package org.apache.catalina.valves;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.tomcat.util.http.BaseRequest;
import org.apache.tomcat.util.res.StringManager;
import org.jboss.logging.Logger;

/* loaded from: input_file:eap6/api-jars/jbossweb-7.0.13.Final.jar:org/apache/catalina/valves/RemoteIpValve.class */
public class RemoteIpValve extends ValveBase {
    private static final String info = "org.apache.catalina.connector.RemoteIpValve/1.0";
    private int httpServerPort = 80;
    private int httpsServerPort = 443;
    private Pattern[] internalProxies = {Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("192\\.168\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("169\\.254\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}")};
    private String protocolHeader = null;
    private String protocolHeaderHttpsValue = BaseRequest.SCHEME_HTTPS;
    private String proxiesHeader = "X-Forwarded-By";
    private String remoteIpHeader = "X-Forwarded-For";
    private Pattern[] trustedProxies = new Pattern[0];
    private static final Pattern commaSeparatedValuesPattern = Pattern.compile("\\s*,\\s*");
    private static Logger log = Logger.getLogger((Class<?>) RemoteIpValve.class);
    protected static final StringManager sm = StringManager.getManager(Constants.Package);

    protected static Pattern[] commaDelimitedListToPatternArray(String str) {
        String[] commaDelimitedListToStringArray = commaDelimitedListToStringArray(str);
        ArrayList arrayList = new ArrayList();
        for (String str2 : commaDelimitedListToStringArray) {
            try {
                arrayList.add(Pattern.compile(str2));
            } catch (PatternSyntaxException e) {
                throw new IllegalArgumentException(sm.getString("remoteIpValve.syntax", str2), e);
            }
        }
        return (Pattern[]) arrayList.toArray(new Pattern[0]);
    }

    protected static String[] commaDelimitedListToStringArray(String str) {
        return (str == null || str.length() == 0) ? new String[0] : commaSeparatedValuesPattern.split(str);
    }

    protected static String listToCommaDelimitedString(List<String> list) {
        if (list == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next != null) {
                sb.append((Object) next);
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
        }
        return sb.toString();
    }

    protected static boolean matchesOne(String str, Pattern... patternArr) {
        for (Pattern pattern : patternArr) {
            if (pattern.matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    public int getHttpsServerPort() {
        return this.httpsServerPort;
    }

    public int getHttpServerPort() {
        return this.httpServerPort;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    public String getInternalProxies() {
        ArrayList arrayList = new ArrayList();
        for (Pattern pattern : this.internalProxies) {
            arrayList.add(String.valueOf(pattern));
        }
        return listToCommaDelimitedString(arrayList);
    }

    public String getProtocolHeader() {
        return this.protocolHeader;
    }

    public String getProtocolHeaderHttpsValue() {
        return this.protocolHeaderHttpsValue;
    }

    public String getProxiesHeader() {
        return this.proxiesHeader;
    }

    public String getRemoteIpHeader() {
        return this.remoteIpHeader;
    }

    public String getTrustedProxies() {
        ArrayList arrayList = new ArrayList();
        for (Pattern pattern : this.trustedProxies) {
            arrayList.add(String.valueOf(pattern));
        }
        return listToCommaDelimitedString(arrayList);
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        String header;
        String remoteAddr = request.getRemoteAddr();
        String remoteHost = request.getRemoteHost();
        String scheme = request.getScheme();
        boolean isSecure = request.isSecure();
        int serverPort = request.getServerPort();
        if (matchesOne(remoteAddr, this.internalProxies)) {
            String str = null;
            LinkedList linkedList = new LinkedList();
            String[] commaDelimitedListToStringArray = commaDelimitedListToStringArray(request.getHeader(this.remoteIpHeader));
            int length = commaDelimitedListToStringArray.length - 1;
            while (true) {
                if (length < 0) {
                    break;
                }
                String str2 = commaDelimitedListToStringArray[length];
                str = str2;
                if (!matchesOne(str2, this.internalProxies)) {
                    if (!matchesOne(str2, this.trustedProxies)) {
                        length--;
                        break;
                    }
                    linkedList.addFirst(str2);
                }
                length--;
            }
            LinkedList linkedList2 = new LinkedList();
            while (length >= 0) {
                linkedList2.addFirst(commaDelimitedListToStringArray[length]);
                length--;
            }
            if (str != null) {
                request.setRemoteAddr(str);
                request.setRemoteHost(str);
                if (linkedList.size() == 0) {
                    request.getCoyoteRequest().getMimeHeaders().removeHeader(this.proxiesHeader);
                } else {
                    request.getCoyoteRequest().getMimeHeaders().setValue(this.proxiesHeader).setString(listToCommaDelimitedString(linkedList));
                }
                if (linkedList2.size() == 0) {
                    request.getCoyoteRequest().getMimeHeaders().removeHeader(this.remoteIpHeader);
                } else {
                    request.getCoyoteRequest().getMimeHeaders().setValue(this.remoteIpHeader).setString(listToCommaDelimitedString(linkedList2));
                }
            }
            if (this.protocolHeader != null && (header = request.getHeader(this.protocolHeader)) != null) {
                if (this.protocolHeaderHttpsValue.equalsIgnoreCase(header)) {
                    request.setSecure(true);
                    request.getCoyoteRequest().scheme().setString(BaseRequest.SCHEME_HTTPS);
                    request.setServerPort(this.httpsServerPort);
                } else {
                    request.setSecure(false);
                    request.getCoyoteRequest().scheme().setString(BaseRequest.SCHEME_HTTP);
                    request.setServerPort(this.httpServerPort);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + remoteAddr + "', originalRemoteHost='" + remoteHost + "', originalSecure='" + isSecure + "', originalScheme='" + scheme + "' will be seen as newRemoteAddr='" + request.getRemoteAddr() + "', newRemoteHost='" + request.getRemoteHost() + "', newScheme='" + request.getScheme() + "', newSecure='" + request.isSecure() + "'");
            }
        }
        try {
            getNext().invoke(request, response);
            request.setRemoteAddr(remoteAddr);
            request.setRemoteHost(remoteHost);
            request.setSecure(isSecure);
            request.getCoyoteRequest().scheme().setString(scheme);
            request.setServerPort(serverPort);
        } catch (Throwable th) {
            request.setRemoteAddr(remoteAddr);
            request.setRemoteHost(remoteHost);
            request.setSecure(isSecure);
            request.getCoyoteRequest().scheme().setString(scheme);
            request.setServerPort(serverPort);
            throw th;
        }
    }

    public void setHttpServerPort(int i) {
        this.httpServerPort = i;
    }

    public void setHttpsServerPort(int i) {
        this.httpsServerPort = i;
    }

    public void setInternalProxies(String str) {
        this.internalProxies = commaDelimitedListToPatternArray(str);
    }

    public void setProtocolHeader(String str) {
        this.protocolHeader = str;
    }

    public void setProtocolHeaderHttpsValue(String str) {
        this.protocolHeaderHttpsValue = str;
    }

    public void setProxiesHeader(String str) {
        this.proxiesHeader = str;
    }

    public void setRemoteIpHeader(String str) {
        this.remoteIpHeader = str;
    }

    public void setTrustedProxies(String str) {
        this.trustedProxies = commaDelimitedListToPatternArray(str);
    }
}
