package org.apache.qpid.server.security.access.firewall;

import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.FutureTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/access/firewall/HostnameFirewallRule.class */
public class HostnameFirewallRule extends AbstractFirewallRuleImpl {
    private static final long DNS_TIMEOUT = 30000;
    private final List<Pattern> _hostnamePatterns;
    private final Set<String> _hostnames;
    private static final Logger LOGGER = LoggerFactory.getLogger(HostnameFirewallRule.class);
    private static final ExecutorService DNS_LOOKUP = Executors.newCachedThreadPool();

    public HostnameFirewallRule(String... strArr) {
        this(Arrays.asList(strArr));
    }

    public HostnameFirewallRule(Collection<String> collection) {
        this._hostnames = new HashSet(collection);
        this._hostnamePatterns = new ArrayList(this._hostnames.size());
        Iterator<String> it = this._hostnames.iterator();
        while (it.hasNext()) {
            this._hostnamePatterns.add(Pattern.compile(it.next()));
        }
        LOGGER.debug("Created {}", this);
    }

    @Override // org.apache.qpid.server.security.access.firewall.AbstractFirewallRuleImpl
    boolean matches(InetAddress inetAddress) {
        String hostname = getHostname(inetAddress);
        if (hostname == null) {
            throw new AccessControlFirewallException("DNS lookup failed for address " + inetAddress);
        }
        for (Pattern pattern : this._hostnamePatterns) {
            if (pattern.matcher(hostname).matches()) {
                LOGGER.debug("Hostname '{}' matches rule '{}'", hostname, pattern);
                return true;
            }
        }
        LOGGER.debug("Hostname '{}' matches no configured hostname patterns", hostname);
        return false;
    }

    private String getHostname(InetAddress inetAddress) {
        Objects.requireNonNull(inetAddress);
        FutureTask futureTask = new FutureTask(inetAddress::getCanonicalHostName);
        DNS_LOOKUP.execute(futureTask);
        try {
            try {
                String str = (String) futureTask.get(DNS_TIMEOUT, TimeUnit.MILLISECONDS);
                futureTask.cancel(true);
                return str;
            } catch (InterruptedException | RuntimeException | ExecutionException | TimeoutException e) {
                LOGGER.warn(String.format("Unable to look up hostname from address '%s'", inetAddress), e);
                futureTask.cancel(true);
                return null;
            }
        } catch (Throwable th) {
            futureTask.cancel(true);
            throw th;
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return this._hostnames.equals(((HostnameFirewallRule) obj)._hostnames);
    }

    public int hashCode() {
        return this._hostnames.hashCode();
    }

    public String toString() {
        return "HostnameFirewallRule[hostnames=" + this._hostnames + "]";
    }

    @Override // org.apache.qpid.server.security.access.firewall.AbstractFirewallRuleImpl, org.apache.qpid.server.security.access.config.FirewallRule
    public /* bridge */ /* synthetic */ boolean matches(Subject subject) {
        return super.matches(subject);
    }
}
