package org.eclipse.jetty.servlets;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.AsyncContext;
import javax.servlet.AsyncEvent;
import javax.servlet.AsyncListener;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionActivationListener;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionEvent;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.annotation.ManagedOperation;
import org.eclipse.jetty.util.annotation.Name;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.eclipse.jetty.util.thread.Scheduler;

@ManagedObject("limits exposure to abuse from request flooding, whether malicious, or as a result of a misconfigured client")
/* loaded from: classes11.dex */
public class DoSFilter implements Filter {

    /* renamed from: t, reason: collision with root package name */
    private static final Logger f114528t = Log.getLogger((Class<?>) DoSFilter.class);

    /* renamed from: u, reason: collision with root package name */
    private static final Pattern f114529u = Pattern.compile("(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})");

    /* renamed from: v, reason: collision with root package name */
    private static final Pattern f114530v = Pattern.compile("(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4})");

    /* renamed from: w, reason: collision with root package name */
    private static final Pattern f114531w = Pattern.compile("([^/]+)/(\\d+)");

    /* renamed from: a, reason: collision with root package name */
    private final String f114532a = "DoSFilter@" + Integer.toHexString(hashCode()) + ".SUSPENDED";

    /* renamed from: b, reason: collision with root package name */
    private final String f114533b = "DoSFilter@" + Integer.toHexString(hashCode()) + ".RESUMED";

    /* renamed from: c, reason: collision with root package name */
    private final ConcurrentHashMap<String, e> f114534c = new ConcurrentHashMap<>();

    /* renamed from: d, reason: collision with root package name */
    private final List<String> f114535d = new CopyOnWriteArrayList();

    /* renamed from: e, reason: collision with root package name */
    private volatile long f114536e;

    /* renamed from: f, reason: collision with root package name */
    private volatile long f114537f;

    /* renamed from: g, reason: collision with root package name */
    private volatile long f114538g;

    /* renamed from: h, reason: collision with root package name */
    private volatile long f114539h;

    /* renamed from: i, reason: collision with root package name */
    private volatile long f114540i;

    /* renamed from: j, reason: collision with root package name */
    private volatile boolean f114541j;

    /* renamed from: k, reason: collision with root package name */
    private volatile boolean f114542k;

    /* renamed from: l, reason: collision with root package name */
    private volatile boolean f114543l;
    private volatile boolean m;

    /* renamed from: n, reason: collision with root package name */
    private Semaphore f114544n;

    /* renamed from: o, reason: collision with root package name */
    private volatile int f114545o;

    /* renamed from: p, reason: collision with root package name */
    private volatile int f114546p;

    /* renamed from: q, reason: collision with root package name */
    private Queue<AsyncContext>[] f114547q;

    /* renamed from: r, reason: collision with root package name */
    private AsyncListener[] f114548r;

    /* renamed from: s, reason: collision with root package name */
    private Scheduler f114549s;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes11.dex */
    public class a implements Runnable {

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ HttpServletRequest f114550b;

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ HttpServletResponse f114551c;

        /* renamed from: d, reason: collision with root package name */
        final /* synthetic */ Thread f114552d;

        a(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Thread thread) {
            this.f114550b = httpServletRequest;
            this.f114551c = httpServletResponse;
            this.f114552d = thread;
        }

        @Override // java.lang.Runnable
        public void run() {
            DoSFilter.this.h(this.f114550b, this.f114551c, this.f114552d);
        }
    }

    /* loaded from: classes11.dex */
    private class b extends c {

        /* renamed from: c, reason: collision with root package name */
        private final int f114554c;

        public b(int i10) {
            super(DoSFilter.this, null);
            this.f114554c = i10;
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.c, javax.servlet.AsyncListener
        public void onTimeout(AsyncEvent asyncEvent) throws IOException {
            DoSFilter.this.f114547q[this.f114554c].remove(asyncEvent.getAsyncContext());
            super.onTimeout(asyncEvent);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes11.dex */
    public class c implements AsyncListener {
        private c() {
        }

        /* synthetic */ c(DoSFilter doSFilter, a aVar) {
            this();
        }

        @Override // javax.servlet.AsyncListener
        public void onComplete(AsyncEvent asyncEvent) throws IOException {
        }

