package org.apache.jetspeed.pipeline.valve.impl;

import java.io.IOException;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.SecurityValve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.request.RequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jetspeed/pipeline/valve/impl/SimpleSecurityValveImpl.class */
public class SimpleSecurityValveImpl extends AbstractFilterValveImpl implements SecurityValve {
    private static final Logger log = LoggerFactory.getLogger(SimpleSecurityValveImpl.class);
    public static final String HTTP_AUTHORIZATION_HEADER = "Authorization";
    public static final String HTTP_WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    private static final String DEFAULT_AUTHENTICATION_REALM = "Jetspeed Portal";
    private String name;
    private String authenticationRealm;
    private String authenticationUser;
    private String authenticationPasswordHash;
    private List<String> validIPAddresses;
    private List<ValidIPAddress> parsedValidIPAddresses = new ArrayList();

    /* loaded from: input_file:org/apache/jetspeed/pipeline/valve/impl/SimpleSecurityValveImpl$ValidIPAddress.class */
    private static class ValidIPAddress {
        private int mask;
        private int ip;

        private ValidIPAddress(String str) throws UnknownHostException {
            int indexOf = str.indexOf("/");
            if (indexOf != -1) {
                this.mask = (-1) << (32 - Integer.parseInt(str.substring(indexOf + 1)));
                str = str.substring(0, indexOf);
            } else {
                this.mask = -1;
            }
            this.ip = SimpleSecurityValveImpl.getIP(str) & this.mask;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean matchIP(int i) {
            return (i & this.mask) == this.ip;
        }
    }

    public SimpleSecurityValveImpl(String str) {
        this.name = str;
    }

    @Override // org.apache.jetspeed.pipeline.valve.AbstractValve
    public void invoke(RequestContext requestContext, ValveContext valveContext) throws PipelineException {
        String pathInfo = requestContext.getRequest().getPathInfo();
        if (includesRequestPath(pathInfo) && !excludesRequestPath(pathInfo)) {
            if (this.authenticationRealm != null) {
                boolean z = false;
                String header = requestContext.getRequest().getHeader(HTTP_AUTHORIZATION_HEADER);
                if (header != null && header.startsWith("Basic ")) {
                    try {
                        header = new String(Base64.decodeBase64(header.substring(6)), "UTF-8");
                    } catch (Exception e) {
                        header = null;
                    }
                    if (header != null && !header.isEmpty()) {
                        String[] split = header.split(":");
                        if (split.length == 2 && this.authenticationUser.equals(split[0])) {
                            z = DigestUtils.md5Hex(split[1]).equalsIgnoreCase(this.authenticationPasswordHash);
                        }
                    }
                }
                if (!z) {
                    if (log.isDebugEnabled()) {
                        log.debug("Request filtered by " + requestContext.getPipeline().getName() + "." + this.name + " authorization: " + header);
                    }
                    try {
                        requestContext.getResponse().setHeader(HTTP_WWW_AUTHENTICATE_HEADER, "Basic realm=\"" + this.authenticationRealm + "\"");
                        requestContext.getResponse().sendError(401);
                        return;
                    } catch (IOException e2) {
                        if (log.isDebugEnabled()) {
                            log.error("Unexpected exception sending error for filtered request, (" + requestContext.getRequest().getPathInfo() + "): " + e2, e2);
                            return;
                        }
                        return;
                    }
                }
            }
            if (!this.parsedValidIPAddresses.isEmpty()) {
                String remoteAddr = requestContext.getRequest().getRemoteAddr();
                boolean z2 = false;
                try {
                    int ip = getIP(remoteAddr);
                    Iterator<ValidIPAddress> it = this.parsedValidIPAddresses.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        } else if (it.next().matchIP(ip)) {
                            z2 = true;
                            break;
                        }
                    }
                } catch (Exception e3) {
                }
                if (!z2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Request filtered by " + requestContext.getPipeline().getName() + "." + this.name + " IP address: " + remoteAddr);
                    }
                    try {
                        requestContext.getResponse().sendError(403);
                        return;
                    } catch (IOException e4) {
                        if (log.isDebugEnabled()) {
                            log.error("Unexpected exception sending error for filtered request, (" + requestContext.getRequest().getPathInfo() + "): " + e4, e4);
                            return;
                        }
                        return;
                    }
                }
            }
        }
        valveContext.invokeNext(requestContext);
    }

    @Override // org.apache.jetspeed.pipeline.valve.AbstractValve
    public void initialize() throws PipelineException {
        if (this.authenticationUser == null || this.authenticationUser.isEmpty() || this.authenticationPasswordHash == null || this.authenticationPasswordHash.isEmpty()) {
            this.authenticationRealm = null;
            this.authenticationUser = null;
            this.authenticationPasswordHash = null;
        } else if (this.authenticationRealm == null || this.authenticationRealm.isEmpty()) {
            this.authenticationRealm = DEFAULT_AUTHENTICATION_REALM;
        }
        if (this.validIPAddresses == null || this.validIPAddresses.isEmpty()) {
            return;
        }
        for (String str : this.validIPAddresses) {
            try {
                this.parsedValidIPAddresses.add(new ValidIPAddress(str));
            } catch (Exception e) {
                log.error("SimpleSecurityValve: unable to parse valid IP address '" + str + "': " + e, e);
            }
        }
    }

    public String getName() {
        return this.name;
    }

    public String getAuthenticationRealm() {
        return this.authenticationRealm;
    }

    public void setAuthenticationRealm(String str) {
        this.authenticationRealm = str;
    }

    public String getAuthenticationUser() {
        return this.authenticationUser;
    }

    public void setAuthenticationUser(String str) {
        this.authenticationUser = str;
    }

    public String getAuthenticationPasswordHash() {
        return this.authenticationPasswordHash;
    }

    public void setAuthenticationPasswordHash(String str) {
        this.authenticationPasswordHash = str;
    }

    public List<String> getValidIPAddresses() {
        return this.validIPAddresses;
    }

    public void setValidIPAddresses(List<String> list) {
        this.validIPAddresses = list;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int getIP(String str) throws UnknownHostException {
        InetAddress byName = InetAddress.getByName(str);
        if (!(byName instanceof Inet4Address)) {
            throw new UnknownHostException(str);
        }
        byte[] address = ((Inet4Address) byName).getAddress();
        return ((address[0] & 255) << 24) | ((address[1] & 255) << 16) | ((address[2] & 255) << 8) | ((address[3] & 255) << 0);
    }
}
