package org.openvpms.web.workspace.admin.system.firewall;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.openvpms.archetype.rules.security.FirewallSettings;
import org.openvpms.component.business.dao.im.security.IUserDAO;
import org.openvpms.component.business.domain.im.security.User;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.openvpms.web.echo.servlet.SessionMonitor;
import org.springframework.security.web.util.matcher.IpAddressMatcher;

/* loaded from: input_file:org/openvpms/web/workspace/admin/system/firewall/AddressCoverageValidator.class */
class AddressCoverageValidator {
    private final SessionMonitor sessionMonitor;
    private final IUserDAO users;
    private final ArchetypeService service;
    private final Map<String, Boolean> connectFromAnywhere = new HashMap();

    /* loaded from: input_file:org/openvpms/web/workspace/admin/system/firewall/AddressCoverageValidator$Excluded.class */
    public static class Excluded {
        private final String address;
        private final String user;

        public Excluded(String str, String str2) {
            this.address = str;
            this.user = str2;
        }

        public String getAddress() {
            return this.address;
        }

        public String getUser() {
            return this.user;
        }
    }

    public AddressCoverageValidator(SessionMonitor sessionMonitor, IUserDAO iUserDAO, ArchetypeService archetypeService) {
        this.sessionMonitor = sessionMonitor;
        this.users = iUserDAO;
        this.service = archetypeService;
    }

    public Excluded getFirstExcludedAddress(List<String> list, FirewallSettings.AccessType accessType) {
        Excluded excluded = null;
        boolean z = accessType == FirewallSettings.AccessType.ALLOWED_USER;
        List<IpAddressMatcher> matchers = getMatchers(list);
        Iterator it = this.sessionMonitor.getSessions().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SessionMonitor.Session session = (SessionMonitor.Session) it.next();
            String host = session.getHost();
            if (host != null && (!z || !userCanConnectFromAnywhere(session.getName()))) {
                boolean z2 = false;
                Iterator<IpAddressMatcher> it2 = matchers.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (it2.next().matches(host)) {
                        z2 = true;
                        break;
                    }
                }
                if (!z2) {
                    excluded = new Excluded(host, session.getName());
                    break;
                }
            }
        }
        return excluded;
    }

    private boolean userCanConnectFromAnywhere(String str) {
        return this.connectFromAnywhere.computeIfAbsent(str, str2 -> {
            boolean z = false;
            User user = this.users.getUser(str2);
            if (user != null) {
                z = this.service.getBean(user).getBoolean("connectFromAnywhere");
            }
            return Boolean.valueOf(z);
        }).booleanValue();
    }

    private List<IpAddressMatcher> getMatchers(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new IpAddressMatcher(it.next()));
        }
        return arrayList;
    }
}
