package com.sshtools.common.permissions;

import com.sshtools.common.logger.Log;
import com.sshtools.common.net.CIDRNetwork;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/maverick-common-2.0.4.jar:com/sshtools/common/permissions/IPPolicy.class */
public class IPPolicy extends Permissions {
    static final int ALLOW_CONNECT = 1;
    List<CIDRNetwork> blacklist = new ArrayList();
    List<CIDRNetwork> whitelist = new ArrayList();

    public IPPolicy() {
        add(1);
    }

    protected boolean assertConnection(SocketAddress socketAddress, SocketAddress socketAddress2) {
        if (check(1)) {
            return assertAllowed(socketAddress, socketAddress2);
        }
        return false;
    }

    protected boolean assertAllowed(SocketAddress socketAddress, SocketAddress socketAddress2) {
        boolean z = true;
        InetAddress address = ((InetSocketAddress) socketAddress).getAddress();
        String hostString = address == null ? ((InetSocketAddress) socketAddress).getHostString() : address.getHostAddress();
        if (!this.whitelist.isEmpty()) {
            z = isListed(hostString, this.whitelist);
        }
        boolean isListed = isListed(hostString, this.blacklist);
        if (Log.isTraceEnabled()) {
            Object[] objArr = new Object[2];
            objArr[0] = socketAddress.toString();
            objArr[1] = (!z || isListed) ? "denied" : "allowed";
            Log.trace("%s is %s by IP policy", objArr);
        }
        return z && !isListed;
    }

    protected boolean isListed(String str, List<CIDRNetwork> list) {
        Iterator<CIDRNetwork> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().isValidAddressForNetwork(str)) {
                return true;
            }
        }
        return false;
    }

    public final boolean checkConnection(SocketAddress socketAddress, SocketAddress socketAddress2) {
        return assertConnection(socketAddress, socketAddress2);
    }

    public void stopAcceptingConnections() {
        if (Log.isInfoEnabled()) {
            Log.info("Stop accepting connections on IP Policy", new Object[0]);
        }
        remove(1);
    }

    public void startAcceptingConnections() {
        if (Log.isInfoEnabled()) {
            Log.info("Start accepting connections on IP Policy", new Object[0]);
        }
        add(1);
    }

    public void blacklist(String str) {
        this.blacklist.add(new CIDRNetwork(str));
    }

    public void whitelist(String str) {
        this.whitelist.add(new CIDRNetwork(str));
    }
}
