import org.apache.catalina.AccessLog;

import org.apache.catalina.AccessLog;

import org.apache.catalina.Globals;

import org.apache.catalina.Globals;

import org.apache.catalina.core.ApplicationPushBuilder;

import org.apache.catalina.core.ApplicationPushBuilder;

import org.apache.catalina.util.RequestUtil;

import org.apache.catalina.util.RequestUtil;

import org.apache.juli.logging.Log;

import org.apache.juli.logging.Log;

 * "X-Forwarded-For").

 * "X-Forwarded-For").

 * </p>

 * </p>

 * <p>

 * <p>

 * </p>

 * </p>

 * <p>

 * <p>

 * This servlet filter proceeds as follows:

 * This servlet filter proceeds as follows:

        protected String scheme;

        protected String scheme;

        protected boolean secure;

        protected boolean secure;

        protected int serverPort;

        protected int serverPort;

        public XForwardedRequest(HttpServletRequest request) {

        public XForwardedRequest(HttpServletRequest request) {

            this.remoteHost = request.getRemoteHost();

            this.remoteHost = request.getRemoteHost();

            this.scheme = request.getScheme();

            this.scheme = request.getScheme();

            this.secure = request.isSecure();

            this.secure = request.isSecure();

            this.serverPort = request.getServerPort();

            this.serverPort = request.getServerPort();

            headers = new HashMap<>();

            headers = new HashMap<>();

        }

        }

        @Override

        @Override

        public int getServerPort() {

        public int getServerPort() {

            return serverPort;

            return serverPort;

        }

        }

            this.secure = secure;

            this.secure = secure;

        }

        }

        public void setServerPort(int serverPort) {

        public void setServerPort(int serverPort) {

            this.serverPort = serverPort;

            this.serverPort = serverPort;

        }

        }

    protected static final String PROTOCOL_HEADER_HTTPS_VALUE_PARAMETER = "protocolHeaderHttpsValue";

    protected static final String PROTOCOL_HEADER_HTTPS_VALUE_PARAMETER = "protocolHeaderHttpsValue";

    protected static final String PORT_HEADER_PARAMETER = "portHeader";

    protected static final String PORT_HEADER_PARAMETER = "portHeader";

    protected static final String CHANGE_LOCAL_PORT_PARAMETER = "changeLocalPort";

    protected static final String CHANGE_LOCAL_PORT_PARAMETER = "changeLocalPort";

    private String protocolHeaderHttpsValue = "https";

    private String protocolHeaderHttpsValue = "https";

    private String portHeader = null;

    private String portHeader = null;

    private boolean changeLocalPort = false;

    private boolean changeLocalPort = false;

                } else if (protocolHeaderHttpsValue.equalsIgnoreCase(protocolHeaderValue)) {

                } else if (protocolHeaderHttpsValue.equalsIgnoreCase(protocolHeaderValue)) {

                    xRequest.setSecure(true);

                    xRequest.setSecure(true);

                    xRequest.setScheme("https");

                    xRequest.setScheme("https");

                } else {

                } else {

                    xRequest.setSecure(false);

                    xRequest.setSecure(false);

                    xRequest.setScheme("http");

                    xRequest.setScheme("http");

                }

                }

            }

            }

    }

    }

    private void setPorts(XForwardedRequest xrequest, int defaultPort) {

    private void setPorts(XForwardedRequest xrequest, int defaultPort) {

        int port = defaultPort;

        int port = defaultPort;

        if (getPortHeader() != null) {

        if (getPortHeader() != null) {

        return protocolHeader;

        return protocolHeader;

    }

    }

    public String getPortHeader() {

    public String getPortHeader() {

        return portHeader;

        return portHeader;

    }

    }

            setProtocolHeaderHttpsValue(getInitParameter(PROTOCOL_HEADER_HTTPS_VALUE_PARAMETER));

            setProtocolHeaderHttpsValue(getInitParameter(PROTOCOL_HEADER_HTTPS_VALUE_PARAMETER));

