package com.atlassian.bamboo.agent.messaging;

import com.atlassian.bamboo.buildqueue.manager.RemoteAgentAuthenticationManager;
import com.atlassian.bamboo.event.agent.HttpTransportMessageEvent;
import com.atlassian.bamboo.spring.ComponentAccessor;
import com.atlassian.bamboo.utils.ServletUtils;
import com.atlassian.event.api.EventPublisher;
import com.google.common.base.Joiner;
import java.io.IOException;
import java.net.InetAddress;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Predicate;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.activemq.transport.http.HttpTunnelServlet;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/agent/messaging/SpyHttpTunnelServlet.class */
public class SpyHttpTunnelServlet extends HttpTunnelServlet {
    private static final Logger log = Logger.getLogger(SpyHttpTunnelServlet.class);
    private final AtomicInteger requestCounter = new AtomicInteger();
    private final Predicate<InetAddress> unauthorizedIpPredicate;

    public SpyHttpTunnelServlet() {
        Predicate predicate = inetAddress -> {
            return inetAddress.isLoopbackAddress() || ((RemoteAgentAuthenticationManager) ComponentAccessor.REMOTE_AGENT_AUTHENTICATION_MANAGER.get()).isAuthenticatedAgentIp(inetAddress);
        };
        this.unauthorizedIpPredicate = predicate.negate();
    }

    protected void service(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (validateRequest(httpServletRequest, httpServletResponse)) {
            int incrementAndGet = this.requestCounter.incrementAndGet();
            String method = httpServletRequest.getMethod();
            ((EventPublisher) ComponentAccessor.EVENT_PUBLISHER.get()).publish(new HttpTransportMessageEvent(this, method.toLowerCase()));
            log.debug(String.format("%s %d", method, Integer.valueOf(incrementAndGet)));
            super.service(httpServletRequest, httpServletResponse);
            log.debug(String.format("/%s %d", method, Integer.valueOf(incrementAndGet)));
        }
    }

    private boolean validateRequest(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse) {
        List allRequestIpAddresses = ServletUtils.getAllRequestIpAddresses(httpServletRequest);
        Optional findAny = allRequestIpAddresses.stream().filter(this.unauthorizedIpPredicate).findAny();
        if (!findAny.isPresent()) {
            return true;
        }
        log.info(String.format("Unauthorized %s request from [%s] (unauthorized IP: %s), denying", httpServletRequest.getMethod(), Joiner.on(',').join(allRequestIpAddresses), ((InetAddress) findAny.get()).getHostAddress()));
        httpServletResponse.setStatus(403);
        return false;
    }
}
