package com.indexdata.serviceproxy.unstable.auth;

import com.indexdata.masterkey.config.ModuleConfiguration;
import com.indexdata.serviceproxy.ServiceRequest;
import com.indexdata.serviceproxy.exception.StandardServiceException;
import com.indexdata.serviceproxy.unstable.auth.AuthUtils;
import com.indexdata.torus.Record;
import com.indexdata.torus.Records;
import com.indexdata.torus.layer.IdentityTypeLayer;
import com.indexdata.utils.IpRangeSet;

/* loaded from: input_file:com/indexdata/serviceproxy/unstable/auth/IpAuth.class */
public class IpAuth extends Authenticator {
    String ip;
    Records records;

    public IpAuth(ModuleConfiguration moduleConfiguration, ServiceRequest serviceRequest) throws StandardServiceException {
        super(moduleConfiguration, serviceRequest);
        this.ip = "";
        this.records = null;
        this.ip = getRemoteIP(serviceRequest);
        setTorusQuery("ipRanges encloses/net.ipAddress \"" + this.ip + "\"");
    }

    @Override // com.indexdata.serviceproxy.unstable.auth.Authenticator
    public boolean authenticate() throws StandardServiceException {
        Record record;
        boolean z = false;
        Records identityRecords = getIdentityRecords();
        if (identityRecords == null || identityRecords.getRecords() == null || identityRecords.getRecords().isEmpty()) {
            logger.debug("Credentials return empty identity list.");
        } else {
            if (identityRecords.getRecords().size() > 1) {
                logger.debug("Multiple candidate accounts for IP authentication. Finding the account with the innermost IP range");
                record = getRecordWithInnermostIpRange(identityRecords);
            } else {
                record = (Record) identityRecords.getRecords().iterator().next();
            }
            logger.debug("The client has been IP authenticated for IP [" + this.ip + "]");
            IdentityTypeLayer identityTypeLayer = (IdentityTypeLayer) record.getLayers().get(0);
            AuthUtils.forget(this.request.getSession(), this.aggressiveSessionInvalidation);
            setIdentityOnSession(identityTypeLayer);
            z = true;
        }
        return z;
    }

    @Override // com.indexdata.serviceproxy.unstable.auth.Authenticator
    public AuthUtils.AuthType getAuthType() {
        return AuthUtils.AuthType.IP;
    }

    private Record getRecordWithInnermostIpRange(Records records) {
        Record record = null;
        IpRangeSet ipRangeSet = null;
        for (Record record2 : records.getRecords()) {
            IdentityTypeLayer identityTypeLayer = (IdentityTypeLayer) record2.getLayers().get(0);
            logger.debug("Checking if " + identityTypeLayer.getIpRanges() + " is the innermost range.");
            if (identityTypeLayer.getIpRanges() != null && !identityTypeLayer.getIpRanges().isEmpty()) {
                IpRangeSet ipRangeSet2 = new IpRangeSet(identityTypeLayer.getIpRanges());
                if (ipRangeSet == null) {
                    logger.debug(identityTypeLayer.getIpRanges() + " the innermost range so far.");
                    record = record2;
                    ipRangeSet = new IpRangeSet(identityTypeLayer.getIpRanges());
                } else if (ipRangeSet.encloses(ipRangeSet2)) {
                    logger.debug(identityTypeLayer.getIpRanges() + " the innermost range so far.");
                    record = record2;
                    ipRangeSet = new IpRangeSet(identityTypeLayer.getIpRanges());
                }
            }
        }
        return record;
    }

    private String getRemoteIP(ServiceRequest serviceRequest) {
        String header = serviceRequest.getRequest().getHeader("X-Forwarded-For");
        String str = header == null ? serviceRequest.getRequest().getRemoteAddr().split(", ")[0] : header.split(", ")[0];
        logger.debug("Remote IP: " + str);
        return str;
    }
}
