package org.webcastellum;

import java.io.File;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.logging.FileHandler;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:org/webcastellum/AttackHandler.class */
public final class AttackHandler {
    private final Map attackCounter = Collections.synchronizedMap(new HashMap());
    private final Map redirectCounter = Collections.synchronizedMap(new HashMap());
    private final int blockAttackingClientsThreshold;
    private final int blockRepeatedRedirectsThreshold;
    private final long resetPeriodMillisAttack;
    private final long resetPeriodMillisRedirectThreshold;
    private final boolean logSessionValuesOnAttack;
    private final boolean invalidateSessionOnAttack;
    private final boolean isProductionMode;
    private final boolean logVerboseForDevelopmentMode;
    private final boolean logClientUserData;
    private final String blockMessage;
    private final Pattern removeSensitiveDataRequestParamNamePattern;
    private final Pattern removeSensitiveDataRequestParamNameAndValueUrlPattern;
    private final Pattern removeSensitiveDataValuePattern;
    private ClientBlacklist clientBlacklist;
    private Timer cleanupTimerAttackTracking;
    private Timer cleanupTimerRedirectTracking;
    private TimerTask taskAttackTracking;
    private TimerTask taskRedirectTracking;
    private Logger learningModeLogger;
    private FileHandler handlerForLearningModeLogging;
    private final AttackLogger attackLogger;

    public AttackHandler(AttackLogger attackLogger, int i, long j, long j2, long j3, long j4, String str, String str2, boolean z, boolean z2, int i2, boolean z3, boolean z4, Pattern pattern, Pattern pattern2, boolean z5) {
        if (i < 0) {
            throw new IllegalArgumentException("Threshold must not be negative");
        }
        if (pattern == null) {
            throw new NullPointerException("removeSensitiveDataRequestParamNamePattern must not be null");
        }
        if (pattern2 == null) {
            throw new NullPointerException("removeSensitiveDataValuePattern must not be null");
        }
        this.attackLogger = attackLogger;
        this.blockAttackingClientsThreshold = i;
        this.resetPeriodMillisAttack = j3;
        this.resetPeriodMillisRedirectThreshold = j4;
        this.logSessionValuesOnAttack = z;
        this.invalidateSessionOnAttack = z2;
        this.isProductionMode = z3;
        this.logVerboseForDevelopmentMode = z4;
        this.blockMessage = new StringBuffer().append(Math.round(j2 / 1000.0d)).append(" seconds").toString();
        this.blockRepeatedRedirectsThreshold = i2;
        if (this.blockAttackingClientsThreshold > 0) {
            this.clientBlacklist = new ClientBlacklist(j, j2);
        }
        this.removeSensitiveDataRequestParamNamePattern = pattern;
        this.removeSensitiveDataRequestParamNameAndValueUrlPattern = Pattern.compile(new StringBuffer().append("(?:").append(pattern.pattern()).append(")=[^\\&]*").toString());
        this.removeSensitiveDataValuePattern = pattern2;
        this.logClientUserData = z5;
        initTimers(j);
        initLogging(str, str2);
    }

    private void initTimers(long j) {
        if (this.blockAttackingClientsThreshold > 0) {
            this.cleanupTimerAttackTracking = new Timer("AttackHandler-cleanup-attacks", true);
            this.taskAttackTracking = new CleanupIncrementingCounterTask("AttackHandler-cleanup-attacks", this.attackCounter);
            this.cleanupTimerAttackTracking.scheduleAtFixedRate(this.taskAttackTracking, CryptoUtils.generateRandomNumber(false, 60000, 300000), j);
        }
        if (this.blockRepeatedRedirectsThreshold > 0) {
            this.cleanupTimerRedirectTracking = new Timer("AttackHandler-cleanup-redirects", true);
            this.taskRedirectTracking = new CleanupIncrementingCounterTask("AttackHandler-cleanup-redirects", this.redirectCounter);
            this.cleanupTimerRedirectTracking.scheduleAtFixedRate(this.taskRedirectTracking, CryptoUtils.generateRandomNumber(false, 60000, 300000), j);
        }
    }

