package org.jasig.cas.web.support;

import java.math.BigInteger;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.support.WebContentGenerator;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-3.3.1.jar:org/jasig/cas/web/support/ThrottledSubmissionByIpAddressHandlerInterceptorAdapter.class */
public final class ThrottledSubmissionByIpAddressHandlerInterceptorAdapter extends HandlerInterceptorAdapter implements InitializingBean {
    private static final int MAX_SIZE_OF_MAP_ARRAY = 256;
    private static final int DEFAULT_FAILURE_TIMEOUT = 60;
    private final Log log = LogFactory.getLog(getClass());
    private final Map<String, BigInteger>[] restrictedIpAddressMaps = new Map[256];
    private BigInteger failureThreshhold = DEFAULT_FAILURE_THRESHHOLD;
    int failureTimeout = 60;
    private static final BigInteger DEFAULT_FAILURE_THRESHHOLD = BigInteger.valueOf(100);
    protected static final BigInteger ONE = BigInteger.valueOf(1);

    /* loaded from: input_file:WEB-INF/lib/cas-server-core-3.3.1.jar:org/jasig/cas/web/support/ThrottledSubmissionByIpAddressHandlerInterceptorAdapter$ExpirationThread.class */
    protected static final class ExpirationThread extends Thread {
        private Map<String, BigInteger>[] restrictedIpAddressMaps;
        private int failureTimeout;

        public ExpirationThread(Map<String, BigInteger>[] mapArr, int i) {
            this.restrictedIpAddressMaps = mapArr;
            this.failureTimeout = i;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            while (true) {
                try {
                    Thread.sleep(this.failureTimeout * 60);
                    cleanUpFailures();
                } catch (InterruptedException e) {
                }
            }
        }

        private void cleanUpFailures() {
            int length = this.restrictedIpAddressMaps.length;
            for (int i = 0; i < length; i++) {
                Map<String, BigInteger> map = this.restrictedIpAddressMaps[i];
                synchronized (map) {
                    for (String str : map.keySet()) {
                        BigInteger subtract = map.get(str).subtract(ThrottledSubmissionByIpAddressHandlerInterceptorAdapter.ONE);
                        if (subtract.equals(BigInteger.ZERO)) {
                            map.remove(str);
                        } else {
                            map.put(str, subtract);
                        }
                    }
                }
            }
        }
    }

    public ThrottledSubmissionByIpAddressHandlerInterceptorAdapter() {
        for (int i = 0; i < 256; i++) {
            this.restrictedIpAddressMaps[i] = new HashMap();
        }
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        if (httpServletRequest.getMethod().equals(WebContentGenerator.METHOD_GET) && "casLoginView".equals(modelAndView.getViewName())) {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            try {
                String substring = remoteAddr.substring(remoteAddr.lastIndexOf(".") + 1);
                Map<String, BigInteger> map = this.restrictedIpAddressMaps[Integer.parseInt(substring) - 1];
                synchronized (map) {
                    BigInteger bigInteger = map.get(substring);
                    BigInteger bigInteger2 = ONE;
                    if (bigInteger != null) {
                        bigInteger2 = bigInteger.add(ONE);
                    }
                    map.put(substring, bigInteger2);
                    if (bigInteger2.compareTo(this.failureThreshhold) == 1) {
                        this.log.warn("Possible hacking attack from " + remoteAddr + ". More than " + this.failureThreshhold + " failed login attempts within " + this.failureTimeout + " seconds.");
                        modelAndView.setViewName("casFailureAuthenticationThreshhold");
                    }
                }
            } catch (NumberFormatException e) {
                this.log.warn("Skipping ip-address blocking. Possible reason: IPv6 Address not supported: " + e.getMessage());
            } catch (Exception e2) {
                this.log.error(e2.getMessage());
            }
        }
    }

    public void setFailureThreshhold(BigInteger bigInteger) {
        this.failureThreshhold = bigInteger;
    }

    public void setFailureTimeout(int i) {
        this.failureTimeout = i;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        ExpirationThread expirationThread = new ExpirationThread(this.restrictedIpAddressMaps, this.failureTimeout);
        expirationThread.setDaemon(true);
        expirationThread.start();
    }
}
