package org.jasig.cas.adaptors.ldap.remote;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import javax.security.auth.login.FailedLoginException;
import javax.validation.constraints.NotNull;
import org.jasig.cas.authentication.AbstractAuthenticationHandler;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jasig/cas/adaptors/ldap/remote/RemoteAddressAuthenticationHandler.class */
public final class RemoteAddressAuthenticationHandler extends AbstractAuthenticationHandler {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    private InetAddress inetNetmask = null;

    @NotNull
    private InetAddress inetNetwork = null;

    public HandlerResult authenticate(Credential credential) throws GeneralSecurityException {
        RemoteAddressCredential remoteAddressCredential = (RemoteAddressCredential) credential;
        try {
            if (containsAddress(this.inetNetwork, this.inetNetmask, InetAddress.getByName(remoteAddressCredential.getRemoteAddress().trim()))) {
                return new HandlerResult(this, remoteAddressCredential, new SimplePrincipal(remoteAddressCredential.getId()));
            }
        } catch (UnknownHostException unused) {
            this.logger.debug("Unknown host {}", remoteAddressCredential.getRemoteAddress());
        }
        throw new FailedLoginException(String.valueOf(remoteAddressCredential.getRemoteAddress()) + " not in allowed range.");
    }

    public boolean supports(Credential credential) {
        return credential instanceof RemoteAddressCredential;
    }

    private boolean containsAddress(InetAddress inetAddress, InetAddress inetAddress2, InetAddress inetAddress3) {
        this.logger.debug("Checking IP address: {} in ", new Object[]{inetAddress3, inetAddress, inetAddress2});
        byte[] address = inetAddress.getAddress();
        byte[] address2 = inetAddress2.getAddress();
        byte[] address3 = inetAddress3.getAddress();
        if (address.length != address2.length || address2.length != address3.length) {
            this.logger.debug("Network address {}, subnet mask {} and/or host address {} have different sizes! (return false ...)", new Object[]{inetAddress, inetAddress2, inetAddress3});
            return false;
        }
        for (int i = 0; i < address2.length; i++) {
            int i2 = address2[i] & 255;
            if ((address[i] & i2) != (address3[i] & i2)) {
                this.logger.debug("{} is not in {}/{}", new Object[]{inetAddress3, inetAddress, inetAddress2});
                return false;
            }
        }
        this.logger.debug("{} is in {}/{}", new Object[]{inetAddress3, inetAddress, inetAddress2});
        return true;
    }

    public void setIpNetworkRange(String str) {
        if (str != null) {
            String[] split = str.split("/");
            if (split.length == 2) {
                String trim = split[0].trim();
                String trim2 = split[1].trim();
                try {
                    this.inetNetwork = InetAddress.getByName(trim);
                    this.logger.debug("InetAddress network: {}", this.inetNetwork.toString());
                } catch (UnknownHostException e) {
                    this.logger.error("The network address was not valid: {}", e.getMessage());
                }
                try {
                    this.inetNetmask = InetAddress.getByName(trim2);
                    this.logger.debug("InetAddress netmask: {}", this.inetNetmask.toString());
                } catch (UnknownHostException e2) {
                    this.logger.error("The network netmask was not valid: {}", e2.getMessage());
                }
            }
        }
    }
}
