package com.ibm.ws.security.spnego;

import com.ibm.wsspi.security.spnego.SpnegoTAIFilter;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.apache.wsif.wsdl.extensions.jms.JMSConstants;

/* loaded from: input_file:com/ibm/ws/security/spnego/HTTPHeaderFilter.class */
public class HTTPHeaderFilter implements SpnegoTAIFilter {
    private static final String ME = HTTPHeaderFilter.class.getName();
    private static final Logger logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);
    protected static final int _filterconditionSize = 32;
    private boolean processAll = false;
    protected Vector filterCondition = new Vector(32, 32);

    @Override // com.ibm.wsspi.security.spnego.SpnegoTAIFilter
    public boolean init(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "init", str);
        }
        boolean isFilterValid = isFilterValid(str);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "init", Boolean.toString(isFilterValid));
        }
        return isFilterValid;
    }

    public boolean isFilterValid(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isFilterValid", str);
        }
        boolean isValidCommon = isValidCommon(str, this.filterCondition);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "isFilterValid", Boolean.toString(isValidCommon));
        }
        return isValidCommon;
    }

    public static boolean isValid(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isValid", str);
        }
        boolean isValidCommon = isValidCommon(str, new Vector(32, 32));
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "isValid", Boolean.toString(isValidCommon));
        }
        return isValidCommon;
    }

    public static boolean isValidCommon(String str, Vector vector) {
        String nextToken;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isValidCommon", str);
        }
        boolean z = true;
        if (str == null) {
            logger.logp(Level.SEVERE, ME, "isValidCommon", "security.spnego.filter.init.null.string");
            z = false;
        } else {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
            String[] strArr = new String[3];
            while (true) {
                if (!stringTokenizer.hasMoreElements()) {
                    break;
                }
                nextToken = stringTokenizer.nextToken();
                StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, "^=!<>%");
                if (nextToken != null && stringTokenizer2.countTokens() >= 2) {
                    vector.add(new String[3]);
                    strArr = (String[]) vector.lastElement();
                    strArr[0] = stringTokenizer2.nextToken();
                    strArr[2] = stringTokenizer2.nextToken();
                    strArr[1] = nextToken.substring(strArr[0].length(), nextToken.length() - strArr[2].length()).trim();
                    if (!strArr[1].equals("==") && !strArr[1].equals("!=") && !strArr[1].equals("^=") && !strArr[1].equals("%=") && !strArr[1].equals("<") && !strArr[1].equals(">")) {
                        logger.logp(Level.SEVERE, ME, "isValidCommon", "security.spnego.malformed.filter.operator", new Object[]{strArr[1]});
                        z = false;
                        break;
                    }
                    logger.logp(Level.FINER, ME, "isValidCommon", "Adding " + strArr[0] + " " + strArr[1] + " " + strArr[2]);
                } else {
                    break;
                }
            }
            logger.logp(Level.SEVERE, ME, "isValidCommon", "security.spnego.malformed.filter.condition", new Object[]{str, nextToken, strArr});
            z = false;
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "isValidCommon", Boolean.toString(z));
        }
        return z;
    }

    @Override // com.ibm.wsspi.security.spnego.SpnegoTAIFilter
    public boolean isAccepted(HttpServletRequest httpServletRequest) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isAccepted");
        }
        boolean z = true;
        String str = "TAI will intercept request.";
        if (!this.processAll) {
            String[] strArr = new String[3];
            int i = 0;
            while (true) {
                if (i >= this.filterCondition.size()) {
                    break;
                }
                String[] strArr2 = (String[]) this.filterCondition.elementAt(i);
                String header = httpServletRequest.getHeader(strArr2[0]);
                if (header == null) {
                    if (!strArr2[0].equals("remote-address")) {
                        if (!strArr2[0].equals("request-url")) {
                            str = "No HTTPheader found, and no 'remote-address' or 'request-url' rule used - do not Intercept.";
                            z = false;
                            break;
                        }
                        String stringBuffer = httpServletRequest.getRequestURL().toString();
                        String queryString = httpServletRequest.getQueryString();
                        header = (queryString == null || queryString.length() <= 0) ? stringBuffer : stringBuffer + '?' + queryString;
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, ME, "isAccepted", "HTTPheader obtained from 'request-url' " + header);
                        }
                    } else {
                        header = httpServletRequest.getRemoteAddr();
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, ME, "isAccepted", "HTTPheader obtained from 'remote-address' " + header);
                        }
                    }
                }
                if (strArr2[1].equals("!=")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "Processing !=" + strArr2[2] + " - " + header);
                    }
                    if (header.indexOf(strArr2[2]) >= 0) {
                        str = "Found match, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals("==")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "Processing ==" + strArr2[2] + " - " + header);
                    }
                    if (!header.equals(strArr2[2])) {
                        str = "Did not find a match, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals("^=")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "Processing ^=" + strArr2[2] + " - " + header);
                    }
                    boolean z2 = false;
                    int indexOf = strArr2[2].indexOf(JMSConstants.JMS_URL_QUERY_SEPERATOR2);
                    String substring = indexOf == -1 ? strArr2[2] : strArr2[2].substring(0, indexOf);
                    while (true) {
                        String str2 = substring;
                        if (z2 || str2 == null) {
                            break;
                        }
                        if (header.indexOf(str2) >= 0) {
                            z2 = true;
                        }
                        if (indexOf == -1) {
                            substring = null;
                        } else {
                            int i2 = indexOf + 1;
                            indexOf = strArr2[2].indexOf(JMSConstants.JMS_URL_QUERY_SEPERATOR2, i2);
                            substring = indexOf == -1 ? strArr2[2].substring(i2) : strArr2[2].substring(i2, indexOf);
                        }
                    }
                    if (!z2) {
                        str = "Did not find a match, so do not intercept";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals("%=")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "Processing %=" + strArr2[2] + " - " + header);
                    }
                    if (header.indexOf(strArr2[2]) < 0) {
                        str = "Did not find a match, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals(">")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "Processing >" + strArr2[2] + " - " + header);
                    }
                    if (header.compareTo(strArr2[2]) <= 0) {
                        str = "Value is < needed, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else {
                    if (strArr2[1].equals("<")) {
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, ME, "isAccepted", "Processing <" + strArr2[2] + " - " + header);
                        }
                        if (header.compareTo(strArr2[2]) >= 0) {
                            str = "Value is > needed, so do not intercept";
                            z = false;
                            break;
                        }
                    } else {
                        continue;
                    }
                    i++;
                }
            }
        } else {
            str = "processAll is true, therefore we always intercept.";
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "isAccepted", z + " " + str);
        }
        return z;
    }

    @Override // com.ibm.wsspi.security.spnego.SpnegoTAIFilter
    public void setProcessAll(boolean z) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "setProcessAll", Boolean.toString(z));
        }
        this.processAll = z;
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "setProcessAll");
        }
    }
}
