package com.yiji.framework.watcher.http.adaptor.web;

import com.google.common.base.Charsets;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.yiji.framework.watcher.Utils;
import com.yiji.framework.watcher.http.adaptor.web.util.IPAddress;
import com.yiji.framework.watcher.http.adaptor.web.util.IPRange;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yiji/framework/watcher/http/adaptor/web/AccessControlServlet.class */
public class AccessControlServlet extends HttpServlet {
    private static final Logger logger = LoggerFactory.getLogger(AccessControlServlet.class);
    public static final String PARAM_NAME_ALLOW = "allow";
    public static final String PARAM_NAME_DENY = "deny";
    public static final String PARAM_REMOTE_ADDR = "clientIpHttpHeaderName";
    public static final String PARAM_NAME_DENY_ALL = "denyAll";
    public static final String UNKNOWN = "unknown";
    protected String clientIpHttpHeaderName;
    protected boolean allowIntranetAccess = true;
    protected List<IPRange> allowList = new ArrayList();
    protected List<IPRange> denyList = new ArrayList();
    private boolean denyAll = false;
    private List<IPRange> intranetIpRange = Lists.newArrayList(new IPRange[]{new IPRange("10.0.0.0/8"), new IPRange("172.16.0.0/12"), new IPRange("192.168.0.0/16")});

    public void init() throws ServletException {
        this.denyAll = Boolean.parseBoolean(getInitParameter(PARAM_NAME_DENY_ALL));
        String initParameter = getInitParameter(PARAM_REMOTE_ADDR);
        if (!Utils.isEmpty(initParameter)) {
            this.clientIpHttpHeaderName = initParameter;
        }
        try {
            String initParameter2 = getInitParameter(PARAM_NAME_ALLOW);
            if (initParameter2 != null && initParameter2.trim().length() != 0) {
                for (String str : initParameter2.trim().split(",")) {
                    if (str != null && str.length() != 0) {
                        this.allowList.add(new IPRange(str));
                    }
                }
            }
        } catch (Exception e) {
            logger.error("initParameter config error, allow : " + getInitParameter(PARAM_NAME_ALLOW), e);
        }
        try {
            String initParameter3 = getInitParameter(PARAM_NAME_DENY);
            if (initParameter3 != null && initParameter3.trim().length() != 0) {
                for (String str2 : initParameter3.trim().split(",")) {
                    if (str2 != null && str2.length() != 0) {
                        this.denyList.add(new IPRange(str2));
                    }
                }
            }
        } catch (Exception e2) {
            logger.error("initParameter config error, deny : " + getInitParameter(PARAM_NAME_DENY), e2);
        }
        setScanPackage(getInitParameter("watcher.scan.package"));
    }

    public void setScanPackage(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        System.setProperty("watcher.scan.package", str);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.setCharacterEncoding(Charsets.UTF_8.name());
        httpServletResponse.setCharacterEncoding(Charsets.UTF_8.name());
        String ipAddr = getIpAddr(httpServletRequest);
        if (isRequestAllow(ipAddr)) {
            httpServletResponse.setStatus(200);
            httpServletResponse.setHeader("Cache-Control", "must-revalidate,no-cache,no-store");
            super.service(httpServletRequest, httpServletResponse);
        } else {
            logger.info("clientIp={},访问watcher页面被拒绝", ipAddr);
            httpServletResponse.setStatus(403);
            httpServletResponse.getWriter().write("Forbidden");
        }
    }

    public boolean isRequestAllow(String str) {
        if (this.denyAll) {
            return false;
        }
        if ((str == null || str.indexOf(58) == -1) ? false : true) {
            if ("0:0:0:0:0:0:0:1".equals(str)) {
                return true;
            }
            return this.denyList.size() == 0 && this.allowList.size() == 0;
        }
        if ("127.0.0.1".equals(str)) {
            return true;
        }
        try {
            IPAddress iPAddress = new IPAddress(str);
            if (this.allowIntranetAccess) {
                Iterator<IPRange> it = this.intranetIpRange.iterator();
                while (it.hasNext()) {
                    if (it.next().isIPAddressInRange(iPAddress)) {
                        return true;
                    }
                }
            }
            Iterator<IPRange> it2 = this.denyList.iterator();
            while (it2.hasNext()) {
                if (it2.next().isIPAddressInRange(iPAddress)) {
                    return false;
                }
            }
            if (this.allowList.size() <= 0) {
                return true;
            }
            Iterator<IPRange> it3 = this.allowList.iterator();
            while (it3.hasNext()) {
                if (it3.next().isIPAddressInRange(iPAddress)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            logger.debug("ip解析错误", e);
            return false;
        }
    }

    public String getIpAddr(HttpServletRequest httpServletRequest) {
        String header;
        if (httpServletRequest == null) {
            return UNKNOWN;
        }
        if (this.clientIpHttpHeaderName != null && (header = httpServletRequest.getHeader(PARAM_REMOTE_ADDR)) != null) {
            return header;
        }
        String header2 = httpServletRequest.getHeader("x-forwarded-for");
        if (header2 == null || header2.length() == 0 || UNKNOWN.equalsIgnoreCase(header2)) {
            header2 = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (header2 == null || header2.length() == 0 || UNKNOWN.equalsIgnoreCase(header2)) {
            header2 = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (header2 == null || header2.length() == 0 || UNKNOWN.equalsIgnoreCase(header2)) {
            header2 = httpServletRequest.getRemoteAddr();
        }
        return header2;
    }

    public List<IPRange> getDenyList() {
        return this.denyList;
    }

    public void setDenyList(List<IPRange> list) {
        this.denyList = list;
    }

    public String getClientIpHttpHeaderName() {
        return this.clientIpHttpHeaderName;
    }

    public void setClientIpHttpHeaderName(String str) {
        this.clientIpHttpHeaderName = str;
    }

    public List<IPRange> getAllowList() {
        return this.allowList;
    }

    public void setAllowList(List<IPRange> list) {
        this.allowList = list;
    }

    public boolean isAllowIntranetAccess() {
        return this.allowIntranetAccess;
    }

    public void setAllowIntranetAccess(boolean z) {
        this.allowIntranetAccess = z;
    }

    public boolean isDenyAll() {
        return this.denyAll;
    }

    public void setDenyAll(boolean z) {
        this.denyAll = z;
    }
}