        @Override // javax.servlet.AsyncListener
        public void onError(AsyncEvent asyncEvent) throws IOException {
        }

        @Override // javax.servlet.AsyncListener
        public void onStartAsync(AsyncEvent asyncEvent) throws IOException {
        }

        @Override // javax.servlet.AsyncListener
        public void onTimeout(AsyncEvent asyncEvent) throws IOException {
            asyncEvent.getAsyncContext().dispatch();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes11.dex */
    public class d extends e {
        public d(String str, int i10, int i11) {
            super(str, i10, i11);
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.e
        public boolean d(long j10) {
            synchronized (this) {
                long[] jArr = this.f114560d;
                int i10 = this.f114561e;
                jArr[i10] = j10;
                this.f114561e = (i10 + 1) % jArr.length;
            }
            return false;
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.e
        public String toString() {
            return "Fixed" + super.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes11.dex */
    public class e implements Runnable, HttpSessionBindingListener, HttpSessionActivationListener, Serializable {
        private static final long serialVersionUID = 3534663738034577872L;

        /* renamed from: b, reason: collision with root package name */
        protected final transient String f114558b;

        /* renamed from: c, reason: collision with root package name */
        protected final transient int f114559c;

        /* renamed from: d, reason: collision with root package name */
        protected final transient long[] f114560d;

        /* renamed from: e, reason: collision with root package name */
        protected transient int f114561e = 0;

        public e(String str, int i10, int i11) {
            this.f114558b = str;
            this.f114559c = i10;
            this.f114560d = new long[i11];
        }

        public String b() {
            return this.f114558b;
        }

        public int c() {
            return this.f114559c;
        }

        public boolean d(long j10) {
            long j11;
            synchronized (this) {
                long[] jArr = this.f114560d;
                int i10 = this.f114561e;
                j11 = jArr[i10];
                jArr[i10] = j10;
                this.f114561e = (i10 + 1) % jArr.length;
            }
            if (j11 != 0) {
                if (j10 - j11 < 1000) {
                    return true;
                }
            }
            return false;
        }

        @Override // java.lang.Runnable
        public void run() {
            int i10 = this.f114561e;
            if (i10 == 0) {
                i10 = this.f114560d.length;
            }
            long j10 = this.f114560d[i10 - 1];
            if (j10 != 0 && System.currentTimeMillis() - j10 < 1000) {
                DoSFilter.this.f114549s.schedule(this, DoSFilter.this.getMaxIdleTrackerMs(), TimeUnit.MILLISECONDS);
            } else {
                DoSFilter.this.f114534c.remove(this.f114558b);
            }
        }

        @Override // javax.servlet.http.HttpSessionActivationListener
        public void sessionDidActivate(HttpSessionEvent httpSessionEvent) {
            DoSFilter.f114528t.warn("Unexpected session activation", new Object[0]);
        }

        @Override // javax.servlet.http.HttpSessionActivationListener
        public void sessionWillPassivate(HttpSessionEvent httpSessionEvent) {
            DoSFilter.this.f114534c.remove(this.f114558b);
            httpSessionEvent.getSession().removeAttribute("DoSFilter.Tracker");
            if (DoSFilter.f114528t.isDebugEnabled()) {
                DoSFilter.f114528t.debug("Value removed: {}", b());
            }
        }

        public String toString() {
            return "RateTracker/" + this.f114558b + "/" + this.f114559c;
        }

        @Override // javax.servlet.http.HttpSessionBindingListener
        public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
            if (DoSFilter.f114528t.isDebugEnabled()) {
                DoSFilter.f114528t.debug("Value bound: {}", b());
            }
        }

