package host.anzo.core.service;

import com.google.common.util.concurrent.RateLimiter;
import host.anzo.commons.annotations.startup.Scheduled;
import host.anzo.commons.model.enums.EFirewallType;
import host.anzo.commons.model.enums.ERestrictionType;
import host.anzo.commons.utils.DateTimeUtils;
import host.anzo.commons.utils.NetworkUtils;
import host.anzo.commons.utils.VMUtils;
import host.anzo.core.config.FirewallConfig;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.time.format.DateTimeFormatter;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import lombok.Generated;
import org.apache.commons.lang3.SystemUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:host/anzo/core/service/FirewallService.class */
public class FirewallService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger("Firewall");
    private static final AtomicReference<Object> instance = new AtomicReference<>();
    private final Map<String, Long> blockedIps = new ConcurrentHashMap();
    private final Map<String, Map<String, RateLimiter>> connectionRateLimiters = new ConcurrentHashMap();

    private FirewallService() {
        flushSystemFirewall();
    }

    public boolean isAllowedAddress(Class<?> cls, String str, int i, double d, ERestrictionType eRestrictionType) {
        return isAllowedAddress(cls.getSimpleName(), str, i, d, eRestrictionType);
    }

    public boolean isAllowedAddress(String str, String str2, int i, double d, ERestrictionType eRestrictionType) {
        if (!VMUtils.DEBUG) {
            try {
                if (NetworkUtils.isLocalAddress(InetAddress.getByName(str2))) {
                    return true;
                }
            } catch (UnknownHostException e) {
            }
        }
        if (this.blockedIps.containsKey(str2)) {
            return false;
        }
        Map<String, RateLimiter> computeIfAbsent = this.connectionRateLimiters.computeIfAbsent(str, str3 -> {
            return new ConcurrentHashMap();
        });
        if (computeIfAbsent.computeIfAbsent(str2, str4 -> {
            return RateLimiter.create(d);
        }).tryAcquire()) {
            return true;
        }
        if (eRestrictionType == ERestrictionType.BAN) {
            addBlock(str, str2, i, FirewallConfig.FIREWALL_BAN_TIME, TimeUnit.MILLISECONDS);
        }
        computeIfAbsent.remove(str2);
        return false;
    }

    public void addBlock(String str, String str2, int i, long j, TimeUnit timeUnit) {
        long j2 = 0;
        if (FirewallConfig.FIREWALL_TYPE == EFirewallType.SYSTEM && SystemUtils.IS_OS_LINUX) {
            try {
                Runtime.getRuntime().exec(FirewallConfig.FIREWALL_SYSTEM_FIREWALL_RULE.replace("$ip", str2).split(" "));
                j2 = -1;
            } catch (IOException e) {
                log.error("Error while adding firewall rule for class=[{}] and ipAddress=[{}]", new Object[]{str, str2, e});
            }
        } else if (FirewallConfig.FIREWALL_TYPE == EFirewallType.INTERNAL) {
            j2 = System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(j, timeUnit);
            this.blockedIps.put(str2, Long.valueOf(j2));
        }
        if (j2 != 0) {
            if (j2 > 0) {
                log.error("Address ip=[{}] blocked by [{}] firewall at port [{}] for [{}]", new Object[]{str2, str, Integer.valueOf(i), DateTimeUtils.getLocalDateTime(j2).format(DateTimeFormatter.ISO_LOCAL_DATE)});
            } else {
                log.error("Address ip=[{}] blocked by [{}] firewall at port [{}] permanently", new Object[]{str2, str, Integer.valueOf(i)});
            }
        }
    }

    public void removeBlock(String str) {
        this.blockedIps.remove(str);
    }

    public void clear() {
        this.blockedIps.clear();
    }

    public void flushSystemFirewall() {
        if (FirewallConfig.FIREWALL_TYPE == EFirewallType.SYSTEM && SystemUtils.IS_OS_LINUX) {
            for (String str : FirewallConfig.FIREWALL_FLUSHED_SETS_BEFORE_START) {
                try {
                    Runtime.getRuntime().exec(("nft flush set inet filter " + str).split(" "));
                } catch (IOException e) {
                    log.error("Error while flushing firewall set [{}]", str, e);
                }
            }
        }
    }

    @Scheduled(period = 1, timeUnit = TimeUnit.MINUTES, runAfterServerStart = true)
    public void cleanupBans() {
        for (Map.Entry<String, Long> entry : this.blockedIps.entrySet()) {
            if (entry.getValue().longValue() < System.currentTimeMillis()) {
                this.blockedIps.remove(entry.getKey());
            }
        }
        this.connectionRateLimiters.clear();
    }

    @Generated
    public static FirewallService getInstance() {
        Object obj = instance.get();
        if (obj == null) {
            synchronized (instance) {
                obj = instance.get();
                if (obj == null) {
                    FirewallService firewallService = new FirewallService();
                    obj = firewallService == null ? instance : firewallService;
                    instance.set(obj);
                }
            }
        }
        return (FirewallService) (obj == instance ? null : obj);
    }
}
