package edu.internet2.middleware.shibboleth.idp.authn.provider;

import edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine;
import edu.internet2.middleware.shibboleth.idp.authn.LoginHandler;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.BitSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/authn/provider/IPAddressLoginHandler.class */
public class IPAddressLoginHandler extends AbstractLoginHandler {
    private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandler.class);
    private String authnMethodURI = "urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol";
    private String username;
    private boolean defaultDeny;
    private List<IPEntry> ipList;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/authn/provider/IPAddressLoginHandler$IPEntry.class */
    public class IPEntry {
        private final BitSet networkAddress;
        private final BitSet netmask;

        public IPEntry(String str) throws UnknownHostException {
            if (str == null || str.length() == 0) {
                throw new UnknownHostException("entry is null.");
            }
            int indexOf = str.indexOf("/");
            if (indexOf == -1) {
                IPAddressLoginHandler.this.log.error("Invalid entry \"" + str + "\" -- it lacks a netmask component.");
                throw new UnknownHostException("entry lacks a netmask component.");
            }
            if (str.indexOf("/", indexOf + 1) != -1) {
                IPAddressLoginHandler.this.log.error("Invalid entry \"" + str + "\" -- too many \"/\" present.");
                throw new UnknownHostException("entry has too many netmask components.");
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1, str.length());
            InetAddress byName = InetAddress.getByName(substring);
            this.networkAddress = IPAddressLoginHandler.this.byteArrayToBitSet(byName.getAddress());
            int parseInt = Integer.parseInt(substring2);
            int length = this.networkAddress.length();
            if ((byName instanceof Inet4Address) && parseInt > 32) {
                throw new UnknownHostException("Netmask is too large for an IPv4 address: " + parseInt);
            }
            if ((byName instanceof Inet6Address) && parseInt > 128) {
                throw new UnknownHostException("Netmask is too large for an IPv6 address: " + parseInt);
            }
            this.netmask = new BitSet(length);
            this.netmask.set(length - parseInt, length, true);
        }

        public BitSet getNetworkAddress() {
            return this.networkAddress;
        }

        public BitSet getNetmask() {
            return this.netmask;
        }
    }

    public void setEntries(List<String> list, boolean z) {
        this.defaultDeny = z;
        this.ipList = new CopyOnWriteArrayList();
        for (String str : list) {
            try {
                this.ipList.add(new IPEntry(str));
            } catch (UnknownHostException e) {
                this.log.error("IPAddressHandler: Error parsing IP entry \"" + str + "\". Ignoring.");
            }
        }
    }

    @Override // edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler, edu.internet2.middleware.shibboleth.idp.authn.LoginHandler
    public boolean supportsPassive() {
        return true;
    }

    @Override // edu.internet2.middleware.shibboleth.idp.authn.provider.AbstractLoginHandler, edu.internet2.middleware.shibboleth.idp.authn.LoginHandler
    public boolean supportsForceAuthentication() {
        return true;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    @Override // edu.internet2.middleware.shibboleth.idp.authn.LoginHandler
    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.defaultDeny) {
            handleDefaultDeny(httpServletRequest, httpServletResponse);
        } else {
            handleDefaultAllow(httpServletRequest, httpServletResponse);
        }
        AuthenticationEngine.returnToAuthenticationEngine(httpServletRequest, httpServletResponse);
    }

    protected void handleDefaultDeny(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (searchIpList(httpServletRequest)) {
            this.log.debug("Authenticated user by IP address");
            httpServletRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, this.username);
        }
    }

    protected void handleDefaultAllow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (searchIpList(httpServletRequest)) {
            return;
        }
        this.log.debug("Authenticated user by IP address");
        httpServletRequest.setAttribute(LoginHandler.PRINCIPAL_NAME_KEY, this.username);
    }

    private boolean searchIpList(ServletRequest servletRequest) {
        boolean z = false;
        try {
            BitSet byteArrayToBitSet = byteArrayToBitSet(InetAddress.getByName(servletRequest.getRemoteAddr()).getAddress());
            Iterator<IPEntry> it = this.ipList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                IPEntry next = it.next();
                BitSet networkAddress = next.getNetworkAddress();
                byteArrayToBitSet.and(next.getNetmask());
                if (byteArrayToBitSet.equals(networkAddress)) {
                    z = true;
                    break;
                }
            }
            return z;
        } catch (UnknownHostException e) {
            this.log.error("Error resolving hostname.", e);
            return false;
        }
    }

    protected BitSet byteArrayToBitSet(byte[] bArr) {
        BitSet bitSet = new BitSet();
        for (int i = 0; i < bArr.length * 8; i++) {
            if ((bArr[(bArr.length - (i / 8)) - 1] & (1 << (i % 8))) > 0) {
                bitSet.set(i);
            }
        }
        return bitSet;
    }
}
