package org.ametys.cms.rights;

import java.util.Collection;
import java.util.Map;
import org.ametys.core.util.StringUtils;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;
import org.apache.commons.collections.CollectionUtils;

/* loaded from: input_file:org/ametys/cms/rights/CheckIpAction.class */
public class CheckIpAction extends ServiceableAction {
    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        String parameter = parameters.getParameter("allowedIps", "");
        Collection stringToCollection = StringUtils.stringToCollection(parameter);
        Collection stringToCollection2 = StringUtils.stringToCollection(request.getHeader("X-Forwarded-For"));
        stringToCollection2.add(request.getRemoteAddr());
        if (stringToCollection.isEmpty() || CollectionUtils.containsAny(stringToCollection, stringToCollection2)) {
            return EMPTY_MAP;
        }
        throw new AccessDeniedException("IP '" + org.apache.commons.lang3.StringUtils.join(stringToCollection2, ", ") + "' is not an authorized IP (" + parameter + ")");
    }
}
