package org.eclipse.jetty.servlets;

import java.io.IOException;
import java.util.HashSet;
import java.util.Queue;
import java.util.StringTokenizer;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionActivationListener;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionEvent;
import org.eclipse.jetty.continuation.Continuation;
import org.eclipse.jetty.continuation.ContinuationListener;
import org.eclipse.jetty.continuation.ContinuationSupport;
import org.eclipse.jetty.http.HttpHeaderValues;
import org.eclipse.jetty.http.HttpHeaders;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.HttpVersions;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.thread.Timeout;

/* loaded from: input_file:org/eclipse/jetty/servlets/DoSFilter.class */
public class DoSFilter implements Filter {
    private static final Logger LOG = Log.getLogger((Class<?>) DoSFilter.class);
    static final String __TRACKER = "DoSFilter.Tracker";
    static final String __THROTTLED = "DoSFilter.Throttled";
    static final int __DEFAULT_MAX_REQUESTS_PER_SEC = 25;
    static final int __DEFAULT_DELAY_MS = 100;
    static final int __DEFAULT_THROTTLE = 5;
    static final int __DEFAULT_WAIT_MS = 50;
    static final long __DEFAULT_THROTTLE_MS = 30000;
    static final long __DEFAULT_MAX_REQUEST_MS_INIT_PARAM = 30000;
    static final long __DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM = 30000;
    static final String MANAGED_ATTR_INIT_PARAM = "managedAttr";
    static final String MAX_REQUESTS_PER_S_INIT_PARAM = "maxRequestsPerSec";
    static final String DELAY_MS_INIT_PARAM = "delayMs";
    static final String THROTTLED_REQUESTS_INIT_PARAM = "throttledRequests";
    static final String MAX_WAIT_INIT_PARAM = "maxWaitMs";
    static final String THROTTLE_MS_INIT_PARAM = "throttleMs";
    static final String MAX_REQUEST_MS_INIT_PARAM = "maxRequestMs";
    static final String MAX_IDLE_TRACKER_MS_INIT_PARAM = "maxIdleTrackerMs";
    static final String INSERT_HEADERS_INIT_PARAM = "insertHeaders";
    static final String TRACK_SESSIONS_INIT_PARAM = "trackSessions";
    static final String REMOTE_PORT_INIT_PARAM = "remotePort";
    static final String IP_WHITELIST_INIT_PARAM = "ipWhitelist";
    static final int USER_AUTH = 2;
    static final int USER_SESSION = 2;
    static final int USER_IP = 1;
    static final int USER_UNKNOWN = 0;
    ServletContext _context;
    protected String _name;
    protected long _delayMs;
    protected long _throttleMs;
    protected long _maxWaitMs;
    protected long _maxRequestMs;
    protected long _maxIdleTrackerMs;
    protected boolean _insertHeaders;
    protected boolean _trackSessions;
    protected boolean _remotePort;
    protected int _throttledRequests;
    protected Semaphore _passes;
    protected Queue<Continuation>[] _queue;
    protected ContinuationListener[] _listener;
    protected int _maxRequestsPerSec;
    protected String _whitelistStr;
    private Thread _timerThread;
    private volatile boolean _running;
    protected final ConcurrentHashMap<String, RateTracker> _rateTrackers = new ConcurrentHashMap<>();
    private final HashSet<String> _whitelist = new HashSet<>();
    private final Timeout _requestTimeoutQ = new Timeout();
    private final Timeout _trackerTimeoutQ = new Timeout();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/eclipse/jetty/servlets/DoSFilter$FixedRateTracker.class */
    public class FixedRateTracker extends RateTracker {
        public FixedRateTracker(String str, int i, int i2) {
            super(str, i, i2);
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.RateTracker
        public boolean isRateExceeded(long j) {
            synchronized (this) {
                this._timestamps[this._next] = j;
                this._next = (this._next + 1) % this._timestamps.length;
            }
            return false;
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.RateTracker
        public String toString() {
            return "Fixed" + super.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/eclipse/jetty/servlets/DoSFilter$RateTracker.class */
    public class RateTracker extends Timeout.Task implements HttpSessionBindingListener, HttpSessionActivationListener {
        protected final transient String _id;
        protected final transient int _type;
        protected final transient long[] _timestamps;
        protected transient int _next = 0;

        public RateTracker(String str, int i, int i2) {
            this._id = str;
            this._type = i;
            this._timestamps = new long[i2];
        }

        public boolean isRateExceeded(long j) {
            long j2;
            synchronized (this) {
                j2 = this._timestamps[this._next];
                this._timestamps[this._next] = j;
                this._next = (this._next + 1) % this._timestamps.length;
            }
            return j2 != 0 && j - j2 < 1000;
        }

