package org.georchestra.security;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.georchestra.commons.security.SecurityHeaders;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

/* loaded from: input_file:WEB-INF/classes/org/georchestra/security/ProxyTrustAnotherProxy.class */
public class ProxyTrustAnotherProxy extends AbstractPreAuthenticatedProcessingFilter {
    private static String AUTH_HEADER = SecurityHeaders.SEC_USERNAME;
    private static final Log logger = LogFactory.getLog(ProxyTrustAnotherProxy.class.getPackage().getName());
    private String rawProxyValue = "";
    private Set<InetAddress> trustedProxies = new HashSet();

    @PostConstruct
    public void init() {
        if (this.rawProxyValue == "") {
            logger.info("\"trustedProxy\" property is not defined. Skipping bean configuration");
            return;
        }
        this.rawProxyValue = this.rawProxyValue.trim();
        for (String str : this.rawProxyValue.length() != 0 ? this.rawProxyValue.split("\\s*,\\s*") : new String[0]) {
            try {
                InetAddress byName = InetAddress.getByName(str);
                this.trustedProxies.add(byName);
                logger.info("Add trusted proxy : " + byName);
            } catch (UnknownHostException e) {
                logger.error("Unable to lookup " + str + ". skipping.");
            }
        }
        if (this.trustedProxies.size() == 0) {
            logger.info("No trusted proxy loaded");
        } else {
            logger.info("Successful loading of " + this.trustedProxies.size() + " trusted proxy");
        }
        setContinueFilterChainOnUnsuccessfulAuthentication(true);
    }

    @Override // org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        if (this.trustedProxies.isEmpty()) {
            return null;
        }
        try {
            if (!this.trustedProxies.contains(InetAddress.getByName(httpServletRequest.getRemoteAddr()))) {
                logger.debug("Request from a NON trusted proxy, bypassing log in");
                return null;
            }
            String header = httpServletRequest.getHeader(AUTH_HEADER);
            if (header != null) {
                logger.debug("Request from a trusted proxy, so log in user : " + header);
                httpServletRequest.setAttribute(HeaderNames.PRE_AUTH_REQUEST_PROPERTY, Boolean.TRUE);
            } else {
                logger.debug("Request from a trusted proxy, but no sec-username header found");
            }
            return header;
        } catch (UnknownHostException e) {
            logger.error("Unable to resolve remote address : " + httpServletRequest.getRemoteAddr());
            return null;
        }
    }

    @Override // org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
        return "N/A";
    }

    public void setRawProxyValue(String str) {
        this.rawProxyValue = str;
    }
}
