package org.n52.security.service.web.access.condition;

import java.net.InetAddress;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.n52.security.common.ip.IPRange;
import org.n52.security.common.ip.IPRangeParseException;
import org.n52.security.common.ip.IPRangeParser;
import org.n52.security.service.web.WebContext;
import org.n52.security.service.web.WebSecurityProcessingContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/n52/security/service/web/access/condition/IPRangeCondition.class */
public class IPRangeCondition implements Condition {
    private static final Logger LOG = LoggerFactory.getLogger(IPRangeCondition.class);
    private Collection<IPRange> m_ipRanges = Collections.emptyList();

    @Override // org.n52.security.service.web.access.condition.Condition
    public boolean isSatisfied(WebSecurityProcessingContext webSecurityProcessingContext, WebContext webContext) {
        return allIpsInRange(webContext);
    }

    protected boolean allIpsInRange(WebContext webContext) {
        Set<String> clientIps = getClientIps(webContext);
        logAllowedRanges();
        for (String str : clientIps) {
            logIPToCheck(str);
            if (!isInRange(str)) {
                if (!LOG.isDebugEnabled()) {
                    return false;
                }
                LOG.debug("'{}' is NOT in range.", str);
                return false;
            }
        }
        return true;
    }

    protected Set<String> getClientIps(WebContext webContext) {
        String requestorIP = webContext.getRequestorIP();
        List<String> forwardedIPs = webContext.getForwardedIPs();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(requestorIP);
        linkedHashSet.addAll(forwardedIPs);
        return linkedHashSet;
    }

    private void logAllowedRanges() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Allowed IPRanges are:");
            Iterator<T> it = getAllowedRanges().iterator();
            while (it.hasNext()) {
                LOG.debug(((IPRange) it.next()).toString());
            }
        }
    }

    private void logIPToCheck(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Now checking whether ip '" + str + "' is in range or not.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<IPRange> getAllowedRanges() {
        return getIpRanges();
    }

    private boolean isInRange(String str) {
        try {
            InetAddress parseSingleAddress = IPRangeParser.parseSingleAddress(str);
            Iterator<T> it = getAllowedRanges().iterator();
            while (it.hasNext()) {
                if (((IPRange) it.next()).contains(parseSingleAddress)) {
                    return true;
                }
            }
            return false;
        } catch (IPRangeParseException e) {
            LOG.debug("Can't parse IP <" + str + ">, Msg: " + e, e);
            return true;
        }
    }

    public Collection<IPRange> getIpRanges() {
        return this.m_ipRanges;
    }

    public void setIpRanges(Collection<IPRange> collection) {
        this.m_ipRanges = collection;
    }
}
