package org.jasig.cas.support.spnego.web.flow.client;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.jasig.cas.support.spnego.util.ReverseDNSRunnable;
import org.jasig.cas.web.support.WebUtils;
import org.jasig.inspektr.aspect.TraceLogAspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

@Component("baseSpnegoClientAction")
/* loaded from: input_file:org/jasig/cas/support/spnego/web/flow/client/BaseSpnegoKnownClientSystemsFilterAction.class */
public class BaseSpnegoKnownClientSystemsFilterAction extends AbstractAction {
    private static final int DEFAULT_TIMEOUT = 2000;

    @Value("${cas.spnego.ip.pattern:127.+}")
    private Pattern ipsToCheckPattern;

    @Value("${cas.spnego.alt.remote.host.attribute:alternateRemoteHeader}")
    private String alternativeRemoteHostAttribute;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    protected final transient Logger logger = LoggerFactory.getLogger(getClass());
    private long timeout = 2000;

    /* loaded from: input_file:org/jasig/cas/support/spnego/web/flow/client/BaseSpnegoKnownClientSystemsFilterAction$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return BaseSpnegoKnownClientSystemsFilterAction.toString_aroundBody0((BaseSpnegoKnownClientSystemsFilterAction) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    public BaseSpnegoKnownClientSystemsFilterAction() {
    }

    public BaseSpnegoKnownClientSystemsFilterAction(String str) {
        setIpsToCheckPattern(str);
    }

    public BaseSpnegoKnownClientSystemsFilterAction(String str, String str2) {
        setIpsToCheckPattern(str);
        this.alternativeRemoteHostAttribute = str2;
    }

    public BaseSpnegoKnownClientSystemsFilterAction(Pattern pattern, String str) {
        this.ipsToCheckPattern = pattern;
        this.alternativeRemoteHostAttribute = str;
    }

    protected final Event doExecute(RequestContext requestContext) {
        String remoteIp = getRemoteIp(requestContext);
        this.logger.debug("Current user IP {}", remoteIp);
        return shouldDoSpnego(remoteIp) ? yes() : no();
    }

    protected boolean shouldDoSpnego(String str) {
        return ipPatternCanBeChecked(str) && ipPatternMatches(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean ipPatternCanBeChecked(String str) {
        return this.ipsToCheckPattern != null && StringUtils.isNotBlank(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean ipPatternMatches(String str) {
        if (this.ipsToCheckPattern.matcher(str).find()) {
            this.logger.debug("Remote IP address {} should be checked based on the defined pattern {}", str, this.ipsToCheckPattern.pattern());
            return true;
        }
        this.logger.debug("No pattern or remote IP defined, or pattern does not match remote IP [{}]", str);
        return false;
    }

    private String getRemoteIp(@NotNull RequestContext requestContext) {
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        String remoteAddr = httpServletRequest.getRemoteAddr();
        this.logger.debug("Remote Address = {}", remoteAddr);
        if (StringUtils.isNotBlank(this.alternativeRemoteHostAttribute)) {
            remoteAddr = httpServletRequest.getHeader(this.alternativeRemoteHostAttribute);
            this.logger.debug("Header Attribute [{}] = [{}]", this.alternativeRemoteHostAttribute, remoteAddr);
            if (StringUtils.isBlank(remoteAddr)) {
                remoteAddr = httpServletRequest.getRemoteAddr();
                this.logger.warn("No value could be retrieved from the header [{}]. Falling back to [{}].", this.alternativeRemoteHostAttribute, remoteAddr);
            }
        }
        return remoteAddr;
    }

    public final void setAlternativeRemoteHostAttribute(@NotNull String str) {
        this.alternativeRemoteHostAttribute = str;
    }

    public final void setIpsToCheckPattern(@NotNull String str) {
        this.ipsToCheckPattern = Pattern.compile(str);
    }

    public final String toString() {
        return (String) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, Factory.makeJP(ajc$tjp_0, this, this)}).linkClosureAndJoinPoint(69648));
    }

    public final void setTimeout(long j) {
        this.timeout = j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRemoteHostName(String str) {
        ReverseDNSRunnable reverseDNSRunnable = new ReverseDNSRunnable(str);
        Thread thread = new Thread(reverseDNSRunnable);
        thread.start();
        try {
            thread.join(this.timeout);
        } catch (InterruptedException e) {
            this.logger.debug("Threaded lookup failed.  Defaulting to IP {}.", str, e);
        }
        String str2 = reverseDNSRunnable.get();
        this.logger.debug("Found remote host name {}.", str2);
        return StringUtils.isNotEmpty(str2) ? str2 : str;
    }

    static {
        ajc$preClinit();
    }

    static final String toString_aroundBody0(BaseSpnegoKnownClientSystemsFilterAction baseSpnegoKnownClientSystemsFilterAction, JoinPoint joinPoint) {
        return new ToStringBuilder(baseSpnegoKnownClientSystemsFilterAction).append("ipsToCheckPattern", baseSpnegoKnownClientSystemsFilterAction.ipsToCheckPattern).append("alternativeRemoteHostAttribute", baseSpnegoKnownClientSystemsFilterAction.alternativeRemoteHostAttribute).append("timeout", baseSpnegoKnownClientSystemsFilterAction.timeout).toString();
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("BaseSpnegoKnownClientSystemsFilterAction.java", BaseSpnegoKnownClientSystemsFilterAction.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("11", "toString", "org.jasig.cas.support.spnego.web.flow.client.BaseSpnegoKnownClientSystemsFilterAction", "", "", "", "java.lang.String"), 184);
    }
}
