package com.fr.plugin.ipsso.utils; import com.fr.data.NetworkHelper; import com.fr.decision.mobile.terminal.TerminalHandler; import com.fr.decision.webservice.v10.login.LoginService; import com.fr.stable.web.Device; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; public class IPUtils { /** * 私有IP： * A类 10.0.0.0-10.255.255.255 * B类 172.16.0.0-172.31.255.255 * C类 192.168.0.0-192.168.255.255 * * 127这个网段是环回地址 * localhost */ static List ipFilterRegexList = new ArrayList<>(); static { Set ipFilter = new HashSet(); ipFilter.add("^10\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])" + "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])" + "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$"); // B类地址范围: 172.16.0.0---172.31.255.255 ipFilter.add("^172\\.(1[6789]|2[0-9]|3[01])\\" + ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\" + ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$"); // C类地址范围: 192.168.0.0---192.168.255.255 ipFilter.add("^192\\.168\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\" + ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$"); ipFilter.add("127.0.0.1"); ipFilter.add("0.0.0.0"); ipFilter.add("localhost"); for (String tmp : ipFilter) { ipFilterRegexList.add(Pattern.compile(tmp)); } } // IP的正则,这个正则不能验证第一组数字为0的情况 private static Pattern pattern = Pattern .compile("([1-9]\\d?|1\\d{2}|2[01]\\d|22[0-3])\\." + "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\." + "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\." + "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})"); /** * * getAvaliIpList:(根据IP白名单设置获取可用的IP列表). * * @date 2020-11-11 下午02:50:20 * @return */ private static Set getAvaliIpList(String allowIp) { Set ipList = new HashSet(); for (String allow : allowIp.replaceAll("\\s", "").split(",")) { if (allow.indexOf("*") > -1) { String[] ips = allow.split("\\."); String[] from = new String[] { "0", "0", "0", "0" }; String[] end = new String[] { "255", "255", "255", "255" }; List tem = new ArrayList(); for (int i = 0; i < ips.length; i++) if (ips[i].indexOf("*") > -1) { //todo 直接用等于，不能正确获取类似192.168.**.*这种格式的ip段 tem = complete(ips[i]); from[i] = null; end[i] = null; } else { from[i] = ips[i]; end[i] = ips[i]; } StringBuffer fromIP = new StringBuffer(); StringBuffer endIP = new StringBuffer(); for (int i = 0; i < 4; i++) if (from[i] != null) { fromIP.append(from[i]).append("."); endIP.append(end[i]).append("."); } else { fromIP.append("[*]."); endIP.append("[*]."); } fromIP.deleteCharAt(fromIP.length() - 1); endIP.deleteCharAt(endIP.length() - 1); for (String s : tem) { String ip = fromIP.toString().replace("[*]", s.split(";")[0]) + "-" + endIP.toString().replace("[*]", s.split(";")[1]); if (validate(ip)) { ipList.add(ip); } } } else { if (validate(allow)) { ipList.add(allow); } } } return ipList; } /** * 对单个IP节点进行范围限定 * * @param arg * @return 返回限定后的IP范围，格式为List[10;19, 100;199] */ private static List complete(String arg) { List com = new ArrayList(); if (arg.length() == 1) { com.add("0;255"); } else if (arg.length() == 2) { String s1 = complete(arg, 1); if (s1 != null) com.add(s1); String s2 = complete(arg, 2); if (s2 != null) com.add(s2); } else { String s1 = complete(arg, 1); if (s1 != null) com.add(s1); } return com; } private static String complete(String arg, int length) { String from = ""; String end = ""; if (length == 1) { from = arg.replace("*", "0"); end = arg.replace("*", "9"); } else { from = arg.replace("*", "00"); end = arg.replace("*", "99"); } if (Integer.valueOf(from) > 255) return null; if (Integer.valueOf(end) > 255) end = "255"; return from + ";" + end; } /** * 在添加至白名单时进行格式校验 * * @param ip * @return */ private static boolean validate(String ip) { for (String s : ip.split("-")) if (!pattern.matcher(s).matches()) { return false; } return true; } /** * * checkLoginIP:(根据IP,及可用Ip列表来判断ip是否包含在白名单之中). * @date 2017-4-17 下午03:01:03 * @param ip * @param ipList * @return */ private static boolean checkLoginIP(String ip, Set ipList) { if (ipList.isEmpty() || ipList.contains(ip)) return true; else { for (String allow : ipList) { if (allow.indexOf("-") > -1) { String[] from = allow.split("-")[0].split("\\."); String[] end = allow.split("-")[1].split("\\."); String[] tag = ip.split("\\."); // 对IP从左到右进行逐段匹配 boolean check = true; for (int i = 0; i < 4; i++) { int s = Integer.valueOf(from[i]); int t = Integer.valueOf(tag[i]); int e = Integer.valueOf(end[i]); if (!(s <= t && t <= e)) { check = false; break; } } if (check) { return true; } } } } return false; } /** * * checkLoginIP:(根据IP地址，及IP白名单设置规则判断IP是否包含在白名单). * @date 2017-4-17 下午03:01:37 * @param ip * @param ipWhiteConfig * @return */ public static boolean checkLoginIP(String ip,String ipWhiteConfig){ Set ipList = getAvaliIpList(ipWhiteConfig); return checkLoginIP(ip, ipList); } /** * 获取真实IP 原逻辑 * @param request * @return */ public static String getRealIp2(HttpServletRequest request) { // 这个一般是Nginx反向代理设置的参数 String ip = request.getHeader("X-Real-IP"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("X-Forwarded-For"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } // 处理多IP的情况（只取第一个IP） if (ip != null && ip.contains(",")) { String[] ipArray = ip.split(","); ip = ipArray[0]; } //FineLoggerFactory.getLogger().info("[ENC]客户端IP为[{}]",ip); return ip; } /** * 获取真实IP 客户逻辑 * @param request * @return */ public static String getRealIp(HttpServletRequest request) { String ip = request.getHeader("X-Forwarded-For"); if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("X-Real-IP"); } if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } // 处理多IP的情况（只取第一个IP） if (ip != null && ip.contains(",")) { String[] ipArray = ip.split(","); ip = ipArray[0]; } return ip; } /** * 判断IP是否内网IP * @Title: ipIsInner * @param ip * @return: boolean */ public static boolean ipIsInner(String ip) { boolean isInnerIp = false; for (Pattern tmp : ipFilterRegexList) { Matcher matcher = tmp.matcher(ip); if (matcher.find()) { isInnerIp = true; break; } } return isInnerIp; } // token有效性检验 public static boolean checkTokenValid(HttpServletRequest req, String token) { // 判断该token是否还保存在状态服务器中，也就是判断该token是否还有用 try { Device device = NetworkHelper.getDevice(req); LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device)); return true; } catch (Exception e) { } return false; } /** * 判断是否是内网IP "192.168.1.1," + //设置单个IP的白名单 * "192.168.*.2," + //设置ip通配符,对一个ip段进行匹配 * "192.168.3.17-192.168.3.38"; //设置一个IP范围 * @param ip * @return */ public static boolean isInnerIP(String ip,String ipWhite) throws IOException { String ip4[]=ip.split("\\."); if(ip4.length==4) { return checkLoginIP(ip,ipWhite); }else{ return false; } } }