package org.fao.fi.security.server.javax.filters.origin;

import java.io.IOException;
import java.util.Arrays;
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.fao.fi.security.server.javax.filters.AbstractRequestValidatorFilter;
import org.fao.fi.security.server.javax.filters.origin.configuration.RestrictedIPsConfiguration;
import org.fao.fi.security.server.javax.filters.origin.configuration.RestrictedIPsConstants;
import org.fao.fi.security.server.javax.filters.origin.support.IPRestrictedResource;
import org.fao.fi.security.server.javax.filters.origin.support.IPRestrictor;
import org.slf4j.Logger;

@Priority(1000)
@IPRestrictedResource
/* loaded from: input_file:org/fao/fi/security/server/javax/filters/origin/IPRestrictedResourceRequestValidatorFilter.class */
public class IPRestrictedResourceRequestValidatorFilter extends AbstractRequestValidatorFilter {

    @Context
    private HttpServletRequest _servletRequest;
    private RestrictedIPsConfiguration _configuration;
    private Pattern _validationPattern;

    @Inject
    private IPIdentifier _IPIdentifier;

    @Inject
    public IPRestrictedResourceRequestValidatorFilter(@IPRestrictor RestrictedIPsConfiguration restrictedIPsConfiguration) {
        this._configuration = restrictedIPsConfiguration;
    }

    @PostConstruct
    private void completeInitialization() {
        this._log.info("{} has been initialized with {} and {} as IP identifier", new Object[]{getClass().getSimpleName() + "#" + hashCode(), this._configuration, this._IPIdentifier});
        this._validationPattern = this._configuration.getValidationPattern();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.fao.fi.security.server.javax.filters.AbstractFilter
    public String getSecurityScheme() {
        return RestrictedIPsConstants.RESTRICTED_IP_SECURITY_TYPE_HEADER;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        try {
            String remoteHost = this._servletRequest.getRemoteHost();
            String headerString = containerRequestContext.getHeaderString("X-FORWARDED-FOR");
            Logger logger = this._log;
            Object[] objArr = new Object[4];
            objArr[0] = containerRequestContext.getMethod();
            objArr[1] = containerRequestContext.getUriInfo().getAbsolutePath();
            objArr[2] = remoteHost;
            objArr[3] = headerString == null ? "NOT SET" : headerString;
            logger.debug("Intercepted a {} request for {} coming from host {} [ XFF: {} ]", objArr);
            String[] identify = this._IPIdentifier.identify(this._servletRequest);
            this._log.info("Request IPs being checked are: {}", Arrays.asList(identify));
            boolean z = identify != null && identify.length > 0;
            if (!z) {
                Logger logger2 = this._log;
                Object[] objArr2 = new Object[3];
                objArr2[0] = remoteHost;
                objArr2[1] = headerString == null ? "[ NOT SET ]" : headerString;
                objArr2[2] = this._IPIdentifier.getClass().getSimpleName();
                logger2.warn("Unable to identify IPs from incoming request, based on remote host {}, XFF {} and IP identifier of type {}", objArr2);
            }
            for (String str : identify) {
                this._log.info("Evaluating validity of request coming from {}", str);
                this._log.info("Currently allowed (based on previous identified IPs in request and XFF): {}", Boolean.valueOf(z));
                z &= this._validationPattern.matcher(str).matches();
                this._log.info("Allowed (after applying filtering on IP {}): {}", str, Boolean.valueOf(z));
            }
            if (!z) {
                containerRequestContext.abortWith(errorResponse(Response.Status.FORBIDDEN, "You are not authorized to access this resource"));
                Logger logger3 = this._log;
                Object[] objArr3 = new Object[4];
                objArr3[0] = containerRequestContext.getMethod();
                objArr3[1] = containerRequestContext.getUriInfo().getAbsolutePath();
                objArr3[2] = remoteHost;
                objArr3[3] = headerString == null ? "NOT SET" : headerString;
                logger3.warn("Blocked a {} request for {} coming from host {} [ XFF: {} ]", objArr3);
            }
        } catch (Throwable th) {
            this._log.error("Unexpected {} caught: {}", new Object[]{th.getClass(), th.getMessage(), th});
            containerRequestContext.abortWith(errorResponse(Response.Status.INTERNAL_SERVER_ERROR, th.getMessage()));
        }
    }
}
