package org.elasticsearch.flowcontrol;

import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.lang.management.MemoryMXBean;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.net.util.SubnetUtils;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.access.AccessLogHandle;
import org.elasticsearch.access.SetAccessLogRequest;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.metrics.CounterMetric;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.ToXContentObject;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.flowcontrol.rule.FlowControlFilterRule;
import org.elasticsearch.http.HttpRequest;
import org.elasticsearch.http.netty4.HoldingHandler;

/* loaded from: input_file:org/elasticsearch/flowcontrol/FlowControlFilterHandler.class */
public class FlowControlFilterHandler {
    private static final Logger logger = Loggers.getLogger(FlowControlFilterHandler.class, new String[]{"flow control"});
    private static MemoryMXBean XBean = ManagementFactory.getMemoryMXBean();
    private final FlowControlSettings flowControlSettings;
    private SubnetUtils.SubnetInfo monitorAddress;
    private AccessLogHandle accessLogHandle;
    private HoldingHandler holdingHandler;
    private List<FlowControlFilterRule> boundAddressAllowRules = new ArrayList();
    private Set<String> excludeSet = new HashSet();
    private CounterMetric concurrentChannelMetric = new CounterMetric();
    private CounterMetric rejectedConcurrentMetric = new CounterMetric();
    private CounterMetric rejectedNewMetric = new CounterMetric();
    private CounterMetric rejectBlackMetric = new CounterMetric();
    private CounterMetric breakerDenyChannelMetric = new CounterMetric();

    /* loaded from: input_file:org/elasticsearch/flowcontrol/FlowControlFilterHandler$FilterHttpStats.class */
    public static class FilterHttpStats implements Writeable, ToXContentObject {
        private final long currentConnect;
        private final long totalRejectedConcurrent;
        private final long totalRejectedNew;
        private final long totalDenyMetric;
        private final long totalBreakerReject;

        public FilterHttpStats(StreamInput streamInput) throws IOException {
            this.currentConnect = streamInput.readVInt();
            this.totalRejectedConcurrent = streamInput.readVLong();
            this.totalRejectedNew = streamInput.readVLong();
            this.totalDenyMetric = streamInput.readVLong();
            this.totalBreakerReject = streamInput.readVLong();
        }

        public FilterHttpStats(long j, long j2, long j3, long j4, long j5) {
            this.currentConnect = j5;
            this.totalRejectedConcurrent = j;
            this.totalRejectedNew = j2;
            this.totalDenyMetric = j3;
            this.totalBreakerReject = j4;
        }

        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            xContentBuilder.startObject();
            xContentBuilder.field("current_connect", this.currentConnect);
            xContentBuilder.field("rejected_concurrent", this.totalRejectedConcurrent);
            xContentBuilder.field("rejected_rate", this.totalRejectedNew);
            xContentBuilder.field("rejected_black", this.totalDenyMetric);
            xContentBuilder.field("rejected_breaker", this.totalBreakerReject);
            xContentBuilder.endObject();
            return xContentBuilder;
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeVLong(this.currentConnect);
            streamOutput.writeVLong(this.totalRejectedConcurrent);
            streamOutput.writeVLong(this.totalRejectedNew);
            streamOutput.writeVLong(this.totalDenyMetric);
            streamOutput.writeVLong(this.totalBreakerReject);
        }
    }

    public FlowControlFilterHandler(FlowControlSettings flowControlSettings) {
        this.flowControlSettings = flowControlSettings;
        this.accessLogHandle = new AccessLogHandle(flowControlSettings);
        setMonitorAddress();
        setExclude();
        logger.info("flow controller filter handler init success.");
    }

