package com.ibm.ws.proxy.compliance.http;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.dwlm.client.HttpSessionAffinityModule;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.proxy.filter.http.HttpProxyServerFilter;
import com.ibm.ws.proxy.filter.http.HttpProxyServerFilterConfig;
import com.ibm.ws.util.Base64;
import com.ibm.wsspi.dwlm.client.PartitionIDData;
import com.ibm.wsspi.genericbnf.HeaderKeys;
import com.ibm.wsspi.http.channel.HttpChannelUtils;
import com.ibm.wsspi.http.channel.HttpConstants;
import com.ibm.wsspi.http.channel.HttpRequestMessage;
import com.ibm.wsspi.http.channel.values.StatusCodes;
import com.ibm.wsspi.proxy.config.ProxyConfig;
import com.ibm.wsspi.proxy.config.Utils;
import com.ibm.wsspi.proxy.filter.http.HttpFilterStatusCode;
import com.ibm.wsspi.proxy.filter.http.HttpProxyServiceContext;
import com.ibm.wsspi.proxy.selection.policy.SelectionPolicy;
import com.ibm.wsspi.tcp.channel.SSLConnectionContext;
import java.util.HashMap;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: input_file:com/ibm/ws/proxy/compliance/http/HttpWASComplianceFilter.class */
public final class HttpWASComplianceFilter extends HttpProxyServerFilter {
    static final TraceComponent tc = Tr.register(HttpWASComplianceFilter.class, "WebSphere Proxy", "com.ibm.ws.proxy.filter.resources.filter");
    private static HttpWASComplianceFilter instance;
    private Config config;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ws/proxy/compliance/http/HttpWASComplianceFilter$Config.class */
    public final class Config extends HttpProxyServerFilterConfig {
        boolean isPTIDDisabled;
        boolean isUCFEnabled;
        static final String DISABLE_PTID = "http.ptid.disable";
        static final String VIRTUALPORT_MAP = "http.virtual.port.map";
        HashMap virtualPortMap;
        String rawVirtualPortMapString;
        boolean isForwardedAsManaged;
        static final String ISFORWARDEDASMANAGED = "http.forwarded.as.was.managed";

        Config(ProxyConfig proxyConfig, Config config) throws IllegalArgumentException {
            String[] split;
            this.isUCFEnabled = Utils.isHttpUCFFiltersEnabled(proxyConfig);
            if (!proxyConfig.getHttpProxyConfig().isEnableStaticRouting() && this.isUCFEnabled) {
                this.isPTIDDisabled = true;
            }
            String customProperty = proxyConfig.getCustomProperty(DISABLE_PTID);
            if (config == null) {
                logCustomProperty(DISABLE_PTID, customProperty);
            } else {
                logCustomProperty(DISABLE_PTID, String.valueOf(config.isPTIDDisabled), String.valueOf(this.isPTIDDisabled), false);
            }
            this.rawVirtualPortMapString = proxyConfig.getCustomProperty(VIRTUALPORT_MAP);
            if (this.rawVirtualPortMapString != null && (split = this.rawVirtualPortMapString.split(";|,")) != null && split.length > 0) {
                this.virtualPortMap = new HashMap();
                for (String str : split) {
                    String[] split2 = str.split(":");
                    if (split2 != null && split2.length == 2) {
                        this.virtualPortMap.put(Integer.valueOf(split2[0]), Integer.valueOf(split2[1]));
                    }
                }
            }
            String customProperty2 = proxyConfig.getCustomProperty(ISFORWARDEDASMANAGED);
            if (customProperty2 != null) {
                this.isForwardedAsManaged = Boolean.parseBoolean(customProperty2);
            }
            if (config == null) {
                logCustomProperty(ISFORWARDEDASMANAGED, customProperty2);
            } else {
                logCustomProperty(ISFORWARDEDASMANAGED, String.valueOf(config.isForwardedAsManaged), String.valueOf(this.isForwardedAsManaged), false);
            }
        }

        public int getMappedVirtualPort(int i) {
            Integer num;
            if (this.virtualPortMap != null && (num = (Integer) this.virtualPortMap.get(new Integer(i))) != null) {
                return num.intValue();
            }
            return i;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("disablePTID=" + this.isPTIDDisabled);
            stringBuffer.append(",VIRTUALPORT_MAP=" + this.rawVirtualPortMapString);
            stringBuffer.append("http.forwarded.as.was.managed=" + this.isForwardedAsManaged);
            return stringBuffer.toString();
        }
    }

    @Override // com.ibm.ws.proxy.filter.http.HttpProxyServerFilter
    protected void initFilterConfig(ProxyConfig proxyConfig) {
        instance = this;
        this.config = new Config(proxyConfig, null);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Filter=" + this.filterConfig.getDisplayName() + " initialized from ProxyConfig=" + this.config);
        }
    }

