package filius.software.firewall;

import filius.hardware.NetzwerkInterface;
import filius.hardware.knoten.InternetKnoten;
import filius.rahmenprogramm.I18n;
import filius.software.Anwendung;
import filius.software.system.InternetKnotenBetriebssystem;
import filius.software.transportschicht.Segment;
import filius.software.transportschicht.TcpSegment;
import filius.software.vermittlungsschicht.IcmpPaket;
import filius.software.vermittlungsschicht.IpPaket;
import filius.software.vermittlungsschicht.VermittlungsProtokoll;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Vector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:filius/software/firewall/Firewall.class */
public class Firewall extends Anwendung implements I18n {
    private static Logger LOG = LoggerFactory.getLogger(Firewall.class);
    private Vector<FirewallRule> ruleset = new Vector<>();
    private short defaultPolicy = 0;
    private boolean activated = true;
    private boolean dropICMP = false;
    private boolean filterSYNSegmentsOnly = true;
    private boolean filterUdp = true;
    private LinkedList<FirewallThread> firewallThreads = new LinkedList<>();

    @Override // filius.software.Anwendung
    public void starten() {
        LOG.trace("INVOKED (" + hashCode() + ", T" + getId() + ") " + getClass() + " (Firewall), starten()");
        super.starten();
        Iterator<NetzwerkInterface> it = getAllNetworkInterfaces().iterator();
        while (it.hasNext()) {
            starteFirewallThread(it.next());
        }
    }

    private void starteFirewallThread(NetzwerkInterface netzwerkInterface) {
        FirewallThread firewallThread = new FirewallThread(this, netzwerkInterface);
        firewallThread.starten();
        this.firewallThreads.add(firewallThread);
    }

    @Override // filius.software.Anwendung
    public void beenden() {
        LOG.trace("INVOKED (" + hashCode() + ", T" + getId() + ") " + getClass() + " (Firewall), beenden()");
        super.beenden();
        beendeFirewallThread(null);
    }

    private void beendeFirewallThread(NetzwerkInterface netzwerkInterface) {
        Iterator<FirewallThread> it = this.firewallThreads.iterator();
        while (it.hasNext()) {
            FirewallThread next = it.next();
            if (netzwerkInterface == null) {
                next.beenden();
            } else if (netzwerkInterface == next.getNetzwerkInterface()) {
                next.beenden();
                return;
            }
        }
    }

    public boolean acceptIPPacket(IpPaket ipPaket) {
        boolean z = true;
        if (isActivated()) {
            if (ipPaket.getProtocol() == 1) {
                z = checkAcceptIcmp(ipPaket);
            } else if (ipPaket.getProtocol() == 6) {
                z = checkAcceptTCP(ipPaket);
            } else if (ipPaket.getProtocol() == 17) {
                z = checkAcceptUDP(ipPaket);
            } else {
                benachrichtigeBeobachter(messages.getString("sw_firewall_msg9") + " " + (this.defaultPolicy == 1 ? messages.getString("jfirewalldialog_msg33") : messages.getString("jfirewalldialog_msg34")));
                z = this.defaultPolicy == 1;
            }
        }
        return z;
    }

    public boolean moveUp(int i) {
        if (i > this.ruleset.size() || i <= 1) {
            return false;
        }
        FirewallRule firewallRule = this.ruleset.get(i - 1);
        this.ruleset.remove(i - 1);
        this.ruleset.insertElementAt(firewallRule, i - 2);
        return true;
    }

    boolean checkAcceptIcmp(IpPaket ipPaket) {
        boolean z = ((ipPaket instanceof IcmpPaket) && this.dropICMP) ? false : true;
        if (!z) {
            benachrichtigeBeobachter(messages.getString("firewallthread_msg1") + " " + ipPaket.getSender() + " -> " + ipPaket.getEmpfaenger() + " (code: " + ((IcmpPaket) ipPaket).getIcmpCode() + ", type: " + ((IcmpPaket) ipPaket).getIcmpType() + ")");
        }
        return z;
    }

    boolean checkAcceptTCP(IpPaket ipPaket) {
        boolean z = true;
        if (ipPaket.getProtocol() == 6 && isSegmentApplicable(ipPaket)) {
            boolean z2 = false;
            Segment segment = (Segment) ipPaket.getSegment();
            for (int i = 0; i < this.ruleset.size() && !z2; i++) {
                FirewallRule firewallRule = this.ruleset.get(i);
                if (isProtocolApplicable(ipPaket, firewallRule) && (isEndpointsApplicable(ipPaket.getSender(), ipPaket.getEmpfaenger(), segment.getZielPort(), firewallRule) || isEndpointsApplicable(ipPaket.getEmpfaenger(), ipPaket.getSender(), segment.getQuellPort(), firewallRule))) {
                    notifyRuleApplication(i, firewallRule);
                    z = firewallRule.action == 1;
                    z2 = true;
                }
            }
            if (!z2) {
                z = this.defaultPolicy == 1;
            }
        }
        return z;
    }

    private boolean isEndpointsApplicable(String str, String str2, int i, FirewallRule firewallRule) {
        return (isSourceAddressApplicable(str, firewallRule) && isDestAddressApplicable(str2, firewallRule)) && isPortApplicable(i, firewallRule);
    }

    private void notifyRuleApplication(int i, FirewallRule firewallRule) {
        benachrichtigeBeobachter(messages.getString("sw_firewall_msg8") + " #" + (i + 1) + " (" + firewallRule.toString(getAllNetworkInterfaces()) + ")  -> " + (firewallRule.action == 1 ? messages.getString("jfirewalldialog_msg33") : messages.getString("jfirewalldialog_msg34")));
    }

