package org.apache.karaf.management;

import aQute.bnd.osgi.Processor;
import java.io.IOException;
import java.lang.reflect.Proxy;
import java.net.BindException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.rmi.server.RMIServerSocketFactory;
import java.security.GeneralSecurityException;
import java.util.Map;
import javax.management.JMException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import org.apache.karaf.jaas.config.KeystoreInstance;
import org.apache.karaf.jaas.config.KeystoreManager;
import org.apache.karaf.management.internal.MBeanInvocationHandler;
import org.codehaus.plexus.util.SelectorUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/org.apache.karaf.management.server-2.4.0.redhat-630495.jar:org/apache/karaf/management/ConnectorServerFactory.class */
public class ConnectorServerFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(ConnectorServerFactory.class);
    private MBeanServer server;
    private KarafMBeanServerGuard guard;
    private String serviceUrl;
    private String rmiServerHost;
    private Map environment;
    private ObjectName objectName;
    private JMXConnectorServer connectorServer;
    private boolean secured;
    private KeystoreManager keystoreManager;
    private String algorithm;
    private String secureProtocol;
    private String enabledProtocols;
    private String keyStore;
    private String trustStore;
    private String keyAlias;
    private boolean threaded = false;
    private boolean daemon = false;
    private long keyStoreAvailabilityTimeout = 5000;
    private AuthenticatorType authenticatorType = AuthenticatorType.PASSWORD;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/org.apache.karaf.management.server-2.4.0.redhat-630495.jar:org/apache/karaf/management/ConnectorServerFactory$AuthenticatorType.class */
    public enum AuthenticatorType {
        NONE,
        PASSWORD,
        CERTIFICATE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/org.apache.karaf.management.server-2.4.0.redhat-630495.jar:org/apache/karaf/management/ConnectorServerFactory$KarafRMIServerSocketFactory.class */
    public static class KarafRMIServerSocketFactory implements RMIServerSocketFactory {
        private String rmiServerHost;

        public KarafRMIServerSocketFactory(String str) {
            this.rmiServerHost = str;
        }

        public ServerSocket createServerSocket(int i) throws IOException {
            return ServerSocketFactory.getDefault().createServerSocket(i, 50, InetAddress.getByName(this.rmiServerHost));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/org.apache.karaf.management.server-2.4.0.redhat-630495.jar:org/apache/karaf/management/ConnectorServerFactory$KarafSslRMIServerSocketFactory.class */
    public static class KarafSslRMIServerSocketFactory implements RMIServerSocketFactory {
        private SSLServerSocketFactory sslServerSocketFactory;
        private boolean clientAuth;
        private String rmiServerHost;
        private String[] enabledProtocols;

        public KarafSslRMIServerSocketFactory(SSLServerSocketFactory sSLServerSocketFactory, boolean z, String str, String[] strArr) {
            this.sslServerSocketFactory = sSLServerSocketFactory;
            this.clientAuth = z;
            this.rmiServerHost = str;
            this.enabledProtocols = strArr;
        }

        public ServerSocket createServerSocket(int i) throws IOException {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslServerSocketFactory.createServerSocket(i, 50, InetAddress.getByName(this.rmiServerHost));
            sSLServerSocket.setNeedClientAuth(this.clientAuth);
            if (this.enabledProtocols != null && this.enabledProtocols.length > 0) {
                sSLServerSocket.setEnabledProtocols(this.enabledProtocols);
            }
            return sSLServerSocket;
        }
    }

    public MBeanServer getServer() {
        return this.server;
    }

    public void setServer(MBeanServer mBeanServer) {
        this.server = mBeanServer;
    }

    public KarafMBeanServerGuard getGuard() {
        return this.guard;
    }

    public void setGuard(KarafMBeanServerGuard karafMBeanServerGuard) {
        this.guard = karafMBeanServerGuard;
    }

