package com.octetstring.vde;

import com.octetstring.nls.Messages;
import com.octetstring.vde.syntax.DirectoryString;
import com.octetstring.vde.util.Logger;
import com.octetstring.vde.util.ServerConfig;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.StringTokenizer;

/* loaded from: input_file:com/octetstring/vde/DoSManager.class */
public class DoSManager extends Thread {
    private static DoSManager instance;
    private HashMap activeUsers;
    private HashMap activeIPs;
    private HashSet activeConnections;
    private HashSet exemptIPs;
    private HashSet exemptUsers;
    private boolean enabled;
    Logger logger;
    private int maxOpsPerCon;
    private int maxConcOpsPerCon;
    private int maxConPerSubject;
    private int maxConPerIP;
    private int maxConnections;
    private int ratePeriod;

    public DoSManager(String str) {
        super(str);
        this.activeUsers = new HashMap();
        this.activeIPs = new HashMap();
        this.activeConnections = new HashSet();
        this.exemptIPs = new HashSet();
        this.exemptUsers = new HashSet();
        this.enabled = true;
        this.logger = Logger.getInstance();
        this.maxOpsPerCon = 0;
        this.maxConcOpsPerCon = 0;
        this.maxConPerSubject = 0;
        this.maxConPerIP = 0;
        this.maxConnections = 0;
        this.ratePeriod = 100;
        instance = this;
        setPriority(6);
    }

    public static DoSManager getInstance() {
        if (instance == null) {
            instance = new DoSManager("DoSManager");
        }
        return instance;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public boolean isOpExceeded(Connection connection) {
        if (!this.enabled) {
            return false;
        }
        int lastOp = connection.getLastOp();
        if (this.maxConcOpsPerCon != -1 && (this.maxOpsPerCon <= 0 || lastOp < this.maxOpsPerCon)) {
            return false;
        }
        String iPAddress = connection.getAuthCred().getIPAddress();
        String lowerCase = connection.getAuthCred().getUser().toString().toLowerCase();
        if (this.exemptUsers.contains(lowerCase) || this.exemptIPs.contains(iPAddress)) {
            return false;
        }
        this.logger.log(3, this, Messages.getString("DoSManager_Maximum_operations_per_connection_exceeded_(_2") + lowerCase + "/" + iPAddress + ", " + lastOp + "/" + this.maxOpsPerCon + ").");
        unregisterConnection(connection);
        return true;
    }

    public boolean isUserConExceeded(DirectoryString directoryString) {
        DoSTracker doSTracker;
        if (!this.enabled) {
            return false;
        }
        if ((directoryString != null && this.exemptUsers.contains(directoryString.toString().toLowerCase())) || (doSTracker = (DoSTracker) this.activeUsers.get(directoryString)) == null) {
            return false;
        }
        if (this.maxConPerSubject != -1) {
            return doSTracker.getConCount() >= this.maxConPerSubject && this.maxConPerSubject > 0;
        }
        return true;
    }

    public boolean isIPConExceeded(String str) {
        DoSTracker doSTracker;
        if (!this.enabled) {
            return false;
        }
        if ((str != null && this.exemptIPs.contains(str)) || (doSTracker = (DoSTracker) this.activeIPs.get(str)) == null) {
            return false;
        }
        if (this.maxConPerIP != -1) {
            return doSTracker.getConCount() >= this.maxConPerIP && this.maxConPerIP > 0;
        }
        return true;
    }

    public boolean registerSubject(Connection connection) {
        DirectoryString user = connection.getAuthCred().getUser();
        if (user == null || user.length() == 0) {
            user = new DirectoryString("cn=Anonymous");
        }
        String lowerCase = user.toString().toLowerCase();
        if (isUserConExceeded(user) && !this.exemptUsers.contains(lowerCase)) {
            this.logger.log(3, this, Messages.getString("DoSManager_Maximum_connections_per_subject(_8") + user + Messages.getString("DoSManager_)_exceeded._9"));
            return false;
        }
        synchronized (this.activeUsers) {
            DoSTracker doSTracker = (DoSTracker) this.activeUsers.get(user);
            if (doSTracker == null) {
                doSTracker = new DoSTracker();
                this.activeUsers.put(user, doSTracker);
            }
            synchronized (doSTracker) {
                doSTracker.add(connection);
            }
        }
        return true;
    }

