package nl.b3p.viewer.util;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import nl.b3p.viewer.config.security.User;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.Hibernate;
import org.stripesstuff.stripersist.Stripersist;

/* loaded from: input_file:nl/b3p/viewer/util/IPAuthenticationFilter.class */
public class IPAuthenticationFilter implements Filter {
    private FilterConfig filterConfig = null;
    private static final int MAX_TIME_USER_CACHE = 20000;
    private static final Log log = LogFactory.getLog(IPAuthenticationFilter.class);
    private static final String IP_CHECK = IPAuthenticationFilter.class + "_IP_CHECK";
    private static final String USER_CHECK = IPAuthenticationFilter.class + "_USER_CHECK";
    private static final String TIME_USER_CHECKED = IPAuthenticationFilter.class + "_TIME_USER_CHECKED";

    /* loaded from: input_file:nl/b3p/viewer/util/IPAuthenticationFilter$RequestWrapper.class */
    class RequestWrapper extends HttpServletRequestWrapper {
        protected Hashtable localParams;

        public RequestWrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
            this.localParams = null;
        }

        public void setParameter(String str, String[] strArr) {
            if (this.localParams == null) {
                this.localParams = new Hashtable();
                Map parameterMap = getRequest().getParameterMap();
                for (Object obj : parameterMap.keySet()) {
                    this.localParams.put(obj, parameterMap.get(obj));
                }
            }
            this.localParams.put(str, strArr);
        }

        public String getParameter(String str) {
            if (this.localParams == null) {
                return getRequest().getParameter(str);
            }
            Object obj = this.localParams.get(str);
            if (obj instanceof String) {
                return (String) obj;
            }
            if (obj instanceof String[]) {
                return ((String[]) obj)[0];
            }
            if (obj == null) {
                return null;
            }
            return obj.toString();
        }

        public String[] getParameterValues(String str) {
            return this.localParams == null ? getRequest().getParameterValues(str) : (String[]) this.localParams.get(str);
        }

        public Enumeration getParameterNames() {
            return this.localParams == null ? getRequest().getParameterNames() : this.localParams.keys();
        }

        public Map getParameterMap() {
            return this.localParams == null ? getRequest().getParameterMap() : this.localParams;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        if (httpServletRequest.getUserPrincipal() != null) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        User user = null;
        if ((session.getAttribute(IP_CHECK) == null && session.getAttribute(USER_CHECK) == null) || isCacheValid(session)) {
            String ip = getIp(httpServletRequest);
            session.setAttribute(IP_CHECK, ip);
            Stripersist.requestInit();
            List<User> resultList = Stripersist.getEntityManager().createQuery("from User", User.class).getResultList();
            ArrayList arrayList = new ArrayList();
            for (User user2 : resultList) {
                if (checkValidIpAddress(httpServletRequest, user2)) {
                    arrayList.add(user2);
                }
            }
            if (arrayList.isEmpty()) {
                log.debug("No possible users found for ip");
            } else if (arrayList.size() == 1) {
                user = (User) arrayList.get(0);
                user.setAuthenticatedByIp(true);
                Hibernate.initialize(user.getGroups());
                session.setAttribute(IP_CHECK, ip);
                session.setAttribute(USER_CHECK, user);
                session.setAttribute(TIME_USER_CHECKED, Long.valueOf(System.currentTimeMillis()));
            } else {
                log.debug("Too many possible users found for ip.");
            }
            Stripersist.requestComplete();
        } else {
            user = (User) session.getAttribute(USER_CHECK);
        }
        final User user3 = user;
        try {
            filterChain.doFilter(new RequestWrapper(httpServletRequest) { // from class: nl.b3p.viewer.util.IPAuthenticationFilter.1
                public Principal getUserPrincipal() {
                    return user3 != null ? user3 : super.getUserPrincipal();
                }

                public String getRemoteUser() {
                    return user3 != null ? user3.getName() : super.getRemoteUser();
                }

                public boolean isUserInRole(String str) {
                    return user3 != null ? user3.checkRole(str) : super.isUserInRole(str);
                }
            }, servletResponse);
        } catch (IOException | ServletException e) {
            log.error("Error processing chain", null);
            throw e;
        }
    }

    public FilterConfig getFilterConfig() {
        return this.filterConfig;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    public String toString() {
        if (this.filterConfig == null) {
            return "IPAuthenticationFilter()";
        }
        return "IPAuthenticationFilter(" + this.filterConfig + ")";
    }

    private boolean checkValidIpAddress(HttpServletRequest httpServletRequest, User user) {
        String ip = getIp(httpServletRequest);
        for (String str : user.getIps()) {
            log.debug("Controleren ip: " + str + " tegen: " + ip);
            if ((str.contains("*") && isRemoteAddressWithinIpRange(str, ip)) || str.equalsIgnoreCase(ip)) {
                return true;
            }
        }
        log.info("IP adres " + ip + " niet toegestaan voor gebruiker " + user.getName());
        return false;
    }

    private String getIp(HttpServletRequest httpServletRequest) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header != null) {
            remoteAddr = header.substring(0, header.contains(",") ? header.indexOf(",") : header.length());
        }
        return remoteAddr;
    }

    protected boolean isRemoteAddressWithinIpRange(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        String[] split = str.split("\\.");
        String[] split2 = str2.split("\\.");
        if (split == null || split.length < 1 || split2 == null || split2.length < 1) {
            return false;
        }
        for (int i = 0; i < split.length; i++) {
            if (!split[i].equalsIgnoreCase("*") && !split[i].equalsIgnoreCase(split2[i])) {
                return false;
            }
        }
        return true;
    }

    private boolean isCacheValid(HttpSession httpSession) {
        if (httpSession == null || httpSession.getAttribute(TIME_USER_CHECKED) == null) {
            return true;
        }
        return System.currentTimeMillis() - ((Long) httpSession.getAttribute(TIME_USER_CHECKED)).longValue() > 20000;
    }
}
