package org.sdase.commons.server.security.validation;

import io.dropwizard.core.server.ServerFactory;
import io.dropwizard.jetty.ConnectorFactory;
import io.dropwizard.jetty.HttpConnectorFactory;
import io.dropwizard.util.DataSize;
import java.util.List;
import java.util.Objects;
import org.sdase.commons.server.security.exception.InsecureConfigurationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sdase/commons/server/security/validation/BufferLimitsAdvice.class */
public class BufferLimitsAdvice {
    private static final Logger LOG = LoggerFactory.getLogger(BufferLimitsAdvice.class);
    private List<ConnectorFactory> connectorFactories;
    private boolean onlyLogOnViolation;

    /* loaded from: input_file:org/sdase/commons/server/security/validation/BufferLimitsAdvice$Max.class */
    private static class Max {
        private static final DataSize HEADER_CACHE_SIZE = DataSize.bytes(512);
        private static final DataSize OUTPUT_BUFFER_SIZE = DataSize.kibibytes(32);
        private static final DataSize MAX_REQUEST_HEADER_SIZE = DataSize.kibibytes(8);
        private static final DataSize MAX_RESPONSE_HEADER_SIZE = DataSize.kibibytes(8);
        private static final DataSize INPUT_BUFFER_SIZE = DataSize.kibibytes(8);
        private static final DataSize MIN_BUFFER_POOL_SIZE = DataSize.bytes(64);
        private static final DataSize BUFFER_POOL_INCREMENT = DataSize.kibibytes(1);
        private static final DataSize MAX_BUFFER_POOL_SIZE = DataSize.kibibytes(64);

        private Max() {
        }
    }

    public BufferLimitsAdvice(ServerFactory serverFactory, boolean z) {
        this.onlyLogOnViolation = z;
        this.connectorFactories = ServerFactoryUtil.extractConnectorFactories(serverFactory);
    }

    public void applySecureConfiguration() {
        this.connectorFactories.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).forEach(this::applySecureConfiguration);
    }

    private void applySecureConfiguration(ConnectorFactory connectorFactory) {
        if (!(connectorFactory instanceof HttpConnectorFactory)) {
            LOG.warn("Unable to apply secure configuration to connector factory of type {}", connectorFactory.getClass());
            return;
        }
        HttpConnectorFactory httpConnectorFactory = (HttpConnectorFactory) connectorFactory;
        check("headerCacheSize", httpConnectorFactory.getHeaderCacheSize(), Max.HEADER_CACHE_SIZE);
        check("outputBufferSize", httpConnectorFactory.getOutputBufferSize(), Max.OUTPUT_BUFFER_SIZE);
        check("maxRequestHeaderSize", httpConnectorFactory.getMaxRequestHeaderSize(), Max.MAX_REQUEST_HEADER_SIZE);
        check("maxResponseHeaderSize", httpConnectorFactory.getMaxResponseHeaderSize(), Max.MAX_RESPONSE_HEADER_SIZE);
        check("inputBufferSize", httpConnectorFactory.getInputBufferSize(), Max.INPUT_BUFFER_SIZE);
        check("minBufferPoolSize", httpConnectorFactory.getMinBufferPoolSize(), Max.MIN_BUFFER_POOL_SIZE);
        check("bufferPoolIncrement", httpConnectorFactory.getBufferPoolIncrement(), Max.BUFFER_POOL_INCREMENT);
        check("maxBufferPoolSize", httpConnectorFactory.getMaxBufferPoolSize(), Max.MAX_BUFFER_POOL_SIZE);
    }

    private void check(String str, DataSize dataSize, DataSize dataSize2) {
        if (dataSize.toBytes() > dataSize2.toBytes()) {
            trackViolation(str, dataSize, dataSize2);
        }
    }

    private void trackViolation(String str, DataSize dataSize, DataSize dataSize2) {
        if (!this.onlyLogOnViolation) {
            throw new InsecureConfigurationException(String.format("%s in HTTP connector is configured to %s exceeding the max allowed value of %s", str, dataSize, dataSize2));
        }
        LOG.warn("{} in HTTP connector is configured to {} exceeding the max allowed value of {}", new Object[]{str, dataSize, dataSize2});
    }
}
