package com.fr.decision.security;

import com.fr.concurrent.NamedThreadFactory;
import com.fr.decision.base.util.UUIDUtil;
import com.fr.decision.security.entity.BlockIpEntity;
import com.fr.decision.system.SystemContext;
import com.fr.log.FineLoggerFactory;
import com.fr.module.ModuleContext;
import com.fr.security.WebSecurityConfig;
import com.fr.stable.query.QueryFactory;
import com.fr.stable.query.data.DataList;
import com.fr.store.StateHubManager;
import com.fr.store.StateHubService;
import com.fr.third.guava.net.HttpHeaders;
import com.fr.web.utils.WebUtils;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:fine-decision-10.0.jar:com/fr/decision/security/WebSecurityContext.class */
public class WebSecurityContext {
    private static final int UNIT_1000 = 1000;
    private static final String NS_BLOCK_IP_TABLE = "blockIpTable";
    private static final String NS_BLOCK_IP_TABLE_MODIFY = "isModify";
    private static final String NS_IP_TIME_TABLE = "ipTimeTable";
    private static final String NS_IP_VISITS_TABLE = "ipVisitsTable";
    private ScheduledExecutorService scheduler = ModuleContext.getExecutor().newScheduledThreadPool(1, new NamedThreadFactory("CheckAndSaveModifyBlockIp"));
    private static volatile WebSecurityContext instance;

    public static WebSecurityContext getInstance() {
        if (instance == null) {
            synchronized (WebSecurityContext.class) {
                if (instance == null) {
                    instance = new WebSecurityContext();
                }
            }
        }
        return instance;
    }

    public static void reset() {
        instance = null;
    }

    public void httpHeadersControl(HttpServletResponse httpServletResponse) {
        WebSecurityConfig webSecurityConfig = WebSecurityConfig.getInstance();
        if (webSecurityConfig.isHstsEnabled()) {
            httpServletResponse.addHeader(HttpHeaders.STRICT_TRANSPORT_SECURITY, webSecurityConfig.getHstsHeader());
        }
        if (webSecurityConfig.isHttpHeadersEnabled()) {
            if (webSecurityConfig.isContentTypeOptionsEnabled()) {
                httpServletResponse.addHeader(HttpHeaders.X_CONTENT_TYPE_OPTIONS, webSecurityConfig.getContentTypeOptionsHeader());
            }
            if (webSecurityConfig.isXssProtectionEnabled()) {
                httpServletResponse.addHeader(HttpHeaders.X_XSS_PROTECTION, webSecurityConfig.getXssProtectionHeader());
            }
            if (webSecurityConfig.isFrameOptionsEnabled()) {
                httpServletResponse.addHeader(HttpHeaders.X_FRAME_OPTIONS, webSecurityConfig.getFrameOptionsHeader());
            }
            if (webSecurityConfig.isContentSecurityPolicyEnabled()) {
                httpServletResponse.addHeader(HttpHeaders.CONTENT_SECURITY_POLICY, webSecurityConfig.getContentSecurityPolicyHeader());
            }
            if (webSecurityConfig.isCacheControlEnabled()) {
                httpServletResponse.addHeader("Cache-Control", webSecurityConfig.getCacheControlHeader());
                httpServletResponse.addHeader("Pragma", webSecurityConfig.getCacheControlPragmaHeader());
                httpServletResponse.addDateHeader("Expires", webSecurityConfig.getCacheControlExpiresHeader());
            }
        }
    }

    public void dealWithCookie(HttpServletResponse httpServletResponse, Cookie[] cookieArr) {
        for (Cookie cookie : cookieArr) {
            if (WebSecurityConfig.getInstance().isSecurityCookieEnabled()) {
                cookie.setSecure(true);
                cookie.setHttpOnly(true);
            }
            httpServletResponse.addCookie(cookie);
        }
    }

    public void loadBlockIpList() throws Exception {
        final StateHubService applyForService = StateHubManager.applyForService(NS_BLOCK_IP_TABLE);
        final Boolean bool = (Boolean) applyForService.get(NS_BLOCK_IP_TABLE_MODIFY);
        if (bool == null || !bool.booleanValue()) {
            for (BlockIpEntity blockIpEntity : fetchBlockIpsFromDB()) {
                applyForService.put(blockIpEntity.getIp(), Integer.valueOf(blockIpEntity.getRejectedVisits()));
            }
            applyForService.put(NS_BLOCK_IP_TABLE_MODIFY, false);
        }
        this.scheduler.scheduleAtFixedRate(new Runnable() { // from class: com.fr.decision.security.WebSecurityContext.1
            @Override // java.lang.Runnable
            public void run() {
                if (bool == null || !bool.booleanValue()) {
                    return;
                }
                WebSecurityContext.this.saveModifyBlockIp(applyForService);
            }
        }, 1L, 1L, TimeUnit.HOURS);
    }

