package com.atlassian.crowd.manager.proxy;

import com.atlassian.cache.Cache;
import com.atlassian.crowd.manager.cluster.message.SingleClusterMessageListener;
import com.atlassian.crowd.manager.property.PropertyManager;
import com.atlassian.crowd.manager.property.PropertyManagerException;
import com.atlassian.crowd.model.application.RemoteAddress;
import com.atlassian.crowd.service.cluster.ClusterMessageService;
import com.atlassian.ip.IPMatcher;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/manager/proxy/TrustedProxyManagerImpl.class */
public class TrustedProxyManagerImpl implements TrustedProxyManager {
    static final String CLUSTER_MESSAGE_CHANNEL = "TrustedProxyManagerImpl.cache";
    static final String CLUSTER_MESSAGE_CLEAR_CACHE = "clear";
    protected static final String REQUESTED_PROXIES_CACHE = TrustedProxyManagerImpl.class.getName() + "_requested_proxies";
    private static final Logger logger = LoggerFactory.getLogger(TrustedProxyManagerImpl.class);
    private static final char DELIMITER = ',';
    private final PropertyManager propertyManager;
    private final Cache<String, Boolean> cache;
    private final ClusterMessageService clusterMessageService;
    private final SingleClusterMessageListener cacheInvalidationListener = new SingleClusterMessageListener(CLUSTER_MESSAGE_CHANNEL, CLUSTER_MESSAGE_CLEAR_CACHE, this::clearCache);

    public TrustedProxyManagerImpl(PropertyManager propertyManager, Cache<String, Boolean> cache, ClusterMessageService clusterMessageService) {
        this.propertyManager = propertyManager;
        this.cache = cache;
        this.clusterMessageService = clusterMessageService;
    }

    @PostConstruct
    public void registerListeners() {
        this.clusterMessageService.registerListener(this.cacheInvalidationListener, CLUSTER_MESSAGE_CHANNEL);
    }

    @PreDestroy
    public void unregisterListeners() {
        this.clusterMessageService.unregisterListener(this.cacheInvalidationListener);
    }

    public boolean isTrusted(String str) {
        Boolean bool = (Boolean) this.cache.get(str);
        if (bool == null) {
            try {
                bool = Boolean.valueOf(match(getTrustedProxies(), str));
            } catch (IllegalArgumentException e) {
                logger.warn("Received invalid IP address: " + str);
                bool = false;
            }
            this.cache.put(str, bool);
        }
        return bool.booleanValue();
    }

    public Set<String> getAddresses() {
        return (Set) MoreObjects.firstNonNull(getAddressesFromPropertyManager(), Collections.emptySet());
    }

    public boolean addAddress(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        Set<String> addressesFromPropertyManager = getAddressesFromPropertyManager();
        int size = addressesFromPropertyManager.size();
        HashSet newHashSet = Sets.newHashSet(addressesFromPropertyManager);
        for (String str2 : StringUtils.split(str, ',')) {
            if (!StringUtils.isBlank(str2)) {
                newHashSet.add(str2.trim());
            }
        }
        if (size != newHashSet.size()) {
            return saveAddresses(ImmutableSet.copyOf(newHashSet));
        }
        return false;
    }

    public void removeAddress(String str) {
        Set<String> addressesFromPropertyManager = getAddressesFromPropertyManager();
        if (addressesFromPropertyManager.contains(str)) {
            saveAddresses(ImmutableSet.copyOf(Sets.difference(addressesFromPropertyManager, Collections.singleton(str))));
        }
    }

    private Set<String> getAddressesFromPropertyManager() {
        try {
            String trustedProxyServers = this.propertyManager.getTrustedProxyServers();
            if (!StringUtils.isBlank(trustedProxyServers)) {
                return ImmutableSet.copyOf(StringUtils.split(trustedProxyServers, ','));
            }
        } catch (PropertyManagerException e) {
            logger.debug("No proxies loaded", e);
        }
        return Collections.emptySet();
    }

    private boolean setProperty(String str) {
        try {
            this.propertyManager.setTrustedProxyServers(str);
            return true;
        } catch (RuntimeException e) {
            logger.warn("Unable to save list of trusted proxy servers", e);
            return false;
        }
    }

    static String omitScopeForIpv6Loopback(String str) {
        return str.equals("0:0:0:0:0:0:0:1%0") ? "0:0:0:0:0:0:0:1" : str;
    }

    private boolean match(Iterable<RemoteAddress> iterable, String str) {
        IPMatcher.Builder builder = IPMatcher.builder();
        Iterator<RemoteAddress> it = iterable.iterator();
        while (it.hasNext()) {
            builder.addPatternOrHost(it.next().getAddress());
        }
        return builder.build().matches(omitScopeForIpv6Loopback(str));
    }

    private Set<RemoteAddress> getTrustedProxies() {
        Set<String> addressesFromPropertyManager = getAddressesFromPropertyManager();
        ImmutableSet.Builder builder = ImmutableSet.builder();
        Iterator<String> it = addressesFromPropertyManager.iterator();
        while (it.hasNext()) {
            builder.add(new RemoteAddress(it.next()));
        }
        return builder.build();
    }

    private boolean saveAddresses(Collection<String> collection) {
        boolean property = setProperty(StringUtils.join(collection, ','));
        clearCache();
        this.clusterMessageService.publish(CLUSTER_MESSAGE_CHANNEL, CLUSTER_MESSAGE_CLEAR_CACHE);
        return property;
    }

    private void clearCache() {
        this.cache.removeAll();
    }
}
