package org.elasticsearch.flowcontrol.rule;

import io.netty.handler.ipfilter.IpFilterRule;
import io.netty.handler.ipfilter.IpFilterRuleType;
import io.netty.handler.ipfilter.IpSubnetFilterRule;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.collect.Tuple;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.network.InetAddresses;

/* loaded from: input_file:org/elasticsearch/flowcontrol/rule/FlowControlFilterRule.class */
public class FlowControlFilterRule implements IpFilterRule {
    private static final Logger logger = Loggers.getLogger(FlowControlFilterRule.class, new String[]{"flow control"});
    private final boolean isAllowRule;
    private final String ruleSpec;
    private IpFilterRule ipFilterRule;

    public FlowControlFilterRule(boolean z, String str) {
        this.isAllowRule = z;
        this.ruleSpec = str;
    }

    public static FlowControlFilterRule createAllowRule(String str) {
        FlowControlFilterRule flowControlFilterRule = new FlowControlFilterRule(true, str);
        flowControlFilterRule.createRule();
        return flowControlFilterRule;
    }

    public static FlowControlFilterRule createDenyRule(String str) {
        FlowControlFilterRule flowControlFilterRule = new FlowControlFilterRule(false, str);
        flowControlFilterRule.createRule();
        return flowControlFilterRule;
    }

    public static String checkRule(String str) {
        if (str.contains("/")) {
            try {
                parseSubnetMask(str);
            } catch (Exception e) {
                throw new IllegalArgumentException("unable to create ip filter for rule ", e);
            }
        } else {
            checkIp(str);
        }
        return str;
    }

    public static List<String> checkRules(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            checkRule(it.next());
        }
        return list;
    }

    public boolean createRule() {
        IpFilterRuleType ipFilterRuleType = this.isAllowRule ? IpFilterRuleType.ACCEPT : IpFilterRuleType.REJECT;
        if (this.ruleSpec.contains("/")) {
            try {
                Tuple<InetAddress, Integer> parseSubnetMask = parseSubnetMask(this.ruleSpec);
                this.ipFilterRule = new IpSubnetFilterRule((InetAddress) parseSubnetMask.v1(), ((Integer) parseSubnetMask.v2()).intValue(), ipFilterRuleType);
                return true;
            } catch (Exception e) {
                logger.error("unable to create ip filter for rule [" + (this.isAllowRule ? "allow " : "deny ") + " " + this.ruleSpec + "]", e);
                return false;
            }
        }
        if (!InetAddresses.isInetAddress(this.ruleSpec)) {
            logger.error("create rule invalid ip address " + this.ruleSpec);
            return false;
        }
        int i = 32;
        InetAddress forString = InetAddresses.forString(this.ruleSpec);
        if (forString instanceof Inet6Address) {
            i = 32 + 96;
        }
        this.ipFilterRule = new IpSubnetFilterRule(forString, i, ipFilterRuleType);
        return true;
    }

    public static Tuple<InetAddress, Integer> parseSubnetMask(String str) throws UnknownHostException {
        int i;
        int indexOf = str.indexOf(47);
        if (indexOf < 0) {
            throw new IllegalArgumentException("Invalid CIDR notation used: " + str);
        }
        if (indexOf == str.length() - 1) {
            throw new IllegalArgumentException("address must not end with a '/");
        }
        String substring = str.substring(0, indexOf);
        checkIp(substring);
        String substring2 = str.substring(indexOf + 1);
        InetAddress byName = InetAddress.getByName(substring);
        if (substring2.indexOf(46) < 0) {
            try {
                i = Integer.decode(substring2).intValue();
                if (i >= 32) {
                    throw new IllegalArgumentException("address mask is invalid, mask is " + i);
                }
            } catch (Exception e) {
                i = -1;
            }
        } else {
            i = getNetMask(substring2);
            if (byName instanceof Inet6Address) {
                i += 96;
            }
        }
        if (i < 0) {
            throw new IllegalArgumentException("Invalid mask length used: " + substring2);
        }
        return new Tuple<>(byName, Integer.valueOf(i));
    }

    private static void checkIp(String str) {
        if (!InetAddresses.isInetAddress(str)) {
            throw new IllegalArgumentException("invalid ip address " + str);
        }
        if (str.equals("0.0.0.0")) {
            throw new IllegalArgumentException("invalid ip address, not allow config  " + str);
        }
    }

    private static int getNetMask(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ".");
        int i = 0;
        int[] iArr = new int[4];
        while (stringTokenizer.hasMoreTokens()) {
            iArr[i] = Integer.parseInt(stringTokenizer.nextToken());
            i++;
        }
        int i2 = 0;
        for (int i3 = 0; i3 < 4; i3++) {
            i2 += Integer.bitCount(iArr[i3]);
        }
        return i2;
    }

    public boolean matches(InetSocketAddress inetSocketAddress) {
        if (this.ipFilterRule == null) {
            return false;
        }
        return this.ipFilterRule.matches(inetSocketAddress);
    }

    public IpFilterRuleType ruleType() {
        return this.ipFilterRule.ruleType();
    }
}
