package org.apache.qpid.server.user.connection.limits.config;

import java.security.Principal;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Objects;
import java.util.Queue;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.security.auth.Subject;
import org.apache.qpid.server.security.group.GroupPrincipal;
import org.apache.qpid.server.security.limit.ConnectionLimitException;
import org.apache.qpid.server.security.limit.ConnectionLimiter;
import org.apache.qpid.server.security.limit.ConnectionSlot;
import org.apache.qpid.server.transport.AMQPConnection;
import org.apache.qpid.server.user.connection.limits.outcome.AcceptRegistration;
import org.apache.qpid.server.user.connection.limits.outcome.RejectRegistration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter.class */
public final class PortConnectionCounter {
    private final Function<String, ConnectionCounter> _connectionCounterFactory;
    private final Map<String, ConnectionCounter> _connectionCounters = new ConcurrentHashMap();

    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$AbstractBuilder.class */
    static abstract class AbstractBuilder<T extends CombinableLimit<T>> implements Builder {
        final Map<String, T> _userLimits = new HashMap();
        T _defaultUserLimits;

        abstract T newLimits(Rule rule);

        abstract Function<String, ConnectionCounter> getConnectionCounterFactory();

        AbstractBuilder(T t) {
            this._defaultUserLimits = t;
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.Builder
        public Builder add(Rule rule) {
            addImpl(rule);
            return this;
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.Builder
        public Builder addAll(Collection<? extends Rule> collection) {
            if (collection != null) {
                collection.forEach(this::addImpl);
            }
            return this;
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.Builder
        public PortConnectionCounter build() {
            return new PortConnectionCounter(this);
        }

        private void addImpl(Rule rule) {
            if (rule == null) {
                return;
            }
            T newLimits = newLimits(rule);
            if (newLimits.isEmpty()) {
                return;
            }
            String identity = rule.getIdentity();
            if (RulePredicates.isAllUser(identity)) {
                this._defaultUserLimits = (T) newLimits.mergeWith(this._defaultUserLimits);
            } else {
                this._userLimits.merge(identity, newLimits, (v0, v1) -> {
                    return v0.mergeWith(v1);
                });
            }
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$Builder.class */
    public interface Builder {
        Builder add(Rule rule);

        Builder addAll(Collection<? extends Rule> collection);

        PortConnectionCounter build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$BuilderImpl.class */
    public static final class BuilderImpl extends AbstractBuilder<ConnectionLimits> {
        BuilderImpl() {
            super(ConnectionLimits.noLimits());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.AbstractBuilder
        public ConnectionLimits newLimits(Rule rule) {
            if (rule.getFrequencyLimit() == null || !(rule.getFrequencyPeriod() == null || rule.getFrequencyPeriod().isNegative())) {
                return rule;
            }
            throw new IllegalArgumentException("Connection frequency limit needs a time period");
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.AbstractBuilder
        Function<String, ConnectionCounter> getConnectionCounterFactory() {
            return str -> {
                return new CombinedConnectionCounterImpl(new LimitCompiler(this._userLimits, (ConnectionLimits) this._defaultUserLimits, ConnectionLimits::noLimits));
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$BuilderWithoutFrequencyImpl.class */
    public static final class BuilderWithoutFrequencyImpl extends AbstractBuilder<ConnectionCountLimit> {
        BuilderWithoutFrequencyImpl() {
            super(ConnectionCountLimit.noLimits());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.AbstractBuilder
        public ConnectionCountLimit newLimits(Rule rule) {
            return ConnectionCountLimit.newInstance(rule);
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.AbstractBuilder
        Function<String, ConnectionCounter> getConnectionCounterFactory() {
            return str -> {
                return new ConnectionCounterImpl(new LimitCompiler(this._userLimits, (ConnectionCountLimit) this._defaultUserLimits, ConnectionCountLimit::noLimits));
            };
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$CombinedConnectionCounterImpl.class */
    private static final class CombinedConnectionCounterImpl implements ConnectionCounter {
        private final LimitCompiler<ConnectionLimits> _limits;
        private final Queue<Instant> _registrationTime = new LinkedList();
        private long _counter = 0;

