package com.hypersocket.ip;

import com.hypersocket.config.ConfigurationValueChangedEvent;
import com.hypersocket.config.SystemConfigurationService;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.realm.Realm;
import com.hypersocket.resource.ResourceException;
import com.hypersocket.server.IPRestrictionService;
import com.hypersocket.server.MutableIPRestrictionProvider;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.jboss.netty.handler.ipfilter.IpFilterRule;
import org.jboss.netty.handler.ipfilter.IpSubnetFilterRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.event.ContextStartedEvent;
import org.springframework.context.event.EventListener;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/hypersocket/ip/DefaultIPRestrictionProvider.class */
public class DefaultIPRestrictionProvider implements MutableIPRestrictionProvider {
    static Logger log = LoggerFactory.getLogger(IPRestrictionServiceImpl.class);
    private Set<IpFilterRule> deny = Collections.synchronizedSet(new HashSet());

    @Autowired
    private SystemConfigurationService configurationService;

    @Autowired
    private IPRestrictionService ipRestrictionService;

    @PostConstruct
    private void setup() {
        this.ipRestrictionService.registerProvider(this);
    }

    public boolean isAllowedAddress(InetAddress inetAddress, String str, Realm realm) {
        synchronized (this.deny) {
            Iterator<IpFilterRule> it = this.deny.iterator();
            while (it.hasNext()) {
                if (it.next().contains(inetAddress)) {
                    return false;
                }
            }
            return true;
        }
    }

    public void blockIPAddress(String str) throws UnknownHostException {
        if (log.isInfoEnabled()) {
            log.info("Blocking " + str);
        }
        this.deny.add(new IpSubnetFilterRule(false, processAddress(str)));
    }

    public synchronized void denyIPAddress(Realm realm, String str, boolean z) throws UnknownHostException {
        if (!z) {
            blockIPAddress(str);
            return;
        }
        try {
            this.configurationService.setValues("server.blockIPs", (String[]) ArrayUtils.add(this.configurationService.getValues("server.blockIPs"), str));
        } catch (ResourceException | AccessDeniedException e) {
            throw new IllegalStateException("Failed to permanently block " + str);
        }
    }

    public synchronized void undenyIPAddress(Realm realm, String str) throws UnknownHostException {
        if (log.isInfoEnabled()) {
            log.info("Unblocking " + str);
        }
        this.deny.remove(new IpSubnetFilterRule(false, processAddress(str)));
    }

    public static String processAddress(String str) {
        if (str.indexOf(47) == -1) {
            str = str.indexOf(":") > -1 ? str + "/128" : str + "/32";
        }
        return str;
    }

    @EventListener
    private void contextStarted(ContextStartedEvent contextStartedEvent) {
        loadBlockedIPs();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @EventListener
    private void configurationValueChanged(ConfigurationValueChangedEvent configurationValueChangedEvent) {
        if ("server.blockIPs".equals(configurationValueChangedEvent.getConfigResourceKey())) {
            String[] split = configurationValueChangedEvent.getOldValue().split("\\r\\n");
            String[] split2 = configurationValueChangedEvent.getNewValue().split("\\r\\n");
            for (String str : split2) {
                if (!StringUtils.isBlank(str)) {
                    boolean z = false;
                    for (Object[] objArr : split) {
                        z |= str.equals(objArr);
                    }
                    if (!z) {
                        try {
                            blockIPAddress(str);
                        } catch (UnknownHostException e) {
                            log.error("Failed to block new ip listed in permanent ip restrictions " + str);
                        }
                    }
                }
            }
            for (String str2 : split) {
                if (!StringUtils.isBlank(str2)) {
                    boolean z2 = false;
                    for (Object[] objArr2 : split2) {
                        z2 |= str2.equals(objArr2);
                    }
                    if (!z2) {
                        try {
                            undenyIPAddress(configurationValueChangedEvent.getCurrentRealm(), str2);
                        } catch (UnknownHostException e2) {
                            log.error("Failed to unblock ip no longer listed in permanent ip restrictions " + str2);
                        }
                    }
                }
            }
        }
    }

    private void loadBlockedIPs() {
        if (log.isInfoEnabled()) {
            log.info("Loading blocked IPs");
        }
        for (String str : this.configurationService.getValues("server.blockIPs")) {
            try {
                blockIPAddress(str);
            } catch (UnknownHostException e) {
                log.info("Failed to load blocked ip " + str, e);
            }
        }
    }

    public void clearRules(Realm realm, boolean z, boolean z2) {
        if (z2) {
            try {
                this.configurationService.setValues("server.blockIPs", new String[0]);
            } catch (ResourceException | AccessDeniedException e) {
                throw new IllegalStateException("Failed to clear rules.", e);
            }
        }
        if (z) {
            throw new UnsupportedOperationException("This IP restriction provider does not support allow rules. Please try the Enhanced Security extension.");
        }
    }

    public void allowIPAddress(Realm realm, String str, boolean z) throws UnknownHostException {
        throw new UnsupportedOperationException("This IP restriction provider does not support allow rules. Please try the Enhanced Security extension.");
    }

    public void disallowIPAddress(Realm realm, String str, boolean z) throws UnknownHostException {
        throw new UnsupportedOperationException("This IP restriction provider does not support allow rules. Please try the Enhanced Security extension.");
    }

    public int getWeight() {
        return 1000;
    }
}
