package org.eclipse.jetty.servlets;

import com.ibm.icu.impl.Normalizer2Impl;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Queue;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.AsyncContext;
import javax.servlet.AsyncEvent;
import javax.servlet.AsyncListener;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionActivationListener;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionEvent;
import org.eclipse.jetty.util.annotation.ManagedAttribute;
import org.eclipse.jetty.util.annotation.ManagedObject;
import org.eclipse.jetty.util.annotation.ManagedOperation;
import org.eclipse.jetty.util.annotation.Name;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.eclipse.jetty.util.thread.Scheduler;

@ManagedObject("limits exposure to abuse from request flooding, whether malicious, or as a result of a misconfigured client")
/* loaded from: input_file:gwt-2.9.0/gwt-dev.jar:org/eclipse/jetty/servlets/DoSFilter.class */
public class DoSFilter implements Filter {
    private static final String IPv4_GROUP = "(\\d{1,3})";
    private static final String IPv6_GROUP = "(\\p{XDigit}{1,4})";
    private static final String __TRACKER = "DoSFilter.Tracker";
    private static final String __THROTTLED = "DoSFilter.Throttled";
    private static final int __DEFAULT_MAX_REQUESTS_PER_SEC = 25;
    private static final int __DEFAULT_DELAY_MS = 100;
    private static final int __DEFAULT_THROTTLE = 5;
    private static final int __DEFAULT_MAX_WAIT_MS = 50;
    private static final long __DEFAULT_THROTTLE_MS = 30000;
    private static final long __DEFAULT_MAX_REQUEST_MS_INIT_PARAM = 30000;
    private static final long __DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM = 30000;
    static final String MANAGED_ATTR_INIT_PARAM = "managedAttr";
    static final String MAX_REQUESTS_PER_S_INIT_PARAM = "maxRequestsPerSec";
    static final String DELAY_MS_INIT_PARAM = "delayMs";
    static final String THROTTLED_REQUESTS_INIT_PARAM = "throttledRequests";
    static final String MAX_WAIT_INIT_PARAM = "maxWaitMs";
    static final String THROTTLE_MS_INIT_PARAM = "throttleMs";
    static final String MAX_REQUEST_MS_INIT_PARAM = "maxRequestMs";
    static final String MAX_IDLE_TRACKER_MS_INIT_PARAM = "maxIdleTrackerMs";
    static final String INSERT_HEADERS_INIT_PARAM = "insertHeaders";
    static final String TRACK_SESSIONS_INIT_PARAM = "trackSessions";
    static final String REMOTE_PORT_INIT_PARAM = "remotePort";
    static final String IP_WHITELIST_INIT_PARAM = "ipWhitelist";
    static final String ENABLED_INIT_PARAM = "enabled";
    private static final int USER_AUTH = 2;
    private static final int USER_SESSION = 2;
    private static final int USER_IP = 1;
    private static final int USER_UNKNOWN = 0;
    private final String _suspended = "DoSFilter@" + Integer.toHexString(hashCode()) + ".SUSPENDED";
    private final String _resumed = "DoSFilter@" + Integer.toHexString(hashCode()) + ".RESUMED";
    private final ConcurrentHashMap<String, RateTracker> _rateTrackers = new ConcurrentHashMap<>();
    private final List<String> _whitelist = new CopyOnWriteArrayList();
    private volatile long _delayMs;
    private volatile long _throttleMs;
    private volatile long _maxWaitMs;
    private volatile long _maxRequestMs;
    private volatile long _maxIdleTrackerMs;
    private volatile boolean _insertHeaders;
    private volatile boolean _trackSessions;
    private volatile boolean _remotePort;
    private volatile boolean _enabled;
    private Semaphore _passes;
    private volatile int _throttledRequests;
    private volatile int _maxRequestsPerSec;
    private Queue<AsyncContext>[] _queues;
    private AsyncListener[] _listeners;
    private Scheduler _scheduler;
    private static final Logger LOG = Log.getLogger((Class<?>) DoSFilter.class);
    private static final Pattern IPv4_PATTERN = Pattern.compile("(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})");
    private static final Pattern IPv6_PATTERN = Pattern.compile("(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4}):(\\p{XDigit}{1,4})");
    private static final Pattern CIDR_PATTERN = Pattern.compile("([^/]+)/(\\d+)");

