package org.apereo.cas.adaptors.generic.remote;

import com.google.common.base.Splitter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.util.List;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.AbstractAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.LoggingUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/adaptors/generic/remote/RemoteAddressAuthenticationHandler.class */
public class RemoteAddressAuthenticationHandler extends AbstractAuthenticationHandler {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RemoteAddressAuthenticationHandler.class);
    private static final int HEX_RIGHT_SHIFT_COEFFICIENT = 255;
    private InetAddress inetNetmask;
    private InetAddress inetNetworkRange;

    public RemoteAddressAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num) {
        super(str, servicesManager, principalFactory, num);
    }

    private static boolean containsAddress(InetAddress inetAddress, InetAddress inetAddress2, InetAddress inetAddress3) {
        LOGGER.debug("Checking IP address: [{}] in [{}] by [{}]", new Object[]{inetAddress3, inetAddress, inetAddress2});
        byte[] address = inetAddress.getAddress();
        byte[] address2 = inetAddress2.getAddress();
        byte[] address3 = inetAddress3.getAddress();
        if (address.length != address2.length || address2.length != address3.length) {
            LOGGER.debug("Network address [{}], subnet mask [{}] and/or host address [{}] have different sizes! (return false ...)", new Object[]{inetAddress, inetAddress2, inetAddress3});
            return false;
        }
        for (int i = 0; i < address2.length; i++) {
            int i2 = address2[i] & HEX_RIGHT_SHIFT_COEFFICIENT;
            if ((address[i] & i2) != (address3[i] & i2)) {
                LOGGER.debug("[{}] is not in [{}]/[{}]", new Object[]{inetAddress3, inetAddress, inetAddress2});
                return false;
            }
        }
        LOGGER.debug("[{}] is in [{}]/[{}]", new Object[]{inetAddress3, inetAddress, inetAddress2});
        return true;
    }

    public AuthenticationHandlerExecutionResult authenticate(Credential credential, Service service) throws GeneralSecurityException {
        RemoteAddressCredential remoteAddressCredential = (RemoteAddressCredential) credential;
        if (this.inetNetmask != null && this.inetNetworkRange != null) {
            try {
                if (containsAddress(this.inetNetworkRange, this.inetNetmask, InetAddress.getByName(remoteAddressCredential.getRemoteAddress().trim()))) {
                    return new DefaultAuthenticationHandlerExecutionResult(this, remoteAddressCredential, this.principalFactory.createPrincipal(remoteAddressCredential.getId()));
                }
            } catch (UnknownHostException e) {
                LOGGER.debug("Unknown host [{}]", remoteAddressCredential.getRemoteAddress());
            }
        }
        throw new FailedLoginException(remoteAddressCredential.getRemoteAddress() + " not in allowed range.");
    }

    public boolean supports(Credential credential) {
        return credential instanceof RemoteAddressCredential;
    }

    public boolean supports(Class<? extends Credential> cls) {
        return RemoteAddressCredential.class.isAssignableFrom(cls);
    }

    public void configureIpNetworkRange(String str) {
        if (StringUtils.isNotBlank(str)) {
            List splitToList = Splitter.on("/").splitToList(str);
            if (splitToList.size() == 2) {
                String trim = ((String) splitToList.get(0)).trim();
                String trim2 = ((String) splitToList.get(1)).trim();
                try {
                    this.inetNetworkRange = InetAddress.getByName(trim);
                    LOGGER.debug("InetAddress network: [{}]", this.inetNetworkRange.toString());
                } catch (UnknownHostException e) {
                    LoggingUtils.error(LOGGER, e);
                }
                try {
                    this.inetNetmask = InetAddress.getByName(trim2);
                    LOGGER.debug("InetAddress netmask: [{}]", this.inetNetmask.toString());
                } catch (UnknownHostException e2) {
                    LoggingUtils.error(LOGGER, e2);
                }
            }
        }
    }

    @Generated
    public void setInetNetmask(InetAddress inetAddress) {
        this.inetNetmask = inetAddress;
    }

    @Generated
    public void setInetNetworkRange(InetAddress inetAddress) {
        this.inetNetworkRange = inetAddress;
    }

    @Generated
    public InetAddress getInetNetmask() {
        return this.inetNetmask;
    }

    @Generated
    public InetAddress getInetNetworkRange() {
        return this.inetNetworkRange;
    }
}
