package com.predic8.membrane.core.interceptor.json;

import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.io.CountingInputStream;
import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Interceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MCElement(name = "jsonProtection")
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.1.0.jar:com/predic8/membrane/core/interceptor/json/JsonProtectionInterceptor.class */
public class JsonProtectionInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JsonProtectionInterceptor.class);
    private final ObjectMapper om = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY, true).configure(JsonParser.Feature.STRICT_DUPLICATE_DETECTION, true);
    private int maxTokens = 10000;
    private int maxSize = 52428800;
    private int maxDepth = 50;
    private int maxStringLength = 262144;
    private int maxKeyLength = 256;
    private int maxObjectSize = 1000;
    private int maxArraySize = 1000;

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.1.0.jar:com/predic8/membrane/core/interceptor/json/JsonProtectionInterceptor$ArrContext.class */
    private class ArrContext extends Context {
        int n;

        private ArrContext() {
        }

        @Override // com.predic8.membrane.core.interceptor.json.JsonProtectionInterceptor.Context
        public void check(JsonToken jsonToken, JsonParser jsonParser) throws JsonParseException {
            if (jsonToken.id() == 4) {
                return;
            }
            this.n++;
            if (this.n > JsonProtectionInterceptor.this.maxArraySize) {
                throw new JsonParseException(jsonParser, "Exceeded maxArraySize (" + JsonProtectionInterceptor.this.maxArraySize + ").");
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.1.0.jar:com/predic8/membrane/core/interceptor/json/JsonProtectionInterceptor$Context.class */
    private static abstract class Context {
        private Context() {
        }

        public abstract void check(JsonToken jsonToken, JsonParser jsonParser) throws IOException;
    }

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.1.0.jar:com/predic8/membrane/core/interceptor/json/JsonProtectionInterceptor$ObjContext.class */
    private class ObjContext extends Context {
        int n;

        private ObjContext() {
        }

        @Override // com.predic8.membrane.core.interceptor.json.JsonProtectionInterceptor.Context
        public void check(JsonToken jsonToken, JsonParser jsonParser) throws IOException {
            if (jsonToken.id() == 2) {
                return;
            }
            this.n++;
            if (this.n > JsonProtectionInterceptor.this.maxObjectSize) {
                throw new JsonParseException(jsonParser, "Exceeded maxObjectSize (" + JsonProtectionInterceptor.this.maxObjectSize + ").");
            }
            if (jsonParser.getCurrentName().length() > JsonProtectionInterceptor.this.maxKeyLength) {
                throw new JsonParseException(jsonParser, "Exceeded maxKeyLength (" + JsonProtectionInterceptor.this.maxKeyLength + ").");
            }
        }
    }

    public JsonProtectionInterceptor() {
        this.name = "JSON protection";
        setFlow(EnumSet.of(Interceptor.Flow.REQUEST));
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor
    public void init() throws Exception {
        if (this.maxStringLength < this.maxKeyLength) {
            this.maxKeyLength = this.maxStringLength;
        }
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        if ("GET".equals(exchange.getRequest().getMethod())) {
            return Outcome.CONTINUE;
        }
        try {
            CountingInputStream countingInputStream = new CountingInputStream(exchange.getRequest().getBodyAsStreamDecoded());
            JsonParser createParser = this.om.createParser(countingInputStream);
            int i = 0;
            int i2 = 0;
            ArrayList arrayList = new ArrayList();
            Context context = null;
            while (true) {
                JsonToken nextValue = createParser.nextValue();
                if (nextValue == null) {
                    if (countingInputStream.getCount() > this.maxSize) {
                        throw new JsonParseException(createParser, "Exceeded maxSize (" + this.maxSize + ").");
                    }
                    return Outcome.CONTINUE;
                }
                i++;
                if (i > this.maxTokens) {
                    throw new JsonParseException(createParser, "Exceeded maxTokens (" + this.maxTokens + ").");
                }
                if (countingInputStream.getCount() > this.maxSize) {
                    throw new JsonParseException(createParser, "Exceeded maxSize (" + this.maxSize + ").");
                }
                if (context != null) {
                    context.check(nextValue, createParser);
                }
                switch (nextValue.id()) {
                    case -1:
                    case 0:
                    case 5:
                    case 12:
                        throw new RuntimeException("not handled.");
                    case 1:
                        i2++;
                        if (i2 <= this.maxDepth) {
                            ObjContext objContext = new ObjContext();
                            context = objContext;
                            arrayList.add(objContext);
                            break;
                        } else {
                            throw new JsonParseException(createParser, "Exceeded maxSize (" + this.maxSize + ").");
                        }
                    case 2:
                    case 4:
                        i2--;
                        if (i2 >= 0) {
                            arrayList.remove(arrayList.size() - 1);
                            context = arrayList.size() == 0 ? null : (Context) arrayList.get(arrayList.size() - 1);
                            break;
                        } else {
                            throw new JsonParseException(createParser, "invalid");
                        }
                    case 3:
                        i2++;
                        if (i2 <= this.maxDepth) {
                            ArrContext arrContext = new ArrContext();
                            context = arrContext;
                            arrayList.add(arrContext);
                            break;
                        } else {
                            throw new JsonParseException(createParser, "Exceeded maxSize (" + this.maxSize + ").");
                        }
                    case 6:
                        if (createParser.getValueAsString().length() <= this.maxStringLength) {
                            break;
                        } else {
                            throw new JsonParseException(createParser, "Exceeded maxStringLength (" + this.maxStringLength + ").");
                        }
                    case 7:
                    case 8:
                    case 9:
                    case 10:
                    case 11:
                        break;
                    default:
                        throw new RuntimeException("not handled (" + nextValue.id() + ")");
                }
            }
        } catch (JsonParseException e) {
            LOG.error(e.getMessage());
            exchange.setResponse(Response.badRequest().build());
            return Outcome.RETURN;
        }
    }

