package com.gentics.contentnode.security;

import com.gentics.contentnode.etc.NodePreferences;
import com.gentics.contentnode.runtime.NodeConfigRuntimeConfiguration;
import com.gentics.lib.etc.StringUtils;
import com.gentics.lib.log.NodeLogger;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.ripe.commons.ip.Ipv4;
import net.ripe.commons.ip.Ipv4Range;
import net.ripe.commons.ip.Ipv6;
import net.ripe.commons.ip.Ipv6Range;
import org.apache.commons.validator.routines.InetAddressValidator;
import org.jvnet.hk2.annotations.Service;

@Service
/* loaded from: input_file:com/gentics/contentnode/security/AccessControlService.class */
public class AccessControlService {
    private static NodeLogger log;
    protected String configurationKey;
    protected boolean commandsSecured;
    protected List<String> allowedHosts;
    private NodePreferences nodePreferences;
    final String PROPERTY_PREFIX = "config.accesscontrol";

    public AccessControlService(String str) {
        this.allowedHosts = new ArrayList();
        this.PROPERTY_PREFIX = "config.accesscontrol";
        this.nodePreferences = NodeConfigRuntimeConfiguration.getPreferences();
        this.configurationKey = str;
        init();
    }

    public AccessControlService(String str, Supplier<NodePreferences> supplier) {
        this.allowedHosts = new ArrayList();
        this.PROPERTY_PREFIX = "config.accesscontrol";
        this.nodePreferences = supplier.get();
        this.configurationKey = str;
        init();
    }

    private void init() {
        log = NodeLogger.getNodeLogger(getClass());
        this.commandsSecured = Boolean.parseBoolean(getCustomPropertyOrDefault("secured"));
        for (String str : StringUtils.splitString(getCustomPropertyOrDefault("allowedfrom"), ',')) {
            this.allowedHosts.add(str.trim());
        }
    }

    public AccessControlService() {
        this.allowedHosts = new ArrayList();
        this.PROPERTY_PREFIX = "config.accesscontrol";
    }

    private String getCustomPropertyOrDefault(String str) {
        String property = this.nodePreferences.getProperty(String.format("%s.%s.%s", "config.accesscontrol", this.configurationKey, str));
        if (property != null) {
            return property;
        }
        String property2 = this.nodePreferences.getProperty(String.format("%s.default.%s", "config.accesscontrol", str));
        if (property2 != null) {
            return property2;
        }
        log.warn(String.format("Neither default nor custom property for '%s.%s' is specified", "config.accesscontrol", str));
        return "";
    }

    public static boolean isIpAddressInList(String str, Collection<String> collection) {
        if (!str.contains(":")) {
            Ipv4 of = Ipv4.of(str);
            for (String str2 : collection) {
                if (str2.contains("/")) {
                    return Ipv4Range.parse(str2).contains(of);
                }
                if (InetAddressValidator.getInstance().isValidInet4Address(str2) && Ipv4.of(str2).equals(of)) {
                    return true;
                }
            }
            return false;
        }
        Ipv6 of2 = Ipv6.of(str);
        for (String str3 : collection) {
            if (str3.contains("/") && Ipv6Range.parse(str3).contains(of2)) {
                return true;
            }
            if (InetAddressValidator.getInstance().isValidInet6Address(str3) && Ipv6.of(str3).equals(of2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isHostInList(String str, Collection<String> collection) {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean verifyAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.commandsSecured) {
            return true;
        }
        String cleanedAddress = getCleanedAddress(httpServletRequest.getRemoteAddr());
        String cleanedAddress2 = getCleanedAddress(httpServletRequest.getRemoteHost());
        if (isIpAddressInList(cleanedAddress) || isHostInList(cleanedAddress2)) {
            return true;
        }
        log.error(String.format("Access from remote address {%s} (host {%s}) forbidden - Allowed hosts: {%s} - Configuration: accesscontrol.%s", httpServletRequest.getRemoteAddr(), httpServletRequest.getRemoteHost(), this.allowedHosts, this.configurationKey));
        if (httpServletResponse == null) {
            return false;
        }
        try {
            httpServletResponse.sendError(403, "Access denied");
            return false;
        } catch (IOException e) {
            log.error("could not add error code to response", e);
            return false;
        }
    }

    private String getCleanedAddress(String str) {
        return str.replace("[", "").replace("]", "").trim();
    }

    public boolean isIpAddressInList(String str) {
        return isIpAddressInList(str, this.allowedHosts);
    }

    public boolean isHostInList(String str) {
        return isHostInList(str, this.allowedHosts);
    }
}
