package org.n52.sos.request.operator;

import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.n52.sos.exception.ows.NoApplicableCodeException;
import org.n52.sos.ogc.ows.OwsExceptionReport;
import org.n52.sos.request.RequestContext;
import org.n52.sos.service.TransactionalSecurityConfiguration;
import org.n52.sos.util.http.HTTPStatus;
import org.n52.sos.util.net.IPAddress;
import org.n52.sos.util.net.IPAddressRange;
import org.n52.sos.util.net.ProxyChain;

/* loaded from: input_file:WEB-INF/lib/api-4.2.0.jar:org/n52/sos/request/operator/TransactionalRequestChecker.class */
public class TransactionalRequestChecker {
    private Predicate<RequestContext> predicate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/api-4.2.0.jar:org/n52/sos/request/operator/TransactionalRequestChecker$IpPredicate.class */
    public static class IpPredicate implements Predicate<RequestContext> {
        private final ImmutableSet<IPAddressRange> allowedAddresses;
        private final ImmutableSet<IPAddress> allowedProxies;

        IpPredicate(Set<IPAddressRange> set, Set<IPAddress> set2) {
            this.allowedAddresses = ImmutableSet.copyOf((Collection) set);
            this.allowedProxies = ImmutableSet.copyOf((Collection) set2);
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(RequestContext requestContext) {
            IPAddress iPAddress;
            if (!requestContext.getIPAddress().isPresent()) {
                return false;
            }
            if (!requestContext.getForwardedForChain().isPresent()) {
                iPAddress = requestContext.getIPAddress().get();
            } else {
                if (!this.allowedProxies.contains(requestContext.getIPAddress().get())) {
                    return false;
                }
                ProxyChain proxyChain = requestContext.getForwardedForChain().get();
                Iterator it = proxyChain.getProxies().iterator();
                while (it.hasNext()) {
                    if (!this.allowedProxies.contains((IPAddress) it.next())) {
                        return false;
                    }
                }
                iPAddress = proxyChain.getOrigin();
            }
            Iterator it2 = this.allowedAddresses.iterator();
            while (it2.hasNext()) {
                if (((IPAddressRange) it2.next()).contains(iPAddress)) {
                    return true;
                }
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/api-4.2.0.jar:org/n52/sos/request/operator/TransactionalRequestChecker$TokenPredicate.class */
    public static class TokenPredicate implements Predicate<RequestContext> {
        private final String token;

        TokenPredicate(String str) {
            this.token = str;
        }

        @Override // com.google.common.base.Predicate
        public boolean apply(RequestContext requestContext) {
            return requestContext.getToken().isPresent() && requestContext.getToken().get().equals(this.token);
        }
    }

    public TransactionalRequestChecker(TransactionalSecurityConfiguration transactionalSecurityConfiguration) {
        this.predicate = Predicates.and(createIpAdressPredicate(transactionalSecurityConfiguration), createTokenPredicate(transactionalSecurityConfiguration));
    }

    public void add(Predicate<RequestContext> predicate) {
        this.predicate = Predicates.and(this.predicate, predicate);
    }

    public void check(RequestContext requestContext) throws OwsExceptionReport {
        if (!this.predicate.apply(requestContext)) {
            throw new NoApplicableCodeException().withMessage("Not authorized for transactional operations!", new Object[0]).setStatus(HTTPStatus.UNAUTHORIZED);
        }
    }

    private Predicate<RequestContext> createTokenPredicate(TransactionalSecurityConfiguration transactionalSecurityConfiguration) {
        return (transactionalSecurityConfiguration.isTransactionalActive() && transactionalSecurityConfiguration.isSetTransactionalToken()) ? new TokenPredicate(transactionalSecurityConfiguration.getTransactionalToken()) : Predicates.alwaysTrue();
    }

    private Predicate<RequestContext> createIpAdressPredicate(TransactionalSecurityConfiguration transactionalSecurityConfiguration) {
        return (transactionalSecurityConfiguration.isTransactionalActive() && transactionalSecurityConfiguration.isSetTransactionalAllowedIps()) ? new IpPredicate(transactionalSecurityConfiguration.getAllowedAddresses(), transactionalSecurityConfiguration.getAllowedProxies()) : Predicates.alwaysTrue();
    }
}
