package org.dspace.service.impl;

import com.google.common.net.InetAddresses;
import jakarta.servlet.http.HttpServletRequest;
import java.net.Inet4Address;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.core.Utils;
import org.dspace.service.ClientInfoService;
import org.dspace.services.ConfigurationService;
import org.dspace.statistics.util.IPTable;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/dspace/service/impl/ClientInfoServiceImpl.class */
public class ClientInfoServiceImpl implements ClientInfoService {
    private static final String X_FORWARDED_FOR_HEADER = "X-Forwarded-For";
    private static final Logger log = LogManager.getLogger();
    private Boolean useProxiesEnabled;
    private final ConfigurationService configurationService;
    private final IPTable trustedProxies = parseTrustedProxyRanges();

    @Autowired(required = true)
    public ClientInfoServiceImpl(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    @Override // org.dspace.service.ClientInfoService
    public String getClientIp(HttpServletRequest httpServletRequest) {
        return getClientIp(httpServletRequest.getRemoteAddr(), httpServletRequest.getHeader(X_FORWARDED_FOR_HEADER));
    }

    @Override // org.dspace.service.ClientInfoService
    public String getClientIp(String str, String str2) {
        int ipAnonymizationBytes;
        String str3 = str;
        if (isUseProxiesEnabled()) {
            String xForwardedForIpValue = getXForwardedForIpValue(str, str2);
            if (StringUtils.isNotBlank(xForwardedForIpValue) && isRequestFromTrustedProxy(str3)) {
                str3 = xForwardedForIpValue;
            }
        } else if (StringUtils.isNotBlank(str2)) {
            log.warn("X-Forwarded-For header sent from client, but useProxies is not enabled. To trust X-Forwarded-For headers, set useProxies=true.");
        }
        if (isIPv4Address(str3) && (ipAnonymizationBytes = getIpAnonymizationBytes()) > 0) {
            str3 = anonymizeIpAddress(str3, ipAnonymizationBytes);
        }
        return str3;
    }

    @Override // org.dspace.service.ClientInfoService
    public boolean isUseProxiesEnabled() {
        if (this.useProxiesEnabled == null) {
            this.useProxiesEnabled = Boolean.valueOf(this.configurationService.getBooleanProperty("useProxies", true));
            log.info("Proxies (useProxies) enabled? {}", this.useProxiesEnabled);
        }
        return this.useProxiesEnabled.booleanValue();
    }

    private IPTable parseTrustedProxyRanges() {
        IPTable iPTable = new IPTable();
        String[] arrayProperty = this.configurationService.getArrayProperty("proxies.trusted.ipranges");
        if (!ArrayUtils.contains(arrayProperty, "127.0.0.1")) {
            arrayProperty = (String[]) ArrayUtils.add(arrayProperty, "127.0.0.1");
        }
        try {
            for (String str : arrayProperty) {
                iPTable.add(str);
            }
        } catch (IPTable.IPFormatException e) {
            log.error("Property 'proxies.trusted.ipranges' contains an invalid IP range", e);
        }
        if (this.configurationService.getBooleanProperty("proxies.trusted.include_ui_ip", true)) {
            String property = this.configurationService.getProperty("dspace.ui.url");
            String[] iPAddresses = Utils.getIPAddresses(property);
            if (ArrayUtils.isNotEmpty(iPAddresses)) {
                try {
                    for (String str2 : iPAddresses) {
                        iPTable.add(str2);
                    }
                } catch (IPTable.IPFormatException e2) {
                    log.error("IP address lookup for dspace.ui.url={} was invalid and could not be added to trusted proxies", property, e2);
                }
            }
        }
        if (iPTable.isEmpty()) {
            return null;
        }
        log.info("Trusted proxies (configure via 'proxies.trusted.ipranges'): {}", iPTable);
        return iPTable;
    }

    @Override // org.dspace.service.ClientInfoService
    public boolean isRequestFromTrustedProxy(String str) {
        try {
            if (this.trustedProxies != null) {
                if (this.trustedProxies.contains(str)) {
                    return true;
                }
            }
            return false;
        } catch (IPTable.IPFormatException e) {
            log.error("Request contains invalid remote address", e);
            return false;
        }
    }

    private String getXForwardedForIpValue(String str, String str2) {
        String str3 = null;
        for (String str4 : StringUtils.trimToEmpty(str2).split(",")) {
            String trim = str4.trim();
            if (!StringUtils.equals(str, trim) && StringUtils.isNotBlank(trim) && !isRequestFromTrustedProxy(trim)) {
                str3 = trim;
            }
        }
        return str3;
    }

    private String anonymizeIpAddress(String str, int i) {
        if (i > 4) {
            log.warn("It is not possible to anonymize {} bytes of an IPv4 address.", Integer.valueOf(i));
            return str;
        }
        if (i == 4) {
            return "0.0.0.0";
        }
        return removeLastBytes(str, i) + StringUtils.repeat(".0", i);
    }

    private String removeLastBytes(String str, int i) {
        return str.substring(0, StringUtils.ordinalIndexOf(str, ".", 4 - i));
    }

    private int getIpAnonymizationBytes() {
        return this.configurationService.getIntProperty("client.ip-anonymization.parts", 0);
    }

    private boolean isIPv4Address(String str) {
        return InetAddresses.forString(str) instanceof Inet4Address;
    }
}