        public String getId() {
            return this._id;
        }

        public int getType() {
            return this._type;
        }

        public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
            if (DoSFilter.LOG.isDebugEnabled()) {
                DoSFilter.LOG.debug("Value bound:" + this._id, new Object[0]);
            }
        }

        public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
            if (DoSFilter.this._rateTrackers != null) {
                DoSFilter.this._rateTrackers.remove(this._id);
            }
            if (DoSFilter.LOG.isDebugEnabled()) {
                DoSFilter.LOG.debug("Tracker removed: " + this._id, new Object[0]);
            }
        }

        public void sessionWillPassivate(HttpSessionEvent httpSessionEvent) {
            if (DoSFilter.this._rateTrackers != null) {
                DoSFilter.this._rateTrackers.remove(this._id);
            }
            httpSessionEvent.getSession().removeAttribute(DoSFilter.__TRACKER);
            if (DoSFilter.LOG.isDebugEnabled()) {
                DoSFilter.LOG.debug("Value removed: " + this._id, new Object[0]);
            }
        }

        public void sessionDidActivate(HttpSessionEvent httpSessionEvent) {
            DoSFilter.LOG.warn("Unexpected session activation", new Object[0]);
        }

        @Override // org.eclipse.jetty.util.thread.Timeout.Task
        public void expired() {
            if (DoSFilter.this._rateTrackers == null || DoSFilter.this._trackerTimeoutQ == null) {
                return;
            }
            long now = DoSFilter.this._trackerTimeoutQ.getNow();
            long j = this._timestamps[this._next == 0 ? this._timestamps.length - 1 : this._next - 1];
            if (j != 0 && now - j < 1000) {
                reschedule();
            } else {
                DoSFilter.this._rateTrackers.remove(this._id);
            }
        }

        public String toString() {
            return "RateTracker/" + this._id + URIUtil.SLASH + this._type;
        }
    }

    public void init(FilterConfig filterConfig) {
        this._context = filterConfig.getServletContext();
        this._queue = new Queue[getMaxPriority() + 1];
        this._listener = new ContinuationListener[getMaxPriority() + 1];
        for (int i = 0; i < this._queue.length; i++) {
            this._queue[i] = new ConcurrentLinkedQueue();
            final int i2 = i;
            this._listener[i] = new ContinuationListener() { // from class: org.eclipse.jetty.servlets.DoSFilter.1
                @Override // org.eclipse.jetty.continuation.ContinuationListener
                public void onComplete(Continuation continuation) {
                }

