package com.sun.jmx.remote.opt.security;

import com.sun.jmx.remote.generic.ProfileServer;
import com.sun.jmx.remote.opt.util.ClassLogger;
import com.sun.jmx.remote.opt.util.EnvHelp;
import com.sun.jmx.remote.socket.SocketConnectionIf;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.StringTokenizer;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.generic.MessageConnection;
import javax.management.remote.message.ProfileMessage;
import javax.management.remote.message.TLSMessage;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
import javax.security.cert.X509Certificate;
import org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgent;

/* loaded from: input_file:brooklyn-jmxmp-agent-shaded-1.1.0-20231208-1708.jar:com/sun/jmx/remote/opt/security/TLSServerHandler.class */
public class TLSServerHandler implements ProfileServer {
    static final boolean bundledJSSE;
    static Method getProtocol;
    static Method getEnabledProtocols;
    static Method setEnabledProtocols;
    static Method getWantClientAuth;
    static Method setWantClientAuth;
    private Map env;
    private String profile;
    private static final String X500_PRINCIPAL = "javax.security.auth.x500.X500Principal";
    private static final ClassLogger logger;
    static Class class$javax$net$ssl$SSLSession;
    static Class class$javax$net$ssl$SSLSocket;
    static Class array$Ljava$lang$String;
    static Class class$java$lang$String;
    protected SSLSocket ts = null;
    private boolean completed = false;
    private MessageConnection mc = null;
    private Subject subject = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getProtocol(SSLSession sSLSession) throws IOException {
        try {
            return (String) getProtocol.invoke(sSLSession, new Object[0]);
        } catch (InvocationTargetException e) {
            throw ((RuntimeException) e.getTargetException());
        } catch (Throwable th) {
            throw ((IOException) EnvHelp.initCause(new IOException(th.getMessage()), th));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] getEnabledProtocols(SSLSocket sSLSocket) throws IOException {
        try {
            return (String[]) getEnabledProtocols.invoke(sSLSocket, new Object[0]);
        } catch (InvocationTargetException e) {
            throw ((RuntimeException) e.getTargetException());
        } catch (Throwable th) {
            throw ((IOException) EnvHelp.initCause(new IOException(th.getMessage()), th));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setEnabledProtocols(SSLSocket sSLSocket, String[] strArr) throws IOException {
        try {
            setEnabledProtocols.invoke(sSLSocket, strArr);
        } catch (InvocationTargetException e) {
            throw ((RuntimeException) e.getTargetException());
        } catch (Throwable th) {
            throw ((IOException) EnvHelp.initCause(new IOException(th.getMessage()), th));
        }
    }

    static Boolean getWantClientAuth(SSLSocket sSLSocket) throws IOException {
        try {
            return (Boolean) getWantClientAuth.invoke(sSLSocket, new Object[0]);
        } catch (InvocationTargetException e) {
            throw ((RuntimeException) e.getTargetException());
        } catch (Throwable th) {
            throw ((IOException) EnvHelp.initCause(new IOException(th.getMessage()), th));
        }
    }

    static void setWantClientAuth(SSLSocket sSLSocket, Boolean bool) throws IOException {
        try {
            setWantClientAuth.invoke(sSLSocket, bool);
        } catch (InvocationTargetException e) {
            throw ((RuntimeException) e.getTargetException());
        } catch (Throwable th) {
            throw ((IOException) EnvHelp.initCause(new IOException(th.getMessage()), th));
        }
    }

