package com.sshtools.common.permissions;

import com.sshtools.common.logger.Log;
import com.sshtools.common.net.CIDRNetwork;
import com.sshtools.common.util.ExpiringConcurrentHashMap;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/sshtools/common/permissions/IPPolicy.class */
public class IPPolicy extends Permissions {
    static final int ALLOW_CONNECT = 1;
    static final int DISABLE_BAN = 2;
    ExpiringConcurrentHashMap<InetAddress, Integer> flaggedAddressCounts;
    IPStore blacklist = new IPStore();
    IPStore whitelist = new IPStore();
    int failedAuthenticationThreshold = 15;
    ExpiringConcurrentHashMap<InetAddress, Boolean> temporaryBans = new ExpiringConcurrentHashMap<>(TimeUnit.HOURS.toMillis(5));

    public IPPolicy() {
        add(1);
        setFailedAuthenticationThresholdPeriod(5L, TimeUnit.MINUTES);
    }

    public void setFailedAuthenticationCountThreshold(int i) {
        this.failedAuthenticationThreshold = i;
    }

    public void setFailedAuthenticationThresholdPeriod(long j, TimeUnit timeUnit) {
        this.flaggedAddressCounts = new ExpiringConcurrentHashMap<>(timeUnit.toMillis(j));
    }

    public void setTemporaryBanTime(long j) {
        if (j <= 0) {
            throw new IllegalArgumentException("Temporary ban period must be more than zero");
        }
        ExpiringConcurrentHashMap<InetAddress, Boolean> expiringConcurrentHashMap = new ExpiringConcurrentHashMap<>(TimeUnit.MINUTES.toMillis(j));
        expiringConcurrentHashMap.putAll(this.temporaryBans);
        this.temporaryBans = expiringConcurrentHashMap;
    }

    public void disableTemporaryBanning() {
        add(2);
    }

    public void enableTemporaryBanning() {
        remove(2);
    }

    public long getTemporaryBanTime() {
        return this.temporaryBans.getExpiryTime();
    }

    protected boolean assertConnection(InetAddress inetAddress, InetAddress inetAddress2) {
        if (!check(1)) {
            return false;
        }
        if (check(2)) {
            return true;
        }
        return assertAllowed(inetAddress, inetAddress2);
    }

    protected boolean assertAllowed(InetAddress inetAddress, InetAddress inetAddress2) {
        try {
            boolean z = true;
            if (this.temporaryBans.getOrDefault(inetAddress, false).booleanValue()) {
                Log.info("Rejecting IP {} because of temporary ban", inetAddress.getHostAddress());
                return false;
            }
            String hostAddress = inetAddress.getHostAddress();
            if (!this.whitelist.isEmpty()) {
                z = isListed(hostAddress, this.whitelist);
            }
            boolean isListed = isListed(hostAddress, this.blacklist);
            if (Log.isTraceEnabled()) {
                Object[] objArr = new Object[2];
                objArr[0] = inetAddress.toString();
                objArr[1] = (!z || isListed) ? "denied" : "allowed";
                Log.trace("{} is {} by IP policy", objArr);
            }
            return z && !isListed;
        } catch (UnknownHostException e) {
            throw new IllegalArgumentException("Invalid IP range");
        }
    }

    protected boolean isListed(String str, IPStore iPStore) throws UnknownHostException {
        Iterator<CIDRNetwork> it = iPStore.getIPs().iterator();
        while (it.hasNext()) {
            if (it.next().isValidAddressForNetwork(str)) {
                return true;
            }
        }
        return false;
    }

    public void flagAddress(String str) {
        try {
            flagAddress(InetAddress.getByName(str));
        } catch (UnknownHostException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public void flagAddress(InetAddress inetAddress) {
        if (check(2)) {
            return;
        }
        Integer orDefault = this.flaggedAddressCounts.getOrDefault(inetAddress, 0);
        if (orDefault.intValue() >= this.failedAuthenticationThreshold) {
            if (Log.isInfoEnabled()) {
                Log.info("Temporarily banning IP address {} due to failed authentication count of {}", inetAddress.getHostAddress(), orDefault);
            }
            this.temporaryBans.put(inetAddress, true);
        } else {
            Integer valueOf = Integer.valueOf(orDefault.intValue() + 1);
            if (Log.isInfoEnabled()) {
                Log.info("Flagging IP address {} with failed authentication count of {}", inetAddress.getHostAddress(), valueOf);
            }
            this.flaggedAddressCounts.put(inetAddress, valueOf);
        }
    }

    public final boolean checkConnection(InetAddress inetAddress, InetAddress inetAddress2) {
        return assertConnection(inetAddress, inetAddress2);
    }

    public final boolean checkConnection(String str, String str2) {
        try {
            return assertConnection(InetAddress.getByAddress(convertAddress(str)), InetAddress.getByAddress(convertAddress(str)));
        } catch (UnknownHostException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    private byte[] convertAddress(String str) {
        byte[] bArr = new byte[4];
        String[] split = str.split("\\.");
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) Integer.parseInt(split[i], 10);
        }
        return bArr;
    }

    public void stopAcceptingConnections() {
        if (Log.isInfoEnabled()) {
            Log.info("Stop accepting connections on IP Policy", new Object[0]);
        }
        remove(1);
    }

    public void startAcceptingConnections() {
        if (Log.isInfoEnabled()) {
            Log.info("Start accepting connections on IP Policy", new Object[0]);
        }
        add(1);
    }

    public void blacklist(String str) throws UnknownHostException {
        Log.info("Blacklisting IP address {}", str);
        this.blacklist.add(str);
    }

    public void whitelist(String str) throws UnknownHostException {
        Log.info("Whitelisting IP address {}", str);
        this.whitelist.add(str);
    }

    public IPStore getBlacklist() {
        return this.blacklist;
    }

    public void setBlacklist(IPStore iPStore) {
        this.blacklist = iPStore;
    }

    public IPStore getWhitelist() {
        return this.whitelist;
    }

    public void setWhitelist(IPStore iPStore) {
        this.whitelist = iPStore;
    }
}
