package com.jxdinfo.hussar.support.secure.riskprotect.filter;

import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import com.jxdinfo.hussar.platform.core.utils.IpUtils;
import com.jxdinfo.hussar.support.exception.HussarException;
import com.jxdinfo.hussar.support.secure.riskprotect.properties.SecureRiskProtectProperties;
import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/filter/ActuatorFilter.class */
public class ActuatorFilter implements Filter {
    private SecureRiskProtectProperties secureRiskProtectProperties;

    public ActuatorFilter(SecureRiskProtectProperties secureRiskProtectProperties) {
        this.secureRiskProtectProperties = secureRiskProtectProperties;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getRequestURI().startsWith("/actuator") && this.secureRiskProtectProperties.getActuatorAccessCheck().booleanValue()) {
            String ip = IpUtils.getIp(httpServletRequest);
            if (HussarUtils.isBlank(ip)) {
                throw new HussarException("获取请求ip失败，不允许访问actuator端点");
            }
            List<String> actuatorAccessIps = this.secureRiskProtectProperties.getActuatorAccessIps();
            List<SecureRiskProtectProperties.IpSegment> actuatorAccessIpSegments = this.secureRiskProtectProperties.getActuatorAccessIpSegments();
            if (HussarUtils.isAllEmpty(new Object[]{actuatorAccessIps, actuatorAccessIpSegments})) {
                throw new HussarException("未配置允许访问actuator端点的ip，请求被拒绝");
            }
            Boolean bool = false;
            if (actuatorAccessIps.contains(ip)) {
                bool = true;
            }
            if (!bool.booleanValue() && HussarUtils.isNotEmpty(actuatorAccessIpSegments)) {
                Long convertStrIpToLong = IpUtils.convertStrIpToLong(ip);
                bool = Boolean.valueOf(actuatorAccessIpSegments.stream().anyMatch(ipSegment -> {
                    try {
                        Long convertStrIpToLong2 = IpUtils.convertStrIpToLong(ipSegment.getStartIp());
                        Long convertStrIpToLong3 = IpUtils.convertStrIpToLong(ipSegment.getEndIp());
                        if (convertStrIpToLong.longValue() >= convertStrIpToLong2.longValue()) {
                            if (convertStrIpToLong.longValue() <= convertStrIpToLong3.longValue()) {
                                return true;
                            }
                        }
                        return false;
                    } catch (Exception e) {
                        throw new HussarException("允许访问actuator端点的ip段类型转换失败，请求被拒绝");
                    }
                }));
            }
            if (!bool.booleanValue()) {
                throw new HussarException("请求ip未在允许访问名单内，actuator端点请求被拒绝");
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
