package org.fao.fi.security.server.javax.filters.bandwidth;

import java.io.IOException;
import java.util.Arrays;
import javax.annotation.PostConstruct;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Element;
import net.sf.ehcache.config.CacheConfiguration;
import net.sf.ehcache.store.MemoryStoreEvictionPolicy;
import org.fao.fi.security.server.javax.filters.AbstractRequestValidatorFilter;
import org.fao.fi.security.server.javax.filters.bandwidth.configuration.BandwidthLimitedConfiguration;
import org.fao.fi.security.server.javax.filters.bandwidth.configuration.BandwidthLimitedSimpleConfiguration;
import org.fao.fi.security.server.javax.filters.bandwidth.support.BandwidthLimitedConstants;
import org.fao.fi.security.server.javax.filters.bandwidth.support.BandwidthLimitedResource;
import org.fao.fi.security.server.javax.filters.bandwidth.support.BandwidthLimiter;
import org.fao.fi.security.server.javax.filters.origin.IPIdentifier;
import org.slf4j.Logger;

@Priority(1001)
@BandwidthLimitedResource
/* loaded from: input_file:org/fao/fi/security/server/javax/filters/bandwidth/BandwidthLimitedResourceRequestValidatorFilter.class */
public class BandwidthLimitedResourceRequestValidatorFilter extends AbstractRequestValidatorFilter {
    protected static final String REQUESTS_BY_IP_CACHE_ID = "requests.cache";
    protected static final int MAX_IPS_IN_CACHE = 1000;
    protected static final int MAX_REQUESTS = 50;
    protected static final int TIMEFRAME = 10;

    @Context
    private HttpServletRequest _servletRequest;
    private BandwidthLimitedConfiguration _configuration;

    @Inject
    private IPIdentifier _IPIdentifier;
    protected CacheManager _cacheManager;
    protected Cache _requestsByIPCache;

    /* loaded from: input_file:org/fao/fi/security/server/javax/filters/bandwidth/BandwidthLimitedResourceRequestValidatorFilter$RequestsByIP.class */
    private static class RequestsByIP {
        private long _firstRequest;
        private int _currentRequests;

        public RequestsByIP() {
            this(System.currentTimeMillis(), 0);
        }

        public RequestsByIP(long j, int i) {
            this._firstRequest = j;
            this._currentRequests = i;
        }

        public static RequestsByIP newRequest() {
            return new RequestsByIP(System.currentTimeMillis(), 1);
        }

        public long increaseRequests() {
            int i = this._currentRequests + 1;
            this._currentRequests = i;
            return i;
        }
    }

    @Inject
    public BandwidthLimitedResourceRequestValidatorFilter(@BandwidthLimiter BandwidthLimitedConfiguration bandwidthLimitedConfiguration) {
        String str = getClass().getSimpleName() + "#" + hashCode();
        this._configuration = bandwidthLimitedConfiguration;
        if (this._configuration == null) {
            this._log.warn("No bandwidth limiter configuration provided for {}: using defaults...", this);
            this._configuration = new BandwidthLimitedSimpleConfiguration(Integer.valueOf(MAX_REQUESTS), Integer.valueOf(TIMEFRAME));
        }
        this._cacheManager = CacheManager.getInstance();
        if (this._cacheManager == null) {
            this._cacheManager = CacheManager.create();
        }
        this._log.info("Initializing {} with {} and cache ID {}", new Object[]{str, this._cacheManager, REQUESTS_BY_IP_CACHE_ID});
        if (!this._cacheManager.cacheExists(REQUESTS_BY_IP_CACHE_ID)) {
            CacheConfiguration cacheConfiguration = new CacheConfiguration(REQUESTS_BY_IP_CACHE_ID, MAX_IPS_IN_CACHE);
            cacheConfiguration.eternal(false).timeToIdleSeconds(this._configuration.getTimeframe().intValue()).timeToLiveSeconds(this._configuration.getTimeframe().intValue()).memoryStoreEvictionPolicy(MemoryStoreEvictionPolicy.LRU).overflowToOffHeap(false);
            this._requestsByIPCache = new Cache(cacheConfiguration);
            this._cacheManager.addCacheIfAbsent(this._requestsByIPCache);
        }
        this._log.info("{} has been initialized with {}", str, this._configuration.getClass());
    }