        CombinedConnectionCounterImpl(LimitCompiler<ConnectionLimits> limitCompiler) {
            this._limits = limitCompiler;
        }

        public synchronized void free() {
            this._counter = Math.max(this._counter - 1, 0L);
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.ConnectionCounter
        public AcceptRegistration registerConnection(String str, Set<String> set, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            ConnectionLimits compileLimits = this._limits.compileLimits(str, set);
            if (compileLimits.isUserBlocked()) {
                throw RejectRegistration.blockedUser(str, aMQPConnection.getPort().getName());
            }
            Integer countLimit = compileLimits.getCountLimit();
            Map<Duration, Integer> frequencyLimits = compileLimits.getFrequencyLimits();
            return frequencyLimits.isEmpty() ? countLimit == null ? noLimits(str, aMQPConnection, connectionLimiter) : countLimit(countLimit, str, aMQPConnection, connectionLimiter) : countLimit == null ? frequencyLimit(frequencyLimits, str, aMQPConnection, connectionLimiter) : bothLimits(countLimit, frequencyLimits, str, aMQPConnection, connectionLimiter);
        }

        private synchronized AcceptRegistration noLimits(String str, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            this._registrationTime.clear();
            AcceptRegistration newInstance = AcceptRegistration.newInstance(chainTo(connectionLimiter.register(aMQPConnection)), str, this._counter + 1, aMQPConnection.getPort().getName());
            this._counter++;
            return newInstance;
        }

        private synchronized AcceptRegistration countLimit(Integer num, String str, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            this._registrationTime.clear();
            checkCounter(num, str, aMQPConnection);
            AcceptRegistration newInstance = AcceptRegistration.newInstance(chainTo(connectionLimiter.register(aMQPConnection)), str, this._counter + 1, aMQPConnection.getPort().getName());
            this._counter++;
            return newInstance;
        }

        private synchronized AcceptRegistration frequencyLimit(Map<Duration, Integer> map, String str, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            Instant checkFrequencyLimit = checkFrequencyLimit(map, str, aMQPConnection);
            AcceptRegistration newInstance = AcceptRegistration.newInstance(chainTo(connectionLimiter.register(aMQPConnection)), str, this._counter + 1, aMQPConnection.getPort().getName());
            this._registrationTime.add(checkFrequencyLimit);
            this._counter++;
            return newInstance;
        }

        private synchronized AcceptRegistration bothLimits(Integer num, Map<Duration, Integer> map, String str, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            Instant checkFrequencyLimit = checkFrequencyLimit(map, str, aMQPConnection);
            checkCounter(num, str, aMQPConnection);
            AcceptRegistration newInstance = AcceptRegistration.newInstance(chainTo(connectionLimiter.register(aMQPConnection)), str, this._counter + 1, aMQPConnection.getPort().getName());
            this._registrationTime.add(checkFrequencyLimit);
            this._counter++;
            return newInstance;
        }

        private void checkCounter(Integer num, String str, AMQPConnection<?> aMQPConnection) {
            if (this._counter >= num.intValue()) {
                throw RejectRegistration.breakingConnectionCount(str, num.intValue(), aMQPConnection.getPort().getName());
            }
        }

        private Instant checkFrequencyLimit(Map<Duration, Integer> map, String str, AMQPConnection<?> aMQPConnection) {
            Instant now = Instant.now();
            TreeSet treeSet = new TreeSet();
            Iterator<Map.Entry<Duration, Integer>> it = map.entrySet().iterator();
            while (it.hasNext()) {
                treeSet.add(new FrequencyPeriod(now, it.next()));
            }
            Iterator<Instant> it2 = this._registrationTime.iterator();
            int size = this._registrationTime.size();
            boolean z = true;
            while (it2.hasNext() && !treeSet.isEmpty()) {
                Instant next = it2.next();
                Iterator it3 = treeSet.iterator();
                while (it3.hasNext()) {
                    FrequencyPeriod frequencyPeriod = (FrequencyPeriod) it3.next();
                    if (!frequencyPeriod.isPeriodBeginningBefore(next)) {
                        break;
                    }
                    if (!frequencyPeriod.isCounterUnderLimit(size)) {
                        throw RejectRegistration.breakingConnectionFrequency(str, frequencyPeriod.getLimit(), frequencyPeriod.getDuration(), aMQPConnection.getPort().getName());
                    }
                    z = false;
                    it3.remove();
                }
                size--;
                if (z) {
                    it2.remove();
                }
            }
            return now;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$ConnectionCounter.class */
    public interface ConnectionCounter extends ConnectionSlot {
        AcceptRegistration registerConnection(String str, Set<String> set, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter);
    }

    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$ConnectionCounterImpl.class */
    private static final class ConnectionCounterImpl implements ConnectionCounter {
        private final LimitCompiler<ConnectionCountLimit> _limits;
        private long _counter = 0;

        ConnectionCounterImpl(LimitCompiler<ConnectionCountLimit> limitCompiler) {
            this._limits = limitCompiler;
        }

        public synchronized void free() {
            this._counter = Math.max(this._counter - 1, 0L);
        }

