package io.quarkus.vertx.http.runtime;

import io.quarkus.vertx.http.runtime.TrustedProxyCheck;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.dns.DnsClient;
import io.vertx.core.http.HttpServerRequest;
import java.net.InetAddress;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.function.Supplier;
import org.jboss.logging.Logger;
import org.wildfly.common.net.Inet;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/ForwardedProxyHandler.class */
public class ForwardedProxyHandler implements Handler<HttpServerRequest> {
    private static final Logger LOGGER = Logger.getLogger(ForwardedProxyHandler.class.getName());
    private final TrustedProxyCheck.TrustedProxyCheckBuilder proxyCheckBuilder;
    private final Supplier<Vertx> vertx;
    private final Handler<HttpServerRequest> delegate;
    private final ForwardingProxyOptions forwardingProxyOptions;

    public ForwardedProxyHandler(TrustedProxyCheck.TrustedProxyCheckBuilder trustedProxyCheckBuilder, Supplier<Vertx> supplier, Handler<HttpServerRequest> handler, ForwardingProxyOptions forwardingProxyOptions) {
        this.proxyCheckBuilder = trustedProxyCheckBuilder;
        this.vertx = supplier;
        this.delegate = handler;
        this.forwardingProxyOptions = forwardingProxyOptions;
    }

    public void handle(HttpServerRequest httpServerRequest) {
        if (httpServerRequest.remoteAddress() == null) {
            LOGGER.debug("Client address is not available, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
            handleForwardedServerRequest(httpServerRequest, TrustedProxyCheck.denyAll());
        } else if (httpServerRequest.remoteAddress().isDomainSocket()) {
            LOGGER.debug("Domain socket are not supported, 'Forwarded' and 'X-Forwarded' headers are going to be ignored");
            handleForwardedServerRequest(httpServerRequest, TrustedProxyCheck.denyAll());
        } else if (this.proxyCheckBuilder.hasHostNames()) {
            lookupHostNamesAndHandleRequest(httpServerRequest, this.proxyCheckBuilder.getHostNameToPort().entrySet().iterator(), this.proxyCheckBuilder, this.vertx.get().createDnsClient());
        } else {
            resolveProxyIpAndHandleRequest(httpServerRequest, this.proxyCheckBuilder);
        }
    }

    private void lookupHostNamesAndHandleRequest(final HttpServerRequest httpServerRequest, final Iterator<Map.Entry<String, Integer>> it, final TrustedProxyCheck.TrustedProxyCheckBuilder trustedProxyCheckBuilder, final DnsClient dnsClient) {
        if (it.hasNext()) {
            final Map.Entry<String, Integer> next = it.next();
            final String key = next.getKey();
            dnsClient.lookup(key, new Handler<AsyncResult<String>>() { // from class: io.quarkus.vertx.http.runtime.ForwardedProxyHandler.1
                public void handle(AsyncResult<String> asyncResult) {
                    if (!asyncResult.succeeded()) {
                        ForwardedProxyHandler.logDnsLookupFailure(key);
                        ForwardedProxyHandler.this.lookupHostNamesAndHandleRequest(httpServerRequest, it, trustedProxyCheckBuilder, dnsClient);
                        return;
                    }
                    InetAddress parseInetAddress = Inet.parseInetAddress((String) asyncResult.result());
                    if (parseInetAddress != null) {
                        ForwardedProxyHandler.this.lookupHostNamesAndHandleRequest(httpServerRequest, it, trustedProxyCheckBuilder.withTrustedIP(parseInetAddress, ((Integer) next.getValue()).intValue()), dnsClient);
                    } else {
                        ForwardedProxyHandler.logInvalidIpAddress(key);
                        ForwardedProxyHandler.this.lookupHostNamesAndHandleRequest(httpServerRequest, it, trustedProxyCheckBuilder, dnsClient);
                    }
                }
            });
        } else if (trustedProxyCheckBuilder.hasProxyChecks()) {
            resolveProxyIpAndHandleRequest(httpServerRequest, trustedProxyCheckBuilder);
        } else {
            handleForwardedServerRequest(httpServerRequest, TrustedProxyCheck.denyAll());
        }
    }

    private void resolveProxyIpAndHandleRequest(final HttpServerRequest httpServerRequest, final TrustedProxyCheck.TrustedProxyCheckBuilder trustedProxyCheckBuilder) {
        InetAddress ipAddress = httpServerRequest.remoteAddress().ipAddress();
        if (ipAddress == null) {
            ipAddress = Inet.parseInetAddress(httpServerRequest.remoteAddress().host());
        }
        if (ipAddress != null) {
            handleForwardedServerRequest(httpServerRequest, trustedProxyCheckBuilder.build(ipAddress, httpServerRequest.remoteAddress().port()));
        } else {
            final String str = (String) Objects.requireNonNull(httpServerRequest.remoteAddress().hostName());
            this.vertx.get().createDnsClient().lookup(str, new Handler<AsyncResult<String>>() { // from class: io.quarkus.vertx.http.runtime.ForwardedProxyHandler.2
                public void handle(AsyncResult<String> asyncResult) {
                    TrustedProxyCheck denyAll;
                    if (asyncResult.succeeded()) {
                        InetAddress parseInetAddress = Inet.parseInetAddress((String) asyncResult.result());
                        if (parseInetAddress != null) {
                            denyAll = trustedProxyCheckBuilder.build(parseInetAddress, httpServerRequest.remoteAddress().port());
                        } else {
                            ForwardedProxyHandler.logInvalidIpAddress(str);
                            denyAll = TrustedProxyCheck.denyAll();
                        }
                    } else {
                        ForwardedProxyHandler.logDnsLookupFailure(str);
                        denyAll = TrustedProxyCheck.denyAll();
                    }
                    ForwardedProxyHandler.this.handleForwardedServerRequest(httpServerRequest, denyAll);
                }
            });
        }
    }

    private void handleForwardedServerRequest(HttpServerRequest httpServerRequest, TrustedProxyCheck trustedProxyCheck) {
        this.delegate.handle(new ForwardedServerRequestWrapper(httpServerRequest, this.forwardingProxyOptions, trustedProxyCheck));
    }

    private static void logInvalidIpAddress(String str) {
        LOGGER.debugf("Illegal state - DNS server returned invalid IP address for hostname '%s'", str);
    }

    private static void logDnsLookupFailure(String str) {
        LOGGER.debugf("Can't resolve proxy IP address from '%s'", str);
    }
}
