package com.zimbra.cs.servlet;

import com.googlecode.concurrentlinkedhashmap.ConcurrentLinkedHashMap;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.RemoteIP;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.util.Zimbra;
import com.zimbra.soap.SoapEngine;
import java.io.IOException;
import java.util.Map;
import java.util.Set;
import java.util.TimerTask;
import java.util.concurrent.atomic.AtomicInteger;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/zimbra/cs/servlet/ZimbraInvalidLoginFilter.class */
public class ZimbraInvalidLoginFilter extends DoSFilter {
    private static final int DEFAULT_MAX_FAILED_LOGIN = 5;
    private int maxFailedLogin;
    private Map<String, AtomicInteger> numberOfFailedOccurence;
    private Map<String, Long> suspiciousIpAddrLastAttempt;
    private int delayInMinBetwnReqBeforeReinstating;
    private int reinstateIpTaskIntervalInMin;
    private static final int MIN_TO_MS = 60000;
    public static final String AUTH_FAILED = "auth.failed";
    public int maxSizeOfFailedIpDb;
    private final int DEFAULT_DELAY_IN_MIN_BETWEEN_REQ_BEFORE_REINSTATING = 60;
    private final int DEFAULT_REINSTATE_IP_TASK_INTERVAL_IN_MIN = 5;
    public int DEFAULT_SIZE_OF_FAILED_IP_DB = 7000;

    /* loaded from: input_file:com/zimbra/cs/servlet/ZimbraInvalidLoginFilter$ReInStateIpTask.class */
    public final class ReInStateIpTask extends TimerTask {
        public ReInStateIpTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            try {
                Set<String> keySet = ZimbraInvalidLoginFilter.this.suspiciousIpAddrLastAttempt.keySet();
                long currentTimeMillis = System.currentTimeMillis();
                for (String str : keySet) {
                    if (currentTimeMillis - ((Long) ZimbraInvalidLoginFilter.this.suspiciousIpAddrLastAttempt.get(str)).longValue() > ZimbraInvalidLoginFilter.this.delayInMinBetwnReqBeforeReinstating * ZimbraInvalidLoginFilter.MIN_TO_MS) {
                        ZimbraInvalidLoginFilter.this.suspiciousIpAddrLastAttempt.remove(str);
                        ZimbraInvalidLoginFilter.this.numberOfFailedOccurence.remove(str);
                    }
                }
            } catch (Throwable th) {
                ZimbraLog.misc.info("Error while running the ReInstateIpTask.", th);
            }
        }
    }

    @Override // com.zimbra.cs.servlet.DoSFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        Provisioning provisioning = Provisioning.getInstance();
        try {
            this.maxFailedLogin = provisioning.getLocalServer().getInvalidLoginFilterMaxFailedLogin();
        } catch (ServiceException e) {
            this.maxFailedLogin = 5;
        }
        try {
            this.reinstateIpTaskIntervalInMin = provisioning.getLocalServer().getInvalidLoginFilterReinstateIpTaskIntervalInMin();
        } catch (ServiceException e2) {
            this.reinstateIpTaskIntervalInMin = 5;
        }
        try {
            this.delayInMinBetwnReqBeforeReinstating = provisioning.getLocalServer().getInvalidLoginFilterDelayInMinBetwnReqBeforeReinstating();
        } catch (ServiceException e3) {
            this.delayInMinBetwnReqBeforeReinstating = 60;
        }
        try {
            this.maxSizeOfFailedIpDb = provisioning.getLocalServer().getInvalidLoginFilterMaxSizeOfFailedIpDb();
        } catch (ServiceException e4) {
            this.maxSizeOfFailedIpDb = this.DEFAULT_SIZE_OF_FAILED_IP_DB;
        }
        this.numberOfFailedOccurence = new ConcurrentLinkedHashMap.Builder().maximumWeightedCapacity(this.maxSizeOfFailedIpDb).build();
        this.suspiciousIpAddrLastAttempt = new ConcurrentLinkedHashMap.Builder().maximumWeightedCapacity(this.maxSizeOfFailedIpDb).build();
        Zimbra.sTimer.schedule(new ReInStateIpTask(), 1000L, this.reinstateIpTaskIntervalInMin * MIN_TO_MS);
        ZimbraLog.misc.info("ZimbraInvalidLoginFilter initialized");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        AtomicInteger atomicInteger;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String origIP = new RemoteIP(httpServletRequest, ZimbraServlet.getTrustedIPs()).getOrigIP();
        if (origIP == null || checkWhitelist(origIP)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.maxFailedLogin <= 0) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.suspiciousIpAddrLastAttempt.containsKey(origIP)) {
            ZimbraLog.misc.info("Access from IP " + origIP + " suspended, for repeated failed login.");
            httpServletResponse.sendError(503);
            return;
        }
        filterChain.doFilter(servletRequest, servletResponse);
        if (httpServletRequest.getAttribute(AUTH_FAILED) != null) {
            ZimbraLog.misc.info("Invalid login filter, checking if this was an auth req and authentication failed.");
            String str = (String) httpServletRequest.getAttribute(SoapEngine.REQUEST_IP);
            boolean booleanValue = ((Boolean) httpServletRequest.getAttribute(AUTH_FAILED)).booleanValue();
            if (booleanValue) {
                if (this.numberOfFailedOccurence.containsKey(origIP)) {
                    atomicInteger = this.numberOfFailedOccurence.get(origIP);
                } else {
                    this.numberOfFailedOccurence.put(origIP, new AtomicInteger(0));
                    atomicInteger = this.numberOfFailedOccurence.get(origIP);
                }
                if (atomicInteger.incrementAndGet() > this.maxFailedLogin) {
                    this.numberOfFailedOccurence.put(origIP, atomicInteger);
                    this.suspiciousIpAddrLastAttempt.put(origIP, Long.valueOf(System.currentTimeMillis()));
                }
                this.numberOfFailedOccurence.put(origIP, atomicInteger);
            }
            if (ZimbraLog.misc.isDebugEnabled()) {
                ZimbraLog.misc.debug("Login failed " + str + ", " + booleanValue);
            }
        }
    }

    public void destroy() {
        super.destroy();
        this.numberOfFailedOccurence.clear();
        this.suspiciousIpAddrLastAttempt.clear();
        ZimbraLog.misc.info("ZimbraInvalidLoginFilter destroyed");
    }
}
