package net.shibboleth.shared.security.impl;

import com.google.common.net.InetAddresses;
import jakarta.servlet.ServletRequest;
import java.util.Collection;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.AbstractIdentifiableInitializableComponent;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.net.IPRange;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.security.AccessControl;
import net.shibboleth.shared.servlet.HttpServletSupport;
import org.slf4j.Logger;

/* loaded from: input_file:BOOT-INF/lib/shib-security-9.1.1.jar:net/shibboleth/shared/security/impl/IPRangeAccessControl.class */
public class IPRangeAccessControl extends AbstractIdentifiableInitializableComponent implements AccessControl {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) IPRangeAccessControl.class);

    @Nonnull
    private Collection<IPRange> allowedRanges = CollectionSupport.emptyList();

    public void setAllowedRanges(@Nonnull Collection<IPRange> collection) {
        checkSetterPreconditions();
        Constraint.isNotNull(collection, "IPRange collection cannot be null");
        this.allowedRanges = CollectionSupport.copyToList(collection);
    }

    @Override // net.shibboleth.shared.security.AccessControl
    public boolean checkAccess(@Nonnull ServletRequest servletRequest, @Nullable String str, @Nullable String str2) {
        Constraint.isNotNull(servletRequest, "ServletRequest cannot be null");
        String remoteAddr = HttpServletSupport.getRemoteAddr(servletRequest);
        if (remoteAddr == null) {
            this.log.warn("{} Denied request from client address 'unknown' (Operation: {}, Resource: {})", getLogPrefix(), str, str2);
            return false;
        }
        this.log.debug("{} Evaluating client address '{}'", getLogPrefix(), remoteAddr);
        try {
            byte[] address = InetAddresses.forString(remoteAddr).getAddress();
            Iterator<IPRange> it = this.allowedRanges.iterator();
            while (it.hasNext()) {
                if (it.next().contains(address)) {
                    this.log.debug("{} Granted access to client address '{}' (Operation: {}, Resource: {})", getLogPrefix(), remoteAddr, str, str2);
                    return true;
                }
            }
        } catch (IllegalArgumentException e) {
            this.log.warn("{} Error translating client address", getLogPrefix(), e);
        }
        this.log.warn("{} Denied request from client address '{}' (Operation: {}, Resource: {})", getLogPrefix(), remoteAddr, str, str2);
        return false;
    }

    @Nonnull
    private String getLogPrefix() {
        return "Policy " + ensureId() + ":";
    }
}
