package org.wso2.carbon.core.services.authentication;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.common.AuthenticationException;

/* loaded from: input_file:org/wso2/carbon/core/services/authentication/AuthenticationUtil.class */
public class AuthenticationUtil {
    public static final String HEADER_X_ORIGINATING_IP_FORM_1 = "X-Originating-IP";
    public static final String HEADER_X_ORIGINATING_IP_FORM_2 = "X-IP";
    public static final String HEADER_X_FORWARDED_FOR = "X-Forwarded-For";
    private static final String IP_ADDRESS_PATTERN = "^([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])$";
    private static final Log log = LogFactory.getLog(AuthenticationUtil.class);

    public static String getOriginatingIPAddress(MessageContext messageContext) {
        String header = getHeader(HEADER_X_ORIGINATING_IP_FORM_1, messageContext);
        if (header == null) {
            header = getHeader(HEADER_X_ORIGINATING_IP_FORM_2, messageContext);
        }
        return header;
    }

    public static String[] getForwardingAddresses(MessageContext messageContext) {
        String header = getHeader(HEADER_X_FORWARDED_FOR, messageContext);
        return header != null ? header.split(",") : new String[0];
    }

    private static void printForwardingAddresses(String[] strArr) throws AuthenticationException {
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder("The request passed following hops - ");
            for (String str : strArr) {
                validateRemoteAddress(str);
                sb.append(str);
                sb.append(",");
            }
            log.debug(sb.toString());
        }
    }

    public static String getRemoteAddress(MessageContext messageContext) throws AuthenticationException {
        if (messageContext == null) {
            return null;
        }
        String originatingIPAddress = getOriginatingIPAddress(messageContext);
        if (originatingIPAddress == null) {
            String[] forwardingAddresses = getForwardingAddresses(messageContext);
            if (forwardingAddresses.length > 0) {
                originatingIPAddress = forwardingAddresses[0].trim();
                printForwardingAddresses(forwardingAddresses);
            }
        }
        if (originatingIPAddress == null) {
            originatingIPAddress = (String) messageContext.getProperty("REMOTE_ADDR");
        }
        validateRemoteAddress(originatingIPAddress);
        return originatingIPAddress;
    }

    public static void validateRemoteAddress(String str) throws AuthenticationException {
        if (str == null || str.isEmpty()) {
            return;
        }
        String trim = str.replaceAll("\\s+", "").trim();
        if (!isValidIPAddress(trim) && !isValidDNSAddress(trim)) {
            throw new AuthenticationException("Authentication Failed : Invalid remote address passed - " + trim);
        }
    }

    private static boolean isValidDNSAddress(String str) {
        try {
            return isValidIPAddress(InetAddress.getByName(str).getHostAddress());
        } catch (UnknownHostException e) {
            log.warn("Could not find IP address for domain name : " + str);
            return false;
        }
    }

    private static boolean isValidIPAddress(String str) {
        return Pattern.compile(IP_ADDRESS_PATTERN).matcher(str).matches();
    }

    public static String getHeader(String str, MessageContext messageContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (httpServletRequest != null) {
            String header = httpServletRequest.getHeader(str);
            if (header == null) {
                header = httpServletRequest.getHeader(str.toLowerCase());
            }
            return header;
        }
        Map map = (Map) messageContext.getProperty("TRANSPORT_HEADERS");
        if (map == null) {
            return null;
        }
        String str2 = (String) map.get(str);
        if (str2 == null) {
            str2 = (String) map.get(str.toLowerCase());
        }
        return str2;
    }
}
