package phex.security;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import phex.common.AbstractLifeCycle;
import phex.common.Environment;
import phex.common.EnvironmentConstants;
import phex.common.ExpiryDate;
import phex.common.URN;
import phex.common.address.AddressUtils;
import phex.common.address.DestAddress;
import phex.common.address.IpAddress;
import phex.common.file.FileManager;
import phex.common.file.ManagedFileException;
import phex.common.log.NLogger;
import phex.event.ContainerEvent;
import phex.event.PhexEventTopics;
import phex.event.UserMessageListener;
import phex.prefs.core.SecurityPrefs;
import phex.servent.Servent;
import phex.share.SharedResource;
import phex.utils.StringUtils;
import phex.utils.VersionUtils;
import phex.xml.sax.DPhex;
import phex.xml.sax.XMLBuilder;
import phex.xml.sax.security.DIpAccessRule;
import phex.xml.sax.security.DSecurity;
import phex.xml.sax.security.DSecurityRule;

/* JADX WARN: Classes with same name are omitted:
  input_file:phex/phex/security/PhexSecurityManager.class
 */
/* loaded from: input_file:phex/security/PhexSecurityManager.class */
public class PhexSecurityManager extends AbstractLifeCycle {
    private static final String[] SHA1_FILES = {"BearShare and LimeWire Pro scams and worms.SHA1", "Fakes.SHA1", "SPAM - 0-8K bytes - How2 [open with notepad.avi].SHA1", "SPAM - 15,872, 70-170K bytes - EFreeClub.SHA1", "SPAM - 22 bytes - Empty zip files.SHA1", "SPAM - Various.SHA1", "TROJAN - 50-80K bytes - ISTbar.SHA1", "TROJAN - 61-62K bytes - Mainpean StarDialer.SHA1", "TROJAN - 81,964 bytes - WinVBIE Toolbar.SHA1", "TROJAN - 233472 bytes - Dropper.Generic.DZD.SHA1", "TROJAN - 783843 bytes - Crypt.B.SHA1", "WORM - 71,070 bytes - W32.Alcra.C.SHA1", "WORM - 123897 bytes - GEDZAC VBS-Israfel.SHA1", "WORM - 178861 bytes - IRC.Backdoor.SdBot.LFI.SHA1", "WORM - 202477 bytes - Generic.FX!CME-24.SHA1", "WORM - 535082 bytes - W32.Alcra.D.SHA1", "WORM - 643767 bytes - VB.FL.SHA1", "WORM - 872159 bytes - VB.CC.SHA1", "Phex Collected.SHA1"};
    private ArrayList<IpSecurityRule> ipAccessRuleList = new ArrayList<>();
    private final IpSystemRuleList ipSystemRuleList = new IpSystemRuleList();
    private final IpSystemRuleList ipUserRuleList = new IpSystemRuleList();
    private final Set<String> blockedUrnSet = new HashSet();
    private final HashMap<SharedResource, IpPortSystemRuleList> eligibleIpListMap = new HashMap<>();

    public void addIpSystemRuleListToSharedResource(Object obj, String str, int i) {
        IpSystemSecurityRule ipSystemSecurityRule = new IpSystemSecurityRule(AddressUtils.parseDottedIpToInt(str), (byte) 32);
        IpPortSystemRuleList ipPortSystemRuleList = this.eligibleIpListMap.get(obj);
        if (ipPortSystemRuleList == null) {
            ipPortSystemRuleList = new IpPortSystemRuleList();
            this.eligibleIpListMap.put((SharedResource) obj, ipPortSystemRuleList);
        }
        ipPortSystemRuleList.add(new IpPortAddress(str, i), ipSystemSecurityRule);
    }

    public void removeIpSystemRuleListFromSharedResource(Object obj) {
        IpPortSystemRuleList ipPortSystemRuleList = this.eligibleIpListMap.get(obj);
        if (ipPortSystemRuleList != null) {
            this.eligibleIpListMap.remove(obj);
            ipPortSystemRuleList.removeAll();
        }
    }

