View Javadoc

1   /*
2    * Copyright 2002-2016 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Retrieved on 8-March-2018 from https://raw.githubusercontent.com/spring-projects/spring-security/f221920a1990f458b26b185c8fbe5b3623dbd8c1/web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
17   */
18  package com.atlassian.httpclient.apache.httpcomponents;
19  
20  import javax.servlet.http.HttpServletRequest;
21  import java.net.InetAddress;
22  import java.net.UnknownHostException;
23  import java.util.Arrays;
24  
25  /**
26   * Matches a request based on IP Address or subnet mask matching against the remote
27   * address.
28   * <p>
29   * Both IPv6 and IPv4 addresses are supported, but a matcher which is configured with an
30   * IPv4 address will never match a request which returns an IPv6 address, and vice-versa.
31   *
32   * @author Luke Taylor
33   * @since 3.0.2
34   */
35  public final class IpAddressMatcher {
36  
37      private final int nMaskBits;
38      private final InetAddress requiredAddress;
39  
40      /**
41       * Takes a specific IP address or a range specified using the IP/Netmask (e.g.
42       * 192.168.1.0/24 or 202.24.0.0/14).
43       *
44       * @param ipAddress the address or range of addresses from which the request must
45       *                  come.
46       */
47      public IpAddressMatcher(String ipAddress) {
48          if (ipAddress.indexOf('/') > 0) {
49              String[] addressAndMask = ipAddress.split("/");
50              ipAddress = addressAndMask[0];
51              nMaskBits = Integer.parseInt(addressAndMask[1]);
52          } else {
53              nMaskBits = -1;
54          }
55          requiredAddress = parseAddress(ipAddress);
56      }
57  
58      public boolean matches(HttpServletRequest request) {
59          return matches(request.getRemoteAddr());
60      }
61  
62      public boolean matches(String address) {
63          InetAddress remoteAddress = parseAddress(address);
64  
65          if (!requiredAddress.getClass().equals(remoteAddress.getClass())) {
66              return false;
67          }
68  
69          if (nMaskBits < 0) {
70              return remoteAddress.equals(requiredAddress);
71          }
72  
73          byte[] remAddr = remoteAddress.getAddress();
74          byte[] reqAddr = requiredAddress.getAddress();
75  
76          int oddBits = nMaskBits % 8;
77          int nMaskBytes = nMaskBits / 8 + (oddBits == 0 ? 0 : 1);
78          byte[] mask = new byte[nMaskBytes];
79  
80          Arrays.fill(mask, 0, oddBits == 0 ? mask.length : mask.length - 1, (byte) 0xFF);
81  
82          if (oddBits != 0) {
83              int finalByte = (1 << oddBits) - 1;
84              finalByte <<= 8 - oddBits;
85              mask[mask.length - 1] = (byte) finalByte;
86          }
87  
88          for (int i = 0; i < mask.length; i++) {
89              if ((remAddr[i] & mask[i]) != (reqAddr[i] & mask[i])) {
90                  return false;
91              }
92          }
93  
94          return true;
95      }
96  
97      private InetAddress parseAddress(String address) {
98          try {
99              return InetAddress.getByName(address);
100         } catch (UnknownHostException e) {
101             throw new IllegalArgumentException("Failed to parse address" + address, e);
102         }
103     }
104 }
105