View Javadoc

1   /*
2    * Copyright 2002-2016 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Retrieved on 8-March-2018 from https://raw.githubusercontent.com/spring-projects/spring-security/f221920a1990f458b26b185c8fbe5b3623dbd8c1/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
17   */
18  package com.atlassian.httpclient.apache.httpcomponents;
19  
20  import org.apache.commons.lang3.StringUtils;
21  
22  import javax.servlet.http.HttpServletRequest;
23  import java.net.InetAddress;
24  import java.net.UnknownHostException;
25  import java.util.Arrays;
26  
27  /**
28   * Matches a request based on IP Address or subnet mask matching against the remote
29   * address.
30   * <p>
31   * Both IPv6 and IPv4 addresses are supported, but a matcher which is configured with an
32   * IPv4 address will never match a request which returns an IPv6 address, and vice-versa.
33   *
34   * @author Luke Taylor
35   * @since 3.0.2
36   */
37  public final class IpAddressMatcher {
38  
39      private final int nMaskBits;
40      private final InetAddress requiredAddress;
41  
42      /**
43       * Takes a specific IP address or a range specified using the IP/Netmask (e.g.
44       * 192.168.1.0/24 or 202.24.0.0/14).
45       *
46       * @param ipAddress the address or range of addresses from which the request must
47       *                  come.
48       */
49      public IpAddressMatcher(String ipAddress) {
50          if (ipAddress.indexOf('/') > 0) {
51              String[] addressAndMask = StringUtils.split(ipAddress, "/");
52              ipAddress = addressAndMask[0];
53              nMaskBits = Integer.parseInt(addressAndMask[1]);
54          } else {
55              nMaskBits = -1;
56          }
57          requiredAddress = parseAddress(ipAddress);
58      }
59  
60      public boolean matches(HttpServletRequest request) {
61          return matches(request.getRemoteAddr());
62      }
63  
64      public boolean matches(String address) {
65          InetAddress remoteAddress = parseAddress(address);
66  
67          if (!requiredAddress.getClass().equals(remoteAddress.getClass())) {
68              return false;
69          }
70  
71          if (nMaskBits < 0) {
72              return remoteAddress.equals(requiredAddress);
73          }
74  
75          byte[] remAddr = remoteAddress.getAddress();
76          byte[] reqAddr = requiredAddress.getAddress();
77  
78          int oddBits = nMaskBits % 8;
79          int nMaskBytes = nMaskBits / 8 + (oddBits == 0 ? 0 : 1);
80          byte[] mask = new byte[nMaskBytes];
81  
82          Arrays.fill(mask, 0, oddBits == 0 ? mask.length : mask.length - 1, (byte) 0xFF);
83  
84          if (oddBits != 0) {
85              int finalByte = (1 << oddBits) - 1;
86              finalByte <<= 8 - oddBits;
87              mask[mask.length - 1] = (byte) finalByte;
88          }
89  
90          for (int i = 0; i < mask.length; i++) {
91              if ((remAddr[i] & mask[i]) != (reqAddr[i] & mask[i])) {
92                  return false;
93              }
94          }
95  
96          return true;
97      }
98  
99      private InetAddress parseAddress(String address) {
100         try {
101             return InetAddress.getByName(address);
102         } catch (UnknownHostException e) {
103             throw new IllegalArgumentException("Failed to parse address" + address, e);
104         }
105     }
106 }
107