        @Override // javax.servlet.http.HttpSessionBindingListener
        public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
            DoSFilter.this.f114534c.remove(this.f114558b);
            if (DoSFilter.f114528t.isDebugEnabled()) {
                DoSFilter.f114528t.debug("Tracker removed: {}", b());
            }
        }
    }

    private boolean e(List<String> list, String str) {
        String trim = str.trim();
        return trim.length() > 0 && list.add(trim);
    }

    private byte[] f(String str) {
        Matcher matcher = f114529u.matcher(str);
        int i10 = 0;
        if (matcher.matches()) {
            byte[] bArr = new byte[4];
            while (i10 < 4) {
                int i11 = i10 + 1;
                bArr[i10] = Integer.valueOf(matcher.group(i11)).byteValue();
                i10 = i11;
            }
            return bArr;
        }
        Matcher matcher2 = f114530v.matcher(str);
        if (!matcher2.matches()) {
            return null;
        }
        byte[] bArr2 = new byte[16];
        while (i10 < 16) {
            int intValue = Integer.valueOf(matcher2.group((i10 / 2) + 1), 16).intValue();
            bArr2[i10] = (byte) ((65280 & intValue) >>> 8);
            bArr2[i10 + 1] = (byte) (intValue & 255);
            i10 += 2;
        }
        return bArr2;
    }

    private byte[] n(int i10, int i11) {
        byte[] bArr = new byte[i11];
        int i12 = 0;
        while (i10 / 8 > 0) {
            bArr[i12] = -1;
            i10 -= 8;
            i12++;
        }
        if (i12 == i11) {
            return bArr;
        }
        bArr[i12] = (byte) (~((1 << (8 - i10)) - 1));
        return bArr;
    }

    @ManagedOperation("adds an IP address that will not be rate limited")
    public boolean addWhitelistAddress(@Name("address") String str) {
        return e(this.f114535d, str);
    }

    @ManagedOperation("clears the list of IP addresses that will not be rate limited")
    public void clearWhitelist() {
        this.f114535d.clear();
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        f114528t.debug("Destroy {}", this);
        p();
        this.f114534c.clear();
        this.f114535d.clear();
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        i((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    protected boolean g(String str) {
        for (String str2 : this.f114535d) {
            if (str2.contains("/")) {
                if (q(str2, str)) {
                    return true;
                }
            } else if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @ManagedAttribute("delay applied to all requests over the rate limit (in ms)")
    public long getDelayMs() {
        return this.f114536e;
    }

    @ManagedAttribute("maximum time to track of request rates for connection before discarding")
    public long getMaxIdleTrackerMs() {
        return this.f114540i;
    }

    @ManagedAttribute("maximum time to allow requests to process (in ms)")
    public long getMaxRequestMs() {
        return this.f114539h;
    }

    @ManagedAttribute("maximum number of requests allowed from a connection per second")
    public int getMaxRequestsPerSec() {
        return this.f114546p;
    }

    @ManagedAttribute("maximum time the filter will block waiting throttled connections, (0 for no delay, -1 to reject requests)")
    public long getMaxWaitMs() {
        return this.f114538g;
    }

    public e getRateTracker(ServletRequest servletRequest) {
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        String k10 = k(servletRequest);
        int i10 = 2;
        if (k10 == null) {
            if (!isTrackSessions() || session == null || session.isNew()) {
                if (isRemotePort()) {
                    k10 = servletRequest.getRemoteAddr() + servletRequest.getRemotePort();
                } else {
                    k10 = servletRequest.getRemoteAddr();
                }
                i10 = 1;
            } else {
                k10 = session.getId();
            }
        }
        e eVar = this.f114534c.get(k10);
        if (eVar == null) {
            boolean g10 = g(servletRequest.getRemoteAddr());
            int maxRequestsPerSec = getMaxRequestsPerSec();
            e dVar = g10 ? new d(k10, i10, maxRequestsPerSec) : new e(k10, i10, maxRequestsPerSec);
            e putIfAbsent = this.f114534c.putIfAbsent(k10, dVar);
            eVar = putIfAbsent != null ? putIfAbsent : dVar;
            if (i10 == 1) {
                this.f114549s.schedule(eVar, getMaxIdleTrackerMs(), TimeUnit.MILLISECONDS);
            } else if (session != null) {
                session.setAttribute("DoSFilter.Tracker", eVar);
            }
        }
        return eVar;
    }

    @ManagedAttribute("amount of time to async wait for semaphore")
    public long getThrottleMs() {
        return this.f114537f;
    }

    @ManagedAttribute("number of requests over rate limit")
    public int getThrottledRequests() {
        return this.f114545o;
    }

