package com.ibm.ws.security.spnego;

import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.wsspi.security.spnego.SpnegoTAIFilter;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jst.j2ee.internal.web.operations.CreateServletTemplateModel;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/security/spnego/HTTPHeaderFilter.class */
public class HTTPHeaderFilter implements SpnegoTAIFilter {
    private static final String ME;
    private static final Logger logger;
    private boolean processAll = false;
    protected static final int _filterconditionSize = 32;
    protected static Vector filterCondition;
    static Class class$com$ibm$ws$security$spnego$HTTPHeaderFilter;

    @Override // com.ibm.wsspi.security.spnego.SpnegoTAIFilter
    public boolean init(String str) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, CreateServletTemplateModel.INIT, str);
        }
        boolean isValid = isValid(str);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, CreateServletTemplateModel.INIT, Boolean.toString(isValid));
        }
        return isValid;
    }

    public static boolean isValid(String str) {
        String nextToken;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isValid", str);
        }
        boolean z = true;
        if (str == null) {
            logger.logp(Level.SEVERE, ME, "isValid", "security.spnego.filter.init.null.string");
            z = false;
        } else {
            filterCondition = new Vector(32);
            StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
            String[] strArr = new String[3];
            while (true) {
                if (!stringTokenizer.hasMoreElements()) {
                    break;
                }
                nextToken = stringTokenizer.nextToken();
                StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, "^=!<>%");
                if (nextToken != null && stringTokenizer2.countTokens() >= 2) {
                    filterCondition.add(new String[3]);
                    strArr = (String[]) filterCondition.lastElement();
                    strArr[0] = stringTokenizer2.nextToken();
                    strArr[2] = stringTokenizer2.nextToken();
                    if (nextToken != null) {
                        strArr[1] = nextToken.substring(strArr[0].length(), nextToken.length() - strArr[2].length()).trim();
                        if (!strArr[1].equals("==") && !strArr[1].equals("!=") && !strArr[1].equals("^=") && !strArr[1].equals("%=") && !strArr[1].equals("<") && !strArr[1].equals(">")) {
                            logger.logp(Level.SEVERE, ME, "isValid", "security.spnego.malformed.filter.operator", new Object[]{strArr[1]});
                            z = false;
                            break;
                        }
                        logger.logp(Level.FINER, ME, "isValid", new StringBuffer().append("Adding ").append(strArr[0]).append(" ").append(strArr[1]).append(" ").append(strArr[2]).toString());
                    } else {
                        logger.logp(Level.SEVERE, ME, "isValid", "security.spnego.malformed.filter.condition", new Object[]{str, nextToken, strArr});
                        z = false;
                        break;
                    }
                } else {
                    break;
                }
            }
            logger.logp(Level.SEVERE, ME, "isValid", "security.spnego.malformed.filter.condition", new Object[]{str, nextToken, strArr});
            z = false;
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "isValid", Boolean.toString(z));
        }
        return z;
    }

    @Override // com.ibm.wsspi.security.spnego.SpnegoTAIFilter
    public boolean isAccepted(HttpServletRequest httpServletRequest) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isAccepted");
        }
        boolean z = true;
        String str = "TAI will intercept request.";
        if (!this.processAll) {
            String[] strArr = new String[3];
            int i = 0;
            while (true) {
                if (i >= filterCondition.size()) {
                    break;
                }
                String[] strArr2 = (String[]) filterCondition.elementAt(i);
                String header = httpServletRequest.getHeader(strArr2[0]);
                if (header == null) {
                    if (!strArr2[0].equals("remote-address")) {
                        if (!strArr2[0].equals("request-url")) {
                            str = "No HTTPheader found, and no 'remote-address' or 'request-url' rule used - do not Intercept.";
                            z = false;
                            break;
                        }
                        String stringBuffer = httpServletRequest.getRequestURL().toString();
                        String queryString = httpServletRequest.getQueryString();
                        header = (queryString == null || queryString.length() <= 0) ? stringBuffer : new StringBuffer().append(stringBuffer).append('?').append(queryString).toString();
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("HTTPheader obtained from 'request-url' ").append(header).toString());
                        }
                    } else {
                        header = httpServletRequest.getRemoteAddr();
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("HTTPheader obtained from 'remote-address' ").append(header).toString());
                        }
                    }
                }
                if (strArr2[1].equals("!=")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("Processing !=").append(strArr2[2]).append(" - ").append(header).toString());
                    }
                    if (header.indexOf(strArr2[2]) > 0) {
                        str = "Found match, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals("==")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("Processing ==").append(strArr2[2]).append(" - ").append(header).toString());
                    }
                    if (!header.equals(strArr2[2])) {
                        str = "Did not find a match, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals("^=")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("Processing ^=").append(strArr2[2]).append(" - ").append(header).toString());
                    }
                    boolean z2 = false;
                    int indexOf = strArr2[2].indexOf(CommandSecurityUtil.PARAM_DELIM);
                    String substring = indexOf == -1 ? strArr2[2] : strArr2[2].substring(0, indexOf);
                    while (true) {
                        String str2 = substring;
                        if (z2 || str2 == null) {
                            break;
                        }
                        if (header.indexOf(str2) >= 0) {
                            z2 = true;
                        }
                        if (indexOf == -1) {
                            substring = null;
                        } else {
                            int i2 = indexOf + 1;
                            indexOf = strArr2[2].indexOf(CommandSecurityUtil.PARAM_DELIM, i2);
                            substring = indexOf == -1 ? strArr2[2].substring(i2) : strArr2[2].substring(i2, indexOf);
                        }
                    }
                    if (!z2) {
                        str = "Did not find a match, so do not intercept";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals("%=")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("Processing %=").append(strArr2[2]).append(" - ").append(header).toString());
                    }
                    if (header.indexOf(strArr2[2]) < 0) {
                        str = "Did not find a match, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else if (strArr2[1].equals(">")) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("Processing >").append(strArr2[2]).append(" - ").append(header).toString());
                    }
                    if (header.compareTo(strArr2[2]) <= 0) {
                        str = "Value is < needed, so do not intercept.";
                        z = false;
                        break;
                    }
                    i++;
                } else {
                    if (strArr2[1].equals("<")) {
                        if (logger.isLoggable(Level.FINER)) {
                            logger.logp(Level.FINER, ME, "isAccepted", new StringBuffer().append("Processing <").append(strArr2[2]).append(" - ").append(header).toString());
                        }
                        if (header.compareTo(strArr2[2]) >= 0) {
                            str = "Value is > needed, so do not intercept";
                            z = false;
                            break;
                        }
                    } else {
                        continue;
                    }
                    i++;
                }
            }
        } else {
            str = "processAll is true, therefore we always intercept.";
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "isAccepted", new StringBuffer().append(z).append(" ").append(str).toString());
        }
        return z;
    }

    @Override // com.ibm.wsspi.security.spnego.SpnegoTAIFilter
    public void setProcessAll(boolean z) {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "setProcessAll", Boolean.toString(z));
        }
        this.processAll = z;
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "setProcessAll");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$spnego$HTTPHeaderFilter == null) {
            cls = class$(Constants.DEFAULT_FILTER_CLASS);
            class$com$ibm$ws$security$spnego$HTTPHeaderFilter = cls;
        } else {
            cls = class$com$ibm$ws$security$spnego$HTTPHeaderFilter;
        }
        ME = cls.getName();
        logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);
    }
}
