package org.apache.openejb.server;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.LinkedList;
import java.util.Properties;
import java.util.StringTokenizer;
import org.apache.openejb.server.auth.ExactIPAddressPermission;
import org.apache.openejb.server.auth.ExactIPv6AddressPermission;
import org.apache.openejb.server.auth.IPAddressPermission;
import org.apache.openejb.server.auth.IPAddressPermissionFactory;
import org.apache.openejb.server.auth.PermitAllPermission;

/* loaded from: input_file:org/apache/openejb/server/ServiceAccessController.class */
public class ServiceAccessController implements ServerService {
    private final ServerService next;
    private IPAddressPermission[] hostPermissions;

    public ServiceAccessController(ServerService serverService) {
        this.next = serverService;
    }

    @Override // org.apache.openejb.server.ServerService
    public void service(Socket socket) throws ServiceException, IOException {
        checkHostsAuthorization(socket.getInetAddress(), socket.getLocalAddress());
        this.next.service(socket);
    }

    @Override // org.apache.openejb.server.ServerService
    public void service(InputStream inputStream, OutputStream outputStream) throws ServiceException, IOException {
        throw new UnsupportedOperationException("service(in,out)");
    }

    public void checkHostsAuthorization(InetAddress inetAddress, InetAddress inetAddress2) throws SecurityException {
        if (inetAddress.equals(inetAddress2)) {
            return;
        }
        for (IPAddressPermission iPAddressPermission : this.hostPermissions) {
            if (iPAddressPermission.implies(inetAddress)) {
                return;
            }
        }
        throw new SecurityException("Host " + inetAddress.getHostAddress() + " is not authorized to access this service.");
    }

    private void parseAdminIPs(Properties properties) throws ServiceException {
        LinkedList<IPAddressPermission> linkedList = new LinkedList<>();
        String property = properties.getProperty("only_from");
        if (property == null) {
            linkedList.add(new PermitAllPermission());
        } else {
            addIPAddressPermissions(linkedList, "localhost");
            StringTokenizer stringTokenizer = new StringTokenizer(property, ", \n\t");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                try {
                    linkedList.add(IPAddressPermissionFactory.getIPAddressMask(nextToken));
                } catch (IllegalArgumentException e) {
                    addIPAddressPermissions(linkedList, nextToken);
                }
            }
        }
        this.hostPermissions = (IPAddressPermission[]) linkedList.toArray(new IPAddressPermission[linkedList.size()]);
    }

    private void addIPAddressPermissions(LinkedList<IPAddressPermission> linkedList, String str) throws ServiceException {
        try {
            InetAddress[] allByName = InetAddress.getAllByName(str);
            for (int i = 0; i < allByName.length; i++) {
                if (allByName[i] instanceof Inet4Address) {
                    linkedList.add(new ExactIPAddressPermission(allByName[i].getAddress()));
                } else {
                    linkedList.add(new ExactIPv6AddressPermission(allByName[i].getAddress()));
                }
            }
        } catch (UnknownHostException e) {
            throw new ServiceException("Could not get " + str + " inet address", e);
        }
    }

    public void init(Properties properties) throws Exception {
        parseAdminIPs(properties);
        this.next.init(properties);
    }

    @Override // org.apache.openejb.server.ServerService
    public void start() throws ServiceException {
        this.next.start();
    }

    @Override // org.apache.openejb.server.ServerService
    public void stop() throws ServiceException {
        this.next.stop();
    }

    @Override // org.apache.openejb.server.ServerService
    public String getName() {
        return this.next.getName();
    }

    @Override // org.apache.openejb.server.ServerService
    public String getIP() {
        return this.next.getIP();
    }

    @Override // org.apache.openejb.server.ServerService
    public int getPort() {
        return this.next.getPort();
    }
}
