package com.atlassian.crowd.manager.validation;

import com.atlassian.crowd.manager.property.PropertyManager;
import com.atlassian.crowd.manager.proxy.TrustedProxyManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.application.RemoteAddress;
import com.atlassian.crowd.util.I18nHelper;
import com.atlassian.crowd.util.RemoteAddressCacheUtil;
import com.atlassian.crowd.util.RemoteAddressHelper;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.Validate;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/manager/validation/ClientValidationManagerImpl.class */
public class ClientValidationManagerImpl implements ClientValidationManager {
    private static final Logger LOGGER = Logger.getLogger(ClientValidationManagerImpl.class);
    private final RemoteAddressCacheUtil cacheUtil;
    private final PropertyManager propertyManager;
    private final TrustedProxyManager trustedProxyManager;
    private final I18nHelper i18nHelper;

    public ClientValidationManagerImpl(RemoteAddressCacheUtil remoteAddressCacheUtil, PropertyManager propertyManager, TrustedProxyManager trustedProxyManager, I18nHelper i18nHelper) {
        this.cacheUtil = remoteAddressCacheUtil;
        this.propertyManager = propertyManager;
        this.trustedProxyManager = trustedProxyManager;
        this.i18nHelper = i18nHelper;
    }

    @Override // com.atlassian.crowd.manager.validation.ClientValidationManager
    public void validate(Application application, HttpServletRequest httpServletRequest) throws ClientValidationException {
        Validate.notNull(application);
        Validate.notNull(httpServletRequest);
        validateApplicationActive(application);
        validateRemoteAddress(application, httpServletRequest);
    }

    private void validateApplicationActive(Application application) throws ClientValidationException {
        if (!application.isActive()) {
            throw new ClientValidationException(this.i18nHelper.getText("application.inactive.error", application.getName()));
        }
    }

    private void validateRemoteAddress(Application application, HttpServletRequest httpServletRequest) throws ClientValidationException {
        String trustedAddress = XForwardedForUtil.getTrustedAddress(this.trustedProxyManager, httpServletRequest);
        String remoteHost = httpServletRequest.getRemoteHost();
        ArrayList arrayList = new ArrayList();
        Iterator it = Arrays.asList(trustedAddress, remoteHost).iterator();
        while (it.hasNext()) {
            arrayList.add(new RemoteAddress((String) it.next()));
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Client address: " + trustedAddress);
            LOGGER.debug("Client host: " + remoteHost);
        }
        boolean isCacheEnabled = this.propertyManager.isCacheEnabled();
        if ((isCacheEnabled && findValidAddressInCache(application, arrayList)) || findValidAddress(application, application.getRemoteAddresses(), arrayList, isCacheEnabled)) {
            return;
        }
        String text = this.i18nHelper.getText("client.forbidden.exception", Arrays.asList(trustedAddress, remoteHost, application.getName()));
        LOGGER.info(text);
        throw new ClientValidationException(text);
    }

    private boolean findValidAddress(Application application, Collection<RemoteAddress> collection, List<RemoteAddress> list, boolean z) {
        for (RemoteAddress remoteAddress : list) {
            boolean isAddressValid = isAddressValid(collection, remoteAddress);
            if (z) {
                this.cacheUtil.setPermitted(application, remoteAddress, isAddressValid);
            }
            if (isAddressValid) {
                return true;
            }
        }
        return false;
    }

    private boolean isAddressValid(Collection<RemoteAddress> collection, RemoteAddress remoteAddress) {
        Iterator<RemoteAddress> it = collection.iterator();
        while (it.hasNext()) {
            if (RemoteAddressHelper.isAddressAllowed(it.next(), remoteAddress)) {
                return true;
            }
        }
        return false;
    }

    private boolean findValidAddressInCache(Application application, List<RemoteAddress> list) {
        Iterator<RemoteAddress> it = list.iterator();
        while (it.hasNext()) {
            if (this.cacheUtil.getPermitted(application, it.next())) {
                return true;
            }
            it.remove();
        }
        return false;
    }
}