    public boolean isEligibleIpAddress(byte[] bArr, Object obj) {
        IpCidrPair ipCidrPair = null;
        if (bArr != null) {
            ipCidrPair = new IpCidrPair(AddressUtils.byteIpToIntIp(bArr));
        }
        IpPortSystemRuleList ipPortSystemRuleList = this.eligibleIpListMap.get(obj);
        if (ipPortSystemRuleList == null) {
            return true;
        }
        if (ipCidrPair == null) {
            return false;
        }
        return ipPortSystemRuleList.containsRuleAndPort(ipCidrPair, new IpPortAddress(bArr));
    }

    public AccessType controlUrnAccess(URN urn) {
        return (urn.isSha1Nid() && this.blockedUrnSet.contains(urn.getSHA1Nss())) ? AccessType.ACCESS_STRONGLY_DENIED : AccessType.ACCESS_GRANTED;
    }

    private void loadHostileSha1List() {
        if (SecurityPrefs.LoadHostileSha1List.get().booleanValue()) {
            try {
                NLogger.debug((Class<?>) PhexSecurityManager.class, "Load hostile sha1 files.");
                long currentTimeMillis = System.currentTimeMillis();
                for (int i = 0; i < SHA1_FILES.length; i++) {
                    InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream("phex/resources/sha1/" + SHA1_FILES[i]);
                    if (systemResourceAsStream != null) {
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(systemResourceAsStream));
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            if (!StringUtils.isEmpty(readLine) && !readLine.startsWith("#")) {
                                if (readLine.length() != 32) {
                                    NLogger.warn((Class<?>) PhexSecurityManager.class, "Skip invalid line: " + readLine + " in " + SHA1_FILES[i]);
                                } else if (!this.blockedUrnSet.add(readLine) && NLogger.isDebugEnabled((Class<?>) PhexSecurityManager.class)) {
                                    NLogger.warn((Class<?>) PhexSecurityManager.class, "Found dupplicate: " + readLine + " in " + SHA1_FILES[i]);
                                }
                            }
                        }
                        bufferedReader.close();
                    } else {
                        NLogger.debug((Class<?>) PhexSecurityManager.class, "Hostile sha1 file not found: " + SHA1_FILES[i]);
                    }
                }
                NLogger.debug((Class<?>) PhexSecurityManager.class, "Loaded hostile sha1 file: " + (System.currentTimeMillis() - currentTimeMillis));
            } catch (IOException e) {
                NLogger.warn((Class<?>) PhexSecurityManager.class, e, e);
            }
        }
    }

    public int getIPAccessRuleCount() {
        int size;
        synchronized (this.ipAccessRuleList) {
            size = this.ipAccessRuleList.size();
        }
        return size;
    }

    public IpSecurityRule getIPAccessRule(int i) {
        synchronized (this.ipAccessRuleList) {
            if (i >= 0) {
                if (i < this.ipAccessRuleList.size()) {
                    return this.ipAccessRuleList.get(i);
                }
            }
            return null;
        }
    }

    public IpSecurityRule[] getIPAccessRulesAt(int[] iArr) {
        IpSecurityRule[] ipSecurityRuleArr;
        synchronized (this.ipAccessRuleList) {
            int length = iArr.length;
            ipSecurityRuleArr = new IpSecurityRule[length];
            int size = this.ipAccessRuleList.size();
            for (int i = 0; i < length; i++) {
                if (iArr[i] < 0 || iArr[i] >= size) {
                    ipSecurityRuleArr[i] = null;
                } else {
                    ipSecurityRuleArr[i] = this.ipAccessRuleList.get(iArr[i]);
                }
            }
        }
        return ipSecurityRuleArr;
    }

    public IpUserSecurityRule createIPAccessRule(String str, byte[] bArr, byte b, boolean z, ExpiryDate expiryDate, boolean z2) {
        int size;
        IpUserSecurityRule ipUserSecurityRule = new IpUserSecurityRule(str, bArr, b, z, z2, expiryDate);
        synchronized (this.ipAccessRuleList) {
            size = this.ipAccessRuleList.size();
            this.ipAccessRuleList.add(ipUserSecurityRule);
        }
        this.ipUserRuleList.add(ipUserSecurityRule);
        fireSecurityRuleAdded(ipUserSecurityRule, size);
        return ipUserSecurityRule;
    }

