package org.infinispan.server.core.transport;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.ipfilter.IpFilterRuleType;
import java.net.InetSocketAddress;
import org.infinispan.server.core.configuration.ProtocolServerConfiguration;
import org.infinispan.server.core.logging.Log;

@ChannelHandler.Sharable
/* loaded from: input_file:org/infinispan/server/core/transport/AccessControlFilter.class */
public class AccessControlFilter<A extends ProtocolServerConfiguration> extends ChannelInboundHandlerAdapter {
    public static final AccessControlFilterEvent EVENT = new AccessControlFilterEvent();
    private final A configuration;
    private final boolean onRegistration;

    /* loaded from: input_file:org/infinispan/server/core/transport/AccessControlFilter$AccessControlFilterEvent.class */
    public static class AccessControlFilterEvent {
        private AccessControlFilterEvent() {
        }
    }

    public AccessControlFilter(A a) {
        this(a, true);
    }

    public AccessControlFilter(A a, boolean z) {
        this.configuration = a;
        this.onRegistration = z;
    }

    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (obj instanceof AccessControlFilterEvent) {
            processRules(channelHandlerContext);
        }
        channelHandlerContext.fireUserEventTriggered(obj);
    }

    protected boolean accept(InetSocketAddress inetSocketAddress) throws Exception {
        if (!this.configuration.isEnabled()) {
            return false;
        }
        for (IpSubnetFilterRule ipSubnetFilterRule : this.configuration.ipFilter().rules()) {
            if (ipSubnetFilterRule.matches(inetSocketAddress)) {
                if (ipSubnetFilterRule.ruleType() == IpFilterRuleType.REJECT) {
                    Log.SECURITY.ipFilterConnectionRejection(inetSocketAddress, ipSubnetFilterRule);
                }
                return ipSubnetFilterRule.ruleType() == IpFilterRuleType.ACCEPT;
            }
        }
        return true;
    }

    public void channelRegistered(ChannelHandlerContext channelHandlerContext) throws Exception {
        if (this.onRegistration) {
            processRules(channelHandlerContext);
        }
        channelHandlerContext.fireChannelRegistered();
    }

    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        if (!processRules(channelHandlerContext)) {
            throw new IllegalStateException("cannot determine to accept or reject a channel: " + String.valueOf(channelHandlerContext.channel()));
        }
        channelHandlerContext.fireChannelActive();
    }

    private boolean processRules(ChannelHandlerContext channelHandlerContext) throws Exception {
        InetSocketAddress inetSocketAddress = (InetSocketAddress) channelHandlerContext.channel().remoteAddress();
        if (inetSocketAddress == null) {
            return false;
        }
        channelHandlerContext.pipeline().remove(this);
        if (accept(inetSocketAddress)) {
            return true;
        }
        channelHandlerContext.close();
        return true;
    }
}
