package com.mulesoft.connectors.http.citizen.internal.security;

import com.mulesoft.connectors.http.citizen.internal.security.net.AddressMaskingException;
import com.mulesoft.connectors.http.citizen.internal.security.net.CIDRParseException;
import com.mulesoft.connectors.http.citizen.internal.security.net.IPNetwork;
import com.mulesoft.connectors.http.citizen.internal.security.net.NetworkFormatException;
import com.mulesoft.connectors.http.citizen.internal.security.net.SSRFCheckException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:com/mulesoft/connectors/http/citizen/internal/security/SSRFCheck.class */
public class SSRFCheck {
    private static final String BLOCKLIST_DEFAULTS_FILE = "blocklist.txt";
    private static final String DISABLE_SSRF_PROPERTY = "DISABLE_SSRF_CHECK";
    private boolean enabled;
    private List<IPNetwork> subnets = new ArrayList();
    private Map<String, Boolean> cache = Collections.synchronizedMap(new HashMap());

    /* loaded from: input_file:com/mulesoft/connectors/http/citizen/internal/security/SSRFCheck$Builder.class */
    public static class Builder {
        private String filename = SSRFCheck.BLOCKLIST_DEFAULTS_FILE;
        private List<String> entries = null;

        List<String> loadBlocklist() throws NetworkFormatException {
            ArrayList arrayList = new ArrayList();
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(((URL) Objects.requireNonNull(SSRFCheck.class.getClassLoader().getResource(this.filename))).openStream()));
                Throwable th = null;
                while (true) {
                    try {
                        try {
                            String readLine = bufferedReader.readLine();
                            String str = readLine;
                            if (readLine == null) {
                                break;
                            }
                            if (str.indexOf(35) >= 0) {
                                str = str.substring(0, str.indexOf(35));
                            }
                            String trim = str.trim();
                            if (!trim.equals("")) {
                                arrayList.add(trim);
                            }
                        } finally {
                        }
                    } finally {
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return arrayList;
            } catch (IOException e) {
                throw new NetworkFormatException("Could not load defaults: " + e.getMessage(), e);
            }
        }

        private List<String> getEntries() throws NetworkFormatException {
            return this.entries == null ? loadBlocklist() : this.entries;
        }

        public SSRFCheck build() throws AddressMaskingException, CIDRParseException, NetworkFormatException {
            return new SSRFCheck(System.getProperty(SSRFCheck.DISABLE_SSRF_PROPERTY) == null, getEntries());
        }
    }

    public SSRFCheck(boolean z, List<String> list) throws CIDRParseException, NetworkFormatException, AddressMaskingException {
        this.enabled = true;
        this.enabled = z;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            this.subnets.add(new IPNetwork(it.next()));
        }
    }

    public boolean throwIfUnsafe(String str) {
        if (isSafe(str)) {
            return true;
        }
        throw new SSRFCheckException(String.format("SSRF Security Error", new Object[0]));
    }

    public boolean isSafe(String str) throws AddressMaskingException {
        if (!this.enabled) {
            return true;
        }
        if (str == null) {
            return false;
        }
        Boolean bool = this.cache.get(str);
        if (bool != null) {
            return bool.booleanValue();
        }
        boolean isSafeHelper = isSafeHelper(str);
        this.cache.put(str, Boolean.valueOf(isSafeHelper));
        return isSafeHelper;
    }

    private boolean isSafeHelper(String str) throws AddressMaskingException {
        try {
            URI uri = new URI(str);
            if (uri.getScheme() == null) {
                return false;
            }
            if (!uri.getScheme().equals("http") && !uri.getScheme().equals("https")) {
                return false;
            }
            try {
                InetAddress[] allByName = InetAddress.getAllByName(uri.getHost());
                for (InetAddress inetAddress : allByName) {
                    if (inetAddress.isLoopbackAddress()) {
                        return false;
                    }
                }
                for (InetAddress inetAddress2 : allByName) {
                    Iterator<IPNetwork> it = this.subnets.iterator();
                    while (it.hasNext()) {
                        if (it.next().contains(inetAddress2)) {
                            return false;
                        }
                    }
                }
                return true;
            } catch (UnknownHostException e) {
                return false;
            }
        } catch (Exception e2) {
            return false;
        }
    }

    public static Builder builder() {
        return new Builder();
    }
}