    public int getMaxTokens() {
        return this.maxTokens;
    }

    @MCAttribute
    public void setMaxTokens(int i) {
        this.maxTokens = i;
    }

    public int getMaxSize() {
        return this.maxSize;
    }

    public void setMaxSize(int i) {
        this.maxSize = i;
    }

    public int getMaxDepth() {
        return this.maxDepth;
    }

    public void setMaxDepth(int i) {
        this.maxDepth = i;
    }

    public int getMaxStringLength() {
        return this.maxStringLength;
    }

    public void setMaxStringLength(int i) {
        this.maxStringLength = i;
    }

    public int getMaxKeyLength() {
        return this.maxKeyLength;
    }

    public void setMaxKeyLength(int i) {
        this.maxKeyLength = i;
    }

    public int getMaxObjectSize() {
        return this.maxObjectSize;
    }

    public void setMaxObjectSize(int i) {
        this.maxObjectSize = i;
    }

    public int getMaxArraySize() {
        return this.maxArraySize;
    }

    public void setMaxArraySize(int i) {
        this.maxArraySize = i;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getShortDescription() {
        return "Protects against several JSON attack classes.";
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getLongDescription() {
        return "<div>Enforces the following constraints:<br/><ul><li>HTTP request body must be well-formed JSON, if the HTTP verb is not<font style=\"font-family: monospace\">GET</font>.</li><li>Limits the maximum number of tokens to " + this.maxTokens + ". (Each string and opening bracket countsas a token: <font style=\"font-family: monospace\">{\"a\":\"b\"}</font> counts as 3 tokens)</li><li>Forbids duplicate keys. (<font style=\"font-family: monospace\">{\"a\":\"b\", \"a\":\"c\"}</font> will be rejected.)</li><li>Limits the total size in bytes of the body to " + this.maxSize + ".</li><li>Limits the maximum depth to " + this.maxDepth + ". (<font style=\"font-family: monospace\">{\"a\":[{\"b\":\"c\"}]}</font> has depth 3.)</li><li>Limits the maximum string length to " + this.maxStringLength + ". (<font style=\"font-family: monospace\">{\"a\":\"abc\"}</font> has max string length 3.)</li><li>Limits the maximum key length to " + this.maxKeyLength + ". (<font style=\"font-family: monospace\">{\"abc\":\"a\"}</font> has key length 3.)</li><li>Limits the maximum object size to " + this.maxObjectSize + ". (<font style=\"font-family: monospace\">{\"a\":\"b\",\"c\":\"d\"}</font> has object size 2.)</li><li>Limits the maximum array size to " + this.maxArraySize + ". (<font style=\"font-family: monospace\">[\"a\", \"b\"]</font> has array size 2.)</li></ul></div>";
    }
}
