package com.erigir.wrench.web;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.net.util.SubnetUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/erigir/wrench/web/IPAccessRestrictionFilter.class */
public class IPAccessRestrictionFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(IPAccessRestrictionFilter.class);
    private List<SubnetUtils.SubnetInfo> ipPatterns;
    private List<String> ipHeadersToSearch = Collections.unmodifiableList(Arrays.asList("CLIENT_IP", "X-Forwarded-For", "REMOTE_ADDR"));
    private int rejectStatusCode = 403;
    private String rejectStatusText = "403: Forbidden";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!isAcceptedRequest((HttpServletRequest) servletRequest)) {
            sendNotAccepted(httpServletResponse);
        } else {
            LOG.trace("Request accepted - passing thru");
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private void sendNotAccepted(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(this.rejectStatusCode);
        httpServletResponse.setContentType("text/html");
        httpServletResponse.getWriter().println(this.rejectStatusText);
    }

    public void destroy() {
    }

    private String getMostLikelyRemoteAddress(HttpServletRequest httpServletRequest) {
        if (null == httpServletRequest) {
            throw new IllegalArgumentException("Null request.");
        }
        String str = null;
        if (this.ipHeadersToSearch != null) {
            Iterator<String> it = this.ipHeadersToSearch.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                str = httpServletRequest.getHeader(next);
                if (null != str) {
                    LOG.trace("Found remote ip address[{}] in header: {}", str, next);
                    break;
                }
                LOG.trace("Remote ip address not found in header: {}", next);
            }
        }
        if (str == null) {
            str = httpServletRequest.getRemoteAddr();
            LOG.trace("Falling back to request remote address method: {}", str);
        }
        return str;
    }

    private boolean isAcceptedRequest(HttpServletRequest httpServletRequest) {
        boolean z = false;
        if (this.ipPatterns != null) {
            String mostLikelyRemoteAddress = getMostLikelyRemoteAddress(httpServletRequest);
            LOG.debug("Testing {} against allowed IP ranges", mostLikelyRemoteAddress);
            Iterator<SubnetUtils.SubnetInfo> it = this.ipPatterns.iterator();
            while (it.hasNext() && !z) {
                SubnetUtils.SubnetInfo next = it.next();
                z = next.isInRange(mostLikelyRemoteAddress);
                if (z) {
                    LOG.trace("Accepted match ip {} to {}", mostLikelyRemoteAddress, next.getCidrSignature());
                } else {
                    LOG.trace("No match of {} to {}", mostLikelyRemoteAddress, next.getCidrSignature());
                }
            }
        } else {
            LOG.warn("IPAccess restriction filter allowing all through since patterns are not set - likely misconfiguration");
        }
        return z;
    }

    public void setIpPatterns(List<SubnetUtils.SubnetInfo> list) {
        this.ipPatterns = list;
        if (list != null) {
            for (SubnetUtils.SubnetInfo subnetInfo : list) {
                LOG.info("Internal subnet : {} from {} to {} ({} hosts)", new Object[]{subnetInfo.getCidrSignature(), subnetInfo.getLowAddress(), subnetInfo.getHighAddress(), Integer.valueOf(subnetInfo.getAddressCount())});
            }
        }
    }

    public void setIpPatternsByString(List<String> list) {
        if (list == null) {
            this.ipPatterns = null;
            return;
        }
        this.ipPatterns = new LinkedList();
        for (String str : list) {
            SubnetUtils subnetUtils = new SubnetUtils(str);
            if (str.endsWith("/32")) {
                subnetUtils.setInclusiveHostCount(true);
            }
            this.ipPatterns.add(subnetUtils.getInfo());
        }
    }

    public void setIpHeadersToSearch(List<String> list) {
        this.ipHeadersToSearch = list;
    }

    public void setRejectStatusCode(int i) {
        this.rejectStatusCode = i;
    }

    public void setRejectStatusText(String str) {
        this.rejectStatusText = str;
    }
}