                @Override // org.eclipse.jetty.continuation.ContinuationListener
                public void onTimeout(Continuation continuation) {
                    DoSFilter.this._queue[i2].remove(continuation);
                }
            };
        }
        this._rateTrackers.clear();
        this._maxRequestsPerSec = filterConfig.getInitParameter(MAX_REQUESTS_PER_S_INIT_PARAM) != null ? Integer.parseInt(filterConfig.getInitParameter(MAX_REQUESTS_PER_S_INIT_PARAM)) : 25;
        this._delayMs = filterConfig.getInitParameter(DELAY_MS_INIT_PARAM) != null ? Integer.parseInt(filterConfig.getInitParameter(DELAY_MS_INIT_PARAM)) : 100L;
        int parseInt = filterConfig.getInitParameter(THROTTLED_REQUESTS_INIT_PARAM) != null ? Integer.parseInt(filterConfig.getInitParameter(THROTTLED_REQUESTS_INIT_PARAM)) : 5;
        this._passes = new Semaphore(parseInt, true);
        this._throttledRequests = parseInt;
        this._maxWaitMs = filterConfig.getInitParameter(MAX_WAIT_INIT_PARAM) != null ? Integer.parseInt(filterConfig.getInitParameter(MAX_WAIT_INIT_PARAM)) : 50L;
        this._throttleMs = filterConfig.getInitParameter(THROTTLE_MS_INIT_PARAM) != null ? Integer.parseInt(filterConfig.getInitParameter(THROTTLE_MS_INIT_PARAM)) : 30000L;
        this._maxRequestMs = filterConfig.getInitParameter(MAX_REQUEST_MS_INIT_PARAM) != null ? Long.parseLong(filterConfig.getInitParameter(MAX_REQUEST_MS_INIT_PARAM)) : 30000L;
        this._maxIdleTrackerMs = filterConfig.getInitParameter(MAX_IDLE_TRACKER_MS_INIT_PARAM) != null ? Long.parseLong(filterConfig.getInitParameter(MAX_IDLE_TRACKER_MS_INIT_PARAM)) : 30000L;
        this._whitelistStr = HttpVersions.HTTP_0_9;
        if (filterConfig.getInitParameter(IP_WHITELIST_INIT_PARAM) != null) {
            this._whitelistStr = filterConfig.getInitParameter(IP_WHITELIST_INIT_PARAM);
        }
        initWhitelist();
        String initParameter = filterConfig.getInitParameter(INSERT_HEADERS_INIT_PARAM);
        this._insertHeaders = initParameter == null || Boolean.parseBoolean(initParameter);
        String initParameter2 = filterConfig.getInitParameter(TRACK_SESSIONS_INIT_PARAM);
        this._trackSessions = initParameter2 == null || Boolean.parseBoolean(initParameter2);
        String initParameter3 = filterConfig.getInitParameter(REMOTE_PORT_INIT_PARAM);
        this._remotePort = initParameter3 != null && Boolean.parseBoolean(initParameter3);
        this._requestTimeoutQ.setNow();
        this._requestTimeoutQ.setDuration(this._maxRequestMs);
        this._trackerTimeoutQ.setNow();
        this._trackerTimeoutQ.setDuration(this._maxIdleTrackerMs);
        this._running = true;
        this._timerThread = new Thread() { // from class: org.eclipse.jetty.servlets.DoSFilter.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                long now;
                while (DoSFilter.this._running) {
                    try {
                        synchronized (DoSFilter.this._requestTimeoutQ) {
                            now = DoSFilter.this._requestTimeoutQ.setNow();
                            DoSFilter.this._requestTimeoutQ.tick();
                        }
                        synchronized (DoSFilter.this._trackerTimeoutQ) {
                            DoSFilter.this._trackerTimeoutQ.setNow(now);
                            DoSFilter.this._trackerTimeoutQ.tick();
                        }
                        try {
                            Thread.sleep(100L);
                        } catch (InterruptedException e) {
                            DoSFilter.LOG.ignore(e);
                        }
                    } catch (Throwable th) {
                        DoSFilter.LOG.info("DoSFilter timer exited", new Object[0]);
                        throw th;
                    }
                }
                DoSFilter.LOG.info("DoSFilter timer exited", new Object[0]);
            }
        };
        this._timerThread.start();
        if (this._context == null || !Boolean.parseBoolean(filterConfig.getInitParameter(MANAGED_ATTR_INIT_PARAM))) {
            return;
        }
        this._context.setAttribute(filterConfig.getFilterName(), this);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        long now = this._requestTimeoutQ.getNow();
        RateTracker rateTracker = (RateTracker) servletRequest.getAttribute(__TRACKER);
        if (rateTracker == null) {
            rateTracker = getRateTracker(servletRequest);
            if (!rateTracker.isRateExceeded(now)) {
                doFilterChain(filterChain, httpServletRequest, httpServletResponse);
                return;
            }
            LOG.warn("DOS ALERT: ip=" + httpServletRequest.getRemoteAddr() + ",session=" + httpServletRequest.getRequestedSessionId() + ",user=" + httpServletRequest.getUserPrincipal(), new Object[0]);
            switch ((int) this._delayMs) {
                case -1:
                    if (this._insertHeaders) {
                        ((HttpServletResponse) servletResponse).addHeader("DoSFilter", "unavailable");
                    }
                    ((HttpServletResponse) servletResponse).sendError(HttpStatus.SERVICE_UNAVAILABLE_503);
                    return;
                case 0:
                    servletRequest.setAttribute(__TRACKER, rateTracker);
                    break;
                default:
                    if (this._insertHeaders) {
                        ((HttpServletResponse) servletResponse).addHeader("DoSFilter", "delayed");
                    }
                    Continuation continuation = ContinuationSupport.getContinuation(servletRequest);
                    servletRequest.setAttribute(__TRACKER, rateTracker);
                    if (this._delayMs > 0) {
                        continuation.setTimeout(this._delayMs);
                    }
                    continuation.addContinuationListener(new ContinuationListener() { // from class: org.eclipse.jetty.servlets.DoSFilter.3
                        @Override // org.eclipse.jetty.continuation.ContinuationListener
                        public void onComplete(Continuation continuation2) {
                        }

