package com.tc.management;

import com.tc.async.api.Sink;
import com.tc.config.schema.setup.L2ConfigurationSetupManager;
import com.tc.exception.TCRuntimeException;
import com.tc.logging.CustomerLogging;
import com.tc.logging.TCLogger;
import com.tc.management.beans.L2MBeanNames;
import com.tc.management.beans.LockStatisticsMonitorMBean;
import com.tc.management.beans.MBeanNames;
import com.tc.management.beans.TCDumper;
import com.tc.management.beans.TCServerInfoMBean;
import com.tc.management.beans.TerracottaOperatorEventsMBean;
import com.tc.management.beans.object.EnterpriseTCServerMbean;
import com.tc.management.beans.object.ServerDBBackupMBean;
import com.tc.net.core.security.TCPrincipal;
import com.tc.net.core.security.TCSecurityManager;
import com.tc.objectserver.persistence.db.TCDatabaseException;
import com.tc.objectserver.storage.api.DBEnvironment;
import com.tc.statistics.StatisticsAgentSubSystem;
import com.tc.statistics.beans.impl.StatisticsGatewayMBeanImpl;
import com.tc.statistics.retrieval.actions.SRAMessages;
import com.tc.util.Assert;
import com.tc.util.runtime.Vm;
import com.terracotta.management.user.UserRole;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.RMISocketFactory;
import java.security.AccessController;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.management.InstanceAlreadyExistsException;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.MBeanServerForwarder;
import javax.management.remote.jmxmp.JMXMPConnectorServer;
import javax.management.remote.rmi.RMIConnectorServer;
import javax.management.remote.rmi.RMIJRMPServerImpl;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.security.auth.Subject;
import org.apache.commons.httpclient.HttpState;

/* loaded from: input_file:L1/terracotta-l1-ee-3.7.4.jar:com/tc/management/EnterpriseL2Management.class */
public class EnterpriseL2Management extends L2Management {
    private static final Map rmiRegistryMap = new HashMap();
    private final EnterpriseTCServerMbean enterpriseTCServerMbean;
    private final TCSecurityManager securityManager;
    private final ServerDBBackupMBean serverDbBackupMBean;
    private final TerracottaOperatorEventsMBean l2OperatorEventsMbean;

    /* loaded from: input_file:L1/terracotta-l1-ee-3.7.4.jar:com/tc/management/EnterpriseL2Management$BindAddrSocketFactory.class */
    private static class BindAddrSocketFactory extends RMISocketFactory implements Serializable {
        private final InetAddress bindAddr;

        public BindAddrSocketFactory(InetAddress inetAddress) {
            this.bindAddr = inetAddress;
        }

        public ServerSocket createServerSocket(int i) throws IOException {
            return new ServerSocket(i, 0, this.bindAddr);
        }

        public Socket createSocket(String str, int i) throws IOException {
            return new Socket(this.bindAddr, i);
        }

        public int hashCode() {
            return this.bindAddr.hashCode();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.bindAddr.equals(((BindAddrSocketFactory) obj).bindAddr);
        }
    }

    /* loaded from: input_file:L1/terracotta-l1-ee-3.7.4.jar:com/tc/management/EnterpriseL2Management$MBSFInvocationHandler.class */
    private static class MBSFInvocationHandler implements InvocationHandler {
        private MBeanServer mbs;

        private MBSFInvocationHandler() {
        }

        public static MBeanServerForwarder newProxyInstance() {
            return (MBeanServerForwarder) MBeanServerForwarder.class.cast(Proxy.newProxyInstance(MBeanServerForwarder.class.getClassLoader(), new Class[]{MBeanServerForwarder.class}, new MBSFInvocationHandler()));
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            String name = method.getName();
            if (name.equals("getMBeanServer")) {
                return this.mbs;
            }
            if (name.equals("setMBeanServer")) {
                if (objArr[0] == null) {
                    throw new IllegalArgumentException("Null MBeanServer");
                }
                if (this.mbs != null) {
                    throw new IllegalArgumentException("MBeanServer object already initialized");
                }
                this.mbs = (MBeanServer) objArr[0];
                return null;
            }
            Subject subject = Subject.getSubject(AccessController.getContext());
            if (subject == null) {
                return method.invoke(this.mbs, objArr);
            }
            if (name.equals("createMBean") || name.equals("unregisterMBean")) {
                throw new SecurityException("Access denied");
            }
            if (isServerShutdown(objArr, name) && subject.isReadOnly()) {
                throw new SecurityException("Access denied");
            }
            Set principals = subject.getPrincipals(Principal.class);
            if (principals == null || principals.isEmpty()) {
                throw new SecurityException("Access denied");
            }
            ((Principal) principals.iterator().next()).getName();
            return method.invoke(this.mbs, objArr);
        }

        private boolean isServerShutdown(Object[] objArr, String str) {
            return "invoke".equals(str) && objArr != null && objArr.length >= 2 && L2MBeanNames.TC_SERVER_INFO.equals(objArr[0]) && "shutdown".equals(objArr[1]);
        }
    }

