package com.predic8.membrane.core.interceptor.json;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MCElement(name = "jsonProtection")
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.0.0-alpha-3.jar:com/predic8/membrane/core/interceptor/json/JsonProtectionInterceptor.class */
public class JsonProtectionInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JsonProtectionInterceptor.class);
    private ObjectMapper om = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY, true).configure(JsonParser.Feature.STRICT_DUPLICATE_DETECTION, true);
    private int maxTokens = 10000;

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        if ("GET".equals(exchange.getRequest().getMethod())) {
            return Outcome.CONTINUE;
        }
        try {
            JsonParser createParser = this.om.createParser(exchange.getRequest().getBodyAsStreamDecoded());
            int i = 0;
            while (createParser.nextValue() != null) {
                i++;
                if (i > this.maxTokens) {
                    throw new JsonParseException(createParser, "Exceeded maxTokens (" + this.maxTokens + ").");
                }
            }
            return Outcome.CONTINUE;
        } catch (JsonParseException e) {
            LOG.error(e.getMessage());
            exchange.setResponse(Response.badRequest().build());
            return Outcome.RETURN;
        }
    }

    public int getMaxTokens() {
        return this.maxTokens;
    }

    @MCAttribute
    public void setMaxTokens(int i) {
        this.maxTokens = i;
    }
}