    /* loaded from: input_file:gwt-2.9.0/gwt-dev.jar:org/eclipse/jetty/servlets/DoSFilter$DoSAsyncListener.class */
    private class DoSAsyncListener extends DoSTimeoutAsyncListener {
        private final int priority;

        public DoSAsyncListener(int i) {
            super();
            this.priority = i;
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.DoSTimeoutAsyncListener, javax.servlet.AsyncListener
        public void onTimeout(AsyncEvent asyncEvent) throws IOException {
            DoSFilter.this._queues[this.priority].remove(asyncEvent.getAsyncContext());
            super.onTimeout(asyncEvent);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:gwt-2.9.0/gwt-dev.jar:org/eclipse/jetty/servlets/DoSFilter$DoSTimeoutAsyncListener.class */
    public class DoSTimeoutAsyncListener implements AsyncListener {
        private DoSTimeoutAsyncListener() {
        }

        @Override // javax.servlet.AsyncListener
        public void onStartAsync(AsyncEvent asyncEvent) throws IOException {
        }

        @Override // javax.servlet.AsyncListener
        public void onComplete(AsyncEvent asyncEvent) throws IOException {
        }

        @Override // javax.servlet.AsyncListener
        public void onTimeout(AsyncEvent asyncEvent) throws IOException {
            asyncEvent.getAsyncContext().dispatch();
        }

        @Override // javax.servlet.AsyncListener
        public void onError(AsyncEvent asyncEvent) throws IOException {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:gwt-2.9.0/gwt-dev.jar:org/eclipse/jetty/servlets/DoSFilter$FixedRateTracker.class */
    public class FixedRateTracker extends RateTracker {
        public FixedRateTracker(String str, int i, int i2) {
            super(str, i, i2);
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.RateTracker
        public boolean isRateExceeded(long j) {
            synchronized (this) {
                this._timestamps[this._next] = j;
                this._next = (this._next + 1) % this._timestamps.length;
            }
            return false;
        }

        @Override // org.eclipse.jetty.servlets.DoSFilter.RateTracker
        public String toString() {
            return "Fixed" + super.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:gwt-2.9.0/gwt-dev.jar:org/eclipse/jetty/servlets/DoSFilter$RateTracker.class */
    public class RateTracker implements Runnable, HttpSessionBindingListener, HttpSessionActivationListener, Serializable {
        private static final long serialVersionUID = 3534663738034577872L;
        protected final transient String _id;
        protected final transient int _type;
        protected final transient long[] _timestamps;
        protected transient int _next = 0;

        public RateTracker(String str, int i, int i2) {
            this._id = str;
            this._type = i;
            this._timestamps = new long[i2];
        }

        public boolean isRateExceeded(long j) {
            long j2;
            synchronized (this) {
                j2 = this._timestamps[this._next];
                this._timestamps[this._next] = j;
                this._next = (this._next + 1) % this._timestamps.length;
            }
            return j2 != 0 && j - j2 < 1000;
        }

        public String getId() {
            return this._id;
        }

        public int getType() {
            return this._type;
        }

        @Override // javax.servlet.http.HttpSessionBindingListener
        public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
            if (DoSFilter.LOG.isDebugEnabled()) {
                DoSFilter.LOG.debug("Value bound: {}", getId());
            }
        }

        @Override // javax.servlet.http.HttpSessionBindingListener
        public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
            DoSFilter.this._rateTrackers.remove(this._id);
            if (DoSFilter.LOG.isDebugEnabled()) {
                DoSFilter.LOG.debug("Tracker removed: {}", getId());
            }
        }

        @Override // javax.servlet.http.HttpSessionActivationListener
        public void sessionWillPassivate(HttpSessionEvent httpSessionEvent) {
            DoSFilter.this._rateTrackers.remove(this._id);
            httpSessionEvent.getSession().removeAttribute(DoSFilter.__TRACKER);
            if (DoSFilter.LOG.isDebugEnabled()) {
                DoSFilter.LOG.debug("Value removed: {}", getId());
            }
        }

