package org.apache.wicket.protocol.http.servlet;

import java.util.LinkedList;
import java.util.regex.Pattern;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/wicket-core-9.0.0-M5.jar:org/apache/wicket/protocol/http/servlet/XForwardedRequestWrapperFactory.class */
public class XForwardedRequestWrapperFactory extends AbstractRequestWrapperFactory {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) XForwardedRequestWrapperFactory.class);
    protected static final String HTTP_SERVER_PORT_PARAMETER = "httpServerPort";
    protected static final String HTTPS_SERVER_PORT_PARAMETER = "httpsServerPort";
    protected static final String INTERNAL_PROXIES_PARAMETER = "allowedInternalProxies";
    protected static final String PROTOCOL_HEADER_PARAMETER = "protocolHeader";
    protected static final String PROTOCOL_HEADER_SSL_VALUE_PARAMETER = "protocolHeaderSslValue";
    protected static final String PROXIES_HEADER_PARAMETER = "proxiesHeader";
    protected static final String REMOTE_IP_HEADER_PARAMETER = "remoteIPHeader";
    protected static final String TRUSTED_PROXIES_PARAMETER = "trustedProxies";
    private Config config = new Config();

    /* loaded from: input_file:WEB-INF/lib/wicket-core-9.0.0-M5.jar:org/apache/wicket/protocol/http/servlet/XForwardedRequestWrapperFactory$Config.class */
    public static class Config {
        private boolean enabled = true;
        private int httpServerPort = 80;
        private int httpsServerPort = 443;
        private String protocolHeader = null;
        private String protocolHeaderSslValue = "https";
        private String proxiesHeader = "X-Forwarded-By";
        private String remoteIPHeader = "X-Forwarded-For";
        private Pattern[] trustedProxies = new Pattern[0];
        private Pattern[] allowedInternalProxies = {Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("192\\.168\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}"), Pattern.compile("169\\.254\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}")};

        public void setAllowedInternalProxies(String str) {
            this.allowedInternalProxies = AbstractRequestWrapperFactory.commaDelimitedListToPatternArray(str);
        }

        public void setHttpServerPort(int i) {
            this.httpServerPort = i;
        }

        public void setHttpsServerPort(int i) {
            this.httpsServerPort = i;
        }

        public void setProtocolHeader(String str) {
            this.protocolHeader = str;
        }

        public void setProtocolHeaderSslValue(String str) {
            this.protocolHeaderSslValue = str;
        }

        public void setProxiesHeader(String str) {
            this.proxiesHeader = str;
        }

        public void setRemoteIPHeader(String str) {
            this.remoteIPHeader = str;
        }

        public void setTrustedProxies(String str) {
            this.trustedProxies = AbstractRequestWrapperFactory.commaDelimitedListToPatternArray(str);
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public boolean isEnabled() {
            return this.enabled;
        }
    }

    public final Config getConfig() {
        return this.config;
    }

    public final void setConfig(Config config) {
        this.config = config;
    }

    @Override // org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
    public boolean needsWrapper(HttpServletRequest httpServletRequest) {
        boolean matchesOne = matchesOne(httpServletRequest.getRemoteAddr(), this.config.allowedInternalProxies);
        if (!matchesOne && log.isDebugEnabled()) {
            log.debug("Skip XForwardedFilter for request " + httpServletRequest.getRequestURI() + " with remote address " + httpServletRequest.getRemoteAddr());
        }
        return matchesOne;
    }

