package com.gitlab.credit_reference_platform.crp.gateway.security.configuration;

import com.gitlab.credit_reference_platform.crp.gateway.constants.GatewayURL;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.util.matcher.IpAddressMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:BOOT-INF/classes/com/gitlab/credit_reference_platform/crp/gateway/security/configuration/PortalAccessFilter.class */
public class PortalAccessFilter implements Filter {
    private final List<IpAddressMatcher> allowedIpMatchers;

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PortalAccessFilter.class);
    private static final RequestMatcher EXCLUDED_REQUEST_MATCHER = GatewayURL.AntMatcherBuilder.builder().addAntPath(GatewayURL.OAUTH_URL).addAntPaths(GatewayURL.CRP_URLS).addAntPath(GatewayURL.ERROR_URL).build();

    public PortalAccessFilter(String... strArr) {
        this((List<String>) Arrays.asList(strArr));
    }

    public PortalAccessFilter(List<String> list) {
        this.allowedIpMatchers = (List) list.stream().map(str -> {
            return new IpAddressMatcher(str);
        }).collect(Collectors.toList());
    }

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (!EXCLUDED_REQUEST_MATCHER.matches(httpServletRequest)) {
                String requestURI = httpServletRequest.getRequestURI();
                String remoteAddr = servletRequest.getRemoteAddr();
                if (log.isTraceEnabled()) {
                    log.trace("Attempt Portal Access [{}] from [{}]", requestURI, remoteAddr);
                }
                if (!isAllowedIpAddress(servletRequest.getRemoteAddr())) {
                    log.debug("Declined Portal Access [{}] from [{}]", requestURI, remoteAddr);
                    ((HttpServletResponse) servletResponse).sendError(403);
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean isAllowedIpAddress(String str) {
        Iterator<IpAddressMatcher> it = this.allowedIpMatchers.iterator();
        while (it.hasNext()) {
            if (it.next().matches(str)) {
                return true;
            }
        }
        return false;
    }
}
