package tech.mgl.boot.common.security;

import jakarta.annotation.Resource;
import java.net.InetSocketAddress;
import java.util.HashSet;
import java.util.Set;
import org.aspectj.lang.annotation.Before;
import tech.mgl.boot.config.properties.MGLNetworkPermission;

/* loaded from: input_file:tech/mgl/boot/common/security/NetworkAccessAspect.class */
public class NetworkAccessAspect {

    @Resource
    private MGLNetworkPermission networkPermission;
    private static final Set<String> BLOCKED_CONNECTIONS = new HashSet();

    @Before("execution(* java.net.Socket.connect(..)) && args(endpoint,..)")
    public void blockSocketConnection(InetSocketAddress inetSocketAddress) throws Throwable {
        String hostAddress = inetSocketAddress.getAddress().getHostAddress();
        String str = hostAddress + ":" + inetSocketAddress.getPort();
        System.out.println(hostAddress + ":" + inetSocketAddress.getPort());
        System.out.println(str);
        if (null == this.networkPermission || !this.networkPermission.getEnabled().booleanValue() || isPrivateIp(hostAddress)) {
            return;
        }
        if (BLOCKED_CONNECTIONS.contains(str)) {
            throw new SecurityException("Network connection to " + str + " is not allowed.");
        }
        if (this.networkPermission.getAllowList().contains(str)) {
        }
    }

    private boolean isPrivateIp(String str) {
        return str.startsWith("10.") || str.startsWith("192.168.") || (str.startsWith("172.") && isInRange(str, 16, 31));
    }

    private boolean isInRange(String str, int i, int i2) {
        try {
            int parseInt = Integer.parseInt(str.split("\\.")[1]);
            return parseInt >= i && parseInt <= i2;
        } catch (ArrayIndexOutOfBoundsException | NumberFormatException e) {
            return false;
        }
    }

    static {
        BLOCKED_CONNECTIONS.add("203.0.113.10:8080");
        BLOCKED_CONNECTIONS.add("example.com:80");
    }
}
