package org.elasticsearch.xpack.security.transport.filter;

import io.netty.handler.ipfilter.IpFilterRule;
import io.netty.handler.ipfilter.IpFilterRuleType;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.util.regex.Pattern;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.core.SuppressForbidden;

/* loaded from: input_file:org/elasticsearch/xpack/security/transport/filter/PatternRule.class */
final class PatternRule implements IpFilterRule {
    private final Pattern ipPattern;
    private final Pattern namePattern;
    private final IpFilterRuleType ruleType;
    private final boolean localhost;
    private final String pattern;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PatternRule(IpFilterRuleType ipFilterRuleType, String str) {
        this.ruleType = ipFilterRuleType;
        this.pattern = str;
        Pattern pattern = null;
        Pattern pattern2 = null;
        boolean z = false;
        if (str != null) {
            String str2 = "";
            String str3 = "";
            for (String str4 : str.split(",")) {
                String trim = str4.trim();
                if ("n:localhost".equals(trim)) {
                    z = true;
                } else if (trim.startsWith("n:")) {
                    str3 = addRule(str3, trim.substring(2));
                } else if (trim.startsWith("i:")) {
                    str2 = addRule(str2, trim.substring(2));
                }
            }
            pattern2 = str2.length() != 0 ? Pattern.compile(str2) : pattern2;
            if (str3.length() != 0) {
                pattern = Pattern.compile(str3);
            }
        }
        this.ipPattern = pattern2;
        this.namePattern = pattern;
        this.localhost = z;
    }

    String getPattern() {
        return this.pattern;
    }

    private static String addRule(String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            return str;
        }
        if (str.length() != 0) {
            str = str + "|";
        }
        return str + "(" + str2.replaceAll("\\.", "\\\\.").replaceAll("\\*", ".*").replaceAll("\\?", ".") + ")";
    }

    private static boolean isLocalhost(InetAddress inetAddress) {
        try {
            if (!inetAddress.isAnyLocalAddress() && !inetAddress.isLoopbackAddress()) {
                if (NetworkInterface.getByInetAddress(inetAddress) == null) {
                    return false;
                }
            }
            return true;
        } catch (SocketException e) {
            return false;
        }
    }

    public boolean matches(InetSocketAddress inetSocketAddress) {
        InetAddress address = inetSocketAddress.getAddress();
        if (this.localhost && isLocalhost(address)) {
            return true;
        }
        if (this.ipPattern != null) {
            if (this.ipPattern.matcher(NetworkAddress.format(address)).matches()) {
                return true;
            }
        }
        return checkHostName(address);
    }

    @SuppressForbidden(reason = "we compare the hostname of the address this is how netty3 did it and we keep it for BWC")
    private boolean checkHostName(InetAddress inetAddress) {
        return this.namePattern != null && this.namePattern.matcher(inetAddress.getHostName()).matches();
    }

    public IpFilterRuleType ruleType() {
        return this.ruleType;
    }

    boolean isLocalhost() {
        return this.localhost;
    }
}
