package org.n52.sos.request.operator;

import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.n52.janmayen.http.HTTPStatus;
import org.n52.janmayen.net.IPAddress;
import org.n52.janmayen.net.IPAddressRange;
import org.n52.janmayen.net.ProxyChain;
import org.n52.shetland.ogc.ows.exception.NoApplicableCodeException;
import org.n52.shetland.ogc.ows.exception.OwsExceptionReport;
import org.n52.shetland.ogc.ows.service.OwsServiceRequestContext;
import org.n52.sos.service.TransactionalSecurityConfiguration;

/* loaded from: input_file:WEB-INF/lib/sos-api-5.1.0.jar:org/n52/sos/request/operator/TransactionalRequestChecker.class */
public class TransactionalRequestChecker {
    private Predicate<OwsServiceRequestContext> predicate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/sos-api-5.1.0.jar:org/n52/sos/request/operator/TransactionalRequestChecker$IpPredicate.class */
    public static class IpPredicate implements Predicate<OwsServiceRequestContext> {
        private final ImmutableSet<IPAddressRange> allowedAddresses;
        private final ImmutableSet<IPAddress> allowedProxies;

        IpPredicate(Set<IPAddressRange> set, Set<IPAddress> set2) {
            this.allowedAddresses = ImmutableSet.copyOf((Collection) set);
            this.allowedProxies = ImmutableSet.copyOf((Collection) set2);
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(OwsServiceRequestContext owsServiceRequestContext) {
            IPAddress iPAddress;
            if (owsServiceRequestContext == null || !owsServiceRequestContext.getIPAddress().isPresent()) {
                return false;
            }
            if (!owsServiceRequestContext.getForwardedForChain().isPresent()) {
                iPAddress = owsServiceRequestContext.getIPAddress().get();
            } else {
                if (!this.allowedProxies.contains(owsServiceRequestContext.getIPAddress().get())) {
                    return false;
                }
                ProxyChain proxyChain = owsServiceRequestContext.getForwardedForChain().get();
                Iterator<IPAddress> it = proxyChain.getProxies().iterator();
                while (it.hasNext()) {
                    if (!this.allowedProxies.contains(it.next())) {
                        return false;
                    }
                }
                iPAddress = proxyChain.getOrigin();
            }
            UnmodifiableIterator<IPAddressRange> it2 = this.allowedAddresses.iterator();
            while (it2.hasNext()) {
                if (it2.next().contains(iPAddress)) {
                    return true;
                }
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/sos-api-5.1.0.jar:org/n52/sos/request/operator/TransactionalRequestChecker$TokenPredicate.class */
    public static class TokenPredicate implements Predicate<OwsServiceRequestContext> {
        private final String token;

        TokenPredicate(String str) {
            this.token = str;
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(OwsServiceRequestContext owsServiceRequestContext) {
            return owsServiceRequestContext != null && owsServiceRequestContext.getToken().isPresent() && owsServiceRequestContext.getToken().get().equals(this.token);
        }
    }

    public TransactionalRequestChecker(TransactionalSecurityConfiguration transactionalSecurityConfiguration) {
        this.predicate = Predicates.and(createIpAdressPredicate(transactionalSecurityConfiguration), createTokenPredicate(transactionalSecurityConfiguration));
    }

    public void add(Predicate<OwsServiceRequestContext> predicate) {
        this.predicate = Predicates.and(this.predicate, predicate);
    }

    public void check(OwsServiceRequestContext owsServiceRequestContext) throws OwsExceptionReport {
        if (owsServiceRequestContext == null) {
            throw new NoApplicableCodeException().causedBy(new NullPointerException("RequestContext MUST not be null!")).setStatus(HTTPStatus.INTERNAL_SERVER_ERROR);
        }
        if (!this.predicate.apply(owsServiceRequestContext)) {
            throw new NoApplicableCodeException().withMessage("Not authorized for transactional operations!", new Object[0]).setStatus(HTTPStatus.UNAUTHORIZED);
        }
    }

    private Predicate<OwsServiceRequestContext> createTokenPredicate(TransactionalSecurityConfiguration transactionalSecurityConfiguration) {
        return (transactionalSecurityConfiguration.isTransactionalActive() && transactionalSecurityConfiguration.isSetTransactionalToken()) ? new TokenPredicate(transactionalSecurityConfiguration.getTransactionalToken()) : Predicates.alwaysTrue();
    }

    private Predicate<OwsServiceRequestContext> createIpAdressPredicate(TransactionalSecurityConfiguration transactionalSecurityConfiguration) {
        return (transactionalSecurityConfiguration.isTransactionalActive() && transactionalSecurityConfiguration.isSetTransactionalAllowedIps()) ? new IpPredicate(transactionalSecurityConfiguration.getAllowedAddresses(), transactionalSecurityConfiguration.getAllowedProxies()) : Predicates.alwaysTrue();
    }
}
