package com.epam.ta.reportportal.auth.event;

import com.epam.ta.reportportal.core.widget.content.constant.ContentLoaderConstants;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.servlet.http.HttpServletRequest;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/epam/ta/reportportal/auth/event/UiAuthenticationFailureEventHandler.class */
public class UiAuthenticationFailureEventHandler implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
    private static final long MAXIMUM_SIZE = 5000;
    private static final long EXPIRATION_SECONDS = 30;
    private static final int MAX_ATTEMPTS = 3;
    private static final RequestHeaderRequestMatcher AJAX_REQUEST_MATCHER = new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest");

    @Inject
    private Provider<HttpServletRequest> request;
    private LoadingCache<String, AtomicInteger> failures = CacheBuilder.newBuilder().maximumSize(MAXIMUM_SIZE).expireAfterWrite(EXPIRATION_SECONDS, TimeUnit.SECONDS).build(new CacheLoader<String, AtomicInteger>() { // from class: com.epam.ta.reportportal.auth.event.UiAuthenticationFailureEventHandler.1
        public AtomicInteger load(String str) {
            return new AtomicInteger(0);
        }
    });

    public boolean isBlocked(HttpServletRequest httpServletRequest) {
        AtomicInteger atomicInteger = (AtomicInteger) this.failures.getIfPresent(getClientIP(httpServletRequest));
        return null != atomicInteger && atomicInteger.get() > 3;
    }

    private void onAjaxFailure(HttpServletRequest httpServletRequest) {
        ((AtomicInteger) this.failures.getUnchecked(getClientIP(httpServletRequest))).incrementAndGet();
    }

    private String getClientIP(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        return header == null ? httpServletRequest.getRemoteAddr() : header.split(ContentLoaderConstants.CONTENT_FIELDS_DELIMITER)[0];
    }

    public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent authenticationFailureBadCredentialsEvent) {
        onAjaxFailure((HttpServletRequest) this.request.get());
    }
}