    @PostConstruct
    private void completeInitialization() {
        this._log.info("{} has been initialized with {}", getClass().getSimpleName() + "#" + hashCode(), this._configuration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.fao.fi.security.server.javax.filters.AbstractFilter
    public String getSecurityScheme() {
        return BandwidthLimitedConstants.BANDWIDTH_LIMITER_SECURITY_TYPE_HEADER;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        try {
            String remoteHost = this._servletRequest.getRemoteHost();
            String headerString = containerRequestContext.getHeaderString("X-FORWARDED-FOR");
            Logger logger = this._log;
            Object[] objArr = new Object[4];
            objArr[0] = containerRequestContext.getMethod();
            objArr[1] = containerRequestContext.getUriInfo().getAbsolutePath();
            objArr[2] = remoteHost;
            objArr[3] = headerString == null ? "NOT SET" : headerString;
            logger.debug("Intercepted a {} request for {} coming from host {} [ XFF: {} ]", objArr);
            String[] identify = this._IPIdentifier.identify(this._servletRequest);
            this._log.info("Request IPs being checked are: {}", Arrays.asList(identify));
            if (!(identify != null && identify.length > 0)) {
                Logger logger2 = this._log;
                Object[] objArr2 = new Object[3];
                objArr2[0] = remoteHost;
                objArr2[1] = headerString == null ? "[ NOT SET ]" : headerString;
                objArr2[2] = this._IPIdentifier.getClass().getSimpleName();
                logger2.warn("Unable to identify IPs from incoming request, based on remote host {}, XFF {} and IP identifier of type {}", objArr2);
            }
            Logger logger3 = this._log;
            Object[] objArr3 = new Object[4];
            objArr3[0] = containerRequestContext.getMethod();
            objArr3[1] = containerRequestContext.getUriInfo().getAbsolutePath();
            objArr3[2] = remoteHost;
            objArr3[3] = headerString == null ? "NOT SET" : headerString;
            logger3.debug("Intercepted a {} request for {} coming from host {} [ XFF: {} ]", objArr3);
            RequestsByIP requestsByIP = null;
            long currentTimeMillis = System.currentTimeMillis();
            synchronized (this._requestsByIPCache) {
                for (String str : identify) {
                    Element element = this._requestsByIPCache.get(str);
                    if (element == null) {
                        requestsByIP = RequestsByIP.newRequest();
                    } else {
                        requestsByIP = (RequestsByIP) element.getObjectValue();
                        requestsByIP.increaseRequests();
                    }
                    this._requestsByIPCache.put(new Element(str, requestsByIP));
                }
            }
            if (requestsByIP._currentRequests > this._configuration.getMaxRequests().intValue()) {
                containerRequestContext.abortWith(errorResponse(Response.Status.FORBIDDEN, "You have been prevented to access this resource"));
                Logger logger4 = this._log;
                Object[] objArr4 = new Object[6];
                objArr4[0] = containerRequestContext.getMethod();
                objArr4[1] = containerRequestContext.getUriInfo().getAbsolutePath();
                objArr4[2] = remoteHost;
                objArr4[3] = headerString == null ? "NOT SET" : headerString;
                objArr4[4] = Integer.valueOf(requestsByIP._currentRequests);
                objArr4[5] = Long.valueOf(Math.round((currentTimeMillis - requestsByIP._firstRequest) * 0.001d));
                logger4.warn("Blocked a {} request for {} coming from host {} [ XFF: {} ] having accounted for {} requests in the last {} seconds", objArr4);
            }
        } catch (Throwable th) {
            this._log.error("Unexpected {} caught: {}", new Object[]{th.getClass(), th.getMessage(), th});
            containerRequestContext.abortWith(errorResponse(Response.Status.INTERNAL_SERVER_ERROR, th.getMessage()));
        }
    }
}