    public boolean httpAccessControl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!WebSecurityConfig.getInstance().getRateLimitEnabled()) {
            return true;
        }
        String ipAddr = WebUtils.getIpAddr(httpServletRequest);
        return !hasRejected(ipAddr) && checkFrequency(ipAddr);
    }

    public boolean removeBlockIp(String str) throws Exception {
        StateHubManager.applyForService(NS_BLOCK_IP_TABLE).delete(str);
        return true;
    }

    public DataList<BlockIpEntity> getBlockIps(int i, int i2) throws Exception {
        StateHubService applyForService = StateHubManager.applyForService(NS_BLOCK_IP_TABLE);
        Boolean bool = (Boolean) applyForService.get(NS_BLOCK_IP_TABLE_MODIFY);
        if (bool == null || !bool.booleanValue()) {
            return SystemContext.getInstance().getBlockIpController().findWithTotalCount(QueryFactory.create().count(i2).skip((i - 1) * i2));
        }
        List<BlockIpEntity> saveModifyBlockIp = saveModifyBlockIp(applyForService);
        ArrayList arrayList = new ArrayList();
        int i3 = (i - 1) * i2;
        for (int i4 = i3; i4 < i3 + i2 && i4 < saveModifyBlockIp.size(); i4++) {
            arrayList.add(saveModifyBlockIp.get(i4));
        }
        return new DataList().list(arrayList).totalCount(saveModifyBlockIp.size());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<BlockIpEntity> saveModifyBlockIp(StateHubService stateHubService) {
        List<BlockIpEntity> list = null;
        try {
            list = fetchBlockIpsFromDB();
            for (BlockIpEntity blockIpEntity : list) {
                Integer num = (Integer) stateHubService.get(blockIpEntity.getIp());
                if (num != null && num.intValue() != blockIpEntity.getRejectedVisits()) {
                    blockIpEntity.setRejectedVisits(num.intValue());
                    SystemContext.getInstance().getBlockIpController().update(blockIpEntity);
                }
            }
            stateHubService.put(NS_BLOCK_IP_TABLE_MODIFY, false);
            return list;
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return list != null ? list : new ArrayList();
        }
    }

    private boolean hasRejected(String str) throws Exception {
        StateHubService applyForService = StateHubManager.applyForService(NS_BLOCK_IP_TABLE);
        Integer num = (Integer) applyForService.get(str);
        if (num == null || num.intValue() == 0) {
            return false;
        }
        applyForService.put(str, Integer.valueOf(num.intValue() + 1));
        applyForService.put(NS_BLOCK_IP_TABLE_MODIFY, true);
        return true;
    }

    private boolean checkFrequency(String str) throws Exception {
        StateHubService applyForService = StateHubManager.applyForService(NS_IP_TIME_TABLE);
        StateHubService applyForService2 = StateHubManager.applyForService(NS_IP_VISITS_TABLE);
        Long l = (Long) applyForService.get(str);
        Integer num = (Integer) applyForService2.get(str);
        if (l == null || num == null) {
            applyForService2.put(str, 1);
            applyForService.put(str, Long.valueOf(System.currentTimeMillis()));
            return true;
        }
        int rateLimitCount = WebSecurityConfig.getInstance().getRateLimitCount();
        long rateLimitUnitTime = WebSecurityConfig.getInstance().getRateLimitUnitTime();
        if (num.intValue() >= rateLimitCount) {
            blockIp(str);
            cleanFrequency(str);
            return false;
        }
        applyForService2.put(str, Integer.valueOf(num.intValue() + 1));
        if ((System.currentTimeMillis() - l.longValue()) / 1000 <= rateLimitUnitTime) {
            return true;
        }
        cleanFrequency(str);
        return true;
    }

    private void cleanFrequency(String str) throws Exception {
        StateHubService applyForService = StateHubManager.applyForService(NS_IP_TIME_TABLE);
        StateHubService applyForService2 = StateHubManager.applyForService(NS_IP_VISITS_TABLE);
        applyForService.delete(str);
        applyForService2.delete(str);
    }

    private List<BlockIpEntity> fetchBlockIpsFromDB() throws Exception {
        return SystemContext.getInstance().getBlockIpController().find(null);
    }

    private boolean blockIp(String str) throws Exception {
        StateHubService applyForService = StateHubManager.applyForService(NS_BLOCK_IP_TABLE);
        applyForService.put(str, 1);
        applyForService.put(NS_BLOCK_IP_TABLE_MODIFY, true);
        SystemContext.getInstance().getBlockIpController().add(new BlockIpEntity().id(UUIDUtil.generate()).setIp(str).setCreateTime(new Date()).setRejectedVisits(1));
        return true;
    }
}