    public boolean registerWebRequest(String str, DirectoryString directoryString) {
        new Connection();
        if (this.enabled && !this.exemptIPs.contains(str) && !this.exemptUsers.contains(directoryString)) {
            if (this.maxConnections > 0 && this.activeConnections.size() > this.maxConnections) {
                this.logger.log(3, this, Messages.getString("DoSManager_Maximum_concurrent_connections(_10") + this.maxConnections + Messages.getString("DoSManager_)_exceeded._11"));
                return false;
            }
            if (isIPConExceeded(str)) {
                this.logger.log(3, this, Messages.getString("DoSManager_Maximum_connections_per_IP_address(_12") + str + Messages.getString("DoSManager_)_exceeded._13"));
                return false;
            }
        }
        synchronized (this.activeIPs) {
            DoSTracker doSTracker = (DoSTracker) this.activeIPs.get(str);
            if (doSTracker == null) {
                doSTracker = new DoSTracker();
                this.activeIPs.put(str, doSTracker);
            }
            doSTracker.incrConnections();
        }
        if (directoryString == null || directoryString.length() == 0) {
            directoryString = new DirectoryString("cn=Anonymous");
        }
        String lowerCase = directoryString.toString().toLowerCase();
        if (isUserConExceeded(directoryString) && !this.exemptUsers.contains(lowerCase)) {
            this.logger.log(3, this, Messages.getString("DoSManager_Maximum_connections_per_subject(_8") + directoryString + Messages.getString("DoSManager_)_exceeded._9"));
            return false;
        }
        synchronized (this.activeUsers) {
            DoSTracker doSTracker2 = (DoSTracker) this.activeUsers.get(directoryString);
            if (doSTracker2 == null) {
                doSTracker2 = new DoSTracker();
                this.activeUsers.put(directoryString, doSTracker2);
            }
            doSTracker2.incrConnections();
        }
        return true;
    }

    public boolean registerConnection(Connection connection) {
        String iPAddress = connection.getAuthCred().getIPAddress();
        String lowerCase = connection.getAuthCred().getUser().toString().toLowerCase();
        if (this.enabled && !this.exemptIPs.contains(iPAddress) && !this.exemptUsers.contains(lowerCase)) {
            if (this.maxConnections > 0 && this.activeConnections.size() > this.maxConnections) {
                this.logger.log(3, this, Messages.getString("DoSManager_Maximum_concurrent_connections(_10") + this.maxConnections + Messages.getString("DoSManager_)_exceeded._11"));
                return false;
            }
            if (isIPConExceeded(iPAddress)) {
                this.logger.log(3, this, Messages.getString("DoSManager_Maximum_connections_per_IP_address(_12") + iPAddress + Messages.getString("DoSManager_)_exceeded._13"));
                return false;
            }
        }
        synchronized (this.activeConnections) {
            this.activeConnections.add(connection);
        }
        synchronized (this.activeIPs) {
            DoSTracker doSTracker = (DoSTracker) this.activeIPs.get(iPAddress);
            if (doSTracker == null) {
                doSTracker = new DoSTracker();
                this.activeIPs.put(iPAddress, doSTracker);
            }
            synchronized (doSTracker) {
                doSTracker.add(connection);
            }
        }
        return registerSubject(connection) || this.exemptIPs.contains(iPAddress) || this.exemptUsers.contains(lowerCase);
    }

    public void unregisterSubject(Connection connection, DirectoryString directoryString) {
        if (directoryString == null || directoryString.length() == 0) {
            directoryString = new DirectoryString("cn=Anonymous");
        }
        this.logger.log(7, this, Messages.getString("DoSManager_UnBind___15") + directoryString.toString() + "/" + connection.getAuthCred().getIPAddress() + ".");
        synchronized (this.activeUsers) {
            DoSTracker doSTracker = (DoSTracker) this.activeUsers.get(directoryString);
            if (doSTracker != null && doSTracker.contains(connection)) {
                doSTracker.remove(connection);
            }
        }
    }