        }

        }

        if (getInitParameter(PORT_HEADER_PARAMETER) != null) {

        if (getInitParameter(PORT_HEADER_PARAMETER) != null) {

            setPortHeader(getInitParameter(PORT_HEADER_PARAMETER));

            setPortHeader(getInitParameter(PORT_HEADER_PARAMETER));

        }

        }

    /**

    /**

     * <p>

     * <p>

     * Header that holds the incoming port, usually named

     * Header that holds the incoming port, usually named

     * <code>X-Forwarded-Port</code>. If <code>null</code>,

     * <code>X-Forwarded-Port</code>. If <code>null</code>,

     * {@link #httpServerPort} or {@link #httpsServerPort} will be used.

     * {@link #httpServerPort} or {@link #httpsServerPort} will be used.

errorReportValve.noDescription=No description available

errorReportValve.noDescription=No description available

# Remote IP valve

# Remote IP valve

remoteIpValve.invalidPortHeader=Invalid value [{0}] found for port in HTTP header [{1}]

remoteIpValve.invalidPortHeader=Invalid value [{0}] found for port in HTTP header [{1}]

# Request filter valve - RemoteAddrValve, RemoteHostValve

# Request filter valve - RemoteAddrValve, RemoteHostValve

errorReportValve.note = nota

errorReportValve.note = nota

errorReportValve.rootCauseInLogs = La traza completa de la causa de este error se encuentra en los archivos de diario del servidor.

errorReportValve.rootCauseInLogs = La traza completa de la causa de este error se encuentra en los archivos de diario del servidor.

remoteIpValve.invalidPortHeader = Valor inv\u00E1lido [{0}] hallado para el puerto en cabecera HTTP [{1}]

remoteIpValve.invalidPortHeader = Valor inv\u00E1lido [{0}] hallado para el puerto en cabecera HTTP [{1}]

sslValve.certError = No pude procesar cadena de certificado [{0}] para crear un objeto  java.security.cert.X509Certificate

sslValve.certError = No pude procesar cadena de certificado [{0}] para crear un objeto  java.security.cert.X509Certificate

sslValve.invalidProvider = El proveedor de SSL especificado en el conecto asociado con este requerimiento de [{0}] ies inv\u00E1lido. No se pueden procesar los datos del certificado.

sslValve.invalidProvider = El proveedor de SSL especificado en el conecto asociado con este requerimiento de [{0}] ies inv\u00E1lido. No se pueden procesar los datos del certificado.

 * headers (e.g. "X-Forwarded-For").

 * headers (e.g. "X-Forwarded-For").

 * </p>

 * </p>

 * <p>

 * <p>

 * </p>

 * </p>

 * <p>

 * <p>

 * This valve proceeds as follows:

 * This valve proceeds as follows:

     */

     */

    private String protocolHeaderHttpsValue = "https";

    private String protocolHeaderHttpsValue = "https";

    private String portHeader = null;

    private String portHeader = null;

    /**

    /**

    /**

    /**

     * Obtain the name of the HTTP header used to override the value returned

     * Obtain the name of the HTTP header used to override the value returned

     * by {@link Request#getServerPort()} and (optionally depending on {link

     * by {@link Request#getServerPort()} and (optionally depending on {link

     * {@link #isChangeLocalPort()} {@link Request#getLocalPort()}.

     * {@link #isChangeLocalPort()} {@link Request#getLocalPort()}.

     *

     *

        final String originalRemoteHost = request.getRemoteHost();

        final String originalRemoteHost = request.getRemoteHost();

        final String originalScheme = request.getScheme();

        final String originalScheme = request.getScheme();

        final boolean originalSecure = request.isSecure();

        final boolean originalSecure = request.isSecure();

        final int originalServerPort = request.getServerPort();

        final int originalServerPort = request.getServerPort();

        final String originalProxiesHeader = request.getHeader(proxiesHeader);

        final String originalProxiesHeader = request.getHeader(proxiesHeader);

        final String originalRemoteIpHeader = request.getHeader(remoteIpHeader);

        final String originalRemoteIpHeader = request.getHeader(remoteIpHeader);

