package grails.plugin.springsecurity.web.filter;

import grails.plugin.springsecurity.InterceptedUrl;
import grails.plugin.springsecurity.ReflectionUtils;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.util.matcher.IpAddressMatcher;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/classes/grails/plugin/springsecurity/web/filter/IpAddressFilter.class */
public class IpAddressFilter extends GenericFilterBean {
    protected static final String IPV4_LOOPBACK = "127.0.0.1";
    protected static final String IPV6_LOOPBACK = "0:0:0:0:0:0:0:1";
    protected List<InterceptedUrl> restrictions;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected final AntPathMatcher pathMatcher = new AntPathMatcher();
    protected boolean allowLocalhost = true;

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isAllowed(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            deny(httpServletRequest, httpServletResponse);
        }
    }

    protected void deny(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(404);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.web.filter.GenericFilterBean
    public void initFilterBean() {
        Assert.notNull(this.restrictions, "ipRestrictions map is required");
    }

    public void setIpRestrictions(Map<String, Object> map) {
        this.restrictions = ReflectionUtils.splitMap(map, false);
    }

    public void setAllowLocalhost(boolean z) {
        this.allowLocalhost = z;
    }

    protected boolean isAllowed(HttpServletRequest httpServletRequest) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (this.allowLocalhost && ("127.0.0.1".equals(remoteAddr) || "0:0:0:0:0:0:0:1".equals(remoteAddr))) {
            return true;
        }
        String str = (String) httpServletRequest.getAttribute("javax.servlet.forward.request_uri");
        if (!StringUtils.hasLength(str)) {
            str = httpServletRequest.getRequestURI();
            if (!httpServletRequest.getContextPath().equals("/") && str.startsWith(httpServletRequest.getContextPath())) {
                str = str.substring(httpServletRequest.getContextPath().length());
            }
        }
        List<InterceptedUrl> findMatchingRules = findMatchingRules(str);
        if (findMatchingRules.isEmpty()) {
            return true;
        }
        Iterator<InterceptedUrl> it = findMatchingRules.iterator();
        while (it.hasNext()) {
            Iterator<ConfigAttribute> it2 = it.next().getConfigAttributes().iterator();
            while (it2.hasNext()) {
                if (new IpAddressMatcher(it2.next().getAttribute()).matches(httpServletRequest)) {
                    return true;
                }
            }
        }
        this.log.warn("disallowed request {} from {}", str, remoteAddr);
        return false;
    }

    protected List<InterceptedUrl> findMatchingRules(String str) {
        ArrayList arrayList = new ArrayList();
        for (InterceptedUrl interceptedUrl : this.restrictions) {
            if (this.pathMatcher.match(interceptedUrl.getPattern(), str)) {
                arrayList.add(interceptedUrl);
            }
        }
        return arrayList;
    }
}
