package org.exist.security.realm.iprange;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.security.AuthenticationException;
import org.exist.security.Subject;

/* loaded from: input_file:org/exist/security/realm/iprange/IPRangeServlet.class */
public class IPRangeServlet extends HttpServlet {
    protected static final Logger LOG = LogManager.getLogger(IPRangeServlet.class);
    private static final long serialVersionUID = -568037449837549034L;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String remoteAddr;
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header == null || header.isEmpty()) {
            remoteAddr = httpServletRequest.getRemoteAddr();
        } else {
            remoteAddr = header.replaceAll("\\s", "");
            String[] split = remoteAddr.split(",");
            if (split.length > 1) {
                remoteAddr = split[split.length - 1];
            }
        }
        LOG.info("Detected IPaddress " + remoteAddr);
        String str = "{\"fail\":\"IP range not authenticated\"}";
        try {
            try {
                Subject authenticate = IPRangeRealm.getInstance().getSecurityManager().authenticate(remoteAddr, remoteAddr);
                if (authenticate != null) {
                    LOG.info("IPRangeServlet user " + authenticate.getUsername() + " found");
                    if (authenticate.hasDbaRole()) {
                        LOG.error("User " + authenticate.getUsername() + " has DBA rights, will not be authorized");
                        httpServletResponse.setContentType("application/json");
                        PrintWriter writer = httpServletResponse.getWriter();
                        writer.print(str);
                        writer.flush();
                        return;
                    }
                    HttpSession session = httpServletRequest.getSession();
                    if (session != null) {
                        str = "{\"user\":\"" + authenticate.getUsername() + "\",\"isAdmin\":\"" + authenticate.hasDbaRole() + "\"}";
                        LOG.info("IPRangeServlet setting session attr _eXist_xmldb_user");
                        session.setAttribute("_eXist_xmldb_user", authenticate);
                    } else {
                        LOG.info("IPRangeServlet session is null");
                    }
                } else {
                    LOG.error("IPRangeServlet user not found");
                }
                httpServletResponse.setContentType("application/json");
                PrintWriter writer2 = httpServletResponse.getWriter();
                writer2.print(str);
                writer2.flush();
            } catch (AuthenticationException e) {
                throw new IOException(e.getMessage());
            }
        } catch (Throwable th) {
            httpServletResponse.setContentType("application/json");
            PrintWriter writer3 = httpServletResponse.getWriter();
            writer3.print(str);
            writer3.flush();
            throw th;
        }
    }
}
