package org.thingsboard.server.common.transport.limits;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.function.BiConsumer;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.thingsboard.server.common.data.EntityType;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.TenantProfile;
import org.thingsboard.server.common.data.id.DeviceId;
import org.thingsboard.server.common.data.id.EntityId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.tenant.profile.DefaultTenantProfileConfiguration;
import org.thingsboard.server.common.transport.TransportTenantProfileCache;
import org.thingsboard.server.common.transport.profile.TenantProfileUpdateResult;
import org.thingsboard.server.queue.util.TbTransportComponent;

@TbTransportComponent
@Service
/* loaded from: input_file:org/thingsboard/server/common/transport/limits/DefaultTransportRateLimitService.class */
public class DefaultTransportRateLimitService implements TransportRateLimitService {
    private static final Logger log = LoggerFactory.getLogger(DefaultTransportRateLimitService.class);
    private static final DummyTransportRateLimit ALLOW = new DummyTransportRateLimit();
    private final ConcurrentMap<TenantId, Boolean> tenantAllowed = new ConcurrentHashMap();
    private final ConcurrentMap<TenantId, Set<DeviceId>> tenantDevices = new ConcurrentHashMap();
    private final ConcurrentMap<TenantId, EntityTransportRateLimits> perTenantLimits = new ConcurrentHashMap();
    private final ConcurrentMap<DeviceId, EntityTransportRateLimits> perDeviceLimits = new ConcurrentHashMap();
    private final Map<InetAddress, InetAddressRateLimitStats> ipMap = new ConcurrentHashMap();
    private final TransportTenantProfileCache tenantProfileCache;

    @Value("${transport.rate_limits.ip_limits_enabled:false}")
    private boolean ipRateLimitsEnabled;

    @Value("${transport.rate_limits.max_wrong_credentials_per_ip:10}")
    private int maxWrongCredentialsPerIp;

    @Value("${transport.rate_limits.ip_block_timeout:60000}")
    private long ipBlockTimeout;

    public DefaultTransportRateLimitService(TransportTenantProfileCache transportTenantProfileCache) {
        this.tenantProfileCache = transportTenantProfileCache;
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public EntityType checkLimits(TenantId tenantId, DeviceId deviceId, int i) {
        if (!this.tenantAllowed.getOrDefault(tenantId, Boolean.TRUE).booleanValue()) {
            return EntityType.API_USAGE_STATE;
        }
        if (!checkEntityRateLimit(i, getTenantRateLimits(tenantId))) {
            return EntityType.TENANT;
        }
        if (checkEntityRateLimit(i, getDeviceRateLimits(tenantId, deviceId))) {
            return null;
        }
        return EntityType.DEVICE;
    }