    @ManagedAttribute("list of IPs that will not be rate limited")
    public String getWhitelist() {
        StringBuilder sb2 = new StringBuilder();
        Iterator<String> it = this.f114535d.iterator();
        while (it.hasNext()) {
            sb2.append(it.next());
            if (it.hasNext()) {
                sb2.append(",");
            }
        }
        return sb2.toString();
    }

    protected void h(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Thread thread) {
        if (!httpServletResponse.isCommitted()) {
            httpServletResponse.setHeader(HttpHeaders.CONNECTION, "close");
        }
        try {
            try {
                httpServletResponse.getWriter().close();
            } catch (IllegalStateException unused) {
                httpServletResponse.getOutputStream().close();
            }
        } catch (IOException e2) {
            f114528t.warn(e2);
        }
        thread.interrupt();
    }

    /* JADX WARN: Removed duplicated region for block: B:78:0x0249  */
    /* JADX WARN: Removed duplicated region for block: B:92:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void i(javax.servlet.http.HttpServletRequest r21, javax.servlet.http.HttpServletResponse r22, javax.servlet.FilterChain r23) throws java.io.IOException, javax.servlet.ServletException {
        /*
            Method dump skipped, instructions count: 730
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jetty.servlets.DoSFilter.i(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.FilterChain):void");
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        boolean z3 = true;
        Queue<AsyncContext>[] queueArr = new Queue[l() + 1];
        this.f114547q = queueArr;
        this.f114548r = new AsyncListener[queueArr.length];
        int i10 = 0;
        while (true) {
            Queue<AsyncContext>[] queueArr2 = this.f114547q;
            if (i10 >= queueArr2.length) {
                break;
            }
            queueArr2[i10] = new ConcurrentLinkedQueue();
            this.f114548r[i10] = new b(i10);
            i10++;
        }
        this.f114534c.clear();
        String initParameter = filterConfig.getInitParameter("maxRequestsPerSec");
        setMaxRequestsPerSec(initParameter != null ? Integer.parseInt(initParameter) : 25);
        String initParameter2 = filterConfig.getInitParameter("delayMs");
        setDelayMs(initParameter2 != null ? Long.parseLong(initParameter2) : 100L);
        String initParameter3 = filterConfig.getInitParameter("throttledRequests");
        setThrottledRequests(initParameter3 != null ? Integer.parseInt(initParameter3) : 5);
        String initParameter4 = filterConfig.getInitParameter("maxWaitMs");
        setMaxWaitMs(initParameter4 != null ? Long.parseLong(initParameter4) : 50L);
        String initParameter5 = filterConfig.getInitParameter("throttleMs");
        setThrottleMs(initParameter5 != null ? Long.parseLong(initParameter5) : 30000L);
        String initParameter6 = filterConfig.getInitParameter("maxRequestMs");
        setMaxRequestMs(initParameter6 != null ? Long.parseLong(initParameter6) : 30000L);
        String initParameter7 = filterConfig.getInitParameter("maxIdleTrackerMs");
        setMaxIdleTrackerMs(initParameter7 != null ? Long.parseLong(initParameter7) : 30000L);
        String initParameter8 = filterConfig.getInitParameter("ipWhitelist");
        if (initParameter8 == null) {
            initParameter8 = "";
        }
        setWhitelist(initParameter8);
        String initParameter9 = filterConfig.getInitParameter("insertHeaders");
        setInsertHeaders(initParameter9 == null || Boolean.parseBoolean(initParameter9));
        String initParameter10 = filterConfig.getInitParameter("trackSessions");
        setTrackSessions(initParameter10 == null || Boolean.parseBoolean(initParameter10));
        String initParameter11 = filterConfig.getInitParameter("remotePort");
        setRemotePort(initParameter11 != null && Boolean.parseBoolean(initParameter11));
        String initParameter12 = filterConfig.getInitParameter("enabled");
        if (initParameter12 != null && !Boolean.parseBoolean(initParameter12)) {
            z3 = false;
        }
        setEnabled(z3);
        this.f114549s = o();
        ServletContext servletContext = filterConfig.getServletContext();
        if (servletContext == null || !Boolean.parseBoolean(filterConfig.getInitParameter("managedAttr"))) {
            return;
        }
        servletContext.setAttribute(filterConfig.getFilterName(), this);
    }

