package fr.xebia.springframework.security.core.providers;

import fr.xebia.springframework.security.core.userdetails.ExtendedUser;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

/* loaded from: input_file:fr/xebia/springframework/security/core/providers/ExtendedDaoAuthenticationProvider.class */
public class ExtendedDaoAuthenticationProvider extends DaoAuthenticationProvider {
    protected final Log log = LogFactory.getLog(getClass());

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        super.additionalAuthenticationChecks(userDetails, usernamePasswordAuthenticationToken);
        if (!(userDetails instanceof ExtendedUser)) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Given userDetails '" + userDetails + "' is not an ExtendedUser, skip ipAddress verification");
                return;
            }
            return;
        }
        ExtendedUser extendedUser = (ExtendedUser) userDetails;
        if (!(usernamePasswordAuthenticationToken.getDetails() instanceof WebAuthenticationDetails)) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Given authentication '" + usernamePasswordAuthenticationToken + "' does not hold WebAuthenticationDetails, skip ipAddress verification");
            }
        } else {
            String remoteAddress = ((WebAuthenticationDetails) usernamePasswordAuthenticationToken.getDetails()).getRemoteAddress();
            if (this.log.isDebugEnabled()) {
                this.log.debug("Evaluate permission for '" + extendedUser + "' to authenticate from ip address " + remoteAddress);
            }
            if (!matchesOneAddress(remoteAddress, extendedUser.getAllowedRemoteAddressesPatterns())) {
                throw new BadCredentialsException("Access denied from IP : " + remoteAddress);
            }
        }
    }

    protected boolean matchesOneAddress(String str, List<Pattern> list) {
        if (list.isEmpty()) {
            return true;
        }
        Iterator<Pattern> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }
}