        @Override // javax.servlet.http.HttpSessionActivationListener
        public void sessionDidActivate(HttpSessionEvent httpSessionEvent) {
            DoSFilter.LOG.warn("Unexpected session activation", new Object[0]);
        }

        @Override // java.lang.Runnable
        public void run() {
            long j = this._timestamps[this._next == 0 ? this._timestamps.length - 1 : this._next - 1];
            if (j != 0 && System.currentTimeMillis() - j < 1000) {
                DoSFilter.this._scheduler.schedule(this, DoSFilter.this.getMaxIdleTrackerMs(), TimeUnit.MILLISECONDS);
            } else {
                DoSFilter.this._rateTrackers.remove(this._id);
            }
        }

        public String toString() {
            return "RateTracker/" + this._id + "/" + this._type;
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this._queues = new Queue[getMaxPriority() + 1];
        this._listeners = new AsyncListener[this._queues.length];
        for (int i = 0; i < this._queues.length; i++) {
            this._queues[i] = new ConcurrentLinkedQueue();
            this._listeners[i] = new DoSAsyncListener(i);
        }
        this._rateTrackers.clear();
        String initParameter = filterConfig.getInitParameter(MAX_REQUESTS_PER_S_INIT_PARAM);
        setMaxRequestsPerSec(initParameter != null ? Integer.parseInt(initParameter) : 25);
        String initParameter2 = filterConfig.getInitParameter(DELAY_MS_INIT_PARAM);
        setDelayMs(initParameter2 != null ? Long.parseLong(initParameter2) : 100L);
        String initParameter3 = filterConfig.getInitParameter(THROTTLED_REQUESTS_INIT_PARAM);
        setThrottledRequests(initParameter3 != null ? Integer.parseInt(initParameter3) : 5);
        String initParameter4 = filterConfig.getInitParameter(MAX_WAIT_INIT_PARAM);
        setMaxWaitMs(initParameter4 != null ? Long.parseLong(initParameter4) : 50L);
        String initParameter5 = filterConfig.getInitParameter(THROTTLE_MS_INIT_PARAM);
        setThrottleMs(initParameter5 != null ? Long.parseLong(initParameter5) : 30000L);
        String initParameter6 = filterConfig.getInitParameter(MAX_REQUEST_MS_INIT_PARAM);
        setMaxRequestMs(initParameter6 != null ? Long.parseLong(initParameter6) : 30000L);
        String initParameter7 = filterConfig.getInitParameter(MAX_IDLE_TRACKER_MS_INIT_PARAM);
        setMaxIdleTrackerMs(initParameter7 != null ? Long.parseLong(initParameter7) : 30000L);
        String initParameter8 = filterConfig.getInitParameter(IP_WHITELIST_INIT_PARAM);
        setWhitelist(initParameter8 != null ? initParameter8 : "");
        String initParameter9 = filterConfig.getInitParameter(INSERT_HEADERS_INIT_PARAM);
        setInsertHeaders(initParameter9 == null || Boolean.parseBoolean(initParameter9));
        String initParameter10 = filterConfig.getInitParameter(TRACK_SESSIONS_INIT_PARAM);
        setTrackSessions(initParameter10 == null || Boolean.parseBoolean(initParameter10));
        String initParameter11 = filterConfig.getInitParameter(REMOTE_PORT_INIT_PARAM);
        setRemotePort(initParameter11 != null && Boolean.parseBoolean(initParameter11));
        String initParameter12 = filterConfig.getInitParameter("enabled");
        setEnabled(initParameter12 == null || Boolean.parseBoolean(initParameter12));
        this._scheduler = startScheduler();
        ServletContext servletContext = filterConfig.getServletContext();
        if (servletContext == null || !Boolean.parseBoolean(filterConfig.getInitParameter(MANAGED_ATTR_INIT_PARAM))) {
            return;
        }
        servletContext.setAttribute(filterConfig.getFilterName(), this);
    }

