package com.ibm.ctg.server;

import com.ibm.ctg.client.AuthRequest;
import com.ibm.ctg.client.GatewayRequest;
import com.ibm.ctg.client.GatewayReturnCodes;
import com.ibm.ctg.client.T;
import com.ibm.j2ca.siebel.SiebelConstants;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.StringTokenizer;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:install/CICS32kSample.zip:cicseci710/connectorModule/ctgserver.jar:com/ibm/ctg/server/AuthController.class
  input_file:install/taderc25.zip:cicseci710/connectorModule/ctgserver.jar:com/ibm/ctg/server/AuthController.class
  input_file:install/taderc99.zip:cicseci710/connectorModule/ctgserver.jar:com/ibm/ctg/server/AuthController.class
  input_file:install/taderc99V60.zip:cicseci5101/connectorModule/ctgserver.jar:com/ibm/ctg/server/AuthController.class
 */
/* loaded from: input_file:install/taderc99command.zip:cicseci710/connectorModule/ctgserver.jar:com/ibm/ctg/server/AuthController.class */
public class AuthController implements Cloneable {
    public static final String CLASS_VERSION = "@(#) java/com/ibm/ctg/server/AuthController.java, cd_gw_server, c7101 1.6 08/02/11 10:13:57";
    public static final String copyright = "Licensed Materials - Property of IBM 5724-I81 5655-R25  (c) Copyright IBM Corp. 2002, 2006  All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    static final int AUTH_REQUEST_ALLOWED = 0;
    static final int AUTH_REQUEST_REJECTED = 1;
    static final int AUTH_REQUEST_HANDLED = 2;
    static final String[] AuthControllerReqStrs = {"AUTH_REQUEST_ALLOWED", "AUTH_REQUEST_REJECTED", "AUTH_REQUEST_HANDLED"};
    private static final String ALLOWADDR = "allowaddr=";
    private long activeModules = 0;
    boolean authorised = false;
    ArrayList ipallowed = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthController() {
        T.in(this, "AuthController CTR");
        T.out(this, "AuthController CTR");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String parseParams(String str) {
        T.in(this, "parseParams", str);
        if (str == null) {
            T.out(this, "parseParams");
            return null;
        }
        String parseCheckIPParms = parseCheckIPParms(str);
        T.out(this, "parseParams", parseCheckIPParms);
        return parseCheckIPParms;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int handleRequest(GatewayRequest gatewayRequest, InetAddress inetAddress) {
        T.in(this, SiebelConstants.BSH_MTD_HANDLEREQ, gatewayRequest, inetAddress);
        gatewayRequest.setRc(0);
        int handleNormalRequest = !(gatewayRequest instanceof ServerAuthRequest) ? handleNormalRequest(gatewayRequest) : handleAuthRequest(gatewayRequest, inetAddress);
        T.out(this, SiebelConstants.BSH_MTD_HANDLEREQ, getRespAsString(handleNormalRequest));
        return handleNormalRequest;
    }

    public Object clone() throws CloneNotSupportedException {
        T.in(this, "clone");
        AuthController authController = (AuthController) super.clone();
        synchronized (this.ipallowed) {
            authController.ipallowed = (ArrayList) this.ipallowed.clone();
        }
        T.out(this, "clone", authController);
        return authController;
    }

    private int handleNormalRequest(GatewayRequest gatewayRequest) {
        T.in(this, "handleNormalRequest", gatewayRequest);
        if (this.authorised || this.activeModules == 0) {
            gatewayRequest.setFlowType(11);
            T.ln(this, "Request accepted and will be processed");
            T.out(this, "handleNormalRequest");
            return 0;
        }
        gatewayRequest.setFlowType(4);
        gatewayRequest.setRc(GatewayReturnCodes.ERROR_NOT_AUTHORIZED);
        T.ln(this, "Request rejected, handler not in authorised state");
        T.out(this, "handleNormalRequest");
        return 1;
    }