    private boolean isSegmentApplicable(IpPaket ipPaket) {
        boolean z = false;
        if (ipPaket.getProtocol() == 6) {
            TcpSegment tcpSegment = (TcpSegment) ipPaket.getSegment();
            z = !this.filterSYNSegmentsOnly || (tcpSegment.isSyn() && !tcpSegment.isAck());
        } else if (ipPaket.getProtocol() == 17) {
            z = this.filterUdp;
        }
        return z;
    }

    boolean checkAcceptUDP(IpPaket ipPaket) {
        boolean z = true;
        if (ipPaket.getProtocol() == 17 && isSegmentApplicable(ipPaket)) {
            boolean z2 = false;
            Segment segment = (Segment) ipPaket.getSegment();
            for (int i = 0; i < this.ruleset.size(); i++) {
                FirewallRule firewallRule = this.ruleset.get(i);
                if (isProtocolApplicable(ipPaket, firewallRule) && (isEndpointsApplicable(ipPaket.getSender(), ipPaket.getEmpfaenger(), segment.getZielPort(), firewallRule) || isEndpointsApplicable(ipPaket.getEmpfaenger(), ipPaket.getSender(), segment.getQuellPort(), firewallRule))) {
                    notifyRuleApplication(i, firewallRule);
                    z = firewallRule.action == 1;
                    z2 = true;
                }
            }
            if (!z2) {
                z = this.defaultPolicy == 1;
            }
        }
        return z;
    }

    private boolean isPortApplicable(int i, FirewallRule firewallRule) {
        return firewallRule.port == -1 || i == firewallRule.port;
    }

    private boolean isProtocolApplicable(IpPaket ipPaket, FirewallRule firewallRule) {
        return firewallRule.protocol == -1 || ipPaket.getProtocol() == firewallRule.protocol;
    }

    private boolean isDestAddressApplicable(String str, FirewallRule firewallRule) {
        return firewallRule.destIP.isEmpty() || VermittlungsProtokoll.gleichesRechnernetz(str, firewallRule.destIP, firewallRule.destMask);
    }

    private boolean isSourceAddressApplicable(String str, FirewallRule firewallRule) {
        boolean z = false;
        if (firewallRule.srcIP.isEmpty()) {
            z = true;
        } else if (firewallRule.srcIP.equals(FirewallRule.SAME_NETWORK)) {
            Iterator<NetzwerkInterface> it = ((InternetKnoten) getSystemSoftware().getKnoten()).getNetzwerkInterfaces().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                NetzwerkInterface next = it.next();
                if (VermittlungsProtokoll.gleichesRechnernetz(str, next.getIp(), next.getSubnetzMaske())) {
                    z = true;
                    break;
                }
            }
        } else {
            z = VermittlungsProtokoll.gleichesRechnernetz(str, firewallRule.srcIP, firewallRule.srcMask);
        }
        return z;
    }

    public boolean moveDown(int i) {
        if (i < 0 || i >= this.ruleset.size()) {
            return false;
        }
        FirewallRule firewallRule = this.ruleset.get(i - 1);
        this.ruleset.remove(i - 1);
        this.ruleset.insertElementAt(firewallRule, i);
        return true;
    }

    public void addRule() {
        this.ruleset.add(new FirewallRule());
    }

    public void addRule(FirewallRule firewallRule) {
        this.ruleset.add(firewallRule);
    }

    public boolean updateRule(int i, FirewallRule firewallRule) {
        if (i < 0 || i >= this.ruleset.size()) {
            return true;
        }
        this.ruleset.set(i, firewallRule);
        return true;
    }

    public void deleteRule(int i) {
        LOG.trace("INVOKED (" + hashCode() + ", T" + getId() + ") " + getClass() + " (Firewall), entferneRegel(" + i + ")");
        if (i < 0 || i >= this.ruleset.size()) {
            return;
        }
        this.ruleset.remove(i);
    }

    @Override // filius.software.Anwendung
    public void setSystemSoftware(InternetKnotenBetriebssystem internetKnotenBetriebssystem) {
        super.setSystemSoftware(internetKnotenBetriebssystem);
    }

    public Vector<FirewallRule> getRuleset() {
        return this.ruleset;
    }

    public void setRuleset(Vector<FirewallRule> vector) {
        this.ruleset = vector;
    }

    public void setFilterUdp(boolean z) {
        this.filterUdp = z;
    }

    public boolean getFilterUdp() {
        return this.filterUdp;
    }

    private List<NetzwerkInterface> getAllNetworkInterfaces() {
        return ((InternetKnoten) getSystemSoftware().getKnoten()).getNetzwerkInterfaces();
    }

    public void setDefaultPolicy(short s) {
        this.defaultPolicy = s;
    }

    public short getDefaultPolicy() {
        return this.defaultPolicy;
    }

    public void setDropICMP(boolean z) {
        this.dropICMP = z;
    }

    public boolean getDropICMP() {
        return this.dropICMP;
    }

    @Deprecated
    public void setAllowRelatedPackets(boolean z) {
        this.filterSYNSegmentsOnly = z;
    }

    public void setFilterSYNSegmentsOnly(boolean z) {
        this.filterSYNSegmentsOnly = z;
    }

    public boolean getFilterSYNSegmentsOnly() {
        return this.filterSYNSegmentsOnly;
    }

    public void setActivated(boolean z) {
        this.activated = z;
    }

    public boolean isActivated() {
        return this.activated;
    }
}
