package org.apache.catalina.filters;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.util.NetMask;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-9.0.45.jar:org/apache/catalina/filters/RemoteCIDRFilter.class */
public final class RemoteCIDRFilter extends FilterBase {
    private static final String PLAIN_TEXT_MIME_TYPE = "text/plain";
    private final Log log = LogFactory.getLog((Class<?>) RemoteCIDRFilter.class);
    private final List<NetMask> allow = new ArrayList();
    private final List<NetMask> deny = new ArrayList();

    public String getAllow() {
        return this.allow.toString().replace("[", "").replace("]", "");
    }

    public void setAllow(String str) {
        List<String> fillFromInput = fillFromInput(str, this.allow);
        if (fillFromInput.isEmpty()) {
            return;
        }
        Iterator<String> it = fillFromInput.iterator();
        while (it.hasNext()) {
            this.log.error(it.next());
        }
        throw new IllegalArgumentException(sm.getString("remoteCidrFilter.invalid", "allow"));
    }

    public String getDeny() {
        return this.deny.toString().replace("[", "").replace("]", "");
    }

    public void setDeny(String str) {
        List<String> fillFromInput = fillFromInput(str, this.deny);
        if (fillFromInput.isEmpty()) {
            return;
        }
        Iterator<String> it = fillFromInput.iterator();
        while (it.hasNext()) {
            this.log.error(it.next());
        }
        throw new IllegalArgumentException(sm.getString("remoteCidrFilter.invalid", "deny"));
    }

    @Override // org.apache.catalina.filters.FilterBase
    protected boolean isConfigProblemFatal() {
        return true;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isAllowed(servletRequest.getRemoteAddr())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (servletResponse instanceof HttpServletResponse) {
            ((HttpServletResponse) servletResponse).sendError(403);
        } else {
            sendErrorWhenNotHttp(servletResponse);
        }
    }

    @Override // org.apache.catalina.filters.FilterBase
    public Log getLogger() {
        return this.log;
    }

    private boolean isAllowed(String str) {
        try {
            InetAddress byName = InetAddress.getByName(str);
            Iterator<NetMask> it = this.deny.iterator();
            while (it.hasNext()) {
                if (it.next().matches(byName)) {
                    return false;
                }
            }
            Iterator<NetMask> it2 = this.allow.iterator();
            while (it2.hasNext()) {
                if (it2.next().matches(byName)) {
                    return true;
                }
            }
            return !this.deny.isEmpty() && this.allow.isEmpty();
        } catch (UnknownHostException e) {
            this.log.error(sm.getString("remoteCidrFilter.noRemoteIp"), e);
            return false;
        }
    }

    private void sendErrorWhenNotHttp(ServletResponse servletResponse) throws IOException {
        PrintWriter writer = servletResponse.getWriter();
        servletResponse.setContentType("text/plain");
        writer.write(sm.getString("http.403"));
        writer.flush();
    }

    private List<String> fillFromInput(String str, List<NetMask> list) {
        list.clear();
        if (str == null || str.isEmpty()) {
            return Collections.emptyList();
        }
        LinkedList linkedList = new LinkedList();
        for (String str2 : str.split("\\s*,\\s*")) {
            try {
                list.add(new NetMask(str2));
            } catch (IllegalArgumentException e) {
                linkedList.add(str2 + ": " + e.getMessage());
            }
        }
        return Collections.unmodifiableList(linkedList);
    }
}
