package org.ametys.site;

import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import org.ametys.core.util.StringUtils;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.config.Config;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.cocoon.acting.Action;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;

/* loaded from: input_file:org/ametys/site/IsFromBackOfficeAction.class */
public class IsFromBackOfficeAction implements Action {
    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        if (!"true".equals(request.getHeader("X-Ametys-BO"))) {
            return null;
        }
        String valueAsString = Config.getInstance().getValueAsString("org.ametys.site.back.ip");
        Collection stringToCollection = StringUtils.stringToCollection(valueAsString);
        String header = request.getHeader("X-Forwarded-For");
        String remoteAddr = header != null ? header.split(",")[0] : request.getRemoteAddr();
        if (stringToCollection.isEmpty() || stringToCollection.contains(remoteAddr)) {
            return Collections.EMPTY_MAP;
        }
        throw new AccessDeniedException("IP '" + remoteAddr + "' is not an authorized back-office IP (" + valueAsString + ")");
    }
}
