package net.bull.javamelody;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/javamelody-core-1.63.0.jar:net/bull/javamelody/HttpAuth.class */
class HttpAuth {
    private static final long AUTH_FAILURES_MAX = 10;
    private static final long LOCK_DURATION = 3600000;
    private Date firstFailureDate;
    private final AtomicInteger authFailuresCount = new AtomicInteger();
    private final Pattern allowedAddrPattern = getAllowedAddrPattern();
    private final List<String> authorizedUsers = getAuthorizedUsers();

    private static Pattern getAllowedAddrPattern() {
        if (Parameters.getParameter(Parameter.ALLOWED_ADDR_PATTERN) != null) {
            return Pattern.compile(Parameters.getParameter(Parameter.ALLOWED_ADDR_PATTERN));
        }
        return null;
    }

    private static List<String> getAuthorizedUsers() {
        String parameter = Parameters.getParameter(Parameter.AUTHORIZED_USERS);
        if (parameter == null || parameter.trim().isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : parameter.split("[\n,]")) {
            String trim = str.trim();
            if (!trim.isEmpty()) {
                arrayList.add(trim);
                LOG.debug("Authorized user: " + trim.split(":", 2)[0]);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!isRequestAllowed(httpServletRequest)) {
            LOG.debug("Forbidden access to monitoring from " + httpServletRequest.getRemoteAddr());
            httpServletResponse.sendError(403, "Forbidden access");
            return false;
        }
        if (isUserAuthorized(httpServletRequest)) {
            return true;
        }
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"JavaMelody\"");
        if (isLocked()) {
            httpServletResponse.sendError(401, "Unauthorized (locked)");
            return false;
        }
        httpServletResponse.sendError(401, "Unauthorized");
        return false;
    }

    private boolean isRequestAllowed(HttpServletRequest httpServletRequest) {
        return this.allowedAddrPattern == null || this.allowedAddrPattern.matcher(httpServletRequest.getRemoteAddr()).matches();
    }

    private boolean isUserAuthorized(HttpServletRequest httpServletRequest) {
        if (this.authorizedUsers == null) {
            return true;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.toUpperCase(Locale.ENGLISH).startsWith("BASIC ")) {
            return false;
        }
        return checkLockAgainstBruteForceAttack(this.authorizedUsers.contains(Base64Coder.decodeString(header.substring("BASIC ".length()))));
    }

    private boolean checkLockAgainstBruteForceAttack(boolean z) {
        if (this.firstFailureDate == null) {
            if (!z) {
                this.firstFailureDate = new Date();
                this.authFailuresCount.set(1);
            }
        } else {
            if (isLocked()) {
                if (System.currentTimeMillis() - this.firstFailureDate.getTime() < 3600000) {
                    return false;
                }
                this.firstFailureDate = null;
                this.authFailuresCount.set(0);
                return checkLockAgainstBruteForceAttack(z);
            }
            if (z) {
                this.firstFailureDate = null;
                this.authFailuresCount.set(0);
            } else {
                this.authFailuresCount.incrementAndGet();
            }
        }
        return z;
    }

    private boolean isLocked() {
        return ((long) this.authFailuresCount.get()) > 10;
    }
}