    public IpUserSecurityRule updateIpUserSecurityRule(IpUserSecurityRule ipUserSecurityRule, String str, byte[] bArr, byte b, boolean z, ExpiryDate expiryDate, boolean z2) {
        int size;
        IpUserSecurityRule ipUserSecurityRule2 = new IpUserSecurityRule(str, bArr, b, z, z2, expiryDate);
        ipUserSecurityRule2.setTriggerCount(ipUserSecurityRule.getTriggerCount());
        removeSecurityRule(ipUserSecurityRule);
        synchronized (this.ipAccessRuleList) {
            size = this.ipAccessRuleList.size();
            this.ipAccessRuleList.add(ipUserSecurityRule2);
        }
        this.ipUserRuleList.add(ipUserSecurityRule2);
        fireSecurityRuleAdded(ipUserSecurityRule2, size);
        return ipUserSecurityRule2;
    }

    public void removeSecurityRule(SecurityRule securityRule) {
        int indexOf;
        synchronized (this.ipAccessRuleList) {
            indexOf = this.ipAccessRuleList.indexOf(securityRule);
            if (indexOf != -1) {
                this.ipAccessRuleList.remove(indexOf);
            }
        }
        if (indexOf != -1) {
            this.ipUserRuleList.remove((IpSecurityRule) securityRule);
            fireSecurityRuleRemoved(securityRule, indexOf);
        }
    }

    public AccessType controlHostAddressAccess(DestAddress destAddress) {
        IpAddress ipAddress = destAddress.getIpAddress();
        return ipAddress == null ? AccessType.ACCESS_GRANTED : controlHostIPAccess(ipAddress.getHostIP());
    }

    public AccessType controlHostIPAccess(byte[] bArr) {
        IpCidrPair ipCidrPair = new IpCidrPair(AddressUtils.byteIpToIntIp(bArr));
        return this.ipSystemRuleList.contains(ipCidrPair) ? AccessType.ACCESS_STRONGLY_DENIED : this.ipUserRuleList.contains(ipCidrPair) ? AccessType.ACCESS_DENIED : AccessType.ACCESS_GRANTED;
    }

    private void loadHostileHostList(Map<String, DIpAccessRule> map) {
        int parseDottedIpToInt;
        byte parseNetmaskToCidr;
        if (!SecurityPrefs.LoadHostileHostList.get().booleanValue()) {
            return;
        }
        try {
            NLogger.debug((Class<?>) PhexSecurityManager.class, "Load hostile hosts file.");
            long currentTimeMillis = System.currentTimeMillis();
            InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream("phex/resources/hostiles/gtkg-hostiles.txt");
            if (systemResourceAsStream == null) {
                NLogger.debug((Class<?>) PhexSecurityManager.class, "Hostile hosts file not found.");
                return;
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(systemResourceAsStream));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    NLogger.debug((Class<?>) PhexSecurityManager.class, "Loaded hostile hosts file: " + (System.currentTimeMillis() - currentTimeMillis));
                    return;
                }
                if (!readLine.startsWith("#")) {
                    String trim = readLine.trim();
                    if (!StringUtils.isEmpty(trim)) {
                        int indexOf = trim.indexOf(47);
                        if (indexOf == -1) {
                            parseDottedIpToInt = AddressUtils.parseDottedIpToInt(trim);
                            parseNetmaskToCidr = 32;
                        } else {
                            String trim2 = trim.substring(0, indexOf).trim();
                            String trim3 = trim.substring(indexOf + 1).trim();
                            parseDottedIpToInt = AddressUtils.parseDottedIpToInt(trim2);
                            parseNetmaskToCidr = AddressUtils.parseNetmaskToCidr(trim3);
                        }
                        IpSystemSecurityRule ipSystemSecurityRule = new IpSystemSecurityRule(parseDottedIpToInt, parseNetmaskToCidr);
                        DSecurityRule findSystemXJBRule = findSystemXJBRule(map, parseDottedIpToInt, parseNetmaskToCidr);
                        if (findSystemXJBRule != null) {
                            ipSystemSecurityRule.setTriggerCount(findSystemXJBRule.getTriggerCount());
                        }
                        this.ipAccessRuleList.add(ipSystemSecurityRule);
                        this.ipSystemRuleList.add(ipSystemSecurityRule);
                    }
                }
            }
        } catch (IOException e) {
            NLogger.warn((Class<?>) PhexSecurityManager.class, e, e);
        }
    }