    protected Scheduler startScheduler() throws ServletException {
        try {
            ScheduledExecutorScheduler scheduledExecutorScheduler = new ScheduledExecutorScheduler();
            scheduledExecutorScheduler.start();
            return scheduledExecutorScheduler;
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!isEnabled()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        RateTracker rateTracker = (RateTracker) httpServletRequest.getAttribute(__TRACKER);
        if (rateTracker == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Filtering {}", httpServletRequest);
            }
            rateTracker = getRateTracker(httpServletRequest);
            if (!rateTracker.isRateExceeded(System.currentTimeMillis())) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Allowing {}", httpServletRequest);
                }
                doFilterChain(filterChain, httpServletRequest, httpServletResponse);
                return;
            }
            long delayMs = getDelayMs();
            boolean isInsertHeaders = isInsertHeaders();
            switch ((int) delayMs) {
                case -1:
                    LOG.warn("DOS ALERT: Request rejected ip={}, session={}, user={}", httpServletRequest.getRemoteAddr(), httpServletRequest.getRequestedSessionId(), httpServletRequest.getUserPrincipal());
                    if (isInsertHeaders) {
                        httpServletResponse.addHeader("DoSFilter", "unavailable");
                    }
                    httpServletResponse.sendError(503);
                    return;
                case 0:
                    LOG.warn("DOS ALERT: Request throttled ip={}, session={}, user={}", httpServletRequest.getRemoteAddr(), httpServletRequest.getRequestedSessionId(), httpServletRequest.getUserPrincipal());
                    httpServletRequest.setAttribute(__TRACKER, rateTracker);
                    break;
                default:
                    LOG.warn("DOS ALERT: Request delayed={}ms, ip={}, session={}, user={}", Long.valueOf(delayMs), httpServletRequest.getRemoteAddr(), httpServletRequest.getRequestedSessionId(), httpServletRequest.getUserPrincipal());
                    if (isInsertHeaders) {
                        httpServletResponse.addHeader("DoSFilter", "delayed");
                    }
                    httpServletRequest.setAttribute(__TRACKER, rateTracker);
                    AsyncContext startAsync = httpServletRequest.startAsync();
                    if (delayMs > 0) {
                        startAsync.setTimeout(delayMs);
                    }
                    startAsync.addListener(new DoSTimeoutAsyncListener());
                    return;
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Throttling {}", httpServletRequest);
        }
        try {
            try {
                boolean tryAcquire = this._passes.tryAcquire(getMaxWaitMs(), TimeUnit.MILLISECONDS);
                if (!tryAcquire) {
                    Boolean bool = (Boolean) httpServletRequest.getAttribute(__THROTTLED);
                    long throttleMs = getThrottleMs();
                    if (bool != Boolean.TRUE && throttleMs > 0) {
                        int priority = getPriority(httpServletRequest, rateTracker);
                        httpServletRequest.setAttribute(__THROTTLED, Boolean.TRUE);
                        if (isInsertHeaders()) {
                            httpServletResponse.addHeader("DoSFilter", "throttled");
                        }
                        AsyncContext startAsync2 = httpServletRequest.startAsync();
                        httpServletRequest.setAttribute(this._suspended, Boolean.TRUE);
                        if (throttleMs > 0) {
                            startAsync2.setTimeout(throttleMs);
                        }
                        startAsync2.addListener(this._listeners[priority]);
                        this._queues[priority].add(startAsync2);
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Throttled {}, {}ms", httpServletRequest, Long.valueOf(throttleMs));
                        }
                        if (tryAcquire) {
                            int length = this._queues.length - 1;
                            while (true) {
                                if (length >= 0) {
                                    AsyncContext poll = this._queues[length].poll();
                                    if (poll != null) {
                                        ServletRequest request = poll.getRequest();
                                        if (((Boolean) request.getAttribute(this._suspended)) == Boolean.TRUE) {
                                            if (LOG.isDebugEnabled()) {
                                                LOG.debug("Resuming {}", httpServletRequest);
                                            }
                                            request.setAttribute(this._resumed, Boolean.TRUE);
                                            poll.dispatch();
                                        }
                                    }
                                    length--;
                                }
                            }
                            this._passes.release();
                            return;
                        }
                        return;
                    }
                    if (((Boolean) httpServletRequest.getAttribute(this._resumed)) == Boolean.TRUE) {
                        this._passes.acquire();
                        tryAcquire = true;
                    }
                }
                if (tryAcquire) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Allowing {}", httpServletRequest);
                    }
                    doFilterChain(filterChain, httpServletRequest, httpServletResponse);
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Rejecting {}", httpServletRequest);
                    }
                    if (isInsertHeaders()) {
                        httpServletResponse.addHeader("DoSFilter", "unavailable");
                    }
                    httpServletResponse.sendError(503);
                }
                if (tryAcquire) {
                    int length2 = this._queues.length - 1;
                    while (true) {
                        if (length2 >= 0) {
                            AsyncContext poll2 = this._queues[length2].poll();
                            if (poll2 != null) {
                                ServletRequest request2 = poll2.getRequest();
                                if (((Boolean) request2.getAttribute(this._suspended)) == Boolean.TRUE) {
                                    if (LOG.isDebugEnabled()) {
                                        LOG.debug("Resuming {}", httpServletRequest);
                                    }
                                    request2.setAttribute(this._resumed, Boolean.TRUE);
                                    poll2.dispatch();
                                }
                            }
                            length2--;
                        }
                    }
                    this._passes.release();
                }
            } catch (InterruptedException e) {
                httpServletResponse.sendError(503);
                if (0 != 0) {
                    int length3 = this._queues.length - 1;
                    while (true) {
                        if (length3 >= 0) {
                            AsyncContext poll3 = this._queues[length3].poll();
                            if (poll3 != null) {
                                ServletRequest request3 = poll3.getRequest();
                                if (((Boolean) request3.getAttribute(this._suspended)) == Boolean.TRUE) {
                                    if (LOG.isDebugEnabled()) {
                                        LOG.debug("Resuming {}", httpServletRequest);
                                    }
                                    request3.setAttribute(this._resumed, Boolean.TRUE);
                                    poll3.dispatch();
                                }
                            }
                            length3--;
                        }
                    }
                    this._passes.release();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                int length4 = this._queues.length - 1;
                while (true) {
                    if (length4 >= 0) {
                        AsyncContext poll4 = this._queues[length4].poll();
                        if (poll4 != null) {
                            ServletRequest request4 = poll4.getRequest();
                            if (((Boolean) request4.getAttribute(this._suspended)) == Boolean.TRUE) {
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Resuming {}", httpServletRequest);
                                }
                                request4.setAttribute(this._resumed, Boolean.TRUE);
                                poll4.dispatch();
                            }
                        }
                        length4--;
                    }
                }
                this._passes.release();
            }
            throw th;
        }
    }