    public EnterpriseL2Management(TCServerInfoMBean tCServerInfoMBean, LockStatisticsMonitorMBean lockStatisticsMonitorMBean, StatisticsAgentSubSystem statisticsAgentSubSystem, StatisticsGatewayMBeanImpl statisticsGatewayMBeanImpl, L2ConfigurationSetupManager l2ConfigurationSetupManager, TCDumper tCDumper, InetAddress inetAddress, int i, Sink sink, EnterpriseTCServerMbean enterpriseTCServerMbean, ServerDBBackupMBean serverDBBackupMBean, TCSecurityManager tCSecurityManager) throws MBeanRegistrationException, NotCompliantMBeanException, InstanceAlreadyExistsException {
        super(tCServerInfoMBean, lockStatisticsMonitorMBean, statisticsAgentSubSystem, statisticsGatewayMBeanImpl, l2ConfigurationSetupManager, tCDumper, inetAddress, i, sink);
        this.enterpriseTCServerMbean = enterpriseTCServerMbean;
        this.securityManager = tCSecurityManager;
        try {
            this.serverDbBackupMBean = serverDBBackupMBean;
            try {
                this.l2OperatorEventsMbean = new TerracottaOperatorEventsMBeanImpl();
                registerEnterpriseMBeans();
            } catch (NotCompliantMBeanException e) {
                throw new RuntimeException("Unable to construct " + TerracottaOperatorEventsMBean.class.getSimpleName() + " bean. This is a programming error in one of those beans", e);
            }
        } catch (Exception e2) {
            throw new TCRuntimeException("Unable to construct ServerDBBackupMBean - " + enterpriseTCServerMbean + " . This is a programming error in one of those beans", e2);
        }
    }

    @Override // com.tc.management.L2Management
    public void initBackupMbean(DBEnvironment dBEnvironment) throws TCDatabaseException {
        if (this.serverDbBackupMBean != null) {
            dBEnvironment.initBackupMbean(this.serverDbBackupMBean);
        }
    }

    protected static Registry getRMIRegistry(int i, RMIClientSocketFactory rMIClientSocketFactory, RMIServerSocketFactory rMIServerSocketFactory) throws RemoteException {
        Integer valueOf = Integer.valueOf(i);
        Registry registry = (Registry) rmiRegistryMap.get(valueOf);
        if (registry == null) {
            Map map = rmiRegistryMap;
            Registry createRegistry = LocateRegistry.createRegistry(i, rMIClientSocketFactory, rMIServerSocketFactory);
            registry = createRegistry;
            map.put(valueOf, createRegistry);
        }
        return registry;
    }

    @Override // com.tc.management.L2Management
    protected void validateAuthenticationElement() {
    }

