package com.caucho.server.admin;

import com.caucho.config.program.ContainerProgram;
import com.caucho.config.program.PropertyValueProgram;
import com.caucho.config.types.RawString;
import com.caucho.server.dispatch.ServletMapping;
import com.caucho.server.hmux.HmuxRequest;
import com.caucho.server.host.HostConfig;
import com.caucho.server.security.AbstractConstraint;
import com.caucho.server.security.AuthorizationResult;
import com.caucho.server.security.SecurityConstraint;
import com.caucho.server.webapp.WebAppConfig;
import com.caucho.util.InetNetwork;
import com.caucho.util.L10N;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.logging.Logger;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.myfaces.shared.util.CommentUtils;

/* loaded from: input_file:BOOT-INF/lib/resin-4.0.65.jar:com/caucho/server/admin/ManagementService.class */
public abstract class ManagementService {
    private static final L10N L = new L10N(ManagementService.class);
    protected final Logger log = Logger.getLogger(getClass().getName());
    private final Management _management;
    private final String _serviceName;
    private InetNetwork[] _allowedNetworks;

    /* loaded from: input_file:BOOT-INF/lib/resin-4.0.65.jar:com/caucho/server/admin/ManagementService$HmuxConstraint.class */
    private static class HmuxConstraint extends AbstractConstraint {
        private final ManagementService _service;

        public HmuxConstraint(ManagementService managementService) {
            this._service = managementService;
        }

        @Override // com.caucho.server.security.AbstractConstraint
        public AuthorizationResult isAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) throws ServletException, IOException {
            return this._service.isAuthorized(httpServletRequest, httpServletResponse, servletContext) ? AuthorizationResult.ALLOW : AuthorizationResult.DENY_SENT_RESPONSE;
        }
    }

    protected ManagementService(Management management, String str) {
        this._management = management;
        this._serviceName = str;
    }

    public void start() {
        HostConfig hostConfig = this._management.getHostConfig();
        WebAppConfig webAppConfig = new WebAppConfig();
        webAppConfig.setId(this._serviceName);
        webAppConfig.setRootDirectory(new RawString("memory:/admin-dummy-root"));
        hostConfig.addBuilderProgram(new PropertyValueProgram("web-app", webAppConfig));
        ServletMapping servletMapping = new ServletMapping();
        servletMapping.setServletName(this._serviceName);
        servletMapping.addURLPattern(CommentUtils.START_SCRIPT_COMMENT);
        servletMapping.addURLRegexp(".*");
        servletMapping.setServletClass(ManagementServlet.class.getName());
        ContainerProgram containerProgram = new ContainerProgram();
        containerProgram.addProgram(new PropertyValueProgram("service", this));
        servletMapping.setInit(containerProgram);
        webAppConfig.addBuilderProgram(new PropertyValueProgram("servlet-mapping", servletMapping));
        SecurityConstraint securityConstraint = new SecurityConstraint();
        securityConstraint.addURLPattern(CommentUtils.START_SCRIPT_COMMENT);
        securityConstraint.addConstraint(new HmuxConstraint(this));
        securityConstraint.init();
        webAppConfig.addBuilderProgram(new PropertyValueProgram("security-constraint", securityConstraint));
        try {
            this._allowedNetworks = new InetNetwork[]{new InetNetwork(InetAddress.getByName("127.0.0.1"), 24), new InetNetwork(InetAddress.getByName("10.0.0.0"), 24), new InetNetwork(InetAddress.getByName("172.16.0.0"), 20), new InetNetwork(InetAddress.getByName("192.168.0.0"), 16)};
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean isAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) throws ServletException, IOException {
        if (!(httpServletRequest instanceof HmuxRequest)) {
            this.log.warning(L.l("{0} attempt with non-hmux-request '{1}' from ip {2}", this._serviceName, httpServletRequest, httpServletRequest.getRemoteAddr()));
            httpServletResponse.sendError(404);
            return false;
        }
        HmuxRequest hmuxRequest = (HmuxRequest) httpServletRequest;
        if (!httpServletRequest.getServletPath().equals("")) {
            this.log.warning(L.l("{0} attempt with invalid servlet-path '{1}' from address '{2}'", this._serviceName, httpServletRequest.getServletPath(), httpServletRequest.getRemoteAddr()));
            httpServletResponse.sendError(404);
            return false;
        }
        if (httpServletRequest.getPathInfo() != null) {
            this.log.warning(L.l("{0} attempt with invalid path-info '{1}' from address '{2}'", this._serviceName, httpServletRequest.getPathInfo(), httpServletRequest.getRemoteAddr()));
            httpServletResponse.sendError(404);
            return false;
        }
        String remoteAddr = hmuxRequest.getRemoteAddr();
        boolean z = false;
        for (int i = 0; i < this._allowedNetworks.length; i++) {
            if (this._allowedNetworks[i].isMatch(remoteAddr)) {
                z = true;
            }
        }
        if (z) {
            return true;
        }
        this.log.warning(L.l("{0} attempt from invalid address '{1}'", this._serviceName, remoteAddr));
        httpServletResponse.sendError(404);
        return false;
    }

    private boolean isRequestAllowed(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Enumeration<String> attributeNames = servletRequest.getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            String nextElement = attributeNames.nextElement();
            if (!nextElement.equals("javax.servlet.request.X509Certificate")) {
                this.log.warning(L.l("management service request attribute '{0}' invalidates request", nextElement));
                httpServletResponse.sendError(404);
                return false;
            }
        }
        return true;
    }

    protected boolean isReadAllowed(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        return isRequestAllowed(servletRequest, servletResponse);
    }

    protected boolean isWriteAllowed(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        return isRequestAllowed(servletRequest, servletResponse);
    }

    public abstract void service(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException;

    public String toString() {
        return getClass().getSimpleName() + "[" + this._serviceName + "," + this._management.getServerId() + "]";
    }
}
