package org.duracloud.security.vote;

import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import org.duracloud.security.impl.DuracloudUserDetails;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.IpAddressMatcher;

/* loaded from: input_file:WEB-INF/lib/security-4.3.9.jar:org/duracloud/security/vote/UserIpLimitsAccessVoter.class */
public class UserIpLimitsAccessVoter implements AccessDecisionVoter {
    private final Logger log = LoggerFactory.getLogger(UserIpLimitsAccessVoter.class);

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(Class cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public int vote(Authentication authentication, Object obj, Collection collection) {
        if (obj != null && !supports(obj.getClass())) {
            this.log.debug(VoterUtil.debugText("UserIpLimitsAccessVoter", authentication, collection, obj, 0));
            return 0;
        }
        HttpServletRequest httpRequest = ((FilterInvocation) obj).getHttpRequest();
        if (null == httpRequest) {
            this.log.debug(VoterUtil.debugText("UserIpLimitsAccessVoter", authentication, collection, obj, -1));
            return -1;
        }
        String userIpLimits = getUserIpLimits(authentication);
        if (null == userIpLimits || userIpLimits.equals("")) {
            this.log.debug(VoterUtil.debugText("UserIpLimitsAccessVoter", authentication, collection, obj, 0));
            return 0;
        }
        String remoteAddr = httpRequest.getRemoteAddr();
        for (String str : userIpLimits.split(ScriptUtils.DEFAULT_STATEMENT_SEPARATOR)) {
            if (ipInRange(remoteAddr, str)) {
                this.log.debug(VoterUtil.debugText("UserIpLimitsAccessVoter", authentication, collection, obj, 1));
                return 1;
            }
        }
        this.log.debug(VoterUtil.debugText("UserIpLimitsAccessVoter", authentication, collection, obj, -1));
        return -1;
    }

    protected String getUserIpLimits(Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof DuracloudUserDetails) {
            return ((DuracloudUserDetails) principal).getIpLimits();
        }
        return null;
    }

    protected boolean ipInRange(String str, String str2) {
        return new IpAddressMatcher(str2).matches(str);
    }
}
