package org.jolokia.jvmagent;

import com.sun.net.httpserver.Authenticator;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.jolokia.config.ConfigKey;
import org.jolokia.config.Configuration;
import org.jolokia.jvmagent.security.ClientCertAuthenticator;
import org.jolokia.jvmagent.security.DelegatingAuthenticator;
import org.jolokia.jvmagent.security.JaasAuthenticator;
import org.jolokia.jvmagent.security.MultiAuthenticator;
import org.jolokia.jvmagent.security.UserPasswordAuthenticator;
import org.jolokia.util.JolokiaCipher;
import org.jolokia.util.NetworkUtil;
import org.osgi.framework.BundlePermission;
import org.slf4j.Marker;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.redhat-621216-10.jar:jolokia-jvm-1.3.6.redhat-1-agent.jar:org/jolokia/jvmagent/JolokiaServerConfig.class
 */
/* loaded from: input_file:WEB-INF/lib/jolokia-jvm-1.3.6.redhat-1-agent.jar:org/jolokia/jvmagent/JolokiaServerConfig.class */
public class JolokiaServerConfig {
    private Configuration jolokiaConfig;
    private String protocol;
    private int port;
    private int backlog;
    private InetAddress address;
    private String executor;
    private int threadNr;
    private String keystore;
    private String context;
    private boolean useSslClientAuthentication;
    private char[] keystorePassword;
    private Authenticator authenticator;
    private String secureSocketProtocol;
    private String keyManagerAlgorithm;
    private String trustManagerAlgorithm;
    private String keyStoreType;
    private String caCert;
    private String serverCert;
    private String serverKey;
    private String serverKeyAlgorithm;
    private List<String> clientPrincipals;
    private boolean extendedClientCheck;
    private String[] sslProtocols;
    private String[] sslCipherSuites;

    public JolokiaServerConfig(Map<String, String> map) {
        init(map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(Map<String, String> map) {
        Map<String, String> defaultConfig = getDefaultConfig(map);
        defaultConfig.putAll(map);
        prepareDetectorOptions(defaultConfig);
        addJolokiaId(defaultConfig);
        this.jolokiaConfig = new Configuration(new Object[0]);
        this.jolokiaConfig.updateGlobalConfiguration(defaultConfig);
        initConfigAndValidate(defaultConfig);
    }

    private void addJolokiaId(Map<String, String> map) {
        if (!map.containsKey(ConfigKey.AGENT_ID.getKeyValue())) {
            map.put(ConfigKey.AGENT_ID.getKeyValue(), NetworkUtil.getAgentId(hashCode(), "jvm"));
        }
        map.put(ConfigKey.AGENT_TYPE.getKeyValue(), "jvm");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getDefaultConfig(Map<String, String> map) {
        return readPropertiesFromInputStream(getClass().getResourceAsStream("/default-jolokia-agent.properties"), "default-jolokia-agent.properties");
    }

    public Configuration getJolokiaConfig() {
        return this.jolokiaConfig;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public boolean useHttps() {
        return this.protocol.equalsIgnoreCase("https");
    }

    public InetAddress getAddress() {
        return this.address;
    }

    public int getPort() {
        return this.port;
    }

    public Authenticator getAuthenticator() {
        return this.authenticator;
    }

    public int getBacklog() {
        return this.backlog;
    }

    public String getContextPath() {
        return this.context;
    }

    public String getExecutor() {
        return this.executor;
    }

    public int getThreadNr() {
        return this.threadNr;
    }

    public boolean useSslClientAuthentication() {
        return this.useSslClientAuthentication;
    }

    public String getKeystore() {
        return this.keystore;
    }

    public char[] getKeystorePassword() {
        return this.keystorePassword;
    }

    public String getCaCert() {
        return this.caCert;
    }

    public String getServerCert() {
        return this.serverCert;
    }

    public String getServerKey() {
        return this.serverKey;
    }

    public String getServerKeyAlgorithm() {
        return this.serverKeyAlgorithm;
    }

    public String[] getSSLProtocols() {
        return this.sslProtocols;
    }

    public String[] getSSLCipherSuites() {
        return this.sslCipherSuites;
    }

    public void updateHTTPSSettingsFromContext(SSLContext sSLContext) {
        SSLParameters supportedSSLParameters = sSLContext.getSupportedSSLParameters();
        if (this.sslProtocols == null) {
            this.sslProtocols = supportedSSLParameters.getProtocols();
        } else {
            List asList = Arrays.asList(supportedSSLParameters.getProtocols());
            ArrayList arrayList = new ArrayList(Arrays.asList(this.sslProtocols));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (!asList.contains(str)) {
                    System.out.println("Jolokia: Discarding unsupported protocol: " + str);
                    it.remove();
                }
            }
            this.sslProtocols = (String[]) arrayList.toArray(new String[0]);
        }
        if (this.sslCipherSuites == null) {
            this.sslCipherSuites = supportedSSLParameters.getCipherSuites();
            return;
        }
        List asList2 = Arrays.asList(supportedSSLParameters.getCipherSuites());
        ArrayList arrayList2 = new ArrayList(Arrays.asList(this.sslCipherSuites));
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (!asList2.contains(str2)) {
                System.out.println("Jolokia: Discarding unsupported cipher suite: " + str2);
                it2.remove();
            }
        }
        this.sslCipherSuites = (String[]) arrayList2.toArray(new String[0]);
    }