    public String getServiceUrl() {
        return this.serviceUrl;
    }

    public void setServiceUrl(String str) {
        this.serviceUrl = str;
    }

    public Map getEnvironment() {
        return this.environment;
    }

    public void setEnvironment(Map map) {
        this.environment = map;
    }

    public ObjectName getObjectName() {
        return this.objectName;
    }

    public void setObjectName(ObjectName objectName) {
        this.objectName = objectName;
    }

    public boolean isThreaded() {
        return this.threaded;
    }

    public void setThreaded(boolean z) {
        this.threaded = z;
    }

    public boolean isDaemon() {
        return this.daemon;
    }

    public void setDaemon(boolean z) {
        this.daemon = z;
    }

    public String getAuthenticatorType() {
        return this.authenticatorType.name().toLowerCase();
    }

    public void setAuthenticatorType(String str) {
        this.authenticatorType = AuthenticatorType.valueOf(str.toUpperCase());
    }

    public void setKeyStoreAvailabilityTimeout(long j) {
        this.keyStoreAvailabilityTimeout = j;
    }

    public boolean isSecured() {
        return this.secured;
    }

    public void setSecured(boolean z) {
        this.secured = z;
    }

    public void setKeystoreManager(KeystoreManager keystoreManager) {
        this.keystoreManager = keystoreManager;
    }

    public KeystoreManager getKeystoreManager() {
        return this.keystoreManager;
    }

    public String getKeyStore() {
        return this.keyStore;
    }

    public void setKeyStore(String str) {
        this.keyStore = str;
    }

    public String getTrustStore() {
        return this.trustStore;
    }

    public void setTrustStore(String str) {
        this.trustStore = str;
    }

    public String getKeyAlias() {
        return this.keyAlias;
    }

    public void setKeyAlias(String str) {
        this.keyAlias = str;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        if ("default".equalsIgnoreCase(str)) {
            this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
        } else {
            this.algorithm = str;
        }
    }

    public String getSecureProtocol() {
        return this.secureProtocol;
    }

    public void setSecureProtocol(String str) {
        this.secureProtocol = str;
    }

    private boolean isClientAuth() {
        return this.authenticatorType.equals(AuthenticatorType.CERTIFICATE);
    }

    public void init() throws Exception {
        if (this.server == null) {
            throw new IllegalArgumentException("server must be set");
        }
        setupKarafRMIServerSocketFactory();
        if (isClientAuth()) {
            this.secured = true;
        }
        if (!AuthenticatorType.PASSWORD.equals(this.authenticatorType)) {
            this.environment.remove("jmx.remote.authenticator");
        }
        doInit();
    }

    synchronized void doInit() throws Exception {
        JMXServiceURL jMXServiceURL = new JMXServiceURL(this.serviceUrl);
        if (this.secured) {
            try {
                setupSsl();
            } catch (Exception e) {
                LOGGER.info("Can't init JMXConnectorServer with SSL enabled: " + e.getMessage());
                return;
            }
        }
        MBeanServer mBeanServer = (MBeanServer) Proxy.newProxyInstance(this.server.getClass().getClassLoader(), new Class[]{MBeanServer.class}, new MBeanInvocationHandler(this.server, this.guard));
        if (this.connectorServer != null) {
            destroy();
        }
        this.connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jMXServiceURL, this.environment, mBeanServer);
        if (this.objectName != null) {
            try {
                this.server.registerMBean(this.connectorServer, this.objectName);
            } catch (Exception e2) {
                LOGGER.info("Can't register JMXConnectorServer: " + e2.getMessage());
            }
        }
        try {
            if (this.threaded) {
                Thread thread = new Thread() { // from class: org.apache.karaf.management.ConnectorServerFactory.1
                    @Override // java.lang.Thread, java.lang.Runnable
                    public void run() {
                        try {
                            Thread.currentThread().setContextClassLoader(ConnectorServerFactory.class.getClassLoader());
                            ConnectorServerFactory.this.connectorServer.start();
                        } catch (IOException e3) {
                            if (!(e3.getCause() instanceof BindException)) {
                                throw new RuntimeException("Could not start JMX connector server", e3);
                            }
                            int indexOf = e3.getMessage().indexOf("nested exception is");
                            if (indexOf > e3.getMessage().length() || indexOf < 0) {
                                indexOf = e3.getMessage().length();
                            }
                            throw new RuntimeException("\n" + e3.getMessage().substring(0, indexOf) + "\nYou may have started two containers.  If you need to start a second container or the default ports are already in use update the config file etc/org.apache.karaf.management.cfg and change the Registry Port and Server Port to unused ports");
                        }
                    }
                };
                thread.setName("JMX Connector Thread [" + this.serviceUrl + SelectorUtils.PATTERN_HANDLER_SUFFIX);
                thread.setDaemon(this.daemon);
                thread.start();
            } else {
                this.connectorServer.start();
            }
        } catch (Exception e3) {
            doUnregister(this.objectName);
            throw e3;
        }
    }

