package org.apereo.cas.web.support;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.inspektr.audit.AuditActionContext;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-throttle-core-6.2.2.jar:org/apereo/cas/web/support/AbstractThrottledSubmissionHandlerInterceptorAdapter.class */
public abstract class AbstractThrottledSubmissionHandlerInterceptorAdapter extends HandlerInterceptorAdapter implements ThrottledSubmissionHandlerInterceptor, InitializingBean {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractThrottledSubmissionHandlerInterceptorAdapter.class);
    public static final String ACTION_THROTTLED_LOGIN_ATTEMPT = "THROTTLED_LOGIN_ATTEMPT";
    private static final double NUMBER_OF_MILLISECONDS_IN_SECOND = 1000.0d;
    private final ThrottledSubmissionHandlerConfigurationContext configurationContext;
    private double thresholdRate = -1.0d;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        this.thresholdRate = this.configurationContext.getFailureThreshold() / this.configurationContext.getFailureRangeInSeconds();
        LOGGER.trace("Calculated threshold rate as [{}]", Double.valueOf(this.thresholdRate));
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public final boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!HttpMethod.POST.name().equals(httpServletRequest.getMethod())) {
            LOGGER.trace("Letting the request through given http method is [{}]", httpServletRequest.getMethod());
            return true;
        }
        if (!(throttleRequest(httpServletRequest, httpServletResponse) || exceedsThreshold(httpServletRequest))) {
            return true;
        }
        LOGGER.warn("Throttling submission from [{}]. More than [{}] failed login attempts within [{}] seconds. Authentication attempt exceeds the failure threshold [{}]", httpServletRequest.getRemoteAddr(), Double.valueOf(this.thresholdRate), Integer.valueOf(this.configurationContext.getFailureRangeInSeconds()), Integer.valueOf(this.configurationContext.getFailureThreshold()));
        recordThrottle(httpServletRequest);
        return this.configurationContext.getThrottledRequestResponseHandler().handle(httpServletRequest, httpServletResponse);
    }

    protected boolean throttleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.configurationContext.getThrottledRequestExecutor() != null && this.configurationContext.getThrottledRequestExecutor().throttle(httpServletRequest, httpServletResponse);
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public final void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) {
        if (!HttpMethod.POST.name().equals(httpServletRequest.getMethod())) {
            LOGGER.trace("Skipping authentication throttling for requests other than POST");
        } else if (!shouldResponseBeRecordedAsFailure(httpServletResponse)) {
            LOGGER.trace("Skipping to record submission failure for [{}] with response status [{}]", httpServletRequest.getRequestURI(), Integer.valueOf(httpServletResponse.getStatus()));
        } else {
            LOGGER.debug("Recording submission failure for [{}]", httpServletRequest.getRequestURI());
            recordSubmissionFailure(httpServletRequest);
        }
    }

    protected boolean shouldResponseBeRecordedAsFailure(HttpServletResponse httpServletResponse) {
        int status = httpServletResponse.getStatus();
        return (status == 201 || status == 200 || status == 302) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void recordThrottle(HttpServletRequest httpServletRequest) {
    }

    public void decrement() {
        LOGGER.debug("Throttling is not activated for this interceptor adapter");
    }

    protected boolean calculateFailureThresholdRateAndCompare(List<Date> list) {
        if (list.size() < 2) {
            return false;
        }
        long time = list.get(0).getTime();
        long time2 = list.get(1).getTime();
        long j = time - time2;
        double d = NUMBER_OF_MILLISECONDS_IN_SECOND / j;
        LOGGER.debug("Last attempt was at [{}] and the one before that was at [{}]. Difference is [{}] calculated as rate of [{}]", Long.valueOf(time), Long.valueOf(time2), Long.valueOf(j), Double.valueOf(d));
        if (d <= getThresholdRate()) {
            return false;
        }
        LOGGER.warn("Authentication throttling rate [{}] exceeds the defined threshold [{}]", Double.valueOf(d), Double.valueOf(getThresholdRate()));
        return true;
    }

    protected String getUsernameParameterFromRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(StringUtils.defaultString(this.configurationContext.getUsernameParameter(), "username"));
    }

    protected Date getFailureInRangeCutOffDate() {
        return DateTimeUtils.timestampOf(ZonedDateTime.now(ZoneOffset.UTC).minusSeconds(this.configurationContext.getFailureRangeInSeconds()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void recordAuditAction(HttpServletRequest httpServletRequest, String str) {
        String usernameParameterFromRequest = getUsernameParameterFromRequest(httpServletRequest);
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        AuditActionContext auditActionContext = new AuditActionContext(usernameParameterFromRequest, StringUtils.defaultString(httpServletRequest.getParameter("service"), "N/A"), str, this.configurationContext.getApplicationCode(), DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC)), clientInfo.getClientIpAddress(), clientInfo.getServerIpAddress());
        LOGGER.debug("Recording throttled audit action [{}]", auditActionContext);
        this.configurationContext.getAuditTrailExecutionPlan().record(auditActionContext);
    }

    @Generated
    public String toString() {
        return "AbstractThrottledSubmissionHandlerInterceptorAdapter(configurationContext=" + this.configurationContext + ", thresholdRate=" + this.thresholdRate + ")";
    }

    @Generated
    public ThrottledSubmissionHandlerConfigurationContext getConfigurationContext() {
        return this.configurationContext;
    }

    @Generated
    public double getThresholdRate() {
        return this.thresholdRate;
    }

    @Generated
    public AbstractThrottledSubmissionHandlerInterceptorAdapter(ThrottledSubmissionHandlerConfigurationContext throttledSubmissionHandlerConfigurationContext) {
        this.configurationContext = throttledSubmissionHandlerConfigurationContext;
    }
}