        @Override // org.apache.qpid.server.user.connection.limits.config.PortConnectionCounter.ConnectionCounter
        public AcceptRegistration registerConnection(String str, Set<String> set, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            ConnectionCountLimit compileLimits = this._limits.compileLimits(str, set);
            if (compileLimits.isUserBlocked()) {
                throw RejectRegistration.blockedUser(str, aMQPConnection.getPort().getName());
            }
            return compileLimits.getCountLimit() == null ? noLimits(str, aMQPConnection, connectionLimiter) : countLimit(compileLimits.getCountLimit(), str, aMQPConnection, connectionLimiter);
        }

        private synchronized AcceptRegistration noLimits(String str, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            AcceptRegistration newInstance = AcceptRegistration.newInstance(chainTo(connectionLimiter.register(aMQPConnection)), str, this._counter + 1, aMQPConnection.getPort().getName());
            this._counter++;
            return newInstance;
        }

        private synchronized AcceptRegistration countLimit(Integer num, String str, AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
            if (this._counter >= num.intValue()) {
                throw RejectRegistration.breakingConnectionCount(str, num.intValue(), aMQPConnection.getPort().getName());
            }
            AcceptRegistration newInstance = AcceptRegistration.newInstance(chainTo(connectionLimiter.register(aMQPConnection)), str, this._counter + 1, aMQPConnection.getPort().getName());
            this._counter++;
            return newInstance;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$FrequencyPeriod.class */
    public static final class FrequencyPeriod implements Comparable<FrequencyPeriod> {
        private final Instant _startTime;
        private final Duration _duration;
        private final int _limit;

        FrequencyPeriod(Instant instant, Map.Entry<Duration, Integer> entry) {
            this._startTime = instant.minus((TemporalAmount) entry.getKey());
            this._duration = entry.getKey();
            this._limit = entry.getValue().intValue();
        }

        @Override // java.lang.Comparable
        public int compareTo(FrequencyPeriod frequencyPeriod) {
            return this._startTime.compareTo(frequencyPeriod._startTime);
        }

        public int hashCode() {
            return this._startTime.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj instanceof FrequencyPeriod) {
                return this._startTime.equals(((FrequencyPeriod) obj)._startTime);
            }
            return false;
        }

        boolean isPeriodBeginningBefore(Instant instant) {
            return this._startTime.isBefore(instant);
        }

        boolean isCounterUnderLimit(int i) {
            return i < this._limit;
        }

        Duration getDuration() {
            return this._duration;
        }

        int getLimit() {
            return this._limit;
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/user/connection/limits/config/PortConnectionCounter$LimitCompiler.class */
    private static final class LimitCompiler<T extends CombinableLimit<T>> {
        private final Map<String, T> _limitMap;
        private final T _defaultLimits;
        private final Supplier<T> _noLimits;

        LimitCompiler(Map<String, T> map, T t, Supplier<T> supplier) {
            this._limitMap = new HashMap(map);
            this._defaultLimits = (T) Objects.requireNonNull(t);
            this._noLimits = (Supplier) Objects.requireNonNull(supplier);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v20, types: [org.apache.qpid.server.user.connection.limits.config.CombinableLimit] */
        public T compileLimits(String str, Set<String> set) {
            CombinableLimit mergeWith = this._noLimits.get().mergeWith(this._limitMap.get(str));
            T t = this._noLimits.get();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                t = t.mergeWith(this._limitMap.get(it.next()));
            }
            return (T) mergeWith.then(t).then(this._defaultLimits);
        }
    }

    PortConnectionCounter(AbstractBuilder<?> abstractBuilder) {
        this._connectionCounterFactory = abstractBuilder.getConnectionCounterFactory();
    }

    public AcceptRegistration register(AMQPConnection<?> aMQPConnection, ConnectionLimiter connectionLimiter) {
        Principal authorizedPrincipal = aMQPConnection.getAuthorizedPrincipal();
        if (authorizedPrincipal == null) {
            throw new ConnectionLimitException("Unauthorized connection is forbidden");
        }
        String name = authorizedPrincipal.getName();
        return this._connectionCounters.computeIfAbsent(name, this._connectionCounterFactory).registerConnection(name, collectGroupPrincipals(aMQPConnection.getSubject()), aMQPConnection, connectionLimiter);
    }

    private Set<String> collectGroupPrincipals(Subject subject) {
        if (subject == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Iterator it = subject.getPrincipals(GroupPrincipal.class).iterator();
        while (it.hasNext()) {
            hashSet.add(((Principal) it.next()).getName());
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Builder newBuilder(Duration duration) {
        return (duration == null || duration.isNegative()) ? new BuilderWithoutFrequencyImpl() : new BuilderImpl();
    }
}
