package com.predic8.membrane.core.interceptor.acl;

import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.annot.Required;
import com.predic8.membrane.core.FixedStreamReader;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exceptions.ProblemDetails;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Interceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.apikey.ApiKeysInterceptor;
import com.predic8.membrane.core.resolver.ResolverMap;
import com.predic8.membrane.core.util.HttpUtil;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.List;
import javax.xml.stream.XMLInputFactory;
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MCElement(name = AccessControl.ELEMENT_NAME)
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.8.3.jar:com/predic8/membrane/core/interceptor/acl/AccessControlInterceptor.class */
public class AccessControlInterceptor extends AbstractInterceptor {
    private static final Logger log = LoggerFactory.getLogger(AccessControlInterceptor.class.getName());
    private String file;
    private AccessControl accessControl;
    private boolean useXForwardedForAsClientAddr = false;

    public AccessControlInterceptor() {
        setDisplayName("Access Control");
        setFlow(Interceptor.Flow.Set.REQUEST);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        String remoteAddr = exchange.getRemoteAddr();
        String remoteAddrIp = exchange.getRemoteAddrIp();
        List<String> forwardedForList = HttpUtil.getForwardedForList(exchange);
        if (this.useXForwardedForAsClientAddr && !forwardedForList.isEmpty()) {
            String str = forwardedForList.get(forwardedForList.size() - 1);
            try {
                remoteAddrIp = InetAddress.getByName(str).getHostAddress();
            } catch (UnknownHostException e) {
                remoteAddr = str;
            }
        }
        try {
            if (this.accessControl.getResourceFor(exchange.getOriginalRequestUri()).checkAccess(remoteAddr, remoteAddrIp)) {
                return Outcome.CONTINUE;
            }
            setResponseToAccessDenied(exchange);
            return Outcome.ABORT;
        } catch (Exception e2) {
            log.error("", (Throwable) e2);
            setResponseToAccessDenied(exchange);
            return Outcome.ABORT;
        }
    }

    private void setResponseToAccessDenied(Exchange exchange) {
        log.warn("Access Denied. Method: {} Uri: {}", exchange.getRequest().getMethod(), exchange.getOriginalRequestUri());
        exchange.setResponse(ProblemDetails.security(false).statusCode(401).addSubType(ApiKeysInterceptor.TYPE_4XX).title(ApiKeysInterceptor.TITLE_4XX).build());
    }

    public boolean isUseXForwardedForAsClientAddr() {
        return this.useXForwardedForAsClientAddr;
    }

    @MCAttribute
    public void setUseXForwardedForAsClientAddr(boolean z) {
        this.useXForwardedForAsClientAddr = z;
    }

    @MCAttribute
    @Required
    public void setFile(String str) {
        this.file = str;
    }

    public String getFile() {
        return this.file;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor
    public void init() throws Exception {
        this.accessControl = parse(this.file, this.router);
    }

    public void setAccessControl(AccessControl accessControl) {
        this.accessControl = accessControl;
    }

    public AccessControl getAccessControl() {
        return this.accessControl;
    }

    protected AccessControl parse(String str, Router router) throws Exception {
        try {
            AccessControl accessControl = (AccessControl) new AccessControl(router).parse(new FixedStreamReader(XMLInputFactory.newInstance().createXMLStreamReader(router.getResolverMap().resolve(ResolverMap.combine(router.getBaseLocation(), str)))));
            accessControl.init(router);
            return accessControl;
        } catch (Exception e) {
            log.error("Error initializing accessControl.", (Throwable) e);
            System.err.println("Error initializing accessControl: terminating.");
            throw new RuntimeException(e);
        }
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getShortDescription() {
        return "Authenticates incoming requests based on the file " + StringEscapeUtils.escapeHtml4(this.file) + " .";
    }
}
