package org.dspace.authenticate;

import com.google.common.net.HttpHeaders;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.ListUtils;
import org.apache.jena.atlas.json.io.JSWriter;
import org.apache.log4j.Logger;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.GroupService;
import org.dspace.services.factory.DSpaceServicesFactory;

/* loaded from: input_file:WEB-INF/lib/dspace-api-6.4.jar:org/dspace/authenticate/IPAuthentication.class */
public class IPAuthentication implements AuthenticationMethod {
    private static Logger log = Logger.getLogger(IPAuthentication.class);
    protected static Boolean useProxies;
    protected List<IPMatcher> ipMatchers = new ArrayList();
    protected List<IPMatcher> ipNegativeMatchers = new ArrayList();
    protected Map<IPMatcher, UUID> ipMatcherGroupIDs = new HashMap();
    protected Map<IPMatcher, String> ipMatcherGroupNames = new HashMap();
    protected GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();

    public IPAuthentication() {
        for (String str : DSpaceServicesFactory.getInstance().getConfigurationService().getPropertyKeys("authentication-ip")) {
            String[] split = str.split("\\.");
            if (split.length == 2) {
                addMatchers(split[1], DSpaceServicesFactory.getInstance().getConfigurationService().getArrayProperty(str));
            } else {
                log.warn("Malformed configuration property name: " + str);
            }
        }
    }

    protected void addMatchers(String str, String[] strArr) {
        IPMatcher iPMatcher;
        for (String str2 : strArr) {
            try {
                if (str2.startsWith("-")) {
                    iPMatcher = new IPMatcher(str2.substring(1));
                    this.ipNegativeMatchers.add(iPMatcher);
                } else {
                    iPMatcher = new IPMatcher(str2);
                    this.ipMatchers.add(iPMatcher);
                }
                this.ipMatcherGroupNames.put(iPMatcher, str);
                if (log.isDebugEnabled()) {
                    log.debug("Configured " + str2 + " for special group " + str);
                }
            } catch (IPMatcherException e) {
                log.warn("Malformed IP range specified for group " + str, e);
            }
        }
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean canSelfRegister(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public void initEPerson(Context context, HttpServletRequest httpServletRequest, EPerson ePerson) throws SQLException {
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean allowSetPassword(Context context, HttpServletRequest httpServletRequest, String str) throws SQLException {
        return false;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public boolean isImplicit() {
        return true;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public List<Group> getSpecialGroups(Context context, HttpServletRequest httpServletRequest) throws SQLException {
        if (httpServletRequest == null) {
            return ListUtils.EMPTY_LIST;
        }
        ArrayList arrayList = new ArrayList();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (useProxies == null) {
            useProxies = Boolean.valueOf(ConfigurationManager.getBooleanProperty("useProxies", false));
        }
        if (useProxies.booleanValue() && httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_FOR) != null) {
            for (String str : httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_FOR).split(",")) {
                if (!httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_FOR).contains(remoteAddr)) {
                    remoteAddr = str.trim();
                }
            }
        }
        for (IPMatcher iPMatcher : this.ipMatchers) {
            try {
                if (iPMatcher.match(remoteAddr)) {
                    UUID uuid = this.ipMatcherGroupIDs.get(iPMatcher);
                    if (uuid != null) {
                        arrayList.add(this.groupService.find(context, uuid));
                    } else {
                        String str2 = this.ipMatcherGroupNames.get(iPMatcher);
                        if (str2 != null) {
                            Group findByName = this.groupService.findByName(context, str2);
                            if (findByName != null) {
                                this.ipMatcherGroupIDs.put(iPMatcher, findByName.getID());
                                this.ipMatcherGroupNames.remove(iPMatcher);
                                arrayList.add(findByName);
                            } else {
                                log.warn(LogManager.getHeader(context, "configuration_error", "unknown_group=" + str2));
                            }
                        }
                    }
                }
            } catch (IPMatcherException e) {
                log.warn(LogManager.getHeader(context, "configuration_error", "bad_ip=" + remoteAddr), e);
            }
        }
        for (IPMatcher iPMatcher2 : this.ipNegativeMatchers) {
            try {
                if (iPMatcher2.match(remoteAddr)) {
                    UUID uuid2 = this.ipMatcherGroupIDs.get(iPMatcher2);
                    if (uuid2 != null) {
                        arrayList.remove(this.groupService.find(context, uuid2));
                    } else {
                        String str3 = this.ipMatcherGroupNames.get(iPMatcher2);
                        if (str3 != null) {
                            Group findByName2 = this.groupService.findByName(context, str3);
                            if (findByName2 != null) {
                                this.ipMatcherGroupIDs.put(iPMatcher2, findByName2.getID());
                                this.ipMatcherGroupNames.remove(iPMatcher2);
                                arrayList.remove(findByName2);
                            } else {
                                log.warn(LogManager.getHeader(context, "configuration_error", "unknown_group=" + str3));
                            }
                        }
                    }
                }
            } catch (IPMatcherException e2) {
                log.warn(LogManager.getHeader(context, "configuration_error", "bad_ip=" + remoteAddr), e2);
            }
        }
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append(((Group) it.next()).getID()).append(JSWriter.ArraySep);
            }
            log.debug(LogManager.getHeader(context, "authenticated", "special_groups=" + sb.toString()));
        }
        return arrayList;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public int authenticate(Context context, String str, String str2, String str3, HttpServletRequest httpServletRequest) throws SQLException {
        return 5;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageURL(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return null;
    }

    @Override // org.dspace.authenticate.AuthenticationMethod
    public String loginPageTitle(Context context) {
        return null;
    }
}
