package com.ibm.ws.security.authentication.filter.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.jsp.Constants;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import org.eclipse.persistence.jpa.jpql.parser.Expression;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authentication.filter_1.0.13.jar:com/ibm/ws/security/authentication/filter/internal/CommonFilter.class */
public class CommonFilter {
    private static final TraceComponent tc = Tr.register(CommonFilter.class);
    static final String REMOTE_ADDRESS = "remote-address";
    static final String REQUEST_URL = "request-url";
    static final String KEY_HOST = "Host";
    static final String KEY_USER_AGENT = "User-Agent";
    protected static final String APPLICATION_NAMES = "applicationNames";
    static final long serialVersionUID = -845199212979249010L;
    private boolean processAll = false;
    protected List<ICondition> filterCondition = new LinkedList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public CommonFilter(AuthFilterConfig authFilterConfig) {
        initialize(authFilterConfig);
    }

    public boolean init(String str) {
        if (str == null) {
            Tr.error(tc, "AUTH_FILTER_INIT_NULL_STRING", new Object[0]);
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            StringTokenizer stringTokenizer2 = new StringTokenizer(nextToken, "^=!<>%");
            String nextToken2 = stringTokenizer2.nextToken();
            if (!stringTokenizer2.hasMoreTokens()) {
                Tr.error(tc, "AUTH_FILTER_MALFORMED_CONDITION", str, nextToken, null);
                return false;
            }
            String nextToken3 = stringTokenizer2.nextToken();
            String trim = nextToken.substring(nextToken2.length(), nextToken.length() - nextToken3.length()).trim();
            boolean z = false;
            if (REMOTE_ADDRESS.equals(nextToken2)) {
                z = true;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding " + nextToken2 + " " + trim + " " + nextToken3, new Object[0]);
            }
            try {
                this.filterCondition.add(makeConditionWithSymbolOperand(nextToken2, trim, nextToken3, z));
            } catch (FilterException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authentication.filter.internal.CommonFilter", "135", this, new Object[]{str});
                throw new RuntimeException(e);
            }
        }
        return true;
    }

    protected void initialize(AuthFilterConfig authFilterConfig) {
        buildICondition(authFilterConfig.getWebApps(), AuthFilterConfig.KEY_WEB_APP, "name", false);
        buildICondition(authFilterConfig.getRequestUrls(), REQUEST_URL, AuthFilterConfig.KEY_URL_PATTERN, false);
        buildICondition(authFilterConfig.getRemoteAddresses(), REMOTE_ADDRESS, "ip", true);
        buildICondition(authFilterConfig.getHosts(), "Host", "name", false);
        buildICondition(authFilterConfig.getUserAgents(), "User-Agent", AuthFilterConfig.KEY_AGENT, false);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "combine filter conditions: " + this.filterCondition.toString(), new Object[0]);
        }
    }

    protected void buildICondition(List<Properties> list, String str, String str2, boolean z) {
        if (list == null || list.isEmpty()) {
            return;
        }
        for (Properties properties : list) {
            try {
                this.filterCondition.add(makeConditionWithMatchType(str, properties.getProperty(AuthFilterConfig.KEY_MATCH_TYPE), properties.getProperty(str2), z));
            } catch (FilterException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authentication.filter.internal.CommonFilter", "163", this, new Object[]{list, str, str2, Boolean.valueOf(z)});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Un-expected exception for processing " + str, e);
                }
            }
        }
    }

    private ICondition makeConditionWithSymbolOperand(String str, String str2, String str3, boolean z) throws FilterException {
        if (str2.equals("==")) {
            return new EqualCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equals(Expression.NOT_EQUAL)) {
            return new NotContainsCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equals("^=")) {
            OrCondition orCondition = new OrCondition(str, str2);
            processOrValues(str3, z, orCondition);
            return orCondition;
        }
        if (str2.equals(Constants.OPEN_EXPR_XML)) {
            return new ContainsCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equals("<")) {
            return new LessCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equals(">")) {
            return new GreaterCondition(str, makeValue(str3, z), str2);
        }
        Tr.error(tc, "AUTH_FILTER_MALFORMED_SYMBOL_MATCH_TYPE", str2);
        throw new FilterException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "AUTH_FILTER_MALFORMED_SYMBOL_MATCH_TYPE", (Object[]) null, "CWWKS4352E: The filter match type should be one of: ==, !=, %=, > or <. The match type used was {0}."));
    }

