package cn.home1.oss.environment.configserver;

import cn.home1.oss.lib.common.BasicAuthUtils;
import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.google.common.net.InetAddresses;
import java.io.IOException;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:cn/home1/oss/environment/configserver/MonitorWhitelistFilter.class */
public class MonitorWhitelistFilter extends GenericFilterBean {
    private static final Logger log;
    private String monitorEndpoint;
    private String webhookPassword;
    static final /* synthetic */ boolean $assertionsDisabled;
    private String credentialsCharset = "UTF-8";
    private Set<String> monitorWhitelist = Sets.newHashSet();

    public void setMonitorWhitelist(String str) {
        if (StringUtils.isNotBlank(str)) {
            this.monitorWhitelist = (Set) Arrays.stream(str.split("[ ]*,[ ]*")).collect(Collectors.toSet());
        } else {
            this.monitorWhitelist = Sets.newHashSet();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!isMonitorRequest(httpServletRequest).booleanValue()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            String[] extractAndDecodeAuthHeader = BasicAuthUtils.extractAndDecodeAuthHeader(header, getCredentialsCharset(httpServletRequest));
            if (!$assertionsDisabled && extractAndDecodeAuthHeader.length != 2) {
                throw new AssertionError();
            }
            String str = extractAndDecodeAuthHeader[0];
            if (log.isTraceEnabled()) {
                log.trace("username: {}, password: {}", str, "*");
            }
        }
        Preconditions.checkArgument(StringUtils.isBlank(header), "Basic auth header not allowed: " + header);
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String remoteHost = httpServletRequest.getRemoteHost();
        Boolean valueOf = Boolean.valueOf(isInWhitelist(remoteAddr).booleanValue() || isInWhitelist(remoteHost).booleanValue());
        Boolean bool = true;
        String realIp = ProxyIpUtils.getRealIp(servletRequest);
        if (StringUtils.isNotEmpty(realIp)) {
            bool = isInWhitelist(realIp);
        }
        if (valueOf.booleanValue() && bool.booleanValue()) {
            log.info("remoteAddr: {}, remoteHost: {}, realIp: {} in whitelist.", new Object[]{remoteAddr, remoteHost, realIp});
            filterChain.doFilter(new AuthorizationHeaderWrapper(httpServletRequest, BasicAuthUtils.basicAuthHeader(Security.USER_WEBHOOK, this.webhookPassword)), httpServletResponse);
        } else {
            log.info("remoteAddr: {}, remoteHost: {} realIp: {} not in whitelist.", new Object[]{remoteAddr, remoteHost, realIp});
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private Boolean isInWhitelist(String str) {
        Boolean valueOf;
        if (InetAddresses.isInetAddress(str)) {
            valueOf = Boolean.valueOf(this.monitorWhitelist.contains(str) || this.monitorWhitelist.contains(ReverseDns.reverseJavaDns(str)));
        } else {
            valueOf = Boolean.valueOf(this.monitorWhitelist.contains(str));
        }
        return valueOf;
    }

    private Boolean isMonitorRequest(HttpServletRequest httpServletRequest) {
        return Boolean.valueOf(httpServletRequest.getRequestURI().startsWith(this.monitorEndpoint));
    }

    public void setCredentialsCharset(String str) {
        Assert.hasText(str, "credentialsCharset cannot be null or empty");
        this.credentialsCharset = str;
    }

    protected String getCredentialsCharset(HttpServletRequest httpServletRequest) {
        return this.credentialsCharset != null ? this.credentialsCharset : httpServletRequest.getCharacterEncoding();
    }

    public void setMonitorEndpoint(String str) {
        this.monitorEndpoint = str;
    }

    public void setWebhookPassword(String str) {
        this.webhookPassword = str;
    }

    static {
        $assertionsDisabled = !MonitorWhitelistFilter.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(MonitorWhitelistFilter.class);
    }
}
