package pl.edu.icm.synat.portal.web.security;

import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.net.util.SubnetUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;

/* loaded from: input_file:WEB-INF/lib/synat-portal-core-1.25.9.jar:pl/edu/icm/synat/portal/web/security/TrustedAnonymousAuthenticationFilter.class */
public class TrustedAnonymousAuthenticationFilter extends AnonymousAuthenticationFilter {
    private static Logger logger = LoggerFactory.getLogger(TrustedAnonymousAuthenticationFilter.class);
    private static final String ROLE_ANONYMOUS_FROM_TRUSTED_IP = "ROLE_ANONYMOUS_FROM_TRUSTED_IP";
    private String trustedAddressed;

    public TrustedAnonymousAuthenticationFilter() {
        super("default");
    }

    public TrustedAnonymousAuthenticationFilter(String str, Object obj, List<GrantedAuthority> list) {
        super(str, obj, list);
    }

    public TrustedAnonymousAuthenticationFilter(String str) {
        super(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AnonymousAuthenticationFilter
    public Authentication createAuthentication(HttpServletRequest httpServletRequest) {
        Authentication createAuthentication = super.createAuthentication(httpServletRequest);
        if (isFromTrustedIP(httpServletRequest)) {
            SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(ROLE_ANONYMOUS_FROM_TRUSTED_IP);
            ArrayList arrayList = new ArrayList();
            arrayList.add(simpleGrantedAuthority);
            createAuthentication = new AnonymousAuthenticationToken("somekey", createAuthentication.getPrincipal(), arrayList);
        }
        return createAuthentication;
    }

    private boolean isFromTrustedIP(HttpServletRequest httpServletRequest) {
        SubnetUtils subnetUtils;
        if (!StringUtils.isNotBlank(this.trustedAddressed)) {
            return false;
        }
        for (String str : StringUtils.split(this.trustedAddressed, ScriptUtils.DEFAULT_STATEMENT_SEPARATOR)) {
            try {
                subnetUtils = new SubnetUtils(str);
                subnetUtils.setInclusiveHostCount(true);
            } catch (IllegalArgumentException e) {
                logger.error("Trusted CIDR address is invalid: " + e.getMessage());
            }
            if (subnetUtils.getInfo().isInRange(httpServletRequest.getRemoteAddr())) {
                return true;
            }
        }
        return false;
    }

    public void setTrustedAddressed(String str) {
        this.trustedAddressed = str;
        if (StringUtils.isNotBlank(str)) {
            for (String str2 : StringUtils.split(str, ScriptUtils.DEFAULT_STATEMENT_SEPARATOR)) {
                try {
                    logger.info("Trusted IP: " + new SubnetUtils(str2).getInfo().toString());
                } catch (IllegalArgumentException e) {
                    logger.error("Trusted CIDR address is invalid: " + e.getMessage());
                }
            }
        }
    }
}
