package io.quarkus.vertx.http.runtime;

import io.quarkus.vertx.http.runtime.TrustedProxyCheck;
import io.smallrye.common.net.Inet;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.dns.DnsClient;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.net.SocketAddress;
import io.vertx.core.net.impl.SocketAddressImpl;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/ForwardedProxyHandler.class */
public class ForwardedProxyHandler implements Handler<HttpServerRequest> {
    private static final Logger LOGGER = Logger.getLogger(ForwardedProxyHandler.class.getName());
    private final TrustedProxyCheck.TrustedProxyCheckBuilder proxyCheckBuilder;
    private final Supplier<Vertx> vertx;
    private final Handler<HttpServerRequest> delegate;
    private final ForwardingProxyOptions forwardingProxyOptions;

    public ForwardedProxyHandler(TrustedProxyCheck.TrustedProxyCheckBuilder trustedProxyCheckBuilder, Supplier<Vertx> supplier, Handler<HttpServerRequest> handler, ForwardingProxyOptions forwardingProxyOptions) {
        this.proxyCheckBuilder = trustedProxyCheckBuilder;
        this.vertx = supplier;
        this.delegate = handler;
        this.forwardingProxyOptions = forwardingProxyOptions;
    }

    public void handle(HttpServerRequest httpServerRequest) {
        if (httpServerRequest.remoteAddress() == null) {
            LOGGER.debug("Client address is not available, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
            handleForwardedServerRequest(httpServerRequest, TrustedProxyCheck.denyAll());
        } else if (httpServerRequest.remoteAddress().isDomainSocket()) {
            LOGGER.debug("Domain socket are not supported, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
            handleForwardedServerRequest(httpServerRequest, TrustedProxyCheck.denyAll());
        } else if (this.proxyCheckBuilder.hasHostNames()) {
            lookupHostNamesAndHandleRequest(httpServerRequest, this.proxyCheckBuilder.getHostNameToPort().entrySet().iterator(), this.proxyCheckBuilder, this.vertx.get().createDnsClient());
        } else {
            resolveProxyIpAndHandleRequest(httpServerRequest, this.proxyCheckBuilder);
        }
    }

    private void lookupHostNamesAndHandleRequest(HttpServerRequest httpServerRequest, Iterator<Map.Entry<String, Integer>> it, TrustedProxyCheck.TrustedProxyCheckBuilder trustedProxyCheckBuilder, DnsClient dnsClient) {
        if (it.hasNext()) {
            Map.Entry<String, Integer> next = it.next();
            String key = next.getKey();
            resolveHostNameToAllIpAddresses(dnsClient, key, httpServerRequest.remoteAddress(), collection -> {
                if (collection.isEmpty()) {
                    logDnsLookupFailure(key);
                    lookupHostNamesAndHandleRequest(httpServerRequest, it, trustedProxyCheckBuilder, dnsClient);
                    return;
                }
                Set set = (Set) collection.stream().map(Inet::parseInetAddress).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(Collectors.toSet());
                if (!set.isEmpty()) {
                    lookupHostNamesAndHandleRequest(httpServerRequest, it, trustedProxyCheckBuilder.withTrustedIP(set, ((Integer) next.getValue()).intValue()), dnsClient);
                } else {
                    logInvalidIpAddress(key);
                    lookupHostNamesAndHandleRequest(httpServerRequest, it, trustedProxyCheckBuilder, dnsClient);
                }
            });
        } else if (trustedProxyCheckBuilder.hasProxyChecks()) {
            resolveProxyIpAndHandleRequest(httpServerRequest, trustedProxyCheckBuilder);
        } else {
            handleForwardedServerRequest(httpServerRequest, TrustedProxyCheck.denyAll());
        }
    }

    private void resolveHostNameToAllIpAddresses(DnsClient dnsClient, String str, SocketAddress socketAddress, Handler<Collection<String>> handler) {
        ArrayList<Future<List<String>>> arrayList = new ArrayList<>();
        InetAddress inetAddress = null;
        if (socketAddress != null) {
            inetAddress = ((SocketAddressImpl) socketAddress).ipAddress();
        }
        if (inetAddress == null || (inetAddress instanceof Inet4Address)) {
            arrayList.add(dnsClient.resolveA(str));
        }
        if (inetAddress == null || (inetAddress instanceof Inet6Address)) {
            arrayList.add(dnsClient.resolveAAAA(str));
        }
        processFutures(arrayList, new ArrayList(), handler);
    }

    private void processFutures(ArrayList<Future<List<String>>> arrayList, Collection<String> collection, Handler<Collection<String>> handler) {
        if (arrayList.isEmpty()) {
            handler.handle(collection);
        } else {
            arrayList.remove(0).onComplete(asyncResult -> {
                if (asyncResult.succeeded() && asyncResult.result() != null) {
                    collection.addAll((Collection) asyncResult.result());
                }
                processFutures(arrayList, collection, handler);
            });
        }
    }

    private void resolveProxyIpAndHandleRequest(HttpServerRequest httpServerRequest, TrustedProxyCheck.TrustedProxyCheckBuilder trustedProxyCheckBuilder) {
        InetAddress ipAddress = httpServerRequest.remoteAddress().ipAddress();
        if (ipAddress == null) {
            ipAddress = Inet.parseInetAddress(httpServerRequest.remoteAddress().host());
        }
        if (ipAddress != null) {
            handleForwardedServerRequest(httpServerRequest, trustedProxyCheckBuilder.build(ipAddress, httpServerRequest.remoteAddress().port()));
        } else {
            String str = (String) Objects.requireNonNull(httpServerRequest.remoteAddress().hostName());
            resolveHostNameToAllIpAddresses(this.vertx.get().createDnsClient(), str, null, collection -> {
                TrustedProxyCheck denyAll;
                if (collection.isEmpty()) {
                    logDnsLookupFailure(str);
                    denyAll = TrustedProxyCheck.denyAll();
                } else {
                    Set set = (Set) collection.stream().map(Inet::parseInetAddress).filter((v0) -> {
                        return Objects.nonNull(v0);
                    }).collect(Collectors.toSet());
                    if (set.isEmpty()) {
                        logInvalidIpAddress(str);
                        denyAll = TrustedProxyCheck.denyAll();
                    } else {
                        denyAll = trustedProxyCheckBuilder.build(set, httpServerRequest.remoteAddress().port());
                    }
                }
                handleForwardedServerRequest(httpServerRequest, denyAll);
            });
        }
    }

    private void handleForwardedServerRequest(HttpServerRequest httpServerRequest, TrustedProxyCheck trustedProxyCheck) {
        this.delegate.handle(new ForwardedServerRequestWrapper(httpServerRequest, this.forwardingProxyOptions, trustedProxyCheck));
    }

    private static void logInvalidIpAddress(String str) {
        LOGGER.debugf("Illegal state - DNS server returned invalid IP address for hostname '%s'", str);
    }

    private static void logDnsLookupFailure(String str) {
        LOGGER.debugf("Can't resolve proxy IP address from '%s'", str);
    }
}
