package com.atlassian.bamboo.v2.build.agent;

import com.atlassian.bamboo.amq.BrokerUriUtils;
import com.atlassian.bamboo.crypto.BouncyCastleProviderUtils;
import com.atlassian.bamboo.security.JmsSslManagementUtils;
import com.atlassian.bamboo.security.KeyStoreFactory;
import com.atlassian.bamboo.setup.BambooHomeLocator;
import com.atlassian.bamboo.utils.SystemProperty;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import java.util.Set;
import java.util.concurrent.ConcurrentSkipListSet;
import java.util.concurrent.TimeUnit;
import javax.annotation.PostConstruct;
import org.apache.activemq.ActiveMQSslConnectionFactory;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;

/* loaded from: input_file:com/atlassian/bamboo/v2/build/agent/BambooActiveMQConnectionFactory.class */
public class BambooActiveMQConnectionFactory extends ActiveMQSslConnectionFactory {
    public static final String FAILOVER_RECONNECT_PARAMS = "maxReconnectAttempts=10&initialReconnectDelay=15000";

    @Autowired
    @Lazy
    private KeyStoreFactory keyStoreFactory;

    @Autowired
    @Lazy
    private BambooHomeLocator homeLocator;
    private static final Logger log = Logger.getLogger(BambooActiveMQConnectionFactory.class);
    private static final Set<String> VALIDATED_BROKER_URLS = new ConcurrentSkipListSet();

    public BambooActiveMQConnectionFactory(String str) {
        super(str);
        log.info("Initializing ActiveMQ...");
    }

    public void setBrokerURL(String str) {
        if (VALIDATED_BROKER_URLS.add(str)) {
            log.info("Setting broker URL to '" + str + "'");
            validateUri(str);
        }
        super.setBrokerURL(str);
    }

    @PostConstruct
    private void setupSsl() {
        if (StringUtils.contains(getBrokerURL(), "ssl://")) {
            if (JmsSslManagementUtils.isJmsKeystoreAutomaticManagementDisabled()) {
                log.info("Automatic JMS SSL management is disabled");
                return;
            }
            if (StringUtils.isNotBlank(getBambooJmsSslTruststorePropertyValue())) {
                log.info("Custom JMS SSL credentials are provided");
                File file = FileUtils.getFile(new String[]{getBambooJmsSslTruststorePropertyValue()});
                if (!file.exists()) {
                    log.info("Truststore file '" + getBambooJmsSslTruststorePropertyValue() + "' not found. Skipping truststore initialization");
                    return;
                }
                try {
                    setTrustStore(file.getAbsolutePath());
                    setTrustStorePassword(JmsSslManagementUtils.decodePassword(getBambooJmsSslTruststorePasswordPropertyValue()));
                    return;
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            }
            log.info("Automatic JMS SSL management is enabled");
            try {
                File file2 = FileUtils.getFile(new String[]{this.homeLocator.getSharedHomePath(), "configuration", "jmsclient.ts"});
                if (!file2.exists()) {
                    file2.getParentFile().mkdirs();
                    Certificate brokerCertificate = getBrokerCertificate();
                    if (brokerCertificate != null) {
                        JmsSslManagementUtils.createTrustStore(file2, brokerCertificate);
                    }
                }
                setTrustStore(file2.getAbsolutePath());
                setTrustStorePassword("");
            } catch (Exception e2) {
                log.warn("Unable to automatically manage SSL keys: ", e2);
            }
        }
    }

    @NotNull
    private static String getBambooJmsSslTruststorePasswordPropertyValue() {
        return SystemProperty.BAMBOO_JMS_SSL_TRUSTSTORE_PASSWORD.getValue(new SystemProperty(false, new String[]{SystemProperty.BAMBOO_JMS_SSL_TRUSTSTORE_PASSWORD.getKey().toLowerCase()}).getValue(""));
    }

    @NotNull
    private static String getBambooJmsSslTruststorePropertyValue() {
        return SystemProperty.BAMBOO_JMS_SSL_TRUSTSTORE.getValue(new SystemProperty(false, new String[]{SystemProperty.BAMBOO_JMS_SSL_TRUSTSTORE.getKey().toLowerCase()}).getValue(""));
    }

    private Certificate getBrokerCertificate() throws CertificateException {
        String value = new SystemProperty(false, new String[]{"bamboo.agent.brokerCertificate"}).getValue();
        if (value != null) {
            return toJavaCertificate(Base64.getUrlDecoder().decode(value));
        }
        log.warn("Broker certificate not found");
        return null;
    }

    private static Certificate toJavaCertificate(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509", BouncyCastleProviderUtils.getProvider()).generateCertificate(new ByteArrayInputStream(bArr));
    }

    private void validateUri(String str) {
        try {
            for (URI uri : BrokerUriUtils.getSimpleUris(URI.create(str))) {
                if (!uri.getScheme().equals("vm")) {
                    String ping = ping(uri);
                    if (ping != null) {
                        log.warn("Broker URI: " + uri + " is invalid: " + ping);
                    } else {
                        log.info("Broker URI: " + uri + " is valid.");
                    }
                }
            }
        } catch (Exception e) {
            log.warn("Unable to validate " + str + ": " + e);
        }
    }

    @Nullable
    private static String ping(URI uri) {
        try {
            Socket socket = new Socket();
            try {
                int millis = (int) TimeUnit.SECONDS.toMillis(1L);
                socket.setSoTimeout(millis);
                socket.connect(new InetSocketAddress(uri.getHost(), uri.getPort()), millis);
                socket.getInputStream();
                socket.close();
                return null;
            } finally {
            }
        } catch (IOException e) {
            return e.toString();
        }
    }
}
