package com.linkedin.kafka.cruisecontrol.servlet.security.trustedproxy;

import com.linkedin.kafka.cruisecontrol.servlet.security.DefaultRoleSecurityProvider;
import com.linkedin.kafka.cruisecontrol.servlet.security.SecurityUtils;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jetty.security.UserStore;
import org.eclipse.jetty.security.authentication.AuthorizationService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.component.AbstractLifeCycle;

/* loaded from: input_file:com/linkedin/kafka/cruisecontrol/servlet/security/trustedproxy/TrustedProxyAuthorizationService.class */
public class TrustedProxyAuthorizationService extends AbstractLifeCycle implements AuthorizationService {
    private final UserStore _adminUserStore = new UserStore();
    private final Pattern _trustedProxyIpPattern;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TrustedProxyAuthorizationService(List<String> list, String str) {
        list.forEach(str2 -> {
            this._adminUserStore.addUser(str2, SecurityUtils.NO_CREDENTIAL, new String[]{DefaultRoleSecurityProvider.ADMIN});
        });
        if (str != null) {
            this._trustedProxyIpPattern = Pattern.compile(str);
        } else {
            this._trustedProxyIpPattern = null;
        }
    }

    public UserIdentity getUserIdentity(HttpServletRequest httpServletRequest, String str) {
        int indexOf = str.indexOf(47);
        UserIdentity userIdentity = this._adminUserStore.getUserIdentity(indexOf > 0 ? str.substring(0, indexOf) : str);
        if (this._trustedProxyIpPattern == null || this._trustedProxyIpPattern.matcher(httpServletRequest.getRemoteAddr()).matches()) {
            return userIdentity;
        }
        return null;
    }

    protected void doStart() throws Exception {
        this._adminUserStore.start();
        super.doStart();
    }

    protected void doStop() throws Exception {
        super.doStop();
        this._adminUserStore.stop();
    }
}