    public void destroy() {
        this.attackCounter.clear();
        if (this.taskAttackTracking != null) {
            this.taskAttackTracking.cancel();
            this.taskAttackTracking = null;
        }
        if (this.cleanupTimerAttackTracking != null) {
            this.cleanupTimerAttackTracking.cancel();
            this.cleanupTimerAttackTracking = null;
            this.attackCounter.clear();
        }
        this.redirectCounter.clear();
        if (this.taskRedirectTracking != null) {
            this.taskRedirectTracking.cancel();
            this.taskRedirectTracking = null;
        }
        if (this.cleanupTimerRedirectTracking != null) {
            this.cleanupTimerRedirectTracking.cancel();
            this.cleanupTimerRedirectTracking = null;
            this.redirectCounter.clear();
        }
        if (this.clientBlacklist != null) {
            this.clientBlacklist.destroy();
        }
        this.attackLogger.destroy();
        if (this.learningModeLogger == null || this.handlerForLearningModeLogging == null) {
            return;
        }
        this.handlerForLearningModeLogging.close();
        this.learningModeLogger.removeHandler(this.handlerForLearningModeLogging);
        this.handlerForLearningModeLogging = null;
        this.learningModeLogger = null;
    }

    public int getBlockAttackingClientsThreshold() {
        return this.blockAttackingClientsThreshold;
    }

    public boolean shouldBeBlocked(String str) {
        return (this.blockAttackingClientsThreshold == 0 || this.clientBlacklist == null || !this.clientBlacklist.isBlacklisted(str)) ? false : true;
    }

    public boolean isRedirectThresholdReached(String str) {
        if (this.blockRepeatedRedirectsThreshold == 0 || this.blockRepeatedRedirectsThreshold <= 0 || this.cleanupTimerRedirectTracking == null) {
            return false;
        }
        return trackRedirecting(str);
    }

    public int getRedirectThreshold() {
        return this.blockRepeatedRedirectsThreshold;
    }

    public long getRedirectThresholdResetPeriod() {
        return this.resetPeriodMillisRedirectThreshold;
    }

    public void logWarningRequestMessage(String str) {
        if (this.attackLogger != null) {
            try {
                StringBuilder append = new StringBuilder("Warning message: ").append(Version.versionNumber()).append(" ").append("[\n");
                append.append("\t").append(str).append("\n");
                append.append("]");
                this.attackLogger.log(true, append.toString());
            } catch (Exception e) {
                System.err.println(new StringBuffer().append("Unable to log request message: ").append(e.getMessage()).toString());
            }
        }
    }

    public void logRegularRequestMessage(String str) {
        if (this.attackLogger != null) {
            if (this.attackLogger.getPrePostCount() > 0 || (this.logVerboseForDevelopmentMode && !this.isProductionMode)) {
                try {
                    StringBuilder append = new StringBuilder("Regular message (pre/post-attack logging): ").append(Version.versionNumber()).append(" ").append("[\n");
                    append.append("\t").append(str).append("\n");
                    append.append("]");
                    this.attackLogger.log(false, append.toString());
                } catch (Exception e) {
                    System.err.println(new StringBuffer().append("Unable to log request message: ").append(e.getMessage()).toString());
                }
            }
        }
    }

