package org.nuxeo.ecm.platform.gsa.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.platform.gsa.service.NuxeoGsaService;
import org.nuxeo.runtime.api.Framework;

/* loaded from: input_file:org/nuxeo/ecm/platform/gsa/filter/NuxeoGsaConnectorManagerFilter.class */
public class NuxeoGsaConnectorManagerFilter implements Filter {
    private static final Log log = LogFactory.getLog(NuxeoGsaConnectorManagerFilter.class);
    private String authorizedHost;

    public void destroy() {
        log.info("destroy");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (getAuthorizedHost() == null || getAuthorizedHost().length() == 0) {
            if (log.isDebugEnabled()) {
                log.debug("You should restrict access to connector manager, adding authorizedhost=" + servletRequest.getRemoteHost());
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            if (getAuthorizedHost().equals(servletRequest.getRemoteHost())) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            HttpServletResponse httpServletResponse = null;
            if (servletResponse instanceof HttpServletResponse) {
                httpServletResponse = (HttpServletResponse) servletResponse;
            }
            httpServletResponse.sendError(403, "You are not allowed to access the connector manager.");
            if (log.isDebugEnabled()) {
                log.debug("Deny requests from: " + servletRequest.getRemoteHost());
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("init");
    }

    public void setAuthorizedHost(String str) {
        this.authorizedHost = str;
    }

    public String getAuthorizedHost() {
        if (this.authorizedHost == null) {
            try {
                this.authorizedHost = ((NuxeoGsaService) Framework.getService(NuxeoGsaService.class)).getAuthorizedHost();
                if (this.authorizedHost == null || this.authorizedHost.length() <= 0) {
                    log.warn("GSA connector manager accepts requests from any IP, this is a security hole, please restrict the access to the connnector manager filling the authorizedhost option of the NuxeoGsaService.connector contribution.");
                } else {
                    log.warn("GSA connector manager accepts requests only from authorized host: " + this.authorizedHost);
                }
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                return null;
            }
        }
        return this.authorizedHost;
    }
}
