULT_SCHEME_NAME) && !url.getProtocol().equals("https")) {
                throw new HostDeniedException(String.format("URL does not use a supported protocol. URL [%s]", str));
            }
            try {
                String hostFromUrl = NetUtils.getHostFromUrl(str);
                if (this.allowlistMatcher.matches(str)) {
                    return new ResolvedUrl(str, hostFromUrl);
                }
                if (this.denylistMatcher.matches(str)) {
                    throw new HostDeniedException(String.format("URL is part of the explicit denylist. URL [%s]", str));
                }
                try {
                    InetAddress hostByName = NetUtils.getHostByName(hostFromUrl);
                    try {
                        String host = NetUtils.setHost(str, hostByName.getHostAddress());
                        if (this.allowlistMatcher.matches(host)) {
                            return new ResolvedUrl(host, hostFromUrl);
                        }
                        if (isRestrictedIpRange(hostByName)) {
                            throw new HostDeniedException(String.format("IP is restricted. URL [%s]", host));
                        }
                        if (this.denylistMatcher.matches(host)) {
                            throw new HostDeniedException(String.format("IP is part of the explicit denylist. URL [%s]", host));
                        }
                        return new ResolvedUrl(host, hostFromUrl);
                    } catch (MalformedURLException e) {
                        throw new HostDeniedException(String.format("Failed to create new URL with IP. IP [%s] URL [%s]", hostByName.getHostAddress(), str), e);
                    }
                } catch (UnknownHostException e2) {
                    throw new HostDeniedException(String.format("Failed to resolve IP from hostname. Hostname [%s]", hostFromUrl), e2);
                }
            } catch (MalformedURLException e3) {
                throw new HostDeniedException(String.format("Failed to get hostname from URL. URL [%s]", str), e3);
            }
        } catch (MalformedURLException e4) {
            throw new HostDeniedException(String.format("Failed to parse URL. URL [%s]", str), e4);
        }
    }

    protected boolean isRestrictedIpRange(InetAddress inetAddress) {
        return inetAddress.isLinkLocalAddress() || inetAddress.isSiteLocalAddress() || inetAddress.isLoopbackAddress() || inetAddress.isAnyLocalAddress() || NetUtils.isUniqueLocalAddress(inetAddress) || NetUtils.isNAT64Address(inetAddress);
    }
}