    protected void doFilterChain(FilterChain filterChain, final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws IOException, ServletException {
        final Thread currentThread = Thread.currentThread();
        Scheduler.Task schedule = this._scheduler.schedule(new Runnable() { // from class: org.eclipse.jetty.servlets.DoSFilter.1
            @Override // java.lang.Runnable
            public void run() {
                DoSFilter.this.closeConnection(httpServletRequest, httpServletResponse, currentThread);
            }
        }, getMaxRequestMs(), TimeUnit.MILLISECONDS);
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            schedule.cancel();
        } catch (Throwable th) {
            schedule.cancel();
            throw th;
        }
    }

    protected void closeConnection(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Thread thread) {
        if (!httpServletResponse.isCommitted()) {
            httpServletResponse.setHeader("Connection", "close");
        }
        try {
            try {
                httpServletResponse.getWriter().close();
            } catch (IllegalStateException e) {
                httpServletResponse.getOutputStream().close();
            }
        } catch (IOException e2) {
            LOG.warn(e2);
        }
        thread.interrupt();
    }

    protected int getPriority(HttpServletRequest httpServletRequest, RateTracker rateTracker) {
        if (extractUserId(httpServletRequest) != null) {
            return 2;
        }
        if (rateTracker != null) {
            return rateTracker.getType();
        }
        return 0;
    }

