package coldfusion.filter;

import coldfusion.runtime.CFPage;
import coldfusion.runtime.NeoException;
import coldfusion.server.ServiceFactory;
import coldfusion.servicelayer.ExposedServiceManager;
import coldfusion.util.IPAddressUtils;
import coldfusion.util.Utils;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/filter/IPFilterUtils.class */
public class IPFilterUtils {
    private static final String[] RESTRICTED_INTERNAL_PATHS = {"/restplay", "/cfide/restplay", "/cfide/administrator", "/cfide/adminapi", "/cfide/main", "/cfide/componentutils", "/cfide/wizards", "/cfide/servermanager", "/cfide/lockdown"};
    private static final String SLASH = "/";
    private static final String DOT = ".";

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/filter/IPFilterUtils$AdminAccessdeniedException.class */
    public static class AdminAccessdeniedException extends NeoException {
        private static final long serialVersionUID = 1;
        public String allowedipaddr;
        public String requestipaddr;

        public AdminAccessdeniedException(String str, String str2) {
            this.allowedipaddr = str;
            this.requestipaddr = str2;
        }
    }

    public static void checkAdminAccess(HttpServletRequest httpServletRequest) {
        String sanitizeUri = sanitizeUri(Utils.canonicalizeURI(Utils.getServletPath(httpServletRequest).toLowerCase()));
        Stream stream = Arrays.stream(RESTRICTED_INTERNAL_PATHS);
        sanitizeUri.getClass();
        stream.filter(sanitizeUri::startsWith).findFirst().ifPresent(str -> {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            if (!isAllowedIP(remoteAddr)) {
                throw new AdminAccessdeniedException(ServiceFactory.getSecurityService().getAllowedAdminIPList(), remoteAddr);
            }
        });
    }

    private static String sanitizeUri(String str) {
        StringBuilder sb = new StringBuilder();
        for (String str2 : str.split("/")) {
            String trim = str2.trim();
            if (!trim.isEmpty()) {
                sb.append("/").append(removeTrailingDots(trim));
            }
        }
        return sb.toString();
    }

    private static String removeTrailingDots(String str) {
        while (str.trim().endsWith(".")) {
            str = str.substring(0, str.length() - 1);
        }
        return str;
    }

    private static boolean isAllowedIP(String str) {
        List ListToArray = CFPage.ListToArray(ServiceFactory.getSecurityService().getAllowedAdminIPList());
        if (IPAddressUtils.isLocalHost(str) || ListToArray == null || ListToArray.size() == 0) {
            return true;
        }
        boolean z = false;
        boolean z2 = false;
        try {
            InetAddress byName = InetAddress.getByName(str);
            if (byName instanceof Inet6Address) {
                z2 = true;
            }
            String hostAddress = byName.getHostAddress();
            Iterator it = ListToArray.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                boolean z3 = false;
                String str2 = (String) it.next();
                if (str2.indexOf(58) != -1) {
                    z3 = true;
                }
                if (z2 == z3 && ExposedServiceManager.matchIP(hostAddress, str2, z2)) {
                    z = true;
                    break;
                }
            }
        } catch (Exception e) {
        }
        return z;
    }
}