                        @Override // org.eclipse.jetty.continuation.ContinuationListener
                        public void onTimeout(Continuation continuation2) {
                        }
                    });
                    continuation.suspend();
                    return;
            }
        }
        try {
            try {
                try {
                    boolean tryAcquire = this._passes.tryAcquire(this._maxWaitMs, TimeUnit.MILLISECONDS);
                    if (!tryAcquire) {
                        Continuation continuation2 = ContinuationSupport.getContinuation(servletRequest);
                        if (((Boolean) servletRequest.getAttribute(__THROTTLED)) != Boolean.TRUE && this._throttleMs > 0) {
                            int priority = getPriority(servletRequest, rateTracker);
                            servletRequest.setAttribute(__THROTTLED, Boolean.TRUE);
                            if (this._insertHeaders) {
                                ((HttpServletResponse) servletResponse).addHeader("DoSFilter", "throttled");
                            }
                            if (this._throttleMs > 0) {
                                continuation2.setTimeout(this._throttleMs);
                            }
                            continuation2.suspend();
                            continuation2.addContinuationListener(this._listener[priority]);
                            this._queue[priority].add(continuation2);
                            if (tryAcquire) {
                                int length = this._queue.length;
                                while (true) {
                                    int i = length;
                                    length--;
                                    if (i > 0) {
                                        Continuation poll = this._queue[length].poll();
                                        if (poll != null && poll.isSuspended()) {
                                            poll.resume();
                                        }
                                    }
                                }
                                this._passes.release();
                                return;
                            }
                            return;
                        }
                        if (servletRequest.getAttribute("javax.servlet.resumed") == Boolean.TRUE) {
                            this._passes.acquire();
                            tryAcquire = true;
                        }
                    }
                    if (tryAcquire) {
                        doFilterChain(filterChain, httpServletRequest, httpServletResponse);
                    } else {
                        if (this._insertHeaders) {
                            ((HttpServletResponse) servletResponse).addHeader("DoSFilter", "unavailable");
                        }
                        ((HttpServletResponse) servletResponse).sendError(HttpStatus.SERVICE_UNAVAILABLE_503);
                    }
                    if (tryAcquire) {
                        int length2 = this._queue.length;
                        while (true) {
                            int i2 = length2;
                            length2--;
                            if (i2 > 0) {
                                Continuation poll2 = this._queue[length2].poll();
                                if (poll2 != null && poll2.isSuspended()) {
                                    poll2.resume();
                                }
                            }
                        }
                        this._passes.release();
                    }
                } catch (InterruptedException e) {
                    this._context.log("DoS", e);
                    ((HttpServletResponse) servletResponse).sendError(HttpStatus.SERVICE_UNAVAILABLE_503);
                    if (0 != 0) {
                        int length3 = this._queue.length;
                        while (true) {
                            int i3 = length3;
                            length3--;
                            if (i3 > 0) {
                                Continuation poll3 = this._queue[length3].poll();
                                if (poll3 != null && poll3.isSuspended()) {
                                    poll3.resume();
                                }
                            }
                        }
                        this._passes.release();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (0 != 0) {
                    int length4 = this._queue.length;
                    while (true) {
                        int i4 = length4;
                        length4--;
                        if (i4 > 0) {
                            Continuation poll4 = this._queue[length4].poll();
                            if (poll4 != null && poll4.isSuspended()) {
                                poll4.resume();
                            }
                        }
                    }
                    this._passes.release();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                int length5 = this._queue.length;
                while (true) {
                    int i5 = length5;
                    length5--;
                    if (i5 > 0) {
                        Continuation poll5 = this._queue[length5].poll();
                        if (poll5 != null && poll5.isSuspended()) {
                            poll5.resume();
                        }
                    }
                }
                this._passes.release();
            }
            throw th;
        }
    }

    protected void doFilterChain(FilterChain filterChain, final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws IOException, ServletException {
        final Thread currentThread = Thread.currentThread();
        Timeout.Task task = new Timeout.Task() { // from class: org.eclipse.jetty.servlets.DoSFilter.4
            @Override // org.eclipse.jetty.util.thread.Timeout.Task
            public void expired() {
                DoSFilter.this.closeConnection(httpServletRequest, httpServletResponse, currentThread);
            }
        };
        try {
            synchronized (this._requestTimeoutQ) {
                this._requestTimeoutQ.schedule(task);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            synchronized (this._requestTimeoutQ) {
                task.cancel();
            }
        } catch (Throwable th) {
            synchronized (this._requestTimeoutQ) {
                task.cancel();
                throw th;
            }
        }
    }

    protected void closeConnection(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Thread thread) {
        if (!httpServletResponse.isCommitted()) {
            httpServletResponse.setHeader(HttpHeaders.CONNECTION, HttpHeaderValues.CLOSE);
        }
        try {
            try {
                httpServletResponse.getWriter().close();
            } catch (IllegalStateException e) {
                httpServletResponse.getOutputStream().close();
            }
        } catch (IOException e2) {
            LOG.warn(e2);
        }
        thread.interrupt();
    }