    public void destroy() throws Exception {
        try {
            this.connectorServer.stop();
            doUnregister(this.objectName);
        } catch (Throwable th) {
            doUnregister(this.objectName);
            throw th;
        }
    }

    protected void doUnregister(ObjectName objectName) {
        try {
            if (this.objectName != null && this.server.isRegistered(objectName)) {
                this.server.unregisterMBean(objectName);
            }
        } catch (JMException e) {
        }
    }

    private void setupSsl() throws GeneralSecurityException {
        KarafSslRMIServerSocketFactory karafSslRMIServerSocketFactory = new KarafSslRMIServerSocketFactory(this.keystoreManager.createSSLServerFactory(null, this.secureProtocol, this.algorithm, this.keyStore, this.keyAlias, this.trustStore, this.keyStoreAvailabilityTimeout), isClientAuth(), getRmiServerHost(), getStringArray(getEnabledProtocols()));
        SslRMIClientSocketFactory sslRMIClientSocketFactory = new SslRMIClientSocketFactory();
        this.environment.put("jmx.remote.rmi.server.socket.factory", karafSslRMIServerSocketFactory);
        this.environment.put("jmx.remote.rmi.client.socket.factory", sslRMIClientSocketFactory);
    }

    private void setupKarafRMIServerSocketFactory() {
        this.environment.put("jmx.remote.rmi.server.socket.factory", new KarafRMIServerSocketFactory(getRmiServerHost()));
    }

    public String getRmiServerHost() {
        return this.rmiServerHost;
    }

    public void setRmiServerHost(String str) {
        this.rmiServerHost = str;
    }

    public void register(KeystoreInstance keystoreInstance, Map<String, ?> map) {
        if (this.secured) {
            LOGGER.info("Found new keystore: {}. Re-initializing.", keystoreInstance.getName());
            try {
                Thread thread = new Thread(this) { // from class: org.apache.karaf.management.ConnectorServerFactory.1SSLSetupThread
                    ConnectorServerFactory factory;

                    {
                        this.factory = this;
                    }

                    @Override // java.lang.Thread, java.lang.Runnable
                    public void run() {
                        try {
                            this.factory.doInit();
                        } catch (Exception e) {
                            ConnectorServerFactory.LOGGER.warn("", (Throwable) e);
                        }
                    }
                };
                thread.setName("Keystore Registrer");
                thread.start();
            } catch (Exception e) {
                LOGGER.info("Can't re-init JMXConnectorServer with SSL enabled when register a keystore:" + e.getMessage());
            }
        }
    }

    public void unregister(KeystoreInstance keystoreInstance, Map<String, ?> map) {
        if (this.secured) {
            if (keystoreInstance != null) {
                LOGGER.info("Keystore: {} undeployed. Re-initializing.", keystoreInstance.getName());
            }
            try {
                destroy();
            } catch (Exception e) {
                LOGGER.info("Can't re-init JMXConnectorServer with SSL enabled when unregister a keystore: " + e.getMessage());
            }
        }
    }

    public String getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public void setEnabledProtocols(String str) {
        this.enabledProtocols = str;
    }

    private String[] getStringArray(String str) {
        if (str == null) {
            return null;
        }
        return str.split(Processor.LIST_SPLITTER);
    }
}
