package org.apache.qpid.server.security.access.plugins.network;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.XMLConfiguration;
import org.apache.qpid.server.protocol.AMQMinaProtocolSession;
import org.apache.qpid.server.protocol.AMQProtocolSession;
import org.apache.qpid.server.security.access.ACLPlugin;
import org.apache.qpid.server.security.access.ACLPluginFactory;
import org.apache.qpid.server.security.access.plugins.AbstractACLPlugin;
import org.apache.qpid.server.virtualhost.VirtualHost;
import org.apache.qpid.util.NetMatcher;

/* loaded from: input_file:org/apache/qpid/server/security/access/plugins/network/FirewallPlugin.class */
public class FirewallPlugin extends AbstractACLPlugin {
    public static final ACLPluginFactory FACTORY = new ACLPluginFactory() { // from class: org.apache.qpid.server.security.access.plugins.network.FirewallPlugin.1
        @Override // org.apache.qpid.server.security.access.ACLPluginFactory
        public boolean supportsTag(String str) {
            return str.startsWith("firewall");
        }

        @Override // org.apache.qpid.server.security.access.ACLPluginFactory
        public ACLPlugin newInstance(Configuration configuration) throws ConfigurationException {
            FirewallPlugin firewallPlugin = new FirewallPlugin();
            firewallPlugin.setConfiguration(configuration.subset("firewall"));
            return firewallPlugin;
        }
    };
    private ACLPlugin.AuthzResult _default = ACLPlugin.AuthzResult.ABSTAIN;
    private FirewallRule[] _rules;

    /* loaded from: input_file:org/apache/qpid/server/security/access/plugins/network/FirewallPlugin$FirewallPluginException.class */
    public class FirewallPluginException extends Exception {
        public FirewallPluginException() {
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/security/access/plugins/network/FirewallPlugin$FirewallRule.class */
    public class FirewallRule {
        private static final long DNS_TIMEOUT = 30000;
        private ACLPlugin.AuthzResult _access;
        private NetMatcher _network;
        private Pattern[] _hostnamePatterns;

        public FirewallRule(String str, List list, List list2) {
            this._access = str.equals("allow") ? ACLPlugin.AuthzResult.ALLOWED : ACLPlugin.AuthzResult.DENIED;
            if (list != null && list.size() > 0) {
                this._network = new NetMatcher(objListToStringArray(list));
            }
            if (list2 == null || list2.size() <= 0) {
                return;
            }
            int i = 0;
            this._hostnamePatterns = new Pattern[list2.size()];
            for (String str2 : objListToStringArray(list2)) {
                int i2 = i;
                i++;
                this._hostnamePatterns[i2] = Pattern.compile(str2);
            }
        }

        private String[] objListToStringArray(List list) {
            String[] strArr = new String[list.size()];
            int i = 0;
            Iterator it = list.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                strArr[i2] = (String) it.next();
            }
            return strArr;
        }

        public boolean match(InetAddress inetAddress) throws FirewallPluginException {
            if (this._hostnamePatterns == null) {
                return this._network.matchInetNetwork(inetAddress);
            }
            String hostname = getHostname(inetAddress);
            if (hostname == null) {
                throw new FirewallPluginException();
            }
            for (Pattern pattern : this._hostnamePatterns) {
                if (pattern.matcher(hostname).matches()) {
                    return true;
                }
            }
            return false;
        }

        private String getHostname(final InetAddress inetAddress) {
            final String[] strArr = {null};
            final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            new Thread(new Runnable() { // from class: org.apache.qpid.server.security.access.plugins.network.FirewallPlugin.FirewallRule.1
                @Override // java.lang.Runnable
                public void run() {
                    strArr[0] = inetAddress.getCanonicalHostName();
                    atomicBoolean.getAndSet(true);
                    synchronized (atomicBoolean) {
                        atomicBoolean.notifyAll();
                    }
                }
            }).run();
            long currentTimeMillis = System.currentTimeMillis() + DNS_TIMEOUT;
            while (System.currentTimeMillis() < currentTimeMillis && !atomicBoolean.get()) {
                try {
                    synchronized (atomicBoolean) {
                        atomicBoolean.wait(currentTimeMillis - System.currentTimeMillis());
                    }
                } catch (InterruptedException e) {
                }
            }
            return strArr[0];
        }

        public ACLPlugin.AuthzResult getAccess() {
            return this._access;
        }
    }

    @Override // org.apache.qpid.server.security.access.plugins.AbstractACLPlugin, org.apache.qpid.server.security.access.ACLPlugin
    public ACLPlugin.AuthzResult authoriseConnect(AMQProtocolSession aMQProtocolSession, VirtualHost virtualHost) {
        InetAddress inetAdressFromMinaSession;
        if ((aMQProtocolSession instanceof AMQMinaProtocolSession) && (inetAdressFromMinaSession = getInetAdressFromMinaSession((AMQMinaProtocolSession) aMQProtocolSession)) != null) {
            for (FirewallRule firewallRule : this._rules) {
                try {
                    if (firewallRule.match(inetAdressFromMinaSession)) {
                        return firewallRule.getAccess();
                    }
                } catch (FirewallPluginException e) {
                    return ACLPlugin.AuthzResult.DENIED;
                }
            }
            return this._default;
        }
        return ACLPlugin.AuthzResult.ABSTAIN;
    }

    private InetAddress getInetAdressFromMinaSession(AMQMinaProtocolSession aMQMinaProtocolSession) {
        SocketAddress remoteAddress = aMQMinaProtocolSession.getIOSession().getRemoteAddress();
        if (remoteAddress instanceof InetSocketAddress) {
            return ((InetSocketAddress) remoteAddress).getAddress();
        }
        return null;
    }

    @Override // org.apache.qpid.server.security.access.ACLPlugin
    public void setConfiguration(Configuration configuration) throws ConfigurationException {
        String string = configuration.getString("[@default-action]");
        if (string == null) {
            this._default = ACLPlugin.AuthzResult.ABSTAIN;
        } else if (string.toLowerCase().equals("allow")) {
            this._default = ACLPlugin.AuthzResult.ALLOWED;
        } else {
            this._default = ACLPlugin.AuthzResult.DENIED;
        }
        CompositeConfiguration compositeConfiguration = new CompositeConfiguration(configuration);
        Iterator it = configuration.getList("xml[@fileName]").iterator();
        while (it.hasNext()) {
            compositeConfiguration.addConfiguration(new XMLConfiguration((String) it.next()));
        }
        int size = compositeConfiguration.getList("rule[@access]").size();
        this._rules = new FirewallRule[size];
        for (int i = 0; i < size; i++) {
            this._rules[i] = new FirewallRule(compositeConfiguration.getString("rule(" + i + ")[@access]"), compositeConfiguration.getList("rule(" + i + ")[@network]"), compositeConfiguration.getList("rule(" + i + ")[@hostname]"));
        }
    }
}