    public boolean connectAccept(ChannelHandlerContext channelHandlerContext, InetSocketAddress inetSocketAddress) {
        if (this.flowControlSettings.isBreakEnabled() && !isWhiteAddress(inetSocketAddress)) {
            breakerDenyInc();
            return false;
        }
        if (!this.flowControlSettings.isHttpEnabled()) {
            concurrentAccept(channelHandlerContext, this.concurrentChannelMetric);
            return true;
        }
        if (inetSocketAddress == null || inetSocketAddress.getAddress() == null) {
            return true;
        }
        if (isWhiteAddress(inetSocketAddress)) {
            concurrentAccept(channelHandlerContext, this.concurrentChannelMetric);
            return true;
        }
        if (isBlackAddress(inetSocketAddress)) {
            return false;
        }
        return conditionalAccept(channelHandlerContext);
    }

    public boolean isWhiteAddress(InetSocketAddress inetSocketAddress) {
        if (this.monitorAddress != null && this.monitorAddress.isInRange(inetSocketAddress.getAddress().hashCode())) {
            return true;
        }
        Iterator<FlowControlFilterRule> it = this.boundAddressAllowRules.iterator();
        while (it.hasNext()) {
            if (it.next().matches(inetSocketAddress)) {
                return true;
            }
        }
        Iterator<FlowControlFilterRule> it2 = this.flowControlSettings.getHttpAllowRules().iterator();
        while (it2.hasNext()) {
            if (it2.next().matches(inetSocketAddress)) {
                return true;
            }
        }
        return false;
    }

    private boolean isBlackAddress(InetSocketAddress inetSocketAddress) {
        Iterator<FlowControlFilterRule> it = this.flowControlSettings.getHttpDenyRules().iterator();
        while (it.hasNext()) {
            if (it.next().matches(inetSocketAddress)) {
                this.rejectBlackMetric.inc();
                return true;
            }
        }
        return false;
    }

    private boolean conditionalAccept(ChannelHandlerContext channelHandlerContext) {
        long count = this.concurrentChannelMetric.count();
        if (count >= this.flowControlSettings.getHttpConcurrentLimit()) {
            this.rejectedConcurrentMetric.inc();
            logger.debug("http exceed concurrent request upper limit, current open: {}, reject request, remote address: {}", Long.valueOf(count), channelHandlerContext.channel().remoteAddress() != null ? channelHandlerContext.channel().remoteAddress() : "null");
            return false;
        }
        if (this.flowControlSettings.getNewReqRateLimiter().tryAcquire()) {
            logger.trace("http current concurrent request: {}, new request {}, new request: {} ", Long.valueOf(count), Double.valueOf(this.flowControlSettings.getNewReqRateLimiter().getRate()), channelHandlerContext.channel());
            concurrentAccept(channelHandlerContext, this.concurrentChannelMetric);
            return true;
        }
        this.rejectedNewMetric.inc();
        logger.debug("http exceed new request upper limit: {}, reject request, remote address: {}", Double.valueOf(this.flowControlSettings.getNewReqRateLimiter().getRate()), channelHandlerContext.channel().remoteAddress() != null ? channelHandlerContext.channel().remoteAddress() : "null");
        return false;
    }

    public void accessLogger(HttpRequest httpRequest, InetSocketAddress inetSocketAddress) {
        if ((!this.flowControlSettings.isAccessCounterEnabled() && !this.accessLogHandle.isRestLoggerEnabled() && !this.flowControlSettings.isAccessLogFileEnabled()) || isExcludeMonitorAddress(inetSocketAddress) || excludeUri(httpRequest.uri())) {
            return;
        }
        this.flowControlSettings.getAccessCounter().logAccess(httpRequest, inetSocketAddress);
        this.accessLogHandle.logAccess(httpRequest, inetSocketAddress);
    }

    public void setBoundHttpAddresses(BoundTransportAddress boundTransportAddress) {
        TransportAddress[] boundAddresses;
        ArrayList arrayList = new ArrayList();
        if (boundTransportAddress != null && (boundAddresses = boundTransportAddress.boundAddresses()) != null) {
            for (TransportAddress transportAddress : boundAddresses) {
                if (transportAddress.getAddress().equals("::")) {
                    arrayList.add("127.0.0.1");
                } else {
                    arrayList.add(transportAddress.getAddress());
                }
            }
        }
        this.boundAddressAllowRules = FlowControlSettings.createRules(arrayList, true);
        logger.info("set bound address for flow control: " + boundTransportAddress);
    }