    protected int getMaxPriority() {
        return 2;
    }

    public RateTracker getRateTracker(ServletRequest servletRequest) {
        int i;
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(false);
        String extractUserId = extractUserId(servletRequest);
        if (extractUserId != null) {
            i = 2;
        } else if (!isTrackSessions() || session == null || session.isNew()) {
            extractUserId = isRemotePort() ? servletRequest.getRemoteAddr() + servletRequest.getRemotePort() : servletRequest.getRemoteAddr();
            i = 1;
        } else {
            extractUserId = session.getId();
            i = 2;
        }
        RateTracker rateTracker = this._rateTrackers.get(extractUserId);
        if (rateTracker == null) {
            boolean checkWhitelist = checkWhitelist(servletRequest.getRemoteAddr());
            int maxRequestsPerSec = getMaxRequestsPerSec();
            rateTracker = checkWhitelist ? new FixedRateTracker(extractUserId, i, maxRequestsPerSec) : new RateTracker(extractUserId, i, maxRequestsPerSec);
            RateTracker putIfAbsent = this._rateTrackers.putIfAbsent(extractUserId, rateTracker);
            if (putIfAbsent != null) {
                rateTracker = putIfAbsent;
            }
            if (i == 1) {
                this._scheduler.schedule(rateTracker, getMaxIdleTrackerMs(), TimeUnit.MILLISECONDS);
            } else if (session != null) {
                session.setAttribute(__TRACKER, rateTracker);
            }
        }
        return rateTracker;
    }

    protected boolean checkWhitelist(String str) {
        for (String str2 : this._whitelist) {
            if (str2.contains("/")) {
                if (subnetMatch(str2, str)) {
                    return true;
                }
            } else if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Deprecated
    protected boolean checkWhitelist(List<String> list, String str) {
        for (String str2 : list) {
            if (str2.contains("/")) {
                if (subnetMatch(str2, str)) {
                    return true;
                }
            } else if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    protected boolean subnetMatch(String str, String str2) {
        Matcher matcher = CIDR_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return false;
        }
        String group = matcher.group(1);
        try {
            int parseInt = Integer.parseInt(matcher.group(2));
            byte[] addressToBytes = addressToBytes(group);
            if (addressToBytes == null) {
                LOG.info("Ignoring malformed CIDR address {}", str);
                return false;
            }
            byte[] addressToBytes2 = addressToBytes(str2);
            if (addressToBytes2 == null) {
                LOG.info("Ignoring malformed remote address {}", str2);
                return false;
            }
            int length = addressToBytes.length;
            if (length != addressToBytes2.length) {
                return false;
            }
            byte[] prefixToBytes = prefixToBytes(parseInt, length);
            for (int i = 0; i < length; i++) {
                if ((addressToBytes[i] & prefixToBytes[i]) != (addressToBytes2[i] & prefixToBytes[i])) {
                    return false;
                }
            }
            return true;
        } catch (NumberFormatException e) {
            LOG.info("Ignoring malformed CIDR address {}", str);
            return false;
        }
    }

    private byte[] addressToBytes(String str) {
        Matcher matcher = IPv4_PATTERN.matcher(str);
        if (matcher.matches()) {
            byte[] bArr = new byte[4];
            for (int i = 0; i < bArr.length; i++) {
                bArr[i] = Integer.valueOf(matcher.group(i + 1)).byteValue();
            }
            return bArr;
        }
        Matcher matcher2 = IPv6_PATTERN.matcher(str);
        if (!matcher2.matches()) {
            return null;
        }
        byte[] bArr2 = new byte[16];
        for (int i2 = 0; i2 < bArr2.length; i2 += 2) {
            int intValue = Integer.valueOf(matcher2.group((i2 / 2) + 1), 16).intValue();
            bArr2[i2] = (byte) ((intValue & Normalizer2Impl.JAMO_VT) >>> 8);
            bArr2[i2 + 1] = (byte) (intValue & 255);
        }
        return bArr2;
    }

    private byte[] prefixToBytes(int i, int i2) {
        byte[] bArr = new byte[i2];
        int i3 = 0;
        while (i / 8 > 0) {
            bArr[i3] = -1;
            i -= 8;
            i3++;
        }
        if (i3 == bArr.length) {
            return bArr;
        }
        bArr[i3] = (byte) (((1 << (8 - i)) - 1) ^ (-1));
        return bArr;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        LOG.debug("Destroy {}", this);
        stopScheduler();
        this._rateTrackers.clear();
        this._whitelist.clear();
    }

    protected void stopScheduler() {
        try {
            this._scheduler.stop();
        } catch (Exception e) {
            LOG.ignore(e);
        }
    }

    protected String extractUserId(ServletRequest servletRequest) {
        return null;
    }