    protected void initConfigAndValidate(Map<String, String> map) {
        initContext();
        initProtocol(map);
        initAddress(map);
        this.port = Integer.parseInt(map.get("port"));
        this.backlog = Integer.parseInt(map.get("backlog"));
        initExecutor(map);
        initThreadNr(map);
        initHttpsRelatedSettings(map);
        initAuthenticator();
    }

    private void initAuthenticator() {
        initCustomAuthenticator();
        if (this.authenticator == null) {
            initAuthenticatorFromAuthMode();
        }
    }

    private void initCustomAuthenticator() {
        String str = this.jolokiaConfig.get(ConfigKey.AUTH_CLASS);
        if (str != null) {
            try {
                Class<?> cls = Class.forName(str);
                if (!Authenticator.class.isAssignableFrom(cls)) {
                    throw new IllegalArgumentException("Provided authenticator class [" + str + "] is not a subclass of Authenticator");
                }
                lookupAuthenticator(cls);
            } catch (ClassNotFoundException e) {
                throw new IllegalArgumentException("Cannot find authenticator class", e);
            }
        }
    }

    private void lookupAuthenticator(Class cls) {
        try {
            try {
                this.authenticator = (Authenticator) cls.getConstructor(Configuration.class).newInstance(this.jolokiaConfig);
            } catch (NoSuchMethodException e) {
                this.authenticator = lookupAuthenticatorWithDefaultConstructor(cls, e);
            } catch (InvocationTargetException e2) {
                throw new IllegalArgumentException("Cannot create an instance of custom authenticator class with configuration", e2);
            }
        } catch (IllegalAccessException e3) {
            throw new IllegalArgumentException("Cannot create an instance of custom authenticator class", e3);
        } catch (InstantiationException e4) {
            throw new IllegalArgumentException("Cannot create an instance of custom authenticator class", e4);
        }
    }

    private Authenticator lookupAuthenticatorWithDefaultConstructor(Class cls, NoSuchMethodException noSuchMethodException) throws InstantiationException, IllegalAccessException {
        try {
            return (Authenticator) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (NoSuchMethodException e) {
            e.initCause(noSuchMethodException);
            throw new IllegalArgumentException("Cannot create an instance of custom authenticator class, no default constructor to use", e);
        } catch (InvocationTargetException e2) {
            e2.initCause(noSuchMethodException);
            throw new IllegalArgumentException("Cannot create an instance of custom authenticator using default constructor", e2);
        }
    }

    private void initAuthenticatorFromAuthMode() {
        String str = this.jolokiaConfig.get(ConfigKey.USER);
        String str2 = this.jolokiaConfig.get(ConfigKey.PASSWORD);
        String str3 = this.jolokiaConfig.get(ConfigKey.AUTH_MODE);
        String str4 = this.jolokiaConfig.get(ConfigKey.REALM);
        ArrayList arrayList = new ArrayList();
        if (useHttps() && useSslClientAuthentication()) {
            arrayList.add(new ClientCertAuthenticator(this));
        }
        if ("basic".equalsIgnoreCase(str3)) {
            if (str != null) {
                if (str2 == null) {
                    throw new IllegalArgumentException("'password' must be set if a 'user' (here: '" + str + "') is given");
                }
                arrayList.add(new UserPasswordAuthenticator(str4, str, str2));
            }
        } else if ("jaas".equalsIgnoreCase(str3)) {
            arrayList.add(new JaasAuthenticator(str4));
        } else {
            if (!"delegate".equalsIgnoreCase(str3)) {
                throw new IllegalArgumentException("No auth method '" + str3 + "' known. Must be either 'basic' or 'jaas'");
            }
            arrayList.add(new DelegatingAuthenticator(str4, this.jolokiaConfig.get(ConfigKey.AUTH_URL), this.jolokiaConfig.get(ConfigKey.AUTH_PRINCIPAL_SPEC), this.jolokiaConfig.getAsBoolean(ConfigKey.AUTH_IGNORE_CERTS)));
        }
        if (arrayList.isEmpty()) {
            this.authenticator = null;
        } else if (arrayList.size() == 1) {
            this.authenticator = (Authenticator) arrayList.get(0);
        } else {
            this.authenticator = new MultiAuthenticator(MultiAuthenticator.Mode.ANY, arrayList);
        }
    }

    private void initProtocol(Map<String, String> map) {
        this.protocol = map.containsKey("protocol") ? map.get("protocol") : "http";
        if (!this.protocol.equals("http") && !this.protocol.equals("https")) {
            throw new IllegalArgumentException("Invalid protocol '" + this.protocol + "'. Must be either 'http' or 'https'");
        }
    }

    private void initContext() {
        this.context = this.jolokiaConfig.get(ConfigKey.AGENT_CONTEXT);
        if (this.context == null) {
            this.context = ConfigKey.AGENT_CONTEXT.getDefaultValue();
        }
        if (this.context.endsWith("/")) {
            return;
        }
        this.context += "/";
    }