    @Override // com.tc.management.L2Management
    public synchronized void start() throws Exception {
        boolean authentication = this.configurationSetupManager.commonl2Config().authentication();
        HashMap hashMap = new HashMap();
        hashMap.put("jmx.remote.x.server.connection.timeout", Long.MAX_VALUE);
        hashMap.put(JMXMPConnectorServer.SERVER_ADDRESS_WILDCARD, HttpState.PREEMPTIVE_DEFAULT);
        TCLogger consoleLogger = CustomerLogging.getConsoleLogger();
        if (this.configurationSetupManager.isSecure()) {
            Assert.assertNotNull(this.securityManager);
            if (authentication) {
                consoleLogger.warn("Legacy authentication configured, while security being enabled! Only security level config will be used");
            }
            hashMap.put(JMXConnectorServer.AUTHENTICATOR, new JMXAuthenticator() { // from class: com.tc.management.EnterpriseL2Management.1
                @Override // javax.management.remote.JMXAuthenticator
                public Subject authenticate(Object obj) {
                    if (obj == null) {
                        throw new SecurityException("You must provide a valid username and password!");
                    }
                    String str = null;
                    char[] cArr = null;
                    if (obj instanceof Object[]) {
                        Object[] objArr = (Object[]) obj;
                        if (objArr.length == 2 && (objArr[0] instanceof String) && (objArr[1] instanceof char[])) {
                            str = (String) objArr[0];
                            cArr = (char[]) objArr[1];
                        }
                    }
                    TCPrincipal tCPrincipal = (TCPrincipal) EnterpriseL2Management.this.securityManager.authenticate(str, cArr);
                    if (tCPrincipal != null) {
                        return new Subject(!tCPrincipal.getRoles().contains(UserRole.ADMIN), Collections.singleton(tCPrincipal), Collections.EMPTY_SET, Collections.EMPTY_SET);
                    }
                    throw new SecurityException("Username and/or password is not valid!");
                }
            });
            JMXServiceURL jMXServiceURL = new JMXServiceURL("service:jmx:rmi://");
            SslRMIClientSocketFactory sslRMIClientSocketFactory = new SslRMIClientSocketFactory();
            SslRMIServerSocketFactory sslRMIServerSocketFactory = new SslRMIServerSocketFactory();
            RMIJRMPServerImpl rMIJRMPServerImpl = new RMIJRMPServerImpl(this.jmxPort, sslRMIClientSocketFactory, sslRMIServerSocketFactory, hashMap);
            this.jmxConnectorServer = new RMIConnectorServer(jMXServiceURL, hashMap, rMIJRMPServerImpl, this.mBeanServer);
            this.jmxConnectorServer.setMBeanServerForwarder(MBSFInvocationHandler.newProxyInstance());
            this.jmxConnectorServer.start();
            getRMIRegistry(this.jmxPort, sslRMIClientSocketFactory, sslRMIServerSocketFactory).bind("jmxrmi", rMIJRMPServerImpl);
            consoleLogger.info("Secured RMI JMX port " + this.jmxPort);
            return;
        }
        if (!authentication) {
            super.start();
            return;
        }
        String str = "";
        String authenticationPasswordFile = this.configurationSetupManager.commonl2Config().authenticationPasswordFile();
        String authenticationLoginConfigName = this.configurationSetupManager.commonl2Config().authenticationLoginConfigName();
        String authenticationAccessFile = this.configurationSetupManager.commonl2Config().authenticationAccessFile();
        if (authenticationPasswordFile != null && !new File(authenticationPasswordFile).exists()) {
            consoleLogger.error("Password file does not exist: " + authenticationPasswordFile);
        }
        if (!new File(authenticationAccessFile).exists()) {
            consoleLogger.error("Access file does not exist: " + authenticationAccessFile);
        }
        if (authenticationPasswordFile != null) {
            hashMap.put("jmx.remote.x.password.file", authenticationPasswordFile);
            str = "Credentials: pwd[" + authenticationPasswordFile + "] access[" + authenticationAccessFile + "]";
        } else if (authenticationLoginConfigName != null) {
            if (Vm.isJDK16Compliant()) {
                hashMap.put("jmx.remote.x.login.config", authenticationLoginConfigName);
                str = "Credentials: loginConfig[" + authenticationLoginConfigName + "] access[" + authenticationAccessFile + "]";
            } else {
                consoleLogger.error("JAAS LoginModule support requires version 1.6 or greater of the Java Runtime; all credentials will be accepted");
            }
        }
        hashMap.put("jmx.remote.x.access.file", authenticationAccessFile);
        JMXServiceURL jMXServiceURL2 = new JMXServiceURL("service:jmx:rmi://");
        RMIClientSocketFactory bindAddrSocketFactory = new BindAddrSocketFactory(this.bindAddress);
        RMIClientSocketFactory rMIClientSocketFactory = this.bindAddress.isAnyLocalAddress() ? null : bindAddrSocketFactory;
        RMIJRMPServerImpl rMIJRMPServerImpl2 = new RMIJRMPServerImpl(this.jmxPort, rMIClientSocketFactory, bindAddrSocketFactory, hashMap);
        this.jmxConnectorServer = new RMIConnectorServer(jMXServiceURL2, hashMap, rMIJRMPServerImpl2, this.mBeanServer);
        this.jmxConnectorServer.start();
        getRMIRegistry(this.jmxPort, rMIClientSocketFactory, bindAddrSocketFactory).bind("jmxrmi", rMIJRMPServerImpl2);
        consoleLogger.info("JMX Server started. Authentication ON - Available at URL[Service:jmx:rmi:///jndi/rmi://" + this.bindAddress.getHostAddress() + SRAMessages.ELEMENT_NAME_DELIMITER + this.jmxPort + "/jmxrmi]");
        if (str.equals("")) {
            return;
        }
        consoleLogger.info(str);
    }

    private void registerEnterpriseMBeans() throws MBeanRegistrationException, NotCompliantMBeanException, InstanceAlreadyExistsException {
        getMBeanServer().registerMBean(this.enterpriseTCServerMbean, L2MBeanNames.ENTERPRISE_TC_SERVER);
        if (this.serverDbBackupMBean != null) {
            getMBeanServer().registerMBean(this.serverDbBackupMBean, L2MBeanNames.SERVER_DB_BACKUP);
        }
        getMBeanServer().registerMBean(this.l2OperatorEventsMbean, MBeanNames.OPERATOR_EVENTS_PUBLIC);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.tc.management.L2Management
    public void unregisterMBeans() throws InstanceNotFoundException, MBeanRegistrationException {
        super.unregisterMBeans();
        getMBeanServer().unregisterMBean(L2MBeanNames.ENTERPRISE_TC_SERVER);
        if (this.serverDbBackupMBean != null) {
            getMBeanServer().unregisterMBean(L2MBeanNames.SERVER_DB_BACKUP);
        }
        getMBeanServer().unregisterMBean(MBeanNames.OPERATOR_EVENTS_PUBLIC);
    }

    @Override // com.tc.management.L2Management, com.tc.management.TerracottaManagement
    public Object findMBean(ObjectName objectName, Class cls) throws IOException {
        return objectName.equals(MBeanNames.OPERATOR_EVENTS_PUBLIC) ? this.l2OperatorEventsMbean : super.findMBean(objectName, cls);
    }
}