    @ManagedAttribute("whether this filter is enabled")
    public boolean isEnabled() {
        return this.m;
    }

    @ManagedAttribute("inser DoSFilter headers in response")
    public boolean isInsertHeaders() {
        return this.f114541j;
    }

    @ManagedAttribute("usage rate is tracked by IP+port is session tracking not used")
    public boolean isRemotePort() {
        return this.f114543l;
    }

    @ManagedAttribute("usage rate is tracked by session if one exists")
    public boolean isTrackSessions() {
        return this.f114542k;
    }

    protected void j(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Scheduler.Task schedule = this.f114549s.schedule(new a(httpServletRequest, httpServletResponse, Thread.currentThread()), getMaxRequestMs(), TimeUnit.MILLISECONDS);
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } finally {
            schedule.cancel();
        }
    }

    protected String k(ServletRequest servletRequest) {
        return null;
    }

    protected int l() {
        return 2;
    }

    protected int m(HttpServletRequest httpServletRequest, e eVar) {
        if (k(httpServletRequest) != null) {
            return 2;
        }
        if (eVar != null) {
            return eVar.c();
        }
        return 0;
    }

    protected Scheduler o() throws ServletException {
        try {
            ScheduledExecutorScheduler scheduledExecutorScheduler = new ScheduledExecutorScheduler();
            scheduledExecutorScheduler.start();
            return scheduledExecutorScheduler;
        } catch (Exception e2) {
            throw new ServletException(e2);
        }
    }

    protected void p() {
        try {
            this.f114549s.stop();
        } catch (Exception e2) {
            f114528t.ignore(e2);
        }
    }

    protected boolean q(String str, String str2) {
        Matcher matcher = f114531w.matcher(str);
        if (!matcher.matches()) {
            return false;
        }
        String group = matcher.group(1);
        try {
            int parseInt = Integer.parseInt(matcher.group(2));
            byte[] f4 = f(group);
            if (f4 == null) {
                f114528t.info("Ignoring malformed CIDR address {}", str);
                return false;
            }
            byte[] f10 = f(str2);
            if (f10 == null) {
                f114528t.info("Ignoring malformed remote address {}", str2);
                return false;
            }
            int length = f4.length;
            if (length != f10.length) {
                return false;
            }
            byte[] n10 = n(parseInt, length);
            for (int i10 = 0; i10 < length; i10++) {
                if ((f4[i10] & n10[i10]) != (f10[i10] & n10[i10])) {
                    return false;
                }
            }
            return true;
        } catch (NumberFormatException unused) {
            f114528t.info("Ignoring malformed CIDR address {}", str);
            return false;
        }
    }

    @ManagedOperation("removes an IP address that will not be rate limited")
    public boolean removeWhitelistAddress(@Name("address") String str) {
        return this.f114535d.remove(str);
    }

    public void setDelayMs(long j10) {
        this.f114536e = j10;
    }

    public void setEnabled(boolean z3) {
        this.m = z3;
    }

    public void setInsertHeaders(boolean z3) {
        this.f114541j = z3;
    }

    public void setMaxIdleTrackerMs(long j10) {
        this.f114540i = j10;
    }

    public void setMaxRequestMs(long j10) {
        this.f114539h = j10;
    }

    public void setMaxRequestsPerSec(int i10) {
        this.f114546p = i10;
    }

    public void setMaxWaitMs(long j10) {
        this.f114538g = j10;
    }

    public void setRemotePort(boolean z3) {
        this.f114543l = z3;
    }

    public void setThrottleMs(long j10) {
        this.f114537f = j10;
    }

    public void setThrottledRequests(int i10) {
        Semaphore semaphore = this.f114544n;
        this.f114544n = new Semaphore((i10 - this.f114545o) + (semaphore == null ? 0 : semaphore.availablePermits()), true);
        this.f114545o = i10;
    }

    public void setTrackSessions(boolean z3) {
        this.f114542k = z3;
    }

    public void setWhitelist(String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : StringUtil.csvSplit(str)) {
            e(arrayList, str2);
        }
        clearWhitelist();
        this.f114535d.addAll(arrayList);
        f114528t.debug("Whitelisted IP addresses: {}", arrayList);
    }
}