    private ICondition makeConditionWithMatchType(String str, String str2, String str3, boolean z) throws FilterException {
        if (str2.equalsIgnoreCase(AuthFilterConfig.MATCH_TYPE_EQUALS)) {
            return new EqualCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equalsIgnoreCase(AuthFilterConfig.MATCH_TYPE_NOT_CONTAIN)) {
            return new NotContainsCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equalsIgnoreCase("contains")) {
            OrCondition orCondition = new OrCondition(str, str2);
            processOrValues(str3, z, orCondition);
            return orCondition;
        }
        if (str2.equalsIgnoreCase(AuthFilterConfig.MATCH_TYPE_LESS_THAN)) {
            return new LessCondition(str, makeValue(str3, z), str2);
        }
        if (str2.equalsIgnoreCase(AuthFilterConfig.MATCH_TYPE_GREATER_THAN)) {
            return new GreaterCondition(str, makeValue(str3, z), str2);
        }
        Tr.error(tc, "AUTH_FILTER_MALFORMED_WORD_MATCH_TYPE", str2);
        throw new FilterException(TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "AUTH_FILTER_MALFORMED_WORD_MATCH_TYPE", (Object[]) null, "CWWKS4353E: The filter match type should be one of: equals, notContain, contains, greaterThan or lessThan. The match type used was {0}."));
    }

    private void processOrValues(String str, boolean z, OrCondition orCondition) throws FilterException {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
        while (stringTokenizer != null && stringTokenizer.hasMoreTokens()) {
            orCondition.addValue(makeValue(stringTokenizer.nextToken(), z));
        }
    }

    private IValue makeValue(String str, boolean z) throws FilterException {
        return z ? new ValueAddressRange(str) : new ValueString(str);
    }

    public boolean isAccepted(IRequestInfo iRequestInfo) {
        IValue valueIPAddress;
        boolean z = true;
        if (this.processAll) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "processAll is true, therefore we always intercept.", new Object[0]);
            }
            return true;
        }
        for (ICondition iCondition : this.filterCondition) {
            String header = iRequestInfo.getHeader(iCondition.getKey());
            boolean z2 = false;
            if (header == null) {
                String key = iCondition.getKey();
                if (key.equals(REMOTE_ADDRESS)) {
                    header = iRequestInfo.getRemoteAddr();
                    z2 = true;
                } else if (key.equals(REQUEST_URL)) {
                    header = iRequestInfo.getRequestURL();
                } else if (key.equals(AuthFilterConfig.KEY_WEB_APP) || key.equals(APPLICATION_NAMES)) {
                    header = iRequestInfo.getApplicationName();
                } else if (!(iCondition instanceof NotContainsCondition)) {
                    if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                        return false;
                    }
                    Tr.debug(tc, "No HTTPheader found, and no 'remote-address' or 'request-url' or 'requestApp' rule used - do not Intercept.", new Object[0]);
                    return false;
                }
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Checking condition {0} {1}.", iCondition, header);
            }
            if (z2) {
                try {
                    valueIPAddress = new ValueIPAddress(header);
                } catch (FilterException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.authentication.filter.internal.CommonFilter", "336", this, new Object[]{iRequestInfo});
                    throw new RuntimeException(e);
                }
            } else {
                valueIPAddress = new ValueString(header);
            }
            z = iCondition.checkCondition(valueIPAddress);
            if (!z) {
                break;
            }
        }
        return z;
    }

    public void setProcessAll(boolean z) {
        this.processAll = z;
    }
}