    private DSecurityRule findSystemXJBRule(Map<String, DIpAccessRule> map, int i, byte b) {
        DIpAccessRule dIpAccessRule = map.get(AddressUtils.ip2string(i) + "/" + ((int) b));
        if (dIpAccessRule == null || !dIpAccessRule.isSystemRule()) {
            return null;
        }
        return dIpAccessRule;
    }

    private void loadSecurityRuleList() {
        NLogger.debug((Class<?>) PhexSecurityManager.class, "Loading security rule list...");
        File phexConfigFile = Environment.getInstance().getPhexConfigFile(EnvironmentConstants.XML_SECURITY_FILE_NAME);
        try {
            DSecurity securityList = (phexConfigFile.exists() ? XMLBuilder.loadDPhexFromFile(FileManager.getInstance().getReadWriteManagedFile(phexConfigFile)) : new DPhex()).getSecurityList();
            if (securityList == null) {
                NLogger.debug((Class<?>) PhexSecurityManager.class, "No security definition found.");
                securityList = new DSecurity();
            }
            synchronized (this.ipAccessRuleList) {
                List<DSecurityRule> ipAccessRuleList = securityList.getIpAccessRuleList();
                HashMap hashMap = new HashMap();
                for (DSecurityRule dSecurityRule : ipAccessRuleList) {
                    DIpAccessRule dIpAccessRule = (DIpAccessRule) dSecurityRule;
                    if (!dIpAccessRule.hasDenyingRule() || dIpAccessRule.isDenyingRule()) {
                        if (dSecurityRule.isSystemRule()) {
                            if (dIpAccessRule.hasCidr()) {
                                hashMap.put(AddressUtils.ip2string(dIpAccessRule.getIp()) + "/" + String.valueOf((int) dIpAccessRule.getCidr()), dIpAccessRule);
                            } else {
                                StringBuffer stringBuffer = new StringBuffer(AddressUtils.ip2string(dIpAccessRule.getIp()));
                                stringBuffer.append("/");
                                if (dIpAccessRule.getCompareIp() == null) {
                                    stringBuffer.append("32");
                                } else {
                                    stringBuffer.append((int) AddressUtils.calculateCidr(dIpAccessRule.getCompareIp()));
                                }
                                hashMap.put(stringBuffer.toString(), dIpAccessRule);
                            }
                        } else if (dIpAccessRule.hasCidr()) {
                            IpUserSecurityRule ipUserSecurityRule = new IpUserSecurityRule(dIpAccessRule.getDescription(), dIpAccessRule.getIp(), dIpAccessRule.getCidr(), dIpAccessRule.isDisabled(), dIpAccessRule.isDeletedOnExpiry(), dIpAccessRule.getExpiryDate());
                            ipUserSecurityRule.setTriggerCount(dIpAccessRule.getTriggerCount());
                            this.ipAccessRuleList.add(ipUserSecurityRule);
                            this.ipUserRuleList.add(ipUserSecurityRule);
                        } else if (dIpAccessRule.getAddressType() == 2) {
                            IpUserSecurityRule ipUserSecurityRule2 = new IpUserSecurityRule(dIpAccessRule.getDescription(), dIpAccessRule.getIp(), AddressUtils.calculateCidr(dIpAccessRule.getCompareIp()), dIpAccessRule.isDisabled(), dIpAccessRule.isDeletedOnExpiry(), dIpAccessRule.getExpiryDate());
                            ipUserSecurityRule2.setTriggerCount(dIpAccessRule.getTriggerCount());
                            this.ipAccessRuleList.add(ipUserSecurityRule2);
                            this.ipUserRuleList.add(ipUserSecurityRule2);
                        } else if (dIpAccessRule.getAddressType() == 1) {
                            IpUserSecurityRule ipUserSecurityRule3 = new IpUserSecurityRule(dIpAccessRule.getDescription(), dIpAccessRule.getIp(), (byte) 32, dIpAccessRule.isDisabled(), dIpAccessRule.isDeletedOnExpiry(), dIpAccessRule.getExpiryDate());
                            ipUserSecurityRule3.setTriggerCount(dIpAccessRule.getTriggerCount());
                            this.ipAccessRuleList.add(ipUserSecurityRule3);
                            this.ipUserRuleList.add(ipUserSecurityRule3);
                        } else if (dIpAccessRule.getAddressType() == 3) {
                            for (IpCidrPair ipCidrPair : AddressUtils.range2cidr(dIpAccessRule.getIp(), dIpAccessRule.getCompareIp())) {
                                IpUserSecurityRule ipUserSecurityRule4 = new IpUserSecurityRule(dIpAccessRule.getDescription(), ipCidrPair.ipAddr, ipCidrPair.cidr, dIpAccessRule.isDisabled(), dIpAccessRule.isDeletedOnExpiry(), dIpAccessRule.getExpiryDate());
                                ipUserSecurityRule4.setTriggerCount(dIpAccessRule.getTriggerCount());
                                this.ipAccessRuleList.add(ipUserSecurityRule4);
                                this.ipUserRuleList.add(ipUserSecurityRule4);
                            }
                        }
                    }
                }
                loadHostileHostList(hashMap);
                this.ipAccessRuleList.trimToSize();
            }
        } catch (IOException e) {
            NLogger.error((Class<?>) PhexSecurityManager.class, e, e);
            Environment.getInstance().fireDisplayUserMessage(UserMessageListener.SecuritySettingsLoadFailed, new String[]{e.toString()});
        } catch (ManagedFileException e2) {
            NLogger.error((Class<?>) PhexSecurityManager.class, e2, e2);
            Environment.getInstance().fireDisplayUserMessage(UserMessageListener.SecuritySettingsLoadFailed, new String[]{e2.toString()});
        }
    }

