package org.owasp.esapi.filters;

import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:web.war:WEB-INF/lib/esapi-2.1.0.1.jar:org/owasp/esapi/filters/RequestRateThrottleFilter.class */
public class RequestRateThrottleFilter implements Filter {
    private int hits = 5;
    private int period = 10;
    private static final String HITS = "hits";
    private static final String PERIOD = "period";

    public void init(FilterConfig filterConfig) {
        this.hits = filterConfig.getInitParameter("hits") == null ? 5 : Integer.parseInt(filterConfig.getInitParameter("hits"));
        this.period = filterConfig.getInitParameter("period") == null ? 10 : Integer.parseInt(filterConfig.getInitParameter("period"));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session = ((HttpServletRequest) servletRequest).getSession(true);
        synchronized (session.getId().intern()) {
            List list = (List) ESAPI.httpUtilities().getSessionAttribute("times");
            if (list == null) {
                list = new LinkedList();
                session.setAttribute("times", list);
            }
            Long valueOf = Long.valueOf(System.currentTimeMillis());
            list.add(valueOf);
            if (list.size() > this.hits) {
                if (valueOf.longValue() - ((Long) list.remove(0)).longValue() < this.period * 1000) {
                    servletResponse.getWriter().println("Request rate too high");
                    return;
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }
}