    public TLSServerHandler(String str, Map map) {
        this.env = null;
        this.profile = null;
        this.profile = str;
        this.env = map;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public void initialize(MessageConnection messageConnection, Subject subject) throws IOException {
        this.mc = messageConnection;
        this.subject = subject;
        if (!(messageConnection instanceof SocketConnectionIf)) {
            throw new IOException("Not an instance of SocketConnectionIf");
        }
        Socket socket = ((SocketConnectionIf) messageConnection).getSocket();
        SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) this.env.get(JmxmpAgent.TLS_SOCKET_FACTORY_PROPERTY);
        if (sSLSocketFactory == null) {
            sSLSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
        String hostName = socket.getInetAddress().getHostName();
        int port = socket.getPort();
        if (logger.traceOn()) {
            logger.trace("initialize", new StringBuffer().append("TLS: Hostname = ").append(hostName).toString());
            logger.trace("initialize", new StringBuffer().append("TLS: Port = ").append(port).toString());
        }
        this.ts = (SSLSocket) sSLSocketFactory.createSocket(socket, hostName, port, true);
        this.ts.setUseClientMode(false);
        if (logger.traceOn()) {
            logger.trace("initialize", new StringBuffer().append("TLS: Socket Client Mode = ").append(this.ts.getUseClientMode()).toString());
        }
        if (bundledJSSE) {
            String str = (String) this.env.get("jmx.remote.tls.enabled.protocols");
            if (str != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(str, " ");
                int countTokens = stringTokenizer.countTokens();
                String[] strArr = new String[countTokens];
                for (int i = 0; i < countTokens; i++) {
                    strArr[i] = stringTokenizer.nextToken();
                }
                setEnabledProtocols(this.ts, strArr);
            }
            if (logger.traceOn()) {
                logger.trace("initialize", "TLS: Enabled Protocols");
                String[] enabledProtocols = getEnabledProtocols(this.ts);
                if (enabledProtocols != null) {
                    StringBuffer stringBuffer = new StringBuffer();
                    for (int i2 = 0; i2 < enabledProtocols.length; i2++) {
                        stringBuffer.append(enabledProtocols[i2]);
                        if (i2 + 1 < enabledProtocols.length) {
                            stringBuffer.append(", ");
                        }
                    }
                    logger.trace("initialize", new StringBuffer().append("TLS: [").append((Object) stringBuffer).append("]").toString());
                } else {
                    logger.trace("initialize", "TLS: []");
                }
            }
        }
        String str2 = (String) this.env.get("jmx.remote.tls.enabled.cipher.suites");
        if (str2 != null) {
            StringTokenizer stringTokenizer2 = new StringTokenizer(str2, " ");
            int countTokens2 = stringTokenizer2.countTokens();
            String[] strArr2 = new String[countTokens2];
            for (int i3 = 0; i3 < countTokens2; i3++) {
                strArr2[i3] = stringTokenizer2.nextToken();
            }
            this.ts.setEnabledCipherSuites(strArr2);
        }
        if (logger.traceOn()) {
            logger.trace("initialize", "TLS: Enabled Cipher Suites");
            String[] enabledCipherSuites = this.ts.getEnabledCipherSuites();
            if (enabledCipherSuites != null) {
                StringBuffer stringBuffer2 = new StringBuffer();
                for (int i4 = 0; i4 < enabledCipherSuites.length; i4++) {
                    stringBuffer2.append(enabledCipherSuites[i4]);
                    if (i4 + 1 < enabledCipherSuites.length) {
                        stringBuffer2.append(", ");
                    }
                }
                logger.trace("initialize", new StringBuffer().append("TLS: [").append((Object) stringBuffer2).append("]").toString());
            } else {
                logger.trace("initialize", "TLS: []");
            }
        }
        String str3 = (String) this.env.get(JmxmpAgent.TLS_NEED_AUTHENTICATE_CLIENTS_PROPERTY);
        if (str3 != null) {
            this.ts.setNeedClientAuth(Boolean.valueOf(str3).booleanValue());
        }
        if (logger.traceOn()) {
            logger.trace("initialize", new StringBuffer().append("TLS: Socket Need Client Authentication = ").append(this.ts.getNeedClientAuth()).toString());
        }
        if (bundledJSSE) {
            String str4 = (String) this.env.get(JmxmpAgent.TLS_WANT_AUTHENTICATE_CLIENTS_PROPERTY);
            if (str4 != null) {
                setWantClientAuth(this.ts, Boolean.valueOf(str4));
            }
            if (logger.traceOn()) {
                logger.trace("initialize", new StringBuffer().append("TLS: Socket Want Client Authentication = ").append(getWantClientAuth(this.ts)).toString());
            }
        }
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public ProfileMessage produceMessage() throws IOException {
        TLSMessage tLSMessage = new TLSMessage(2);
        if (logger.traceOn()) {
            logger.trace("produceMessage", ">>>>> TLS server message <<<<<");
            logger.trace("produceMessage", new StringBuffer().append("Profile Name : ").append(tLSMessage.getProfileName()).toString());
            logger.trace("produceMessage", new StringBuffer().append("Status : ").append(tLSMessage.getStatus()).toString());
        }
        this.completed = true;
        return tLSMessage;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public void consumeMessage(ProfileMessage profileMessage) throws IOException {
        if (!(profileMessage instanceof TLSMessage)) {
            throw new IOException(new StringBuffer().append("Unexpected profile message type: ").append(profileMessage.getClass().getName()).toString());
        }
        TLSMessage tLSMessage = (TLSMessage) profileMessage;
        if (logger