    public void handleRegularRequest(HttpServletRequest httpServletRequest, String str) {
        if (this.attackLogger != null) {
            if (this.attackLogger.getPrePostCount() > 0 || (this.logVerboseForDevelopmentMode && !this.isProductionMode)) {
                try {
                    StringBuilder append = new StringBuilder("Regular request (pre/post-attack logging): ").append(Version.versionNumber()).append(" ").append("[\n");
                    append.append(RequestUtils.extractSecurityRelevantRequestContent(httpServletRequest, str, false, this.removeSensitiveDataRequestParamNamePattern, this.removeSensitiveDataRequestParamNameAndValueUrlPattern, this.removeSensitiveDataValuePattern, this.logClientUserData));
                    append.append("]");
                    this.attackLogger.log(false, append.toString());
                } catch (Exception e) {
                    System.err.println(new StringBuffer().append("Unable to log request details: ").append(e.getMessage()).toString());
                }
            }
        }
    }

    public Attack handleAttack(HttpServletRequest httpServletRequest, String str, String str2) {
        boolean z = false;
        if (this.blockAttackingClientsThreshold > 0 && this.cleanupTimerAttackTracking != null && this.clientBlacklist != null) {
            z = trackBlocking(str);
        }
        String createId = IdGeneratorUtils.createId();
        StringBuilder append = new StringBuilder("Reference ").append(createId).append(" (production mode is ").append(this.isProductionMode ? "enabled): " : "disabled): ").append(Version.versionNumber()).append("\n").append(str2).append(" [\n");
        append.append(RequestUtils.extractSecurityRelevantRequestContent(httpServletRequest, str, this.logSessionValuesOnAttack, this.removeSensitiveDataRequestParamNamePattern, this.removeSensitiveDataRequestParamNameAndValueUrlPattern, this.removeSensitiveDataValuePattern, this.logClientUserData));
        append.append("]");
        if (this.invalidateSessionOnAttack) {
            try {
                HttpSession session = httpServletRequest.getSession(false);
                if (session != null) {
                    session.invalidate();
                    append.append(" ==> emergency action: session invalidated");
                }
            } catch (Exception e) {
                append.append(new StringBuffer().append(" ==> emergency action failed: unable to invalidate session: ").append(e.getMessage()).toString());
            }
        }
        if (z) {
            append.append(" ==> further protection: client will be blocked for ").append(this.blockMessage);
        }
        String sb = append.toString();
        if (this.attackLogger != null) {
            this.attackLogger.log(true, sb);
        } else {
            System.out.println(sb);
        }
        return new Attack(sb, createId);
    }

    private void logMessage(Logger logger, Level level, String str) {
        if (level == null || str == null) {
            return;
        }
        LogRecord logRecord = new LogRecord(level, str);
        logRecord.setSourceClassName("WebCastellum");
        logRecord.setSourceMethodName("log");
        logger.log(logRecord);
    }

    private boolean trackBlocking(String str) {
        if (this.clientBlacklist == null) {
            throw new IllegalStateException("Client blacklist not initialized");
        }
        boolean z = false;
        synchronized (this.attackCounter) {
            Counter counter = (Counter) this.attackCounter.get(str);
            if (counter == null) {
                counter = new IncrementingCounter(this.resetPeriodMillisAttack);
                this.attackCounter.put(str, counter);
            } else {
                counter.increment();
            }
            if (counter.getCounter() >= this.blockAttackingClientsThreshold) {
                this.attackCounter.remove(str);
                z = true;
            }
        }
        if (z) {
            this.clientBlacklist.blacklistClient(str);
        }
        return z;
    }

    private boolean trackRedirecting(String str) {
        synchronized (this.redirectCounter) {
            Counter counter = (Counter) this.redirectCounter.get(str);
            if (counter == null) {
                counter = new IncrementingCounter(this.resetPeriodMillisRedirectThreshold);
                this.redirectCounter.put(str, counter);
            } else {
                counter.increment();
            }
            if (counter.getCounter() < this.blockRepeatedRedirectsThreshold) {
                return false;
            }
            this.redirectCounter.remove(str);
            return true;
        }
    }

