package com.google.zxing.web;

import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebFilter({"/w/decode"})
/* loaded from: input_file:WEB-INF/classes/com/google/zxing/web/DoSFilter.class */
public final class DoSFilter implements Filter {
    private static final Logger log = Logger.getLogger(DoSFilter.class.getName());
    private static final int MAX_ACCESSES_PER_IP_PER_TIME = 10;
    private static final int MAX_RECENT_ACCESS_MAP_SIZE = 100000;
    private Map<String, AtomicInteger> numRecentAccesses;
    private Set<String> bannedIPAddresses;
    private Timer timer;

    public void init(FilterConfig filterConfig) {
        this.numRecentAccesses = Collections.synchronizedMap(new LinkedHashMap<String, AtomicInteger>() { // from class: com.google.zxing.web.DoSFilter.1
            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<String, AtomicInteger> entry) {
                return size() > DoSFilter.MAX_RECENT_ACCESS_MAP_SIZE;
            }
        });
        this.bannedIPAddresses = Collections.synchronizedSet(new HashSet());
        this.timer = new Timer("DoSFilter reset timer");
        this.timer.scheduleAtFixedRate(new TimerTask() { // from class: com.google.zxing.web.DoSFilter.2
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                DoSFilter.this.numRecentAccesses.clear();
            }
        }, 0L, TimeUnit.MILLISECONDS.convert(1L, TimeUnit.MINUTES));
        this.timer.scheduleAtFixedRate(new TimerTask() { // from class: com.google.zxing.web.DoSFilter.3
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                DoSFilter.this.bannedIPAddresses.clear();
            }
        }, 0L, TimeUnit.MILLISECONDS.convert(15L, TimeUnit.MINUTES));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isBanned((HttpServletRequest) servletRequest)) {
            ((HttpServletResponse) servletResponse).sendError(403);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isBanned(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("x-forwarded-for");
        if (header == null) {
            header = httpServletRequest.getRemoteAddr();
        }
        if (header == null || this.bannedIPAddresses.contains(header)) {
            return true;
        }
        if (getCount(header) <= 10) {
            return false;
        }
        log.warning("Possible DoS attack from " + header);
        this.bannedIPAddresses.add(header);
        return true;
    }

    private int getCount(String str) {
        synchronized (this.numRecentAccesses) {
            AtomicInteger atomicInteger = this.numRecentAccesses.get(str);
            if (atomicInteger == null) {
                this.numRecentAccesses.put(str, new AtomicInteger(1));
                return 1;
            }
            return atomicInteger.incrementAndGet();
        }
    }

    public void destroy() {
        this.timer.cancel();
    }
}
