package org.apache.catalina.valves;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import net.sf.json.util.JSONUtils;
import org.apache.catalina.AccessLog;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.http.HttpHost;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.http.MimeHeaders;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-8.5.31.jar:org/apache/catalina/valves/RemoteIpValve.class */
public class RemoteIpValve extends ValveBase {
    private static final Pattern commaSeparatedValuesPattern = Pattern.compile("\\s*,\\s*");
    private static final Log log = LogFactory.getLog((Class<?>) RemoteIpValve.class);
    private int httpServerPort;
    private int httpsServerPort;
    private boolean changeLocalPort;
    private Pattern internalProxies;
    private String protocolHeader;
    private String protocolHeaderHttpsValue;
    private String portHeader;
    private String proxiesHeader;
    private String remoteIpHeader;
    private boolean requestAttributesEnabled;
    private Pattern trustedProxies;

    protected static String[] commaDelimitedListToStringArray(String str) {
        return (str == null || str.length() == 0) ? new String[0] : commaSeparatedValuesPattern.split(str);
    }

    protected static String listToCommaDelimitedString(List<String> list) {
        if (list == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next != null) {
                sb.append((Object) next);
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
        }
        return sb.toString();
    }

    public RemoteIpValve() {
        super(true);
        this.httpServerPort = 80;
        this.httpsServerPort = 443;
        this.changeLocalPort = false;
        this.internalProxies = Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
        this.protocolHeader = null;
        this.protocolHeaderHttpsValue = "https";
        this.portHeader = null;
        this.proxiesHeader = "X-Forwarded-By";
        this.remoteIpHeader = HttpHeaders.X_FORWARDED_FOR;
        this.requestAttributesEnabled = true;
        this.trustedProxies = null;
    }

    public int getHttpsServerPort() {
        return this.httpsServerPort;
    }

    public int getHttpServerPort() {
        return this.httpServerPort;
    }

    public boolean isChangeLocalPort() {
        return this.changeLocalPort;
    }

    public void setChangeLocalPort(boolean z) {
        this.changeLocalPort = z;
    }

    public String getPortHeader() {
        return this.portHeader;
    }

    public void setPortHeader(String str) {
        this.portHeader = str;
    }

    public String getInternalProxies() {
        if (this.internalProxies == null) {
            return null;
        }
        return this.internalProxies.toString();
    }

    public String getProtocolHeader() {
        return this.protocolHeader;
    }

    public String getProtocolHeaderHttpsValue() {
        return this.protocolHeaderHttpsValue;
    }

    public String getProxiesHeader() {
        return this.proxiesHeader;
    }

    public String getRemoteIpHeader() {
        return this.remoteIpHeader;
    }

    public boolean getRequestAttributesEnabled() {
        return this.requestAttributesEnabled;
    }

    public String getTrustedProxies() {
        if (this.trustedProxies == null) {
            return null;
        }
        return this.trustedProxies.toString();
    }

