package org.apache.qpid.server.security.access.firewall;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.qpid.server.connection.ConnectionPrincipal;
import org.apache.qpid.server.security.access.config.DynamicRule;

/* loaded from: input_file:org/apache/qpid/server/security/access/firewall/FirewallRule.class */
public abstract class FirewallRule implements DynamicRule {
    @Override // org.apache.qpid.server.security.access.config.DynamicRule
    public boolean matches(Subject subject) {
        InetAddress addressOfClient = getAddressOfClient(subject);
        if (addressOfClient == null) {
            return true;
        }
        return matches(addressOfClient);
    }

    private InetAddress getAddressOfClient(Subject subject) {
        Set principals = subject.getPrincipals(ConnectionPrincipal.class);
        if (principals.isEmpty()) {
            return null;
        }
        SocketAddress remoteSocketAddress = ((ConnectionPrincipal) principals.iterator().next()).getConnection().getRemoteSocketAddress();
        if (remoteSocketAddress instanceof InetSocketAddress) {
            return ((InetSocketAddress) remoteSocketAddress).getAddress();
        }
        return null;
    }

    protected abstract boolean matches(InetAddress inetAddress);
}
