package org.glassfish.admin.mbeanserver;

import com.sun.enterprise.admin.cli.CLIConstants;
import com.sun.enterprise.admin.servermgmt.KeystoreManager;
import com.sun.messaging.jmq.management.JMXMQAddress;
import com.sun.messaging.jms.management.server.LogLevel;
import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.rmi.NotBoundException;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.RMISocketFactory;
import java.rmi.server.UnicastRemoteObject;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.management.MBeanServer;
import javax.management.NotificationFilter;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnection;
import javax.management.remote.rmi.RMIConnectorServer;
import javax.management.remote.rmi.RMIJRMPServerImpl;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.security.auth.Subject;
import org.glassfish.admin.mbeanserver.ssl.JMXMasterPasswordImpl;
import org.glassfish.admin.mbeanserver.ssl.SSLClientConfigurator;
import org.glassfish.admin.mbeanserver.ssl.SSLParams;
import org.glassfish.admin.mbeanserver.ssl.SecureRMIServerSocketFactory;
import org.glassfish.grizzly.config.dom.Ssl;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.logging.annotation.LogMessageInfo;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/glassfish/admin/mbeanserver/RMIConnectorStarter.class */
public final class RMIConnectorStarter extends ConnectorStarter {
    public static final String RMI_HOSTNAME_PROP = "java.rmi.server.hostname";
    private final Registry mRegistry;
    private final boolean mBindToSingleIP;
    private volatile MyRMIJRMPServerImpl mMyServer;
    private final MyRMIServerSocketFactory mServerSocketFactory;
    private final SecureRMIServerSocketFactory sslServerSocketFactory;
    private final SslRMIClientSocketFactory sslCsf;
    private String masterPassword;
    private static final Logger JMX_LOGGER = Util.JMX_LOGGER;

    @LogMessageInfo(level = LogLevel.INFO, message = "Security enabled")
    private static final String SECURITY_ENABLED = "NCLS-JMX-00009";

    @LogMessageInfo(level = LogLevel.INFO, message = "Binding RMI port to single IP address = {0}, port {1}")
    private static final String BINDING_TO_SINGLE_ADDR = "NCLS-JMX-00026";

    @LogMessageInfo(level = "SEVERE", message = "Error stopping RMIConnector", action = "unknown", cause = "unknown")
    private static final String ERROR_STOPPING = "NCLS-JMX-00011";

    @LogMessageInfo(level = LogLevel.INFO, message = "MyRMIJRMPServerImpl: exported on address {0}")
    private static final String EXPORTED = "NCLS-JMX-00012";

    @LogMessageInfo(message = "MyRMIJRMPServerImpl: makeClient on address = {0}")
    private static final String MAKE_CLIENT = "NCLS-JMX-00013";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/glassfish/admin/mbeanserver/RMIConnectorStarter$MyRMIJRMPServerImpl.class */
    public static final class MyRMIJRMPServerImpl extends RMIJRMPServerImpl {
        private final String mBindToAddr;

        public MyRMIJRMPServerImpl(int i, Map<String, ?> map, RMIServerSocketFactory rMIServerSocketFactory, String str) throws IOException {
            super(i, (RMIClientSocketFactory) map.get("jmx.remote.rmi.client.socket.factory"), rMIServerSocketFactory, map);
            this.mBindToAddr = str;
        }

        protected synchronized void export(String str) throws IOException {
            String str2 = RMIConnectorStarter.setupRMIHostname(this.mBindToAddr);
            try {
                super.export();
                RMIConnectorStarter.JMX_LOGGER.log(Level.INFO, RMIConnectorStarter.EXPORTED, this.mBindToAddr);
            } finally {
                RMIConnectorStarter.restoreRMIHostname(str2, this.mBindToAddr);
            }
        }

        protected synchronized RMIConnection makeClient(String str, Subject subject) throws IOException {
            String str2 = RMIConnectorStarter.setupRMIHostname(this.mBindToAddr);
            try {
                Util.getLogger().log(Level.INFO, RMIConnectorStarter.MAKE_CLIENT, System.getProperty(RMIConnectorStarter.RMI_HOSTNAME_PROP));
                RMIConnection makeClient = super.makeClient(str, subject);
                RMIConnectorStarter.restoreRMIHostname(str2, this.mBindToAddr);
                return makeClient;
            } catch (Throwable th) {
                RMIConnectorStarter.restoreRMIHostname(str2, this.mBindToAddr);
                throw th;
            }
        }
    }