    private int handleAuthRequest(GatewayRequest gatewayRequest, InetAddress inetAddress) {
        T.in(this, "handleAuthRequest", gatewayRequest);
        AuthRequest authRequest = (AuthRequest) gatewayRequest;
        ServerAuthRequest serverAuthRequest = (ServerAuthRequest) authRequest;
        if (!authRequest.isInitialised()) {
            if (T.bDebug) {
                T.ln(this, "initialising an AuthRequest, active modules are {0}", new Long(this.activeModules));
            }
            serverAuthRequest.setActiveProtocolMap(this.activeModules);
            serverAuthRequest.setAuthRc(0);
            authRequest.setFlowType(3);
            T.out(this, "handleAuthRequest");
            return 2;
        }
        if (this.activeModules != authRequest.getActiveProtocolMap()) {
            if (T.bDebug) {
                T.ln(this, "AuthRequest was not initialised by this Gateway, active protocol maps don't match. client = {0}, server = {1}", new Long(authRequest.getActiveProtocolMap()), new Long(this.activeModules));
            }
            serverAuthRequest.setAuthRc(2);
            authRequest.setFlowType(3);
            T.out(this, "handleAuthRequest");
            return 2;
        }
        serverAuthRequest.setAuthRc(0);
        if ((authRequest.getActiveProtocolMap() & 1) == 1 && !checkIPAddr(serverAuthRequest, inetAddress)) {
            authRequest.setFlowType(3);
            T.out(this, "handleAuthRequest");
            return 2;
        }
        T.ln(this, "Security Protocols passed, AuthController moving to authorised state");
        this.authorised = true;
        serverAuthRequest.setFailureProtocolMap(0L);
        authRequest.setFlowType(3);
        T.out(this, "handleAuthRequest");
        return 2;
    }

    private String getRespAsString(int i) {
        return i < AuthControllerReqStrs.length ? AuthControllerReqStrs[i] : "NOT_DEFINED";
    }

    private String parseCheckIPParms(String str) {
        T.in(this, "parseCheckIPParms", str);
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        StringBuffer stringBuffer = new StringBuffer();
        synchronized (this.ipallowed) {
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.startsWith(ALLOWADDR)) {
                    this.activeModules |= 1;
                    String substring = nextToken.substring(ALLOWADDR.length());
                    substring.trim();
                    this.ipallowed.add(substring);
                    if (T.bDebug) {
                        T.ln(this, "IP Address Authorised:" + substring);
                    }
                } else {
                    stringBuffer.append(nextToken);
                    stringBuffer.append(';');
                }
            }
        }
        T.out(this, "parseCheckIPParms", stringBuffer);
        return stringBuffer.toString();
    }

    private boolean checkIPAddr(ServerAuthRequest serverAuthRequest, InetAddress inetAddress) {
        T.in(this, "checkIPAddr", serverAuthRequest, inetAddress);
        String hostAddress = inetAddress.getHostAddress();
        String str = null;
        Iterator it = this.ipallowed.iterator();
        while (it.hasNext()) {
            String str2 = (String) it.next();
            if (str2 != null) {
                if (T.bDebug) {
                    T.ln(this, "comparing client ip address to authorised entry: " + str2);
                }
                if (str == null && !validDotDecAddress(str2)) {
                    str = inetAddress.getHostName();
                    if (T.bDebug) {
                        T.ln(this, "retrieved client HostName: " + str);
                    }
                }
                if (str2.equalsIgnoreCase(hostAddress) || (str != null && str2.equalsIgnoreCase(str))) {
                    if (T.bDebug) {
                        if (str != null) {
                            T.ln(this, "name=" + str + ", ipaddr=" + hostAddress + ", was authorised");
                        } else {
                            T.ln(this, "ipaddr=" + hostAddress + ", was authorised");
                        }
                    }
                    T.out(this, "checkIPAddr", "true");
                    return true;
                }
            }
        }
        if (T.bDebug) {
            if (str != null) {
                T.ln(this, "name=" + str + ", ipaddr=" + hostAddress + ", was rejected");
            } else {
                T.ln(this, "ipaddr=" + hostAddress + ", was rejected");
            }
        }
        serverAuthRequest.setFailureProtocolMap(1L);
        serverAuthRequest.setProtocolRc(1);
        serverAuthRequest.setProtocolExtendedRcData(null);
        T.out(this, "checkIPAddr", "false");
        return false;
    }

    private boolean validDotDecAddress(String str) {
        T.in(this, "validDotDecAddress", str);
        if (!Character.isDigit(str.charAt(0))) {
            T.out((Object) this, "validDotDecAddress", false);
            return false;
        }
        int i = 0;
        char[] charArray = str.toCharArray();
        int i2 = 0;
        while (i2 < charArray.length) {
            char c = charArray[i2];
            int i3 = 0;
            boolean z = false;
            while (c != '.') {
                if (!Character.isDigit(c)) {
                    T.out((Object) this, "validDotDecAddress", false);
                    return false;
                }
                if (!z) {
                    z = true;
                    i++;
                }
                i3 = ((i3 * 10) + c) - 48;
                i2++;
                if (i2 >= charArray.length) {
                    break;
                }
                c = charArray[i2];
            }
            if (i3 > 255) {
                T.out((Object) this, "validDotDecAddress", false);
                return false;
            }
            i2++;
        }
        if (i != 4) {
            T.out((Object) this, "validDotDecAddress", false);
            return false;
        }
        T.out((Object) this, "validIPAddress", true);
        return true;
    }
}
