package net.shibboleth.utilities.java.support.security;

import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import com.google.common.net.InetAddresses;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.ServletRequest;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.IPRange;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/opensaml/main/java-support-7.1.1.jar:net/shibboleth/utilities/java/support/security/IPRangeAccessControl.class */
public class IPRangeAccessControl extends AbstractIdentifiableInitializableComponent implements AccessControl {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(IPRangeAccessControl.class);

    @NonnullElements
    @Nonnull
    private Collection<IPRange> allowedRanges = Collections.emptyList();

    public void setAllowedRanges(@NonnullElements @Nonnull Collection<IPRange> collection) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(collection, "IPRange collection cannot be null");
        this.allowedRanges = new ArrayList(Collections2.filter(collection, Predicates.notNull()));
    }

    @Override // net.shibboleth.utilities.java.support.security.AccessControl
    public boolean checkAccess(@Nonnull ServletRequest servletRequest, @Nullable String str, @Nullable String str2) {
        Constraint.isNotNull(servletRequest, "ServletRequest cannot be null");
        String remoteAddr = servletRequest.getRemoteAddr();
        if (remoteAddr == null) {
            this.log.warn("{} No client address, access denied", getLogPrefix());
            return false;
        }
        this.log.debug("{} Evaluating client address '{}'", getLogPrefix(), remoteAddr);
        try {
            byte[] address = InetAddresses.forString(remoteAddr).getAddress();
            Iterator<IPRange> it = this.allowedRanges.iterator();
            while (it.hasNext()) {
                if (it.next().contains(address)) {
                    return true;
                }
            }
        } catch (IllegalArgumentException e) {
            this.log.warn(getLogPrefix() + " Error translating client address", (Throwable) e);
        }
        this.log.warn("{} Denied request from client address '{}'", getLogPrefix(), remoteAddr);
        return false;
    }

    @Nonnull
    private String getLogPrefix() {
        return "Policy " + getId() + ":";
    }
}
