package org.qortal.api;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.servlet.http.HttpServletRequest;
import org.qortal.arbitrary.ArbitraryDataResource;
import org.qortal.arbitrary.misc.Service;
import org.qortal.controller.arbitrary.ArbitraryDataRenderManager;
import org.qortal.settings.Settings;

/* loaded from: input_file:org/qortal/api/Security.class */
public abstract class Security {
    public static final String API_KEY_HEADER = "X-API-KEY";

    public static void checkApiCallAllowed(HttpServletRequest httpServletRequest) {
        checkApiCallAllowed(httpServletRequest, null);
    }

    public static void checkApiCallAllowed(HttpServletRequest httpServletRequest, String str) {
        if (Settings.getInstance().isLocalAuthBypassEnabled()) {
            try {
                if (InetAddress.getByName(httpServletRequest.getRemoteAddr()).isLoopbackAddress()) {
                    return;
                }
            } catch (UnknownHostException e) {
            }
        }
        ApiKey apiKey = getApiKey(httpServletRequest);
        if (!apiKey.generated()) {
            throw ApiExceptionFactory.INSTANCE.createCustomException(httpServletRequest, ApiError.UNAUTHORIZED, "API key not generated");
        }
        if (str == null) {
            str = httpServletRequest.getHeader(API_KEY_HEADER);
        }
        if (str == null) {
            str = httpServletRequest.getParameter("apiKey");
        }
        if (str == null) {
            throw ApiExceptionFactory.INSTANCE.createCustomException(httpServletRequest, ApiError.UNAUTHORIZED, "Missing 'X-API-KEY' header");
        }
        if (!apiKey.toString().equals(str)) {
            throw ApiExceptionFactory.INSTANCE.createCustomException(httpServletRequest, ApiError.UNAUTHORIZED, "API key invalid");
        }
    }

    public static void disallowLoopbackRequests(HttpServletRequest httpServletRequest) {
        try {
            if (!InetAddress.getByName(httpServletRequest.getRemoteAddr()).isLoopbackAddress() || Settings.getInstance().isGatewayLoopbackEnabled()) {
            } else {
                throw ApiExceptionFactory.INSTANCE.createCustomException(httpServletRequest, ApiError.UNAUTHORIZED, "Local requests not allowed");
            }
        } catch (UnknownHostException e) {
            throw ApiExceptionFactory.INSTANCE.createException(httpServletRequest, ApiError.UNAUTHORIZED);
        }
    }

    public static void disallowLoopbackRequestsIfAuthBypassEnabled(HttpServletRequest httpServletRequest) {
        if (Settings.getInstance().isLocalAuthBypassEnabled()) {
            try {
                if (InetAddress.getByName(httpServletRequest.getRemoteAddr()).isLoopbackAddress()) {
                    throw ApiExceptionFactory.INSTANCE.createCustomException(httpServletRequest, ApiError.UNAUTHORIZED, "Local requests not allowed when localAuthBypassEnabled is enabled in settings");
                }
            } catch (UnknownHostException e) {
                throw ApiExceptionFactory.INSTANCE.createException(httpServletRequest, ApiError.UNAUTHORIZED);
            }
        }
    }

    public static void requirePriorAuthorization(HttpServletRequest httpServletRequest, String str, Service service, String str2) {
        if (!ArbitraryDataRenderManager.getInstance().isAuthorized(new ArbitraryDataResource(str, null, service, str2))) {
            throw ApiExceptionFactory.INSTANCE.createCustomException(httpServletRequest, ApiError.UNAUTHORIZED, "Call /render/authorize first");
        }
    }

    public static void requirePriorAuthorizationOrApiKey(HttpServletRequest httpServletRequest, String str, Service service, String str2, String str3) {
        try {
            checkApiCallAllowed(httpServletRequest, str3);
        } catch (ApiException e) {
            requirePriorAuthorization(httpServletRequest, str, service, str2);
        }
    }

    public static ApiKey getApiKey(HttpServletRequest httpServletRequest) {
        ApiKey apiKey = ApiService.getInstance().getApiKey();
        if (apiKey == null) {
            try {
                apiKey = new ApiKey();
                ApiService.getInstance().setApiKey(apiKey);
            } catch (IOException e) {
                throw ApiExceptionFactory.INSTANCE.createException(httpServletRequest, ApiError.UNAUTHORIZED);
            }
        }
        return apiKey;
    }
}
