package org.owasp.esapi.waf.rules;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DefaultAction;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/opensaml-2.6.6.wso2v3.jar:esapi-2.1.0.1.jar:org/owasp/esapi/waf/rules/IPRule.class
 */
/* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/waf/rules/IPRule.class */
public class IPRule extends Rule {
    private Pattern allowedIP;
    private String exactPath;
    private Pattern path;
    private boolean useExactPath;
    private String ipHeader;

    public IPRule(String str, Pattern pattern, Pattern pattern2, String str2) {
        this.useExactPath = false;
        this.allowedIP = pattern;
        this.path = pattern2;
        this.useExactPath = false;
        this.ipHeader = str2;
        setId(str);
    }

    public IPRule(String str, Pattern pattern, String str2) {
        this.useExactPath = false;
        this.path = null;
        this.exactPath = str2;
        this.useExactPath = true;
        setId(str);
    }

    @Override // org.owasp.esapi.waf.rules.Rule
    public Action check(HttpServletRequest httpServletRequest, InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) {
        String requestURI = httpServletRequest.getRequestURI();
        if ((!this.useExactPath && this.path.matcher(requestURI).matches()) || (this.useExactPath && this.exactPath.equals(requestURI))) {
            String str = httpServletRequest.getRemoteAddr() + "";
            if (this.ipHeader != null) {
                str = httpServletRequest.getHeader(this.ipHeader);
            }
            if (!this.allowedIP.matcher(str).matches()) {
                log(httpServletRequest, "IP not allowed to access URI '" + requestURI + "'");
                return new DefaultAction();
            }
        }
        return new DoNothingAction();
    }
}