    protected int getPriority(ServletRequest servletRequest, RateTracker rateTracker) {
        if (extractUserId(servletRequest) != null) {
            return 2;
        }
        if (rateTracker != null) {
            return rateTracker.getType();
        }
        return 0;
    }

    protected int getMaxPriority() {
        return 2;
    }

    public RateTracker getRateTracker(ServletRequest servletRequest) {
        int i;
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        String extractUserId = extractUserId(servletRequest);
        if (extractUserId != null) {
            i = 2;
        } else if (!this._trackSessions || session == null || session.isNew()) {
            extractUserId = this._remotePort ? servletRequest.getRemoteAddr() + servletRequest.getRemotePort() : servletRequest.getRemoteAddr();
            i = 1;
        } else {
            extractUserId = session.getId();
            i = 2;
        }
        RateTracker rateTracker = this._rateTrackers.get(extractUserId);
        if (rateTracker == null) {
            RateTracker fixedRateTracker = this._whitelist.contains(servletRequest.getRemoteAddr()) ? new FixedRateTracker(extractUserId, i, this._maxRequestsPerSec) : new RateTracker(extractUserId, i, this._maxRequestsPerSec);
            rateTracker = this._rateTrackers.putIfAbsent(extractUserId, fixedRateTracker);
            if (rateTracker == null) {
                rateTracker = fixedRateTracker;
            }
            if (i == 1) {
                synchronized (this._trackerTimeoutQ) {
                    this._trackerTimeoutQ.schedule(rateTracker);
                }
            } else if (session != null) {
                session.setAttribute(__TRACKER, rateTracker);
            }
        }
        return rateTracker;
    }

    public void destroy() {
        this._running = false;
        this._timerThread.interrupt();
        synchronized (this._requestTimeoutQ) {
            this._requestTimeoutQ.cancelAll();
        }
        synchronized (this._trackerTimeoutQ) {
            this._trackerTimeoutQ.cancelAll();
        }
        this._rateTrackers.clear();
        this._whitelist.clear();
    }

    protected String extractUserId(ServletRequest servletRequest) {
        return null;
    }

    protected void initWhitelist() {
        this._whitelist.clear();
        StringTokenizer stringTokenizer = new StringTokenizer(this._whitelistStr, ",");
        while (stringTokenizer.hasMoreTokens()) {
            this._whitelist.add(stringTokenizer.nextToken().trim());
        }
        LOG.info("Whitelisted IP addresses: {}", this._whitelist.toString());
    }

    public int getMaxRequestsPerSec() {
        return this._maxRequestsPerSec;
    }

    public void setMaxRequestsPerSec(int i) {
        this._maxRequestsPerSec = i;
    }

    public long getDelayMs() {
        return this._delayMs;
    }

    public void setDelayMs(long j) {
        this._delayMs = j;
    }

    public long getMaxWaitMs() {
        return this._maxWaitMs;
    }

    public void setMaxWaitMs(long j) {
        this._maxWaitMs = j;
    }

    public int getThrottledRequests() {
        return this._throttledRequests;
    }

    public void setThrottledRequests(int i) {
        this._passes = new Semaphore((i - this._throttledRequests) + this._passes.availablePermits(), true);
        this._throttledRequests = i;
    }

    public long getThrottleMs() {
        return this._throttleMs;
    }

    public void setThrottleMs(long j) {
        this._throttleMs = j;
    }

    public long getMaxRequestMs() {
        return this._maxRequestMs;
    }

    public void setMaxRequestMs(long j) {
        this._maxRequestMs = j;
    }

    public long getMaxIdleTrackerMs() {
        return this._maxIdleTrackerMs;
    }

    public void setMaxIdleTrackerMs(long j) {
        this._maxIdleTrackerMs = j;
    }

    public boolean isInsertHeaders() {
        return this._insertHeaders;
    }

    public void setInsertHeaders(boolean z) {
        this._insertHeaders = z;
    }

    public boolean isTrackSessions() {
        return this._trackSessions;
    }

    public void setTrackSessions(boolean z) {
        this._trackSessions = z;
    }

    public boolean isRemotePort() {
        return this._remotePort;
    }

    public void setRemotePort(boolean z) {
        this._remotePort = z;
    }

    public String getWhitelist() {
        return this._whitelistStr;
    }

    public void setWhitelist(String str) {
        this._whitelistStr = str;
        initWhitelist();
    }
}