    /* loaded from: input_file:org/glassfish/admin/mbeanserver/RMIConnectorStarter$MyRMIServerSocketFactory.class */
    public static final class MyRMIServerSocketFactory extends RMISocketFactory {
        private final InetAddress mAddress;

        public MyRMIServerSocketFactory(InetAddress inetAddress) {
            this.mAddress = inetAddress;
        }

        public ServerSocket createServerSocket(int i) throws IOException {
            return new ServerSocket(i, 5, this.mAddress);
        }

        public Socket createSocket(String str, int i) throws IOException {
            return new Socket(str, i);
        }
    }

    public RMIConnectorStarter(MBeanServer mBeanServer, String str, int i, String str2, boolean z, ServiceLocator serviceLocator, BootAMXListener bootAMXListener, Ssl ssl) throws UnknownHostException {
        super(mBeanServer, str, i, z, serviceLocator, bootAMXListener);
        this.masterPassword = null;
        this.masterPassword = new String(((JMXMasterPasswordImpl) serviceLocator.getService(JMXMasterPasswordImpl.class, new Annotation[0])).getMasterPassword());
        if (!CLIConstants.NODEAGENT_JMX_DEFAULT_PROTOCOL.equals(str2)) {
            throw new IllegalArgumentException("JMXConnectorServer not yet supporting protocol: " + str2);
        }
        this.mBindToSingleIP = (str.equals("0.0.0.0") || str.equals("*") || str.equals("")) ? false : true;
        InetAddress address = getAddress(str);
        if (!this.mBindToSingleIP) {
            this.mServerSocketFactory = null;
            if (isSecurityEnabled()) {
                this.sslServerSocketFactory = new SecureRMIServerSocketFactory(serviceLocator, ssl, getAddress(str));
                this.sslCsf = getClientSocketFactory(ssl);
            } else {
                this.sslServerSocketFactory = null;
                this.sslCsf = null;
            }
        } else if (isSecurityEnabled()) {
            JMX_LOGGER.info(SECURITY_ENABLED);
            this.sslServerSocketFactory = new SecureRMIServerSocketFactory(serviceLocator, ssl, address);
            this.sslCsf = getClientSocketFactory(ssl);
            this.mServerSocketFactory = null;
        } else {
            this.mServerSocketFactory = new MyRMIServerSocketFactory(address);
            this.sslServerSocketFactory = null;
            this.sslCsf = null;
        }
        this.mRegistry = startRegistry(str, this.mPort);
    }

    private static InetAddress getAddress(String str) throws UnknownHostException {
        String str2 = str;
        if (str.equals("localhost")) {
            str2 = "127.0.0.1";
        } else if (str.equals("*")) {
            str2 = "0.0.0.0";
        }
        return InetAddress.getByName(str2);
    }

    static String setupRMIHostname(String str) {
        return System.setProperty(RMI_HOSTNAME_PROP, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void restoreRMIHostname(String str, String str2) {
        if (str == null) {
            System.clearProperty(RMI_HOSTNAME_PROP);
            return;
        }
        String property = System.setProperty(RMI_HOSTNAME_PROP, str);
        if (!property.equals(str2)) {
            throw new IllegalStateException("Something changed java.rmi.server.hostname to " + property);
        }
    }

    private Registry startRegistry(String str, int i) {
        Registry _startRegistry;
        if (this.mBindToSingleIP) {
            String str2 = setupRMIHostname(str);
            try {
                JMX_LOGGER.log(Level.INFO, BINDING_TO_SINGLE_ADDR, new Object[]{System.getProperty(RMI_HOSTNAME_PROP), Integer.valueOf(i)});
                _startRegistry = _startRegistry(i);
                restoreRMIHostname(str2, str);
            } catch (Throwable th) {
                restoreRMIHostname(str2, str);
                throw th;
            }
        } else {
            Util.getLogger().log(Level.FINE, "Binding RMI port to *:{0}", Integer.valueOf(i));
            _startRegistry = _startRegistry(i);
        }
        return _startRegistry;
    }

    private Registry _startRegistry(int i) {
        System.setProperty("java.rmi.server.randomIDs", "true");
        try {
            return isSecurityEnabled() ? LocateRegistry.createRegistry(i, this.sslCsf, this.sslServerSocketFactory) : LocateRegistry.createRegistry(i, (RMIClientSocketFactory) null, this.mServerSocketFactory);
        } catch (Exception e) {
            throw new RuntimeException("Port " + i + " is not available for the internal rmi registry. This means that a call was made with the same port, without closing earlier registry instance. This has to do with the system jmx connector configuration in admin-service element of the configuration associated with this instance");
        }
    }

    @Override // org.glassfish.admin.mbeanserver.ConnectorStarter
    public JMXConnectorServer start() throws MalformedURLException, IOException, UnknownHostException {
        String hostname = hostname();
        HashMap hashMap = new HashMap();
        hashMap.put("jmx.remote.jndi.rebind", "true");
        hashMap.put("jmx.remote.rmi.client.socket.factory", this.sslCsf);
        hashMap.put("jmx.remote.rmi.server.socket.factory", this.sslServerSocketFactory);
        hashMap.put("com.sun.jndi.rmi.factory.socket", this.sslCsf);
        JMXAuthenticator accessController = getAccessController();
        if (accessController != null) {
            hashMap.put("jmx.remote.authenticator", accessController);
        }
        this.mJMXServiceURL = new JMXServiceURL("service:jmx:rmi://" + (hostname + ":" + this.mPort) + "/jndi/rmi://" + (hostname + ":" + this.mPort) + "/" + JMXMQAddress.DEFAULT_CONNECTOR_NAME);
        if (this.mBindToSingleIP) {
            this.mMyServer = new MyRMIJRMPServerImpl(this.mPort, hashMap, isSecurityEnabled() ? this.sslServerSocketFactory : this.mServerSocketFactory, hostname);
            this.mConnectorServer = new RMIConnectorServer(this.mJMXServiceURL, hashMap, this.mMyServer, this.mMBeanServer);
        } else {
            this.mConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(this.mJMXServiceURL, hashMap, this.mMBeanServer);
        }
        if (this.mBootListener != null) {
            this.mConnectorServer.addNotificationListener(this.mBootListener, (NotificationFilter) null, this.mJMXServiceURL.toString());
        }
        this.mConnectorServer.start();
        return this.mConnectorServer;
    }