    private void saveSecurityRuleList() {
        NLogger.debug((Class<?>) PhexSecurityManager.class, "Saving security rule list...");
        try {
            DPhex dPhex = new DPhex();
            dPhex.setPhexVersion(VersionUtils.getFullProgramVersion());
            DSecurity dSecurity = new DSecurity();
            dPhex.setSecurityList(dSecurity);
            synchronized (this.ipAccessRuleList) {
                Iterator<IpSecurityRule> it = this.ipAccessRuleList.iterator();
                while (it.hasNext()) {
                    IpSecurityRule next = it.next();
                    if (next.isSystemRule() || !next.isDeletedOnExpiry() || (!next.getExpiryDate().isExpiringEndOfSession() && !next.getExpiryDate().isExpired())) {
                        if (!next.isSystemRule() || next.getTriggerCount() != 0) {
                            dSecurity.getIpAccessRuleList().add(next.createDSecurityRule());
                        }
                    }
                }
            }
            XMLBuilder.saveToFile(FileManager.getInstance().getReadWriteManagedFile(Environment.getInstance().getPhexConfigFile(EnvironmentConstants.XML_SECURITY_FILE_NAME)), dPhex);
        } catch (IOException e) {
            NLogger.error((Class<?>) PhexSecurityManager.class, e, e);
            Environment.getInstance().fireDisplayUserMessage(UserMessageListener.SecuritySettingsSaveFailed, new String[]{e.toString()});
        } catch (ManagedFileException e2) {
            NLogger.error((Class<?>) PhexSecurityManager.class, e2, e2);
            Environment.getInstance().fireDisplayUserMessage(UserMessageListener.SecuritySettingsSaveFailed, new String[]{e2.toString()});
        }
    }

    @Override // phex.common.AbstractLifeCycle
    public void doStart() {
        loadSecurityRuleList();
        loadHostileSha1List();
    }

    @Override // phex.common.AbstractLifeCycle
    public void doStop() {
        saveSecurityRuleList();
    }

    private void fireSecurityRuleAdded(SecurityRule securityRule, int i) {
        Servent.getInstance().getEventService().publish(PhexEventTopics.Security_Rule, new ContainerEvent(ContainerEvent.Type.ADDED, securityRule, this, i));
    }

    private void fireSecurityRuleRemoved(SecurityRule securityRule, int i) {
        Servent.getInstance().getEventService().publish(PhexEventTopics.Security_Rule, new ContainerEvent(ContainerEvent.Type.REMOVED, securityRule, this, i));
    }
}