    private boolean checkEntityRateLimit(int i, EntityTransportRateLimits entityTransportRateLimits) {
        return i > 0 ? entityTransportRateLimits.getTelemetryMsgRateLimit().tryConsume() && entityTransportRateLimits.getTelemetryDataPointsRateLimit().tryConsume((long) i) : entityTransportRateLimits.getRegularMsgRateLimit().tryConsume();
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void update(TenantProfileUpdateResult tenantProfileUpdateResult) {
        log.info("Received tenant profile update: {}", tenantProfileUpdateResult.getProfile());
        EntityTransportRateLimits createRateLimits = createRateLimits(tenantProfileUpdateResult.getProfile(), true);
        EntityTransportRateLimits createRateLimits2 = createRateLimits(tenantProfileUpdateResult.getProfile(), false);
        for (TenantId tenantId : tenantProfileUpdateResult.getAffectedTenants()) {
            ConcurrentMap<TenantId, EntityTransportRateLimits> concurrentMap = this.perTenantLimits;
            Objects.requireNonNull(concurrentMap);
            Function function = (v1) -> {
                return r3.get(v1);
            };
            ConcurrentMap<TenantId, EntityTransportRateLimits> concurrentMap2 = this.perTenantLimits;
            Objects.requireNonNull(concurrentMap2);
            mergeLimits(tenantId, createRateLimits, function, (v1, v2) -> {
                r4.put(v1, v2);
            });
            this.tenantDevices.get(tenantId).forEach(deviceId -> {
                ConcurrentMap<DeviceId, EntityTransportRateLimits> concurrentMap3 = this.perDeviceLimits;
                Objects.requireNonNull(concurrentMap3);
                Function function2 = (v1) -> {
                    return r3.get(v1);
                };
                ConcurrentMap<DeviceId, EntityTransportRateLimits> concurrentMap4 = this.perDeviceLimits;
                Objects.requireNonNull(concurrentMap4);
                mergeLimits(deviceId, createRateLimits2, function2, (v1, v2) -> {
                    r4.put(v1, v2);
                });
            });
        }
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void update(TenantId tenantId) {
        EntityTransportRateLimits createRateLimits = createRateLimits(this.tenantProfileCache.get(tenantId), true);
        EntityTransportRateLimits createRateLimits2 = createRateLimits(this.tenantProfileCache.get(tenantId), false);
        ConcurrentMap<TenantId, EntityTransportRateLimits> concurrentMap = this.perTenantLimits;
        Objects.requireNonNull(concurrentMap);
        Function function = (v1) -> {
            return r3.get(v1);
        };
        ConcurrentMap<TenantId, EntityTransportRateLimits> concurrentMap2 = this.perTenantLimits;
        Objects.requireNonNull(concurrentMap2);
        mergeLimits(tenantId, createRateLimits, function, (v1, v2) -> {
            r4.put(v1, v2);
        });
        this.tenantDevices.get(tenantId).forEach(deviceId -> {
            ConcurrentMap<DeviceId, EntityTransportRateLimits> concurrentMap3 = this.perDeviceLimits;
            Objects.requireNonNull(concurrentMap3);
            Function function2 = (v1) -> {
                return r3.get(v1);
            };
            ConcurrentMap<DeviceId, EntityTransportRateLimits> concurrentMap4 = this.perDeviceLimits;
            Objects.requireNonNull(concurrentMap4);
            mergeLimits(deviceId, createRateLimits2, function2, (v1, v2) -> {
                r4.put(v1, v2);
            });
        });
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void remove(TenantId tenantId) {
        this.perTenantLimits.remove(tenantId);
        this.tenantDevices.remove(tenantId);
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void remove(DeviceId deviceId) {
        this.perDeviceLimits.remove(deviceId);
        this.tenantDevices.values().forEach(set -> {
            set.remove(deviceId);
        });
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void update(TenantId tenantId, boolean z) {
        this.tenantAllowed.put(tenantId, Boolean.valueOf(z));
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public boolean checkAddress(InetSocketAddress inetSocketAddress) {
        if (!this.ipRateLimitsEnabled) {
            return true;
        }
        InetAddressRateLimitStats computeIfAbsent = this.ipMap.computeIfAbsent(inetSocketAddress.getAddress(), inetAddress -> {
            return new InetAddressRateLimitStats();
        });
        return !computeIfAbsent.isBlocked() || computeIfAbsent.getLastActivityTs() + this.ipBlockTimeout < System.currentTimeMillis();
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void onAuthSuccess(InetSocketAddress inetSocketAddress) {
        if (this.ipRateLimitsEnabled) {
            InetAddressRateLimitStats computeIfAbsent = this.ipMap.computeIfAbsent(inetSocketAddress.getAddress(), inetAddress -> {
                return new InetAddressRateLimitStats();
            });
            computeIfAbsent.getLock().lock();
            try {
                computeIfAbsent.setLastActivityTs(System.currentTimeMillis());
                computeIfAbsent.setFailureCount(0);
                if (computeIfAbsent.isBlocked()) {
                    computeIfAbsent.setBlocked(false);
                    log.info("[{}] IP address un-blocked due to correct credentials.", inetSocketAddress.getAddress());
                }
            } finally {
                computeIfAbsent.getLock().unlock();
            }
        }
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void onAuthFailure(InetSocketAddress inetSocketAddress) {
        if (this.ipRateLimitsEnabled) {
            InetAddressRateLimitStats computeIfAbsent = this.ipMap.computeIfAbsent(inetSocketAddress.getAddress(), inetAddress -> {
                return new InetAddressRateLimitStats();
            });
            computeIfAbsent.getLock().lock();
            try {
                computeIfAbsent.setLastActivityTs(System.currentTimeMillis());
                int failureCount = computeIfAbsent.getFailureCount() + 1;
                computeIfAbsent.setFailureCount(failureCount);
                if (failureCount >= this.maxWrongCredentialsPerIp) {
                    log.info("[{}] IP address blocked due to constantly wrong credentials.", inetSocketAddress.getAddress());
                    computeIfAbsent.setBlocked(true);
                }
            } finally {
                computeIfAbsent.getLock().unlock();
            }
        }
    }

