package org.n52.security.service.facade;

import java.net.InetAddress;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.service.facade.ip.IPIntervalRange;
import org.n52.security.service.facade.ip.IPRange;
import org.n52.security.service.facade.ip.IPRangeParseException;
import org.n52.security.service.facade.ip.IPRangeStringUtils;

/* loaded from: input_file:org/n52/security/service/facade/IPFilterConstraint.class */
public class IPFilterConstraint implements FacadeConstraint {
    private static final Log LOG = LogFactory.getLog(IPFilterConstraint.class);
    private Set<IPRange> m_ipRanges = new HashSet();
    private final boolean m_active;

    public IPFilterConstraint(String str, boolean z) {
        try {
            this.m_ipRanges.add(new IPIntervalRange(IPRangeStringUtils.parseSingleAddress(str)));
            this.m_active = z;
        } catch (IPRangeParseException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public IPFilterConstraint(boolean z) {
        this.m_active = z;
    }

    public void addIPRange(IPRange iPRange) {
        this.m_ipRanges.add(iPRange);
    }

    public void addIPRanges(List<IPRange> list) {
        this.m_ipRanges.addAll(list);
    }

    public List<IPRange> getIPRanges() {
        return new ArrayList(this.m_ipRanges);
    }

    public void clearIPRanges() {
        this.m_ipRanges.clear();
    }

    @Override // org.n52.security.service.facade.FacadeConstraint
    public void check(FacadeRequest facadeRequest) throws FacadeConstraintViolationException {
        if (this.m_active) {
            String str = (String) facadeRequest.getRequest().getAttribute("request.ip").getValue();
            if (str == null || str.equals("")) {
                LOG.warn("No IP address information attached accessing an ip filter-enabled facade. Blocking request");
                throw new FacadeConstraintViolationException("No IP address information available", this);
            }
            try {
                InetAddress parseSingleAddress = IPRangeStringUtils.parseSingleAddress(str);
                if (isIPRestricted(parseSingleAddress)) {
                    throw new FacadeConstraintViolationException("Access from IP " + str + " forbidden.", this);
                }
                String str2 = (String) facadeRequest.getRequest().getAttribute("X-Forwarded-For").getValue();
                if (str2 == null || str2.length() <= 0) {
                    return;
                }
                boolean z = false;
                boolean z2 = false;
                int i = 0;
                StringTokenizer stringTokenizer = new StringTokenizer(str2, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    String trim = stringTokenizer.nextToken().trim();
                    if (trim.length() > 0) {
                        i++;
                        try {
                            InetAddress parseSingleAddress2 = IPRangeStringUtils.parseSingleAddress(trim);
                            if (!isIPRestricted(parseSingleAddress2)) {
                                z |= !parseSingleAddress.equals(parseSingleAddress2);
                                z2 |= parseSingleAddress.equals(parseSingleAddress2);
                            }
                        } catch (IPRangeParseException e) {
                            LOG.debug("Can't parse X-Forwarded-For Header Part: <" + trim + ">, Msg: " + e, e);
                        }
                    }
                }
                if (z) {
                    return;
                }
                if (i != 1 || !z2) {
                    throw new FacadeConstraintViolationException("IP constrain not fulfilled -> access forbidden.", this);
                }
            } catch (IPRangeParseException e2) {
                throw new IllegalArgumentException(e2);
            }
        }
    }

    private boolean isIPRestricted(InetAddress inetAddress) {
        Iterator<IPRange> it = this.m_ipRanges.iterator();
        while (it.hasNext()) {
            if (it.next().contains(inetAddress)) {
                return false;
            }
        }
        return true;
    }

    public String toString() {
        return IPRangeStringUtils.rangesToList(getIPRanges(), ",");
    }

    public boolean isActive() {
        return this.m_active;
    }

    public String getIpAddress() {
        return IPRangeStringUtils.rangesToList(getIPRanges(), ",");
    }
}
