package org.apache.catalina.valves;

import jakarta.servlet.ServletException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.NetMask;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.osgi.service.condpermadmin.ConditionalPermissionInfo;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.11.jar:org/apache/catalina/valves/RemoteCIDRValve.class */
public final class RemoteCIDRValve extends RequestFilterValve {
    private static final Log log = LogFactory.getLog((Class<?>) RemoteCIDRValve.class);
    private final List<NetMask> allow = new ArrayList();
    private final List<NetMask> deny = new ArrayList();

    @Override // org.apache.catalina.valves.RequestFilterValve
    public String getAllow() {
        return this.allow.toString().replace(PropertyAccessor.PROPERTY_KEY_PREFIX, "").replace("]", "");
    }

    @Override // org.apache.catalina.valves.RequestFilterValve
    public void setAllow(String str) {
        List<String> fillFromInput = fillFromInput(str, this.allow);
        if (fillFromInput.isEmpty()) {
            return;
        }
        this.allowValid = false;
        Iterator<String> it = fillFromInput.iterator();
        while (it.hasNext()) {
            log.error(it.next());
        }
        throw new IllegalArgumentException(sm.getString("remoteCidrValve.invalid", ConditionalPermissionInfo.ALLOW));
    }

    @Override // org.apache.catalina.valves.RequestFilterValve
    public String getDeny() {
        return this.deny.toString().replace(PropertyAccessor.PROPERTY_KEY_PREFIX, "").replace("]", "");
    }

    @Override // org.apache.catalina.valves.RequestFilterValve
    public void setDeny(String str) {
        List<String> fillFromInput = fillFromInput(str, this.deny);
        if (fillFromInput.isEmpty()) {
            return;
        }
        this.denyValid = false;
        Iterator<String> it = fillFromInput.iterator();
        while (it.hasNext()) {
            log.error(it.next());
        }
        throw new IllegalArgumentException(sm.getString("remoteCidrValve.invalid", ConditionalPermissionInfo.DENY));
    }

    @Override // org.apache.catalina.valves.RequestFilterValve, org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        String peerAddr = getUsePeerAddress() ? request.getPeerAddr() : request.getRequest().getRemoteAddr();
        if (getAddConnectorPort()) {
            peerAddr = peerAddr + ";" + request.getConnector().getPortWithOffset();
        }
        process(peerAddr, request, response);
    }

    @Override // org.apache.catalina.valves.RequestFilterValve
    public boolean isAllowed(String str) {
        String substring;
        int parseInt;
        int indexOf = str.indexOf(59);
        if (indexOf == -1) {
            if (getAddConnectorPort()) {
                log.error(sm.getString("remoteCidrValve.noPort"));
                return false;
            }
            parseInt = -1;
            substring = str;
        } else {
            if (!getAddConnectorPort()) {
                log.error(sm.getString("remoteCidrValve.unexpectedPort"));
                return false;
            }
            substring = str.substring(0, indexOf);
            try {
                parseInt = Integer.parseInt(str.substring(indexOf + 1));
            } catch (NumberFormatException e) {
                log.error(sm.getString("remoteCidrValve.noPort"), e);
                return false;
            }
        }
        try {
            InetAddress byName = InetAddress.getByName(substring);
            for (NetMask netMask : this.deny) {
                if (getAddConnectorPort()) {
                    if (netMask.matches(byName, parseInt)) {
                        return false;
                    }
                } else if (netMask.matches(byName)) {
                    return false;
                }
            }
            for (NetMask netMask2 : this.allow) {
                if (getAddConnectorPort()) {
                    if (netMask2.matches(byName, parseInt)) {
                        return true;
                    }
                } else if (netMask2.matches(byName)) {
                    return true;
                }
            }
            return !this.deny.isEmpty() && this.allow.isEmpty();
        } catch (UnknownHostException e2) {
            log.error(sm.getString("remoteCidrValve.noRemoteIp"), e2);
            return false;
        }
    }

    @Override // org.apache.catalina.valves.RequestFilterValve
    protected Log getLog() {
        return log;
    }

    private List<String> fillFromInput(String str, List<NetMask> list) {
        list.clear();
        if (str == null || str.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split("\\s*,\\s*")) {
            try {
                list.add(new NetMask(str2));
            } catch (IllegalArgumentException e) {
                arrayList.add(str2 + ": " + e.getMessage());
            }
        }
        return Collections.unmodifiableList(arrayList);
    }
}