    @Override // org.apache.wicket.protocol.http.servlet.AbstractRequestWrapperFactory
    public HttpServletRequest newRequestWrapper(HttpServletRequest httpServletRequest) {
        String header;
        String str = null;
        LinkedList linkedList = new LinkedList();
        String[] commaDelimitedListToStringArray = commaDelimitedListToStringArray(httpServletRequest.getHeader(this.config.remoteIPHeader));
        int length = commaDelimitedListToStringArray.length - 1;
        while (true) {
            if (length < 0) {
                break;
            }
            String str2 = commaDelimitedListToStringArray[length];
            str = str2;
            if (!matchesOne(str2, this.config.allowedInternalProxies)) {
                if (!matchesOne(str2, this.config.trustedProxies)) {
                    length--;
                    break;
                }
                linkedList.addFirst(str2);
            }
            length--;
        }
        LinkedList linkedList2 = new LinkedList();
        while (length >= 0) {
            linkedList2.addFirst(commaDelimitedListToStringArray[length]);
            length--;
        }
        XForwardedRequestWrapper xForwardedRequestWrapper = new XForwardedRequestWrapper(httpServletRequest);
        if (str != null) {
            xForwardedRequestWrapper.setRemoteAddr(str);
            xForwardedRequestWrapper.setRemoteHost(str);
            if (linkedList.size() == 0) {
                xForwardedRequestWrapper.removeHeader(this.config.proxiesHeader);
            } else {
                xForwardedRequestWrapper.setHeader(this.config.proxiesHeader, listToCommaDelimitedString(linkedList));
            }
            if (linkedList2.size() == 0) {
                xForwardedRequestWrapper.removeHeader(this.config.remoteIPHeader);
            } else {
                xForwardedRequestWrapper.setHeader(this.config.remoteIPHeader, listToCommaDelimitedString(linkedList2));
            }
        }
        if (this.config.protocolHeader != null && (header = httpServletRequest.getHeader(this.config.protocolHeader)) != null) {
            if (this.config.protocolHeaderSslValue.equalsIgnoreCase(header)) {
                xForwardedRequestWrapper.setSecure(true);
                xForwardedRequestWrapper.setScheme("https");
                xForwardedRequestWrapper.setServerPort(this.config.httpsServerPort);
            } else {
                xForwardedRequestWrapper.setSecure(false);
                xForwardedRequestWrapper.setScheme("http");
                xForwardedRequestWrapper.setServerPort(this.config.httpServerPort);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Incoming request " + httpServletRequest.getRequestURI() + " with originalRemoteAddr '" + httpServletRequest.getRemoteAddr() + "', originalRemoteHost='" + httpServletRequest.getRemoteHost() + "', originalSecure='" + httpServletRequest.isSecure() + "', originalScheme='" + httpServletRequest.getScheme() + "', original[" + this.config.remoteIPHeader + "]='" + httpServletRequest.getHeader(this.config.remoteIPHeader) + ", original[" + this.config.protocolHeader + "]='" + (this.config.protocolHeader == null ? null : httpServletRequest.getHeader(this.config.protocolHeader)) + "' will be seen as newRemoteAddr='" + xForwardedRequestWrapper.getRemoteAddr() + "', newRemoteHost='" + xForwardedRequestWrapper.getRemoteHost() + "', newScheme='" + xForwardedRequestWrapper.getScheme() + "', newSecure='" + xForwardedRequestWrapper.isSecure() + "', new[" + this.config.remoteIPHeader + "]='" + xForwardedRequestWrapper.getHeader(this.config.remoteIPHeader) + ", new[" + this.config.proxiesHeader + "]='" + xForwardedRequestWrapper.getHeader(this.config.proxiesHeader) + "'");
        }
        return xForwardedRequestWrapper;
    }

    public void init(FilterConfig filterConfig) {
        if (filterConfig.getInitParameter(INTERNAL_PROXIES_PARAMETER) != null) {
            this.config.setAllowedInternalProxies(filterConfig.getInitParameter(INTERNAL_PROXIES_PARAMETER));
        }
        if (filterConfig.getInitParameter(PROTOCOL_HEADER_PARAMETER) != null) {
            this.config.setProtocolHeader(filterConfig.getInitParameter(PROTOCOL_HEADER_PARAMETER));
        }
        if (filterConfig.getInitParameter(PROTOCOL_HEADER_SSL_VALUE_PARAMETER) != null) {
            this.config.setProtocolHeaderSslValue(filterConfig.getInitParameter(PROTOCOL_HEADER_SSL_VALUE_PARAMETER));
        }
        if (filterConfig.getInitParameter(PROXIES_HEADER_PARAMETER) != null) {
            this.config.setProxiesHeader(filterConfig.getInitParameter(PROXIES_HEADER_PARAMETER));
        }
        if (filterConfig.getInitParameter(REMOTE_IP_HEADER_PARAMETER) != null) {
            this.config.setRemoteIPHeader(filterConfig.getInitParameter(REMOTE_IP_HEADER_PARAMETER));
        }
        if (filterConfig.getInitParameter(TRUSTED_PROXIES_PARAMETER) != null) {
            this.config.setTrustedProxies(filterConfig.getInitParameter(TRUSTED_PROXIES_PARAMETER));
        }
        if (filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER) != null) {
            try {
                this.config.setHttpServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER)));
            } catch (NumberFormatException e) {
                throw new NumberFormatException("Illegal httpServerPort : " + e.getMessage());
            }
        }
        if (filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER) != null) {
            try {
                this.config.setHttpsServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER)));
            } catch (NumberFormatException e2) {
                throw new NumberFormatException("Illegal httpsServerPort : " + e2.getMessage());
            }
        }
    }
}
