package com.floragunn.searchguard.http;

import com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction;
import com.floragunn.searchguard.configuration.ConfigChangeListener;
import com.floragunn.searchguard.support.ConfigConstants;
import java.net.InetSocketAddress;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.netty.NettyHttpRequest;
import org.elasticsearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/http/XFFResolver.class */
public class XFFResolver implements ConfigChangeListener {
    protected final ESLogger log = Loggers.getLogger(getClass());
    private volatile Settings settings;
    private volatile boolean enabled;
    private volatile RemoteIpDetector detector;

    @Inject
    public XFFResolver(TransportConfigUpdateAction transportConfigUpdateAction) {
        transportConfigUpdateAction.addConfigChangeListener("config", this);
    }

    public TransportAddress resolve(RestRequest restRequest) throws ElasticsearchSecurityException {
        if (this.log.isTraceEnabled()) {
            this.log.trace("resolve {}", new Object[]{restRequest.getRemoteAddress()});
        }
        if (!isInitialized() || !this.enabled || !(restRequest.getRemoteAddress() instanceof InetSocketAddress) || !(restRequest instanceof NettyHttpRequest)) {
            if (!(restRequest.getRemoteAddress() instanceof InetSocketAddress)) {
                throw new ElasticsearchSecurityException("Cannot handle this request. Remote address is " + restRequest.getRemoteAddress() + " with request class " + restRequest.getClass(), new Object[0]);
            }
            if (this.log.isTraceEnabled()) {
                this.log.trace("no xff done (not initialized, enabled or no netty request) {},{},{},{}", new Object[]{Boolean.valueOf(isInitialized()), Boolean.valueOf(this.enabled), restRequest.getClass()});
            }
            return new InetSocketTransportAddress((InetSocketAddress) restRequest.getRemoteAddress());
        }
        InetSocketAddress inetSocketAddress = new InetSocketAddress(this.detector.detect((NettyHttpRequest) restRequest), ((InetSocketAddress) restRequest.getRemoteAddress()).getPort());
        if (inetSocketAddress.isUnresolved()) {
            throw new ElasticsearchSecurityException("Cannot resolve address " + inetSocketAddress.getHostString(), new Object[0]);
        }
        if (this.log.isTraceEnabled()) {
            if (restRequest.getFromContext(ConfigConstants.SG_XFF_DONE) == Boolean.TRUE) {
                this.log.trace("xff resolved {} to {}", new Object[]{restRequest.getRemoteAddress(), inetSocketAddress});
            } else {
                this.log.trace("no xff done for {}", new Object[]{restRequest.getClass()});
            }
        }
        return new InetSocketTransportAddress(inetSocketAddress);
    }

    @Override // com.floragunn.searchguard.configuration.ConfigChangeListener
    public void onChange(String str, Settings settings) {
        this.settings = settings;
        this.enabled = settings.getAsBoolean("searchguard.dynamic.http.xff.enabled", true).booleanValue();
        if (!this.enabled) {
            this.detector = null;
            return;
        }
        this.detector = new RemoteIpDetector();
        this.detector.setInternalProxies(settings.get("searchguard.dynamic.http.xff.internalProxies", this.detector.getInternalProxies()));
        this.detector.setProxiesHeader(settings.get("searchguard.dynamic.http.xff.proxiesHeader", this.detector.getProxiesHeader()));
        this.detector.setRemoteIpHeader(settings.get("searchguard.dynamic.http.xff.proxiesHeader.remoteIpHeader", this.detector.getRemoteIpHeader()));
        this.detector.setTrustedProxies(settings.get("searchguard.dynamic.http.xff.proxiesHeader.trustedProxies", this.detector.getTrustedProxies()));
    }

    @Override // com.floragunn.searchguard.configuration.ConfigChangeListener
    public void validate(String str, Settings settings) throws ElasticsearchSecurityException {
    }

    @Override // com.floragunn.searchguard.configuration.ConfigChangeListener
    public boolean isInitialized() {
        return this.settings != null;
    }
}