    @ManagedAttribute("maximum number of requests allowed from a connection per second")
    public int getMaxRequestsPerSec() {
        return this._maxRequestsPerSec;
    }

    public void setMaxRequestsPerSec(int i) {
        this._maxRequestsPerSec = i;
    }

    @ManagedAttribute("delay applied to all requests over the rate limit (in ms)")
    public long getDelayMs() {
        return this._delayMs;
    }

    public void setDelayMs(long j) {
        this._delayMs = j;
    }

    @ManagedAttribute("maximum time the filter will block waiting throttled connections, (0 for no delay, -1 to reject requests)")
    public long getMaxWaitMs() {
        return this._maxWaitMs;
    }

    public void setMaxWaitMs(long j) {
        this._maxWaitMs = j;
    }

    @ManagedAttribute("number of requests over rate limit")
    public int getThrottledRequests() {
        return this._throttledRequests;
    }

    public void setThrottledRequests(int i) {
        this._passes = new Semaphore((i - this._throttledRequests) + (this._passes == null ? 0 : this._passes.availablePermits()), true);
        this._throttledRequests = i;
    }

    @ManagedAttribute("amount of time to async wait for semaphore")
    public long getThrottleMs() {
        return this._throttleMs;
    }

    public void setThrottleMs(long j) {
        this._throttleMs = j;
    }

    @ManagedAttribute("maximum time to allow requests to process (in ms)")
    public long getMaxRequestMs() {
        return this._maxRequestMs;
    }

    public void setMaxRequestMs(long j) {
        this._maxRequestMs = j;
    }

    @ManagedAttribute("maximum time to track of request rates for connection before discarding")
    public long getMaxIdleTrackerMs() {
        return this._maxIdleTrackerMs;
    }

    public void setMaxIdleTrackerMs(long j) {
        this._maxIdleTrackerMs = j;
    }

    @ManagedAttribute("inser DoSFilter headers in response")
    public boolean isInsertHeaders() {
        return this._insertHeaders;
    }

    public void setInsertHeaders(boolean z) {
        this._insertHeaders = z;
    }

    @ManagedAttribute("usage rate is tracked by session if one exists")
    public boolean isTrackSessions() {
        return this._trackSessions;
    }

    public void setTrackSessions(boolean z) {
        this._trackSessions = z;
    }

    @ManagedAttribute("usage rate is tracked by IP+port is session tracking not used")
    public boolean isRemotePort() {
        return this._remotePort;
    }

    public void setRemotePort(boolean z) {
        this._remotePort = z;
    }

    @ManagedAttribute("whether this filter is enabled")
    public boolean isEnabled() {
        return this._enabled;
    }

    public void setEnabled(boolean z) {
        this._enabled = z;
    }

    @ManagedAttribute("list of IPs that will not be rate limited")
    public String getWhitelist() {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = this._whitelist.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            if (it.hasNext()) {
                sb.append(",");
            }
        }
        return sb.toString();
    }

    public void setWhitelist(String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            addWhitelistAddress(arrayList, str2);
        }
        clearWhitelist();
        this._whitelist.addAll(arrayList);
        LOG.debug("Whitelisted IP addresses: {}", arrayList);
    }

    @ManagedOperation("clears the list of IP addresses that will not be rate limited")
    public void clearWhitelist() {
        this._whitelist.clear();
    }

    @ManagedOperation("adds an IP address that will not be rate limited")
    public boolean addWhitelistAddress(@Name("address") String str) {
        return addWhitelistAddress(this._whitelist, str);
    }

    private boolean addWhitelistAddress(List<String> list, String str) {
        String trim = str.trim();
        return trim.length() > 0 && list.add(trim);
    }

    @ManagedOperation("removes an IP address that will not be rate limited")
    public boolean removeWhitelistAddress(@Name("address") String str) {
        return this._whitelist.remove(str);
    }
}