    public void unregisterConnection(Connection connection) {
        DirectoryString user = connection.getAuthCred().getUser();
        if (user == null || user.length() == 0) {
            user = new DirectoryString("cn=Anonymous");
        }
        String iPAddress = connection.getAuthCred().getIPAddress();
        synchronized (this.activeConnections) {
            if (this.activeConnections.contains(connection)) {
                this.activeConnections.remove(connection);
            }
        }
        DoSTracker doSTracker = (DoSTracker) this.activeUsers.get(user);
        if (doSTracker != null && doSTracker.contains(connection)) {
            unregisterSubject(connection, user);
            if (doSTracker.getActiveConCount() == 0) {
                this.activeUsers.remove(user);
            }
        }
        synchronized (this.activeIPs) {
            DoSTracker doSTracker2 = (DoSTracker) this.activeIPs.get(iPAddress);
            if (doSTracker2 != null) {
                synchronized (doSTracker2) {
                    if (doSTracker2.contains(connection)) {
                        doSTracker2.remove(connection);
                    }
                    if (doSTracker2.getActiveConCount() == 0) {
                        this.activeIPs.remove(iPAddress);
                    }
                }
            }
        }
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        ServerConfig serverConfig = ServerConfig.getInstance();
        String str = (String) serverConfig.get(ServerConfig.VDE_DOS_CHECK);
        String str2 = (String) serverConfig.get(ServerConfig.VDE_DOS_OPSPERCON);
        String str3 = (String) serverConfig.get(ServerConfig.VDE_DOS_CONPERSUBJECT);
        String str4 = (String) serverConfig.get(ServerConfig.VDE_DOS_CONPERIP);
        String str5 = (String) serverConfig.get(ServerConfig.VDE_DOS_RATEPERIOD);
        String str6 = (String) serverConfig.get(ServerConfig.VDE_DOS_MAXCONNECTIONS);
        String str7 = (String) serverConfig.get(ServerConfig.VDE_DOS_EXEMPTIPS);
        if (str7 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str7, ",", false);
            while (stringTokenizer.hasMoreTokens()) {
                this.exemptIPs.add(stringTokenizer.nextToken());
            }
        }
        String str8 = (String) serverConfig.get(ServerConfig.VDE_DOS_EXEMPTUSERS);
        if (str8 != null) {
            StringTokenizer stringTokenizer2 = new StringTokenizer(str8, "|", false);
            while (stringTokenizer2.hasMoreTokens()) {
                this.exemptUsers.add(stringTokenizer2.nextToken().toLowerCase());
            }
        }
        if (str == null) {
            this.enabled = false;
        } else if (str.equalsIgnoreCase("1")) {
            this.enabled = true;
        } else {
            this.enabled = false;
        }
        if (str2 != null) {
            this.maxOpsPerCon = Integer.parseInt(str2);
        } else {
            this.maxOpsPerCon = 0;
        }
        if (str3 != null) {
            this.maxConPerSubject = Integer.parseInt(str3);
        } else {
            this.maxConPerSubject = 0;
        }
        if (str4 != null) {
            this.maxConPerIP = Integer.parseInt(str4);
        } else {
            this.maxConPerIP = 0;
        }
        if (str6 != null) {
            this.maxConnections = Integer.parseInt(str6);
        } else {
            this.maxConnections = 0;
        }
        if (str5 != null) {
            this.ratePeriod = Integer.parseInt(str5);
        } else {
            this.ratePeriod = 60000;
        }
        if (this.enabled) {
            this.logger.log(5, this, Messages.getString("DoSManager_Denial_of_Service_monitor_loaded_and_running._21"));
            this.logger.log(7, this, Messages.getString("DoSManager_Period_enforcement_cycle_time____________22") + str5 + Messages.getString("DoSManager_milleseconds._23"));
            this.logger.log(7, this, Messages.getString("DoSManager_Maximum_ops_per_connection_per_cycle_____24") + this.maxOpsPerCon);
            this.logger.log(7, this, Messages.getString("DoSManager_Maximum_connects_per_subject_per_cycle___25") + this.maxConPerSubject);
            this.logger.log(7, this, Messages.getString("DoSManager_Maximum_connections_per_ip_per_cycle_____26") + this.maxConPerIP);
            this.logger.log(7, this, Messages.getString("DoSManager_Maximum_concurrent_connections___________27") + this.maxConPerIP);
            this.logger.log(5, this, Messages.getString("DoSManager_Exempting_IP_addresses___________________28") + str7);
            this.logger.log(5, this, Messages.getString("DoSManager_Exempting_subject_names__________________29") + str8);
