package com.amazon.opendistroforelasticsearch.security.http;

import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/http/RemoteIpDetector.class */
final class RemoteIpDetector {
    private static final Pattern commaSeparatedValuesPattern = Pattern.compile("\\s*,\\s*");
    protected final Logger log = LogManager.getLogger(getClass());
    private Pattern internalProxies = Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
    private String remoteIpHeader = "X-Forwarded-For";

    protected static String[] commaDelimitedListToStringArray(String str) {
        return (str == null || str.length() == 0) ? new String[0] : commaSeparatedValuesPattern.split(str);
    }

    public String getInternalProxies() {
        if (this.internalProxies == null) {
            return null;
        }
        return this.internalProxies.toString();
    }

    public String getRemoteIpHeader() {
        return this.remoteIpHeader;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String detect(RestRequest restRequest, ThreadContext threadContext) {
        String hostAddress = restRequest.getHttpChannel().getRemoteAddress().getAddress().getHostAddress();
        if (this.log.isTraceEnabled()) {
            this.log.trace("originalRemoteAddr {}", hostAddress);
        }
        if (this.internalProxies != null && this.internalProxies.matcher(hostAddress).matches()) {
            String str = null;
            StringBuilder sb = new StringBuilder();
            List<String> list = (List) restRequest.getHeaders().get(this.remoteIpHeader);
            if (list == null || list.isEmpty()) {
                return hostAddress;
            }
            for (String str2 : list) {
                if (sb.length() > 0) {
                    sb.append(", ");
                }
                sb.append(str2);
            }
            if (this.log.isTraceEnabled()) {
                this.log.trace("concatRemoteIpHeaderValue {}", sb.toString());
            }
            String[] commaDelimitedListToStringArray = commaDelimitedListToStringArray(sb.toString());
            int length = commaDelimitedListToStringArray.length - 1;
            while (true) {
                if (length < 0) {
                    break;
                }
                String str3 = commaDelimitedListToStringArray[length];
                str = str3;
                if (!this.internalProxies.matcher(str3).matches()) {
                    length--;
                    break;
                }
                length--;
            }
            LinkedList linkedList = new LinkedList();
            while (length >= 0) {
                linkedList.addFirst(commaDelimitedListToStringArray[length]);
                length--;
            }
            if (str != null) {
                if (this.log.isTraceEnabled()) {
                    this.log.trace("Incoming request " + restRequest.uri() + " with originalRemoteAddr '" + hostAddress + "', originalRemoteHost='" + restRequest.getHttpChannel().getRemoteAddress().getAddress().getHostName() + "', will be seen as newRemoteAddr='" + str);
                }
                threadContext.putTransient(ConfigConstants.OPENDISTRO_SECURITY_XFF_DONE, Boolean.TRUE);
                return str;
            }
            this.log.warn("Remote ip could not be detected, this should normally not happen");
        } else if (this.log.isTraceEnabled()) {
            this.log.trace("Skip RemoteIpDetector for request " + restRequest.uri() + " with originalRemoteAddr '" + restRequest.getHttpChannel().getRemoteAddress() + "' cause no internal proxy matches");
        }
        return hostAddress;
    }

    public void setInternalProxies(String str) {
        if (str == null || str.length() == 0) {
            this.internalProxies = null;
        } else {
            this.internalProxies = Pattern.compile(str);
        }
    }

    public void setRemoteIpHeader(String str) {
        this.remoteIpHeader = str;
    }
}