    @Override // org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        String header;
        String remoteAddr = request.getRemoteAddr();
        String remoteHost = request.getRemoteHost();
        String scheme = request.getScheme();
        boolean isSecure = request.isSecure();
        int serverPort = request.getServerPort();
        String header2 = request.getHeader(this.proxiesHeader);
        String header3 = request.getHeader(this.remoteIpHeader);
        if (this.internalProxies != null && this.internalProxies.matcher(remoteAddr).matches()) {
            String str = null;
            LinkedList linkedList = new LinkedList();
            StringBuilder sb = new StringBuilder();
            Enumeration<String> headers = request.getHeaders(this.remoteIpHeader);
            while (headers.hasMoreElements()) {
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(headers.nextElement());
            }
            String[] commaDelimitedListToStringArray = commaDelimitedListToStringArray(sb.toString());
            int length = commaDelimitedListToStringArray.length - 1;
            while (length >= 0) {
                String str2 = commaDelimitedListToStringArray[length];
                str = str2;
                if (!this.internalProxies.matcher(str2).matches()) {
                    if (this.trustedProxies == null || !this.trustedProxies.matcher(str2).matches()) {
                        length--;
                        break;
                    }
                    linkedList.addFirst(str2);
                }
                length--;
            }
            LinkedList linkedList2 = new LinkedList();
            while (length >= 0) {
                linkedList2.addFirst(commaDelimitedListToStringArray[length]);
                length--;
            }
            if (str != null) {
                request.setRemoteAddr(str);
                request.setRemoteHost(str);
                if (linkedList.size() == 0) {
                    request.getCoyoteRequest().getMimeHeaders().removeHeader(this.proxiesHeader);
                } else {
                    request.getCoyoteRequest().getMimeHeaders().setValue(this.proxiesHeader).setString(listToCommaDelimitedString(linkedList));
                }
                if (linkedList2.size() == 0) {
                    request.getCoyoteRequest().getMimeHeaders().removeHeader(this.remoteIpHeader);
                } else {
                    request.getCoyoteRequest().getMimeHeaders().setValue(this.remoteIpHeader).setString(listToCommaDelimitedString(linkedList2));
                }
            }
            if (this.protocolHeader != null && (header = request.getHeader(this.protocolHeader)) != null) {
                if (this.protocolHeaderHttpsValue.equalsIgnoreCase(header)) {
                    request.setSecure(true);
                    request.getCoyoteRequest().scheme().setString("https");
                    setPorts(request, this.httpsServerPort);
                } else {
                    request.setSecure(false);
                    request.getCoyoteRequest().scheme().setString(HttpHost.DEFAULT_SCHEME_NAME);
                    setPorts(request, this.httpServerPort);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + remoteAddr + "', originalRemoteHost='" + remoteHost + "', originalSecure='" + isSecure + "', originalScheme='" + scheme + "' will be seen as newRemoteAddr='" + request.getRemoteAddr() + "', newRemoteHost='" + request.getRemoteHost() + "', newScheme='" + request.getScheme() + "', newSecure='" + request.isSecure() + JSONUtils.SINGLE_QUOTE);
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Skip RemoteIpValve for request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() + JSONUtils.SINGLE_QUOTE);
        }
        if (this.requestAttributesEnabled) {
            request.setAttribute(AccessLog.REMOTE_ADDR_ATTRIBUTE, request.getRemoteAddr());
            request.setAttribute("org.apache.tomcat.remoteAddr", request.getRemoteAddr());
            request.setAttribute(AccessLog.REMOTE_HOST_ATTRIBUTE, request.getRemoteHost());
            request.setAttribute(AccessLog.PROTOCOL_ATTRIBUTE, request.getProtocol());
            request.setAttribute(AccessLog.SERVER_PORT_ATTRIBUTE, Integer.valueOf(request.getServerPort()));
        }
        try {
            getNext().invoke(request, response);
            request.setRemoteAddr(remoteAddr);
            request.setRemoteHost(remoteHost);
            request.setSecure(isSecure);
            MimeHeaders mimeHeaders = request.getCoyoteRequest().getMimeHeaders();
            request.getCoyoteRequest().scheme().setString(scheme);
            request.setServerPort(serverPort);
            if (header2 == null || header2.length() == 0) {
                mimeHeaders.removeHeader(this.proxiesHeader);
            } else {
                mimeHeaders.setValue(this.proxiesHeader).setString(header2);
            }
            if (header3 == null || header3.length() == 0) {
                mimeHeaders.removeHeader(this.remoteIpHeader);
            } else {
                mimeHeaders.setValue(this.remoteIpHeader).setString(header3);
            }
        } catch (Throwable th) {
            request.setRemoteAddr(remoteAddr);
            request.setRemoteHost(remoteHost);
            request.setSecure(isSecure);
            MimeHeaders mimeHeaders2 = request.getCoyoteRequest().getMimeHeaders();
            request.getCoyoteRequest().scheme().setString(scheme);
            request.setServerPort(serverPort);
            if (header2 == null || header2.length() == 0) {
                mimeHeaders2.removeHeader(this.proxiesHeader);
            } else {
                mimeHeaders2.setValue(this.proxiesHeader).setString(header2);
            }
            if (header3 == null || header3.length() == 0) {
                mimeHeaders2.removeHeader(this.remoteIpHeader);
            } else {
                mimeHeaders2.setValue(this.remoteIpHeader).setString(header3);
            }
            throw th;
        }
    }

    private void setPorts(Request request, int i) {
        String header;
        int i2 = i;
        if (this.portHeader != null && (header = request.getHeader(this.portHeader)) != null) {
            try {
                i2 = Integer.parseInt(header);
            } catch (NumberFormatException e) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("remoteIpValve.invalidPortHeader", header, this.portHeader), e);
                }
            }
        }
        request.setServerPort(i2);
        if (this.changeLocalPort) {
            request.setLocalPort(i2);
        }
    }

    public void setHttpServerPort(int i) {
        this.httpServerPort = i;
    }

    public void setHttpsServerPort(int i) {
        this.httpsServerPort = i;
    }

    public void setInternalProxies(String str) {
        if (str == null || str.length() == 0) {
            this.internalProxies = null;
        } else {
            this.internalProxies = Pattern.compile(str);
        }
    }

    public void setProtocolHeader(String str) {
        this.protocolHeader = str;
    }

    public void setProtocolHeaderHttpsValue(String str) {
        this.protocolHeaderHttpsValue = str;
    }

    public void setProxiesHeader(String str) {
        this.proxiesHeader = str;
    }

    public void setRemoteIpHeader(String str) {
        this.remoteIpHeader = str;
    }

    public void setRequestAttributesEnabled(boolean z) {
        this.requestAttributesEnabled = z;
    }

    public void setTrustedProxies(String str) {
        if (str == null || str.length() == 0) {
            this.trustedProxies = null;
        } else {
            this.trustedProxies = Pattern.compile(str);
        }
    }
}