    public void setMonitorAddress() {
        this.monitorAddress = new SubnetUtils("198.19.32.0/19").getInfo();
    }

    private void concurrentAccept(ChannelHandlerContext channelHandlerContext, CounterMetric counterMetric) {
        long count = counterMetric.count();
        counterMetric.inc();
        channelHandlerContext.channel().closeFuture().addListener(newChannelFutureListener(counterMetric, count, channelHandlerContext));
    }

    private boolean isExcludeMonitorAddress(InetSocketAddress inetSocketAddress) {
        return this.monitorAddress != null && this.monitorAddress.isInRange(inetSocketAddress.getAddress().hashCode());
    }

    private ChannelFutureListener newChannelFutureListener(CounterMetric counterMetric, long j, ChannelHandlerContext channelHandlerContext) {
        return channelFuture -> {
            if (logger.isTraceEnabled()) {
                logger.trace("current concurrent request: {}, close request: {}", Long.valueOf(j), channelHandlerContext.channel());
            }
            counterMetric.dec();
        };
    }

    public boolean triggerHeapMemoryLimit() {
        return getCurrentMem() > this.flowControlSettings.getHeapMemoryLimit();
    }

    public long getCurrentMem() {
        try {
            return XBean.getHeapMemoryUsage().getUsed();
        } catch (IllegalArgumentException e) {
            logger.info("FlowControl get current memory fail.", e);
            return 0L;
        }
    }

    public FilterHttpStats getHttpFilterStats() {
        return new FilterHttpStats(this.rejectedConcurrentMetric.count(), this.rejectedNewMetric.count(), this.rejectBlackMetric.count(), this.breakerDenyChannelMetric.count(), this.concurrentChannelMetric.count());
    }

    public void breakerDenyInc() {
        this.breakerDenyChannelMetric.inc();
    }

    public int getHoldingSize() {
        return this.holdingHandler.getHoldingSize();
    }

    public HoldingHandler.HoldingItem[] getHoldingDetail() {
        return this.holdingHandler.getHoldingStats();
    }

    public void resetAccessLogHandle(SetAccessLogRequest setAccessLogRequest) {
        this.accessLogHandle = new AccessLogHandle(this.flowControlSettings, setAccessLogRequest);
    }

    public List<AccessLogHandle.AccessLog> getAccessLogs() {
        return this.accessLogHandle.getAccessLogs();
    }

    public void deleteLogHandle() {
        this.accessLogHandle = new AccessLogHandle(this.flowControlSettings);
    }

    public void registerHoldingHandler(HoldingHandler holdingHandler) {
        this.holdingHandler = holdingHandler;
    }

    public FlowControlSettings getFlowControlSettings() {
        return this.flowControlSettings;
    }

    public boolean excludeUri(String str) {
        String str2;
        try {
            String str3 = str;
            int indexOf = str.indexOf(63);
            if (indexOf != -1) {
                str3 = str.substring(0, indexOf);
            }
            if (str3.length() <= 1) {
                return true;
            }
            int indexOf2 = str3.indexOf(47);
            if (indexOf2 >= 1) {
                str2 = str3.substring(0, indexOf2);
            } else if (indexOf2 == 0) {
                String substring = str3.substring(1);
                int indexOf3 = substring.indexOf(47);
                str2 = indexOf3 == -1 ? substring : substring.substring(0, indexOf3);
            } else {
                str2 = str3;
            }
            return this.excludeSet.contains(str2);
        } catch (Exception e) {
            logger.error("request url pattern failed, url is " + str);
            return false;
        }
    }

    private void setExclude() {
        this.excludeSet.add("_cluster");
        this.excludeSet.add("_cat");
        this.excludeSet.add("_nodes");
        this.excludeSet.add("_stats");
        this.excludeSet.add(".opendistro");
        this.excludeSet.add("_access_log");
        this.excludeSet.add(".kibana");
        this.excludeSet.add("_aliases");
        this.excludeSet.add("_mapping");
        this.excludeSet.add("_template");
    }
}
