package com.tongweb.container.valves;

import com.tongweb.container.connector.Request;
import com.tongweb.container.connector.Response;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import javax.servlet.ServletException;
import org.apache.zookeeper.server.quorum.QuorumStats;

/* loaded from: input_file:WEB-INF/lib/tongweb-embed-core-7.0.E.6_P9.jar:com/tongweb/container/valves/FilterValue.class */
public class FilterValue extends ValveBase {
    private String manageContextPath;
    private List<String> accessIpList;
    private List<String> blockedIpList;

    public FilterValue(Properties properties) {
        this.accessIpList = new ArrayList();
        this.blockedIpList = new ArrayList();
        this.manageContextPath = properties.getProperty("contextPath");
        String property = properties.getProperty("access_iplist");
        String property2 = properties.getProperty("blocked_iplist");
        if (null != property && !property.isEmpty()) {
            this.accessIpList = Arrays.asList(property.split(","));
        }
        if (null == property2 || property2.isEmpty()) {
            return;
        }
        this.blockedIpList = Arrays.asList(property2.split(","));
    }

    @Override // com.tongweb.container.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        String servletPath = request.getServletPath();
        String realIP = getRealIP(request);
        if (!servletPath.startsWith(this.manageContextPath) || realIP.isEmpty()) {
            getNext().invoke(request, response);
        } else if (isAllowed(realIP)) {
            getNext().invoke(request, response);
        } else {
            response.sendError(403);
        }
    }

    public boolean isAllowed(String str) {
        if (this.accessIpList.isEmpty() && this.blockedIpList.isEmpty()) {
            return true;
        }
        if (!this.accessIpList.isEmpty()) {
            for (int i = 0; i < this.accessIpList.size(); i++) {
                if (checkIPMatching(this.accessIpList.get(i), str)) {
                    return true;
                }
            }
            return false;
        }
        if (this.blockedIpList.isEmpty()) {
            return true;
        }
        for (int i2 = 0; i2 < this.blockedIpList.size(); i2++) {
            if (checkIPMatching(this.blockedIpList.get(i2), str)) {
                return false;
            }
        }
        return true;
    }

    public static boolean checkIPMatching(String str, String str2) {
        String[] split = str.split(com.alibaba.dubbo.common.Constants.DOT_REGEX);
        String[] split2 = str2.split(com.alibaba.dubbo.common.Constants.DOT_REGEX);
        for (int i = 0; i < split.length; i++) {
            if (!split[i].equals("*") && !split[i].equals(split2[i])) {
                if (!split[i].contains("-")) {
                    return false;
                }
                short parseShort = Short.parseShort(split[i].split("-")[0]);
                short parseShort2 = Short.parseShort(split[i].split("-")[1]);
                short parseShort3 = Short.parseShort(split2[i]);
                if (parseShort3 < parseShort || parseShort3 > parseShort2) {
                    return false;
                }
            }
        }
        return true;
    }

    public static String getRealIP(Request request) {
        String header = request.getHeader("x-forwarded-for");
        if (header != null && header.length() != 0 && !QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header) && header.indexOf(",") != -1) {
            header = header.split(",")[0];
        }
        if (header == null || header.length() == 0 || QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header)) {
            header = request.getHeader("Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header)) {
            header = request.getHeader("WL-Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header)) {
            header = request.getHeader("HTTP_CLIENT_IP");
        }
        if (header == null || header.length() == 0 || QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header)) {
            header = request.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (header == null || header.length() == 0 || QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header)) {
            header = request.getHeader("X-Real-IP");
        }
        if (header == null || header.length() == 0 || QuorumStats.Provider.UNKNOWN_STATE.equalsIgnoreCase(header)) {
            header = request.getRemoteAddr();
        }
        if (header != null && header.contains(",")) {
            header = header.split(",")[0];
        }
        return header.equals("0:0:0:0:0:0:0:1") ? "127.0.0.1" : header;
    }
}