                    // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0

                    // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0

                    request.getCoyoteRequest().scheme().setString("https");

                    request.getCoyoteRequest().scheme().setString("https");

                } else {

                } else {

                    request.setSecure(false);

                    request.setSecure(false);

                    // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0

                    // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0

                    request.getCoyoteRequest().scheme().setString("http");

                    request.getCoyoteRequest().scheme().setString("http");

                }

                }

            }

            }

            // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0

            // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0

            request.getCoyoteRequest().scheme().setString(originalScheme);

            request.getCoyoteRequest().scheme().setString(originalScheme);

            request.setServerPort(originalServerPort);

            request.setServerPort(originalServerPort);

            if (originalProxiesHeader == null || originalProxiesHeader.length() == 0) {

            if (originalProxiesHeader == null || originalProxiesHeader.length() == 0) {

        }

        }

    }

    }

    private void setPorts(Request request, int defaultPort) {

    private void setPorts(Request request, int defaultPort) {

        int port = defaultPort;

        int port = defaultPort;

        if (portHeader != null) {

        if (portHeader != null) {

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertFalse;

import static org.junit.Assert.assertFalse;

import static org.junit.Assert.assertNull;

import static org.junit.Assert.assertNull;

import org.junit.Assert;

import org.junit.Assert;

import org.junit.Test;

import org.junit.Test;

            writer.println("request.remoteHost=" + request.getRemoteHost());

            writer.println("request.remoteHost=" + request.getRemoteHost());

            writer.println("request.secure=" + request.isSecure());

            writer.println("request.secure=" + request.isSecure());

            writer.println("request.scheme=" + request.getScheme());

            writer.println("request.scheme=" + request.getScheme());

            writer.println("request.serverPort=" + request.getServerPort());

            writer.println("request.serverPort=" + request.getServerPort());

            writer.println();

            writer.println();

    }

    }

    @Test

    @Test

    public void testListToCommaDelimitedString() {

    public void testListToCommaDelimitedString() {

        String[] actual = RemoteIpFilter.commaDelimitedListToStringArray("element1, element2, element3");

        String[] actual = RemoteIpFilter.commaDelimitedListToStringArray("element1, element2, element3");

        String[] expected = new String[] { "element1", "element2", "element3" };

        String[] expected = new String[] { "element1", "element2", "element3" };

        private String remoteHost;

        private String remoteHost;

        private String scheme;

        private String scheme;

        private boolean secure;

        private boolean secure;

        private int serverPort;

        private int serverPort;

        private String forwardedFor;

        private String forwardedFor;

        private String forwardedBy;

        private String forwardedBy;

            return scheme;

            return scheme;

        }

        }

        public int getServerPort() {

        public int getServerPort() {

            return serverPort;

            return serverPort;

        }

        }

            this.remoteAddr = request.getRemoteAddr();

            this.remoteAddr = request.getRemoteAddr();

            this.scheme = request.getScheme();

            this.scheme = request.getScheme();

            this.secure = request.isSecure();

            this.secure = request.isSecure();

            this.serverPort = request.getServerPort();

            this.serverPort = request.getServerPort();

            this.forwardedFor = request.getHeader("x-forwarded-for");

            this.forwardedFor = request.getHeader("x-forwarded-for");

            this.forwardedBy = request.getHeader("x-forwarded-by");

            this.forwardedBy = request.getHeader("x-forwarded-by");

        assertEquals("x-forwarded-proto is null", "https", actualScheme);

        assertEquals("x-forwarded-proto is null", "https", actualScheme);

        int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();

        int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort();

        boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();

        boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure();

        assertTrue("x-forwarded-proto is null", actualSecure);

        assertTrue("x-forwarded-proto is null", actualSecure);

    }

    }

    @Test

    @Test

    public void testInvokeNotAllowedRemoteAddr() throws Exception {

    public void testInvokeNotAllowedRemoteAddr() throws Exception {

        // PREPARE

        // PREPARE

        RemoteIpValve remoteIpValve = new RemoteIpValve();

        RemoteIpValve remoteIpValve = new RemoteIpValve();