package com.sshtools.common.permissions;

import com.sshtools.common.logger.Log;
import com.sshtools.common.net.CIDRNetwork;
import com.sshtools.common.util.ExpiringConcurrentHashMap;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public class IPPolicy extends Permissions {
    static final int ALLOW_CONNECT = 1;
    ExpiringConcurrentHashMap<InetAddress, Integer> flaggedAddressCounts;
    List<CIDRNetwork> blacklist = new ArrayList();
    List<CIDRNetwork> whitelist = new ArrayList();
    int failedAuthenticationThreshold = 15;
    ExpiringConcurrentHashMap<InetAddress, Boolean> temporaryBans = new ExpiringConcurrentHashMap<>(TimeUnit.HOURS.toMillis(5));

    public IPPolicy() {
        add(1);
        setFailedAuthenticationThresholdPeriod(5L, TimeUnit.MINUTES);
    }

    protected boolean assertAllowed(SocketAddress socketAddress, SocketAddress socketAddress2) {
        try {
            InetAddress address = ((InetSocketAddress) socketAddress).getAddress();
            if (this.temporaryBans.getOrDefault(address, false).booleanValue()) {
                Log.info("Rejecting IP {} because of temporary ban", address.getHostAddress());
                return false;
            }
            String hostAddress = address.getHostAddress();
            boolean isListed = !this.whitelist.isEmpty() ? isListed(hostAddress, this.whitelist) : true;
            boolean isListed2 = isListed(hostAddress, this.blacklist);
            if (Log.isTraceEnabled()) {
                Object[] objArr = new Object[2];
                objArr[0] = socketAddress.toString();
                objArr[1] = (!isListed || isListed2) ? "denied" : "allowed";
                Log.trace("{} is {} by IP policy", objArr);
            }
            return isListed && !isListed2;
        } catch (UnknownHostException unused) {
            throw new IllegalArgumentException("Invalid IP range");
        }
    }

    protected boolean assertConnection(SocketAddress socketAddress, SocketAddress socketAddress2) {
        if (check(1)) {
            return assertAllowed(socketAddress, socketAddress2);
        }
        return false;
    }

    public void blacklist(String str) throws UnknownHostException {
        Log.info("Blacklisting IP address {}", str);
        this.blacklist.add(new CIDRNetwork(str));
    }

    public final boolean checkConnection(SocketAddress socketAddress, SocketAddress socketAddress2) {
        return assertConnection(socketAddress, socketAddress2);
    }

    public void flagAddress(InetAddress inetAddress) {
        Integer orDefault = this.flaggedAddressCounts.getOrDefault(inetAddress, 0);
        if (orDefault.intValue() >= this.failedAuthenticationThreshold) {
            Log.info("Temporarily banning IP address {} due to failed authentication count of {}", inetAddress.getHostAddress(), orDefault);
            this.temporaryBans.put(inetAddress, true);
        } else {
            Integer valueOf = Integer.valueOf(orDefault.intValue() + 1);
            Log.info("Flagging IP address {} with failed authentication count of {}", inetAddress.getHostAddress(), valueOf);
            this.flaggedAddressCounts.put(inetAddress, valueOf);
        }
    }

    protected boolean isListed(String str, List<CIDRNetwork> list) throws UnknownHostException {
        Iterator<CIDRNetwork> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().isValidAddressForNetwork(str)) {
                return true;
            }
        }
        return false;
    }

    public void setFailedAuthenticationCountThreshold(int i) {
        this.failedAuthenticationThreshold = i;
    }

    public void setFailedAuthenticationThresholdPeriod(long j, TimeUnit timeUnit) {
        this.flaggedAddressCounts = new ExpiringConcurrentHashMap<>(timeUnit.toMillis(j));
    }

    public void startAcceptingConnections() {
        if (Log.isInfoEnabled()) {
            Log.info("Start accepting connections on IP Policy", new Object[0]);
        }
        add(1);
    }

    public void stopAcceptingConnections() {
        if (Log.isInfoEnabled()) {
            Log.info("Stop accepting connections on IP Policy", new Object[0]);
        }
        remove(1);
    }

    public void whitelist(String str) throws UnknownHostException {
        Log.info("Whitelisting IP address {}", str);
        this.whitelist.add(new CIDRNetwork(str));
    }
}