    @Override // org.thingsboard.server.common.transport.limits.TransportRateLimitService
    public void invalidateRateLimitsIpTable(long j) {
        if (this.ipRateLimitsEnabled) {
            long currentTimeMillis = System.currentTimeMillis();
            long max = currentTimeMillis - Math.max(j, this.ipBlockTimeout);
            for (Map.Entry<InetAddress, InetAddressRateLimitStats> entry : this.ipMap.entrySet()) {
                InetAddressRateLimitStats value = entry.getValue();
                if (value.getLastActivityTs() < max) {
                    log.debug("[{}] IP address removed due to session inactivity timeout.", entry.getKey());
                    this.ipMap.remove(entry.getKey());
                } else if (value.isBlocked() && value.getLastActivityTs() + this.ipBlockTimeout < currentTimeMillis) {
                    log.info("[{}] IP address unblocked due ip block timeout.", entry.getKey());
                    value.setBlocked(false);
                }
            }
        }
    }

    private <T extends EntityId> void mergeLimits(T t, EntityTransportRateLimits entityTransportRateLimits, Function<T, EntityTransportRateLimits> function, BiConsumer<T, EntityTransportRateLimits> biConsumer) {
        EntityTransportRateLimits apply = function.apply(t);
        if (apply == null) {
            if (EntityType.TENANT.equals(t.getEntityType())) {
                log.info("[{}] New rate limits: {}", t, entityTransportRateLimits);
            } else {
                log.debug("[{}] New rate limits: {}", t, entityTransportRateLimits);
            }
            biConsumer.accept(t, entityTransportRateLimits);
            return;
        }
        EntityTransportRateLimits merge = merge(apply, entityTransportRateLimits);
        if (merge != null) {
            if (EntityType.TENANT.equals(t.getEntityType())) {
                log.info("[{}] Updated rate limits: {}", t, merge);
            } else {
                log.debug("[{}] Updated rate limits: {}", t, merge);
            }
            biConsumer.accept(t, merge);
        }
    }

    private EntityTransportRateLimits merge(EntityTransportRateLimits entityTransportRateLimits, EntityTransportRateLimits entityTransportRateLimits2) {
        boolean z = !entityTransportRateLimits.getRegularMsgRateLimit().getConfiguration().equals(entityTransportRateLimits2.getRegularMsgRateLimit().getConfiguration());
        boolean z2 = !entityTransportRateLimits.getTelemetryMsgRateLimit().getConfiguration().equals(entityTransportRateLimits2.getTelemetryMsgRateLimit().getConfiguration());
        boolean z3 = !entityTransportRateLimits.getTelemetryDataPointsRateLimit().getConfiguration().equals(entityTransportRateLimits2.getTelemetryDataPointsRateLimit().getConfiguration());
        if (z || z2 || z3) {
            return new EntityTransportRateLimits(z ? newLimit(entityTransportRateLimits2.getRegularMsgRateLimit().getConfiguration()) : entityTransportRateLimits.getRegularMsgRateLimit(), z2 ? newLimit(entityTransportRateLimits2.getTelemetryMsgRateLimit().getConfiguration()) : entityTransportRateLimits.getTelemetryMsgRateLimit(), z3 ? newLimit(entityTransportRateLimits2.getTelemetryDataPointsRateLimit().getConfiguration()) : entityTransportRateLimits.getTelemetryDataPointsRateLimit());
        }
        return null;
    }

    private EntityTransportRateLimits createRateLimits(TenantProfile tenantProfile, boolean z) {
        DefaultTenantProfileConfiguration configuration = tenantProfile.getProfileData().getConfiguration();
        if (configuration == null) {
            return new EntityTransportRateLimits(ALLOW, ALLOW, ALLOW);
        }
        return new EntityTransportRateLimits(newLimit(z ? configuration.getTransportTenantMsgRateLimit() : configuration.getTransportDeviceMsgRateLimit()), newLimit(z ? configuration.getTransportTenantTelemetryMsgRateLimit() : configuration.getTransportDeviceTelemetryMsgRateLimit()), newLimit(z ? configuration.getTransportTenantTelemetryDataPointsRateLimit() : configuration.getTransportDeviceTelemetryDataPointsRateLimit()));
    }

    private static TransportRateLimit newLimit(String str) {
        return StringUtils.isEmpty(str) ? ALLOW : new SimpleTransportRateLimit(str);
    }

    private EntityTransportRateLimits getTenantRateLimits(TenantId tenantId) {
        return this.perTenantLimits.computeIfAbsent(tenantId, tenantId2 -> {
            return createRateLimits(this.tenantProfileCache.get(tenantId), true);
        });
    }

    private EntityTransportRateLimits getDeviceRateLimits(TenantId tenantId, DeviceId deviceId) {
        return this.perDeviceLimits.computeIfAbsent(deviceId, deviceId2 -> {
            EntityTransportRateLimits createRateLimits = createRateLimits(this.tenantProfileCache.get(tenantId), false);
            this.tenantDevices.computeIfAbsent(tenantId, tenantId2 -> {
                return ConcurrentHashMap.newKeySet();
            }).add(deviceId);
            return createRateLimits;
        });
    }
}
