package org.openvpms.web.security.firewall;

import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import org.openvpms.archetype.rules.security.FirewallSettings;
import org.openvpms.archetype.rules.settings.SettingsCache;
import org.openvpms.component.model.user.User;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.util.matcher.IpAddressMatcher;

/* loaded from: input_file:org/openvpms/web/security/firewall/FirewallService.class */
public class FirewallService {
    private final int cachePeriod;
    private FirewallConfigManager manager;
    private ArchetypeService service;
    private static final Logger log = LoggerFactory.getLogger(FirewallService.class);

    public FirewallService(int i) {
        this.cachePeriod = i;
    }

    public void initialise(SettingsCache settingsCache, ArchetypeService archetypeService) {
        this.manager = new FirewallConfigManager(settingsCache, this.cachePeriod);
        this.service = archetypeService;
    }

    public boolean isAllowed(HttpServletRequest httpServletRequest) {
        return isAllowed(httpServletRequest, false);
    }

    public boolean isAllowed(HttpServletRequest httpServletRequest, boolean z) {
        boolean z2 = false;
        try {
            FirewallConfig config = this.manager.getConfig();
            FirewallSettings.AccessType accessType = config.getAccessType();
            if (accessType == FirewallSettings.AccessType.UNRESTRICTED || (accessType == FirewallSettings.AccessType.ALLOWED_USER && !z)) {
                z2 = true;
            } else {
                z2 = checkAllowed(httpServletRequest, config);
            }
        } catch (Exception e) {
            log.error("Failed to get firewall configuration: {}", e.getMessage(), e);
        }
        return z2;
    }

    public boolean isAllowed(HttpServletRequest httpServletRequest, User user) {
        boolean z = false;
        try {
            FirewallConfig config = this.manager.getConfig();
            FirewallSettings.AccessType accessType = config.getAccessType();
            if (accessType == FirewallSettings.AccessType.UNRESTRICTED) {
                z = true;
            } else if (checkAllowed(httpServletRequest, config)) {
                z = true;
            } else if (accessType == FirewallSettings.AccessType.ALLOWED_USER) {
                z = this.service.getBean(user).getBoolean("connectFromAnywhere");
            }
        } catch (Exception e) {
            log.error("Failed to get firewall configuration: {}", e.getMessage(), e);
        }
        return z;
    }

    private boolean checkAllowed(HttpServletRequest httpServletRequest, FirewallConfig firewallConfig) {
        boolean z = false;
        Iterator<IpAddressMatcher> it = firewallConfig.getAllowedAddresses().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().matches(httpServletRequest)) {
                z = true;
                break;
            }
        }
        return z;
    }
}