    private void initHttpsRelatedSettings(Map<String, String> map) {
        this.keystore = map.get("keystore");
        this.caCert = map.get("caCert");
        this.serverCert = map.get("serverCert");
        this.serverKey = map.get("serverKey");
        this.secureSocketProtocol = map.get("secureSocketProtocol");
        this.keyStoreType = map.get("keyStoreType");
        this.keyManagerAlgorithm = map.get("keyManagerAlgorithm");
        this.trustManagerAlgorithm = map.get("trustManagerAlgorithm");
        String str = map.get("useSslClientAuthentication");
        this.useSslClientAuthentication = str != null && Boolean.valueOf(str).booleanValue();
        String str2 = map.get("keystorePassword");
        this.keystorePassword = str2 != null ? decipherPasswordIfNecessary(str2) : new char[0];
        this.serverKeyAlgorithm = map.get("serverKeyAlgorithm");
        this.clientPrincipals = extractList(map, "clientPrincipal");
        String str3 = map.get("extendedClientCheck");
        this.extendedClientCheck = str3 != null && Boolean.valueOf(str3).booleanValue();
        List<String> extractList = extractList(map, "sslProtocol");
        if (extractList != null) {
            this.sslProtocols = (String[]) extractList.toArray(new String[0]);
        }
        List<String> extractList2 = extractList(map, "sslCipherSuite");
        if (extractList2 != null) {
            this.sslCipherSuites = (String[]) extractList2.toArray(new String[0]);
        }
    }

    private char[] decipherPasswordIfNecessary(String str) {
        Matcher matcher = Pattern.compile("^\\[\\[(.*)]]$").matcher(str);
        if (!matcher.matches()) {
            return str.toCharArray();
        }
        String group = matcher.group(1);
        try {
            return new JolokiaCipher().decrypt(group).toCharArray();
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Cannot decrypt password " + group);
        }
    }

    private List<String> extractList(Map<String, String> map, String str) {
        ArrayList arrayList = new ArrayList();
        if (map.containsKey(str)) {
            arrayList.add(map.get(str));
        }
        int i = 1;
        String str2 = str + ".1";
        while (true) {
            String str3 = str2;
            if (!map.containsKey(str3)) {
                break;
            }
            arrayList.add(map.get(str3));
            i++;
            str2 = str + "." + i;
        }
        if (arrayList.size() > 0) {
            return arrayList;
        }
        return null;
    }

    private void initThreadNr(Map<String, String> map) {
        String str = map.get("threadNr");
        this.threadNr = str != null ? Integer.parseInt(str) : 5;
    }

    private void initExecutor(Map<String, String> map) {
        this.executor = map.containsKey("executor") ? map.get("executor") : "single";
        if (!"single".equalsIgnoreCase(this.executor) && !"fixed".equalsIgnoreCase(this.executor) && !"cached".equalsIgnoreCase(this.executor)) {
            throw new IllegalArgumentException("Executor model can be '" + this.executor + "' but most be either 'single', 'fixed' or 'cached'");
        }
    }

    private void initAddress(Map<String, String> map) {
        String str = map.get(BundlePermission.HOST);
        try {
            if (Marker.ANY_MARKER.equals(str) || "0.0.0.0".equals(str)) {
                this.address = null;
            } else if (str != null) {
                this.address = InetAddress.getByName(str);
            } else {
                this.address = InetAddress.getByName(null);
            }
        } catch (UnknownHostException e) {
            throw new IllegalArgumentException("Can not lookup " + (str != null ? str : "loopback interface") + ": " + e, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> readPropertiesFromInputStream(InputStream inputStream, String str) {
        HashMap hashMap = new HashMap();
        if (inputStream == null) {
            return hashMap;
        }
        Properties properties = new Properties();
        try {
            properties.load(inputStream);
            hashMap.putAll(properties);
            return hashMap;
        } catch (IOException e) {
            throw new IllegalArgumentException("jolokia: Cannot load properties " + str + " : " + e, e);
        }
    }

    protected void prepareDetectorOptions(Map<String, String> map) {
        StringBuffer stringBuffer = new StringBuffer("{");
        if (map.containsKey("bootAmx") && Boolean.parseBoolean(map.get("bootAmx"))) {
            stringBuffer.append("\"glassfish\" : { \"bootAmx\" : true }");
        }
        if (stringBuffer.length() > 1) {
            stringBuffer.append("}");
            map.put(ConfigKey.DETECTOR_OPTIONS.getKeyValue(), stringBuffer.toString());
        }
    }

    public String getSecureSocketProtocol() {
        return this.secureSocketProtocol;
    }

    public String getKeyManagerAlgorithm() {
        return this.keyManagerAlgorithm;
    }

    public String getTrustManagerAlgorithm() {
        return this.trustManagerAlgorithm;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public List<String> getClientPrincipals() {
        return this.clientPrincipals;
    }

    public boolean getExtendedClientCheck() {
        return this.extendedClientCheck;
    }
}
