package com.ibm.ws.security.spnego.filter;

import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.spnego.Constants;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.apache.wsif.wsdl.extensions.jms.JMSConstants;

/* loaded from: input_file:com/ibm/ws/security/spnego/filter/HTTPHeaderFilterBase.class */
public class HTTPHeaderFilterBase {
    private static final String ME = HTTPHeaderFilterBase.class.getName();
    private static final Logger logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);
    private static ResourceBundle resBundle = ResourceBundle.getBundle(Constants.MSGS_BUNDLE, Locale.getDefault());
    private boolean processAll = false;
    protected List filterCondition = new LinkedList();

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    public boolean init(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "init", str);
        }
        if (str == null) {
            logger.logp(Level.SEVERE, ME, "init", "security.spnego.filter.init.null.string");
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, "^=!<>%");
            String nextToken2 = stringTokenizer2.nextToken();
            if (!stringTokenizer2.hasMoreTokens()) {
                logger.logp(Level.SEVERE, ME, "init", "security.spnego.malformed.filter.condition", new Object[]{str, nextToken, null});
                return false;
            }
            String nextToken3 = stringTokenizer2.nextToken();
            String trim = nextToken.substring(nextToken2.length(), nextToken.length() - nextToken3.length()).trim();
            boolean z = false;
            if ("remote-address".equals(nextToken2)) {
                z = true;
            }
            logger.logp(Level.FINER, ME, "isValid", "Adding " + nextToken2 + " " + trim + " " + nextToken3);
            try {
                this.filterCondition.add(makeCondition(nextToken2, trim, nextToken3, z));
            } catch (FilterException e) {
                throw new RuntimeException(e);
            }
        }
        if (!logger.isLoggable(Level.FINER)) {
            return true;
        }
        logger.exiting(ME, "init", Boolean.toString(true));
        return true;
    }

    private ICondition makeCondition(String str, String str2, String str3, boolean z) throws FilterException {
        if (str2.equals("==")) {
            return new EqualCondition(str, makeValue(str3, z));
        }
        if (str2.equals("!=")) {
            return new NotContainsCondition(str, makeValue(str3, z));
        }
        if (str2.equals("^=")) {
            OrCondition orCondition = new OrCondition(str);
            StringTokenizer stringTokenizer = new StringTokenizer(str3, JMSConstants.JMS_URL_QUERY_SEPERATOR2);
            while (stringTokenizer.hasMoreTokens()) {
                orCondition.addValue(makeValue(stringTokenizer.nextToken(), z));
            }
            return orCondition;
        }
        if (str2.equals("%=")) {
            return new ContainsCondition(str, makeValue(str3, z));
        }
        if (str2.equals("<")) {
            return new LessCondition(str, makeValue(str3, z));
        }
        if (str2.equals(">")) {
            return new GreaterCondition(str, makeValue(str3, z));
        }
        logger.logp(Level.SEVERE, ME, "init", "security.spnego.malformed.filter.operator", new Object[]{str2});
        throw new FilterException(getMsg(resBundle, "security.spnego.malformed.filter.operator", new Object[]{str2}));
    }

    private IValue makeValue(String str, boolean z) throws FilterException {
        return z ? new ValueAddressRange(str) : new ValueString(str);
    }

    public boolean isAccepted(HttpServletRequest httpServletRequest) {
        return isAccepted(new RealRequestInfo(httpServletRequest));
    }

    public boolean isAccepted(IRequestInfo iRequestInfo) {
        IValue valueIPAddress;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isAccepted");
        }
        if (this.processAll) {
            if (!logger.isLoggable(Level.FINER)) {
                return true;
            }
            logger.exiting(ME, "isAccepted", "true processAll is true, therefore we always intercept.");
            return true;
        }
        for (ICondition iCondition : this.filterCondition) {
            String header = iRequestInfo.getHeader(iCondition.getKey());
            boolean z = false;
            if (header == null) {
                if (iCondition.getKey().equals("remote-address")) {
                    header = iRequestInfo.getRemoteAddr();
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "HTTPheader obtained from 'remote-address' " + header);
                    }
                    z = true;
                } else if (iCondition.getKey().equals("request-url")) {
                    String queryString = iRequestInfo.getQueryString();
                    header = queryString != null ? iRequestInfo.getRequestURL().toString() + "?" + queryString : iRequestInfo.getRequestURL().toString();
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", "HTTPheader obtained from 'request-url' " + header);
                    }
                } else if (!(iCondition instanceof NotContainsCondition)) {
                    if (!logger.isLoggable(Level.FINER)) {
                        return false;
                    }
                    logger.exiting(ME, "isAccepted", "false No HTTPheader found, and no 'remote-address' or 'request-url' rule used - do not Intercept.");
                    return false;
                }
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "isAccepted", "Checking condition {0} {1}.", new Object[]{iCondition, header});
            }
            if (z) {
                try {
                    valueIPAddress = new ValueIPAddress(header);
                } catch (FilterException e) {
                    throw new RuntimeException(e);
                }
            } else {
                valueIPAddress = new ValueString(header);
            }
            if (!iCondition.checkCondition(valueIPAddress)) {
                if (!logger.isLoggable(Level.FINER)) {
                    return false;
                }
                logger.logp(Level.FINER, ME, "isAccepted", "check failed, returning false. TAI will not intercept");
                return false;
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "isAccepted", "check passed, continuing to next condition");
            }
        }
        if (!logger.isLoggable(Level.FINER)) {
            return true;
        }
        logger.logp(Level.FINER, ME, "isAccepted", "TAI will intercept request");
        logger.exiting(ME, "isAccepted", "true TAI will intercept request.");
        return true;
    }

    public void setProcessAll(boolean z) {
        this.processAll = z;
    }
}