    public void handleLearningModeRequestAggregation(HttpServletRequest httpServletRequest) {
        if (this.learningModeLogger == null || httpServletRequest == null) {
            return;
        }
        try {
            String servletPath = httpServletRequest.getServletPath();
            if (servletPath != null) {
                StringBuilder append = new StringBuilder("Regular request (learning mode): ").append(Version.versionNumber()).append(" ").append("[\n");
                RequestUtils.appendValueToMessage(append, "servletPath", ServerUtils.urlEncode(servletPath));
                RequestUtils.appendValueToMessage(append, "method", ServerUtils.urlEncode(httpServletRequest.getMethod()));
                RequestUtils.appendValueToMessage(append, "mimeType", ServerUtils.urlEncode(httpServletRequest.getContentType()));
                RequestUtils.appendValueToMessage(append, "contentLength", new StringBuffer().append("").append(httpServletRequest.getContentLength()).toString());
                RequestUtils.appendValueToMessage(append, "encoding", ServerUtils.urlEncode(httpServletRequest.getCharacterEncoding()));
                RequestUtils.appendValueToMessage(append, "referer", ServerUtils.urlEncode(httpServletRequest.getHeader("referer")));
                Enumeration parameterNames = httpServletRequest.getParameterNames();
                if (parameterNames != null) {
                    while (parameterNames.hasMoreElements()) {
                        String str = (String) parameterNames.nextElement();
                        String[] parameterValues = httpServletRequest.getParameterValues(str);
                        if (parameterValues != null) {
                            for (String str2 : parameterValues) {
                                RequestUtils.appendValueToMessage(append, new StringBuffer().append("requestParam: ").append(ServerUtils.urlEncode(str)).toString(), ServerUtils.urlEncode(str2));
                            }
                        }
                    }
                } else {
                    System.err.println("This servlet-container does not allow the access of request params... VERY STRANGE");
                }
                append.append("]");
                logMessage(this.learningModeLogger, Level.FINE, append.toString());
            }
        } catch (Exception e) {
            System.err.println(new StringBuffer().append("Unable to learn from (log) request details: ").append(e.getMessage()).toString());
        }
    }

    private void initLogging(String str, String str2) {
        String str3;
        this.attackLogger.init(str2, this.isProductionMode, this.logVerboseForDevelopmentMode);
        if (str == null || str.trim().length() == 0) {
            return;
        }
        this.learningModeLogger = Logger.getLogger(new StringBuffer().append("WebCastellum-LearningMode.").append(str2).toString());
        File file = new File(str);
        if (str2 == null || str2.trim().length() == 0) {
            str3 = "";
            System.out.println(new StringBuffer().append("WebCastellum logs learning mode data for this application to ").append(file.getAbsolutePath()).toString());
        } else {
            System.out.println(new StringBuffer().append("WebCastellum logs learning mode data for application ").append(str2.trim()).append(" to ").append(file.getAbsolutePath()).toString());
            str3 = new StringBuffer().append(".").append(str2.trim()).toString();
        }
        String absolutePathLoggingSafe = getAbsolutePathLoggingSafe(file);
        try {
            this.learningModeLogger.setUseParentHandlers(false);
            this.handlerForLearningModeLogging = new FileHandler(new StringBuffer().append(absolutePathLoggingSafe).append("/WebCastellum-LearningMode").append(str3).append("-%g-%u.log").toString(), 10485760, 50, false);
            this.handlerForLearningModeLogging.setEncoding(WebCastellumFilter.DEFAULT_CHARACTER_ENCODING);
            this.handlerForLearningModeLogging.setFormatter(new SimpleFormatter());
            this.learningModeLogger.setLevel(Level.FINE);
            this.learningModeLogger.addHandler(this.handlerForLearningModeLogging);
        } catch (Exception e) {
            System.err.println(new StringBuffer().append("Unable to initialize learning mode data logging: ").append(e.getMessage()).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final String getAbsolutePathLoggingSafe(File file) {
        return file.getAbsolutePath().replaceAll("\\\\", "/").replaceAll("%", "%%");
    }
}