    @Override // com.ibm.ws.proxy.filter.http.HttpProxyServerFilter
    protected void replaceFilterConfig(ProxyConfig proxyConfig) {
        this.config = new Config(proxyConfig, this.config);
        if (tc.isEventEnabled()) {
            Tr.event(tc, "Filter=" + this.filterConfig.getDisplayName() + " replaced ProxyConfig=" + this.config);
        }
    }

    public static void setWASPrivateHeaders(HttpProxyServiceContext httpProxyServiceContext, HttpRequestMessage httpRequestMessage) throws Exception {
        String hostAddress = httpProxyServiceContext.getClientAddr().getHostAddress();
        setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSRA, hostAddress);
        setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSRH, hostAddress);
        setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSSN, httpProxyServiceContext.getRequestedVirtualHost());
        httpRequestMessage.setHeader(HttpConstants.HDR_$WSSP, HttpChannelUtils.asByteArray(instance.config.getMappedVirtualPort(httpProxyServiceContext.getRequestedVirtualPort())));
        setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSPR, HttpConstants.HTTP_VERSION_11.getName());
        setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSSC, httpRequestMessage.getScheme());
        if (httpProxyServiceContext.getSubject() != null) {
        }
        boolean z = false;
        SSLConnectionContext clientSSLConnectionContext = httpProxyServiceContext.getClientSSLConnectionContext();
        if (clientSSLConnectionContext == null) {
            httpRequestMessage.removeHeader(HttpConstants.HDR_$WSCC);
            httpRequestMessage.removeHeader(HttpConstants.HDR_$WSCS);
            httpRequestMessage.removeHeader(HttpConstants.HDR_$WSSI);
        } else {
            z = true;
            try {
                if (clientSSLConnectionContext.getNeedClientAuth() || clientSSLConnectionContext.getWantClientAuth()) {
                    setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSCC, Base64.encode(clientSSLConnectionContext.getSession().getPeerCertificates()[0].getEncoded()));
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Set $WSCC header from sslConnectionContext");
                    }
                } else {
                    httpRequestMessage.removeHeader(HttpConstants.HDR_$WSCC);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "$WSCC not set - cert not requested");
                    }
                }
            } catch (SSLPeerUnverifiedException e) {
                httpRequestMessage.removeHeader(HttpConstants.HDR_$WSCC);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "$WSCC not set - no client cert");
                }
            }
            setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSCS, clientSSLConnectionContext.getSession().getCipherSuite().toString());
            setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSSI, Base64.encode(clientSSLConnectionContext.getSession().getId()));
        }
        setHeaderIfNotNull(httpRequestMessage, HttpConstants.HDR_$WSIS, Boolean.toString(z));
    }

    private static void setHeaderIfNotNull(HttpRequestMessage httpRequestMessage, HeaderKeys headerKeys, String str) {
        if (str != null) {
            httpRequestMessage.setHeader(headerKeys, str);
        } else {
            httpRequestMessage.removeHeader(headerKeys);
        }
    }

    @Override // com.ibm.wsspi.proxy.filter.http.HttpDefaultFilter, com.ibm.wsspi.proxy.filter.http.HttpFilter
    public StatusCodes doFilter(HttpProxyServiceContext httpProxyServiceContext) {
        try {
            String str = (String) httpProxyServiceContext.getAttribute("internal.rewrite.uri.path");
            if (str != null) {
                HttpRequestMessage request = httpProxyServiceContext.getRequest();
                String queryString = request.getQueryString();
                request.setRequestURI(str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Filter=" + this.filterConfig.getDisplayName() + "rewrite request uri path to=" + str);
                }
                if (queryString != null) {
                    request.setQueryString(queryString);
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.proxy.compliance.http.HttpWASComplianceFilter.doFilter", "1", this);
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Filter=" + this.filterConfig.getDisplayName() + "is unable to process WAS request compliance for service context=" + httpProxyServiceContext + " because exception=" + e + ".");
            }
        }
        if (!httpProxyServiceContext.getResourcePolicy().isManaged() && !this.config.isForwardedAsManaged) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Filter=" + this.filterConfig.getDisplayName() + " sees resource is not managed, not adding WAS private headers for service context=" + httpProxyServiceContext);
            }
            return HttpFilterStatusCode.STATUS_FILTER_SUCCESS;
        }
        if (!this.config.isPTIDDisabled) {
            if (this.config.isUCFEnabled) {
                String str2 = (String) httpProxyServiceContext.getSelectionPolicy().getSelectionCriteraMap().get(SelectionPolicy.SCA_PARTITION_TABLE_VERSION);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "partitionTableVersion=" + str2 + ", service context=" + httpProxyServiceContext);
                }
                setHeaderIfNotNull(httpProxyServiceContext.getRequest(), HttpConstants.HDR_PARTITION_VERSION, str2);
            } else {
                PartitionIDData partitionIDData = HttpSessionAffinityModule.getPartitionIDData(httpProxyServiceContext.getDWLMServiceContext());
                if (partitionIDData != null) {
                    setHeaderIfNotNull(httpProxyServiceContext.getRequest(), HttpConstants.HDR_PARTITION_VERSION, partitionIDData.getPartitionIDTableVersion());
                }
            }
        }
        if (httpProxyServiceContext.isTrustedClient() && httpProxyServiceContext.isWASPrivateHeadersSet()) {
            httpProxyServiceContext.getRequest().setHeader(HttpConstants.HDR_$WSSP, HttpChannelUtils.asByteArray(instance.config.getMappedVirtualPort(httpProxyServiceContext.getRequestedVirtualPort())));
        } else {
            setWASPrivateHeaders(httpProxyServiceContext, httpProxyServiceContext.getRequest());
        }
        return HttpFilterStatusCode.STATUS_FILTER_SUCCESS;
    }
}