    public void stopAndUnexport() {
        super.stop();
        try {
            if (this.mBindToSingleIP) {
                this.mRegistry.unbind(this.mHostName);
            }
            UnicastRemoteObject.unexportObject(this.mRegistry, true);
        } catch (RemoteException e) {
            Util.getLogger().log(Level.SEVERE, ERROR_STOPPING, e);
        } catch (NotBoundException e2) {
            Util.getLogger().log(Level.SEVERE, ERROR_STOPPING, e2);
        }
    }

    private SslRMIClientSocketFactory getClientSocketFactory(Ssl ssl) {
        SSLParams convertToSSLParams = convertToSSLParams(ssl);
        SSLClientConfigurator sSLClientConfigurator = SSLClientConfigurator.getInstance();
        sSLClientConfigurator.setSSLParams(convertToSSLParams);
        Security.setProperty("ssl.SocketFactory.provider", sSLClientConfigurator.configure(convertToSSLParams).getClass().getName());
        String enabledProtocolsAsString = sSLClientConfigurator.getEnabledProtocolsAsString();
        if (enabledProtocolsAsString != null) {
            System.setProperty("javax.rmi.ssl.client.enabledProtocols", enabledProtocolsAsString);
        }
        String enabledCipherSuitesAsString = sSLClientConfigurator.getEnabledCipherSuitesAsString();
        if (enabledCipherSuitesAsString != null) {
            System.setProperty("javax.rmi.ssl.client.enabledCipherSuites", enabledCipherSuitesAsString);
        }
        System.setProperty("javax.net.ssl.keyStorePassword", convertToSSLParams.getKeyStorePassword() == null ? KeystoreManager.DEFAULT_MASTER_PASSWORD : convertToSSLParams.getKeyStorePassword());
        System.setProperty("javax.net.ssl.trustStorePassword", convertToSSLParams.getTrustStorePassword() == null ? KeystoreManager.DEFAULT_MASTER_PASSWORD : convertToSSLParams.getTrustStorePassword());
        return new SslRMIClientSocketFactory();
    }

    private SSLParams convertToSSLParams(Ssl ssl) {
        String property = ssl.getTrustStoreType() == null ? System.getProperty("javax.net.ssl.trustStoreType", "JKS") : ssl.getTrustStoreType();
        String trustStorePassword = ssl.getTrustStorePassword() == null ? this.masterPassword : ssl.getTrustStorePassword();
        File file = ssl.getTrustStore() == null ? new File(System.getProperty("javax.net.ssl.trustStore")) : new File(ssl.getTrustStore());
        String property2 = ssl.getTrustStoreType() == null ? System.getProperty("javax.net.ssl.keyStoreType", "JKS") : ssl.getKeyStoreType();
        String keyStorePassword = ssl.getTrustStorePassword() == null ? this.masterPassword : ssl.getKeyStorePassword();
        File file2 = ssl.getTrustStore() == null ? new File(System.getProperty("javax.net.ssl.keyStore")) : new File(ssl.getKeyStore());
        SSLParams sSLParams = new SSLParams(file, trustStorePassword, property);
        sSLParams.setTrustAlgorithm(ssl.getTrustAlgorithm());
        sSLParams.setCertNickname(ssl.getCertNickname());
        sSLParams.setCrlFile(ssl.getCrlFile());
        sSLParams.setClientAuthEnabled(ssl.getClientAuthEnabled());
        sSLParams.setClientAuth(ssl.getClientAuth());
        sSLParams.setKeyAlgorithm(ssl.getKeyAlgorithm());
        sSLParams.setKeyStore(file2.getAbsolutePath());
        sSLParams.setKeyStorePassword(keyStorePassword);
        sSLParams.setKeyStoreType(property2);
        sSLParams.setSsl2Ciphers(ssl.getSsl2Ciphers());
        sSLParams.setSsl2Enabled(ssl.getSsl2Enabled());
        sSLParams.setSsl3Enabled(ssl.getSsl3Enabled());
        sSLParams.setSsl3TlsCiphers(ssl.getSsl3TlsCiphers());
        sSLParams.setTlsEnabled(ssl.getTlsEnabled());
        sSLParams.setTlsRollbackEnabled(ssl.getTlsRollbackEnabled());
        return sSLParams;
    }
}