        } else {
            this.logger.log(5, this, Messages.getString("DoSManager_Denial_of_Service_monitor_DISABLED._30"));
        }
        while (this.ratePeriod > 0) {
            try {
                sleep(this.ratePeriod);
                this.logger.log(7, this, Messages.getString("DoSManager_Periodic_tracking_cycle_running._31"));
                synchronized (this.activeConnections) {
                    Iterator it = this.activeConnections.iterator();
                    while (it.hasNext()) {
                        Connection connection = (Connection) it.next();
                        boolean isUnbound = connection.isUnbound();
                        boolean isClosed = connection.getClient().isClosed();
                        if (isUnbound || isClosed) {
                            if (isUnbound) {
                                this.logger.log(3, this, Messages.getString("DoSManager_Found_unbound_connection_from_activeConnections._37") + "[Session: " + connection.getAuthCred().getUser().toString() + "/" + connection.getAuthCred().getIPAddress() + "]");
                            } else {
                                this.logger.log(3, this, "DoSManager found closed connection from activeConnections. [Session: " + connection.getAuthCred().getUser().toString() + "/" + connection.getAuthCred().getIPAddress() + "]");
                            }
                            it.remove();
                        } else {
                            this.logger.log(7, this, Messages.getString("DoSManager_Current_operations_per_connection_(_32") + connection.getAuthCred().getUser().toString() + "/" + connection.getAuthCred().getIPAddress() + ", " + connection.getLastOp() + "/" + this.maxOpsPerCon + ").");
                            connection.setLastOp(0);
                        }
                    }
                }
                synchronized (this.activeIPs) {
                    for (DoSTracker doSTracker : this.activeIPs.values()) {
                        doSTracker.resetCounters();
                        Iterator conIterator = doSTracker.getConIterator();
                        while (conIterator.hasNext()) {
                            Connection connection2 = (Connection) conIterator.next();
                            if (connection2.isUnbound()) {
                                this.logger.log(3, this, Messages.getString("DoSManager_Found_unbound_connection_from_active_ip_addresses._38") + "[Session: " + connection2.getAuthCred().getUser().toString() + "/" + connection2.getAuthCred().getIPAddress() + "]");
                                conIterator.remove();
                            } else if (connection2.getClient().isClosed()) {
                                this.logger.log(3, this, Messages.getString("DoSManager found closed connection from active IP addresses.") + "[Session: " + connection2.getAuthCred().getUser().toString() + "/" + connection2.getAuthCred().getIPAddress() + "]");
                                conIterator.remove();
                            }
                        }
                    }
                }
                synchronized (this.activeUsers) {
                    for (DoSTracker doSTracker2 : this.activeUsers.values()) {
                        synchronized (doSTracker2) {
                            doSTracker2.resetCounters();
                            Iterator conIterator2 = doSTracker2.getConIterator();
                            while (conIterator2.hasNext()) {
                                Connection connection3 = (Connection) conIterator2.next();
                                if (connection3.isUnbound()) {
                                    this.logger.log(3, this, Messages.getString("DoSManager_Found_unbound_connection_from_active_users._39") + "[Session: " + connection3.getAuthCred().getUser().toString() + "/" + connection3.getAuthCred().getIPAddress() + "]");
                                    conIterator2.remove();
                                } else if (connection3.getClient().isClosed()) {
                                    this.logger.log(3, this, Messages.getString("DoSManager found closed connection from active users") + "[Session: " + connection3.getAuthCred().getUser().toString() + "/" + connection3.getAuthCred().getIPAddress() + "]");
                                    conIterator2.remove();
                                }
                            }
                        }
                    }
                }
            } catch (InterruptedException e) {
            }
        }
    }
}
