package com.floragunn.searchguard.http;

import com.floragunn.searchguard.support.ConfigConstants;
import java.net.InetSocketAddress;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/http/RemoteIpDetector.class */
class RemoteIpDetector {
    private static final Pattern commaSeparatedValuesPattern = Pattern.compile("\\s*,\\s*");
    protected final Logger log = LogManager.getLogger(getClass());
    private Pattern internalProxies = Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
    private String proxiesHeader = "X-Forwarded-By";
    private String remoteIpHeader = "X-Forwarded-For";
    private Pattern trustedProxies = null;

    protected static String[] commaDelimitedListToStringArray(String str) {
        return (str == null || str.length() == 0) ? new String[0] : commaSeparatedValuesPattern.split(str);
    }

    protected static String listToCommaDelimitedString(List<String> list) {
        if (list == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next != null) {
                sb.append((Object) next);
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
        }
        return sb.toString();
    }

    public String getInternalProxies() {
        if (this.internalProxies == null) {
            return null;
        }
        return this.internalProxies.toString();
    }

    public String getProxiesHeader() {
        return this.proxiesHeader;
    }

    public String getRemoteIpHeader() {
        return this.remoteIpHeader;
    }

    public String getTrustedProxies() {
        if (this.trustedProxies == null) {
            return null;
        }
        return this.trustedProxies.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String detect(RestRequest restRequest, ThreadContext threadContext) {
        String hostAddress = ((InetSocketAddress) restRequest.getRemoteAddress()).getAddress().getHostAddress();
        restRequest.header(this.proxiesHeader);
        if (this.log.isTraceEnabled()) {
            this.log.trace("originalRemoteAddr {}", hostAddress);
        }
        if (this.internalProxies != null && this.internalProxies.matcher(hostAddress).matches()) {
            String str = null;
            LinkedList linkedList = new LinkedList();
            StringBuilder sb = new StringBuilder();
            List<String> allHeaderValues = restRequest.getAllHeaderValues(this.remoteIpHeader);
            if (allHeaderValues == null || allHeaderValues.isEmpty()) {
                return hostAddress;
            }
            for (String str2 : allHeaderValues) {
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(str2);
            }
            if (this.log.isTraceEnabled()) {
                this.log.trace("concatRemoteIpHeaderValue {}", sb.toString());
            }
            String[] commaDelimitedListToStringArray = commaDelimitedListToStringArray(sb.toString());
            int length = commaDelimitedListToStringArray.length - 1;
            while (length >= 0) {
                String str3 = commaDelimitedListToStringArray[length];
                str = str3;
                if (!this.internalProxies.matcher(str3).matches()) {
                    if (this.trustedProxies == null || !this.trustedProxies.matcher(str3).matches()) {
                        length--;
                        break;
                    }
                    linkedList.addFirst(str3);
                }
                length--;
            }
            LinkedList linkedList2 = new LinkedList();
            while (length >= 0) {
                linkedList2.addFirst(commaDelimitedListToStringArray[length]);
                length--;
            }
            if (str != null) {
                if (this.log.isTraceEnabled()) {
                    this.log.trace("Incoming request " + restRequest.uri() + " with originalRemoteAddr '" + hostAddress + "', originalRemoteHost='" + ((InetSocketAddress) restRequest.getRemoteAddress()).getAddress().getHostName() + "', will be seen as newRemoteAddr='" + str);
                }
                threadContext.putTransient(ConfigConstants.SG_XFF_DONE, Boolean.TRUE);
                return str;
            }
            this.log.warn("Remote ip could not be detected, this should normally not happen");
        } else if (this.log.isTraceEnabled()) {
            this.log.trace("Skip RemoteIpDetector for request " + restRequest.uri() + " with originalRemoteAddr '" + restRequest.getRemoteAddress() + "' cause no internal proxy matches");
        }
        return hostAddress;
    }

    public void setInternalProxies(String str) {
        if (str == null || str.length() == 0) {
            this.internalProxies = null;
        } else {
            this.internalProxies = Pattern.compile(str);
        }
    }

    public void setProxiesHeader(String str) {
        this.proxiesHeader = str;
    }

    public void setRemoteIpHeader(String str) {
        this.remoteIpHeader = str;
    }

    public void setTrustedProxies(String str) {
        if (str == null || str.length() == 0) {
            this.trustedProxies = null;
        } else {
            this.trustedProxies = Pattern.compile(str);
        }
    }
}
