package com.supwisdom.institute.cas.site.security.filter;

import com.supwisdom.institute.cas.site.config.ConfigUtil;
import com.supwisdom.institute.cas.site.security.ratelimit.RequestPerIPRateLimiter;
import com.supwisdom.institute.cas.site.securityStrategy.CasServerSaApiSecurityStrategyManager;
import com.supwisdom.institute.cas.site.securityStrategy.SecurityStrategy;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:com/supwisdom/institute/cas/site/security/filter/RequestPerIPFilter.class */
public class RequestPerIPFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(RequestPerIPFilter.class);
    private final CasServerSaApiSecurityStrategyManager casServerSaApiSecurityStrategyManager;
    private final RequestPerIPRateLimiter requestPerIPRateLimiter;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!Boolean.valueOf(ConfigUtil.instance().getConfigValue("casServer.config.requestPerIPRateLimiter.enabled", false)).booleanValue()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        List asList = Arrays.asList(ConfigUtil.instance().getConfigValue("casServer.config.requestUriForRateLimit", "/cas/login,/cas/mfa/detect").split(","));
        String requestURI = httpServletRequest.getRequestURI();
        if (!asList.contains(requestURI)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String format = String.format("%s_%s", requestURI, ClientInfoHolder.getClientInfo().getClientIpAddress());
        SecurityStrategy securityStrategy = this.casServerSaApiSecurityStrategyManager.getSecurityStrategy();
        long longValue = securityStrategy.getIpThresholdPeriod().longValue();
        if (securityStrategy.getIpThresholdPeriodType().intValue() == 0) {
            longValue *= 1000;
        } else if (securityStrategy.getIpThresholdPeriodType().intValue() == 1) {
            longValue = longValue * 60 * 1000;
        } else if (securityStrategy.getIpThresholdPeriodType().intValue() == 2) {
            longValue = longValue * 60 * 60 * 1000;
        } else if (securityStrategy.getIpThresholdPeriodType().intValue() == 3) {
            longValue = longValue * 60 * 60 * 24 * 1000;
        }
        int intValue = securityStrategy.getIpLoginThreshold().intValue();
        log.debug("RequestPerIPFilter, key [{}], rateTime [{}] millis, qps [{}]", new Object[]{format, Long.valueOf(longValue), Integer.valueOf(intValue)});
        if (this.requestPerIPRateLimiter.tryAcquire(format, longValue, intValue)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.sendError(HttpStatus.TOO_MANY_REQUESTS.value(), HttpStatus.TOO_MANY_REQUESTS.getReasonPhrase());
        }
    }

    public void destroy() {
    }

    public RequestPerIPFilter(CasServerSaApiSecurityStrategyManager casServerSaApiSecurityStrategyManager, RequestPerIPRateLimiter requestPerIPRateLimiter) {
        this.casServerSaApiSecurityStrategyManager = casServerSaApiSecurityStrategyManager;
        this.requestPerIPRateLimiter = requestPerIPRateLimiter;
    }
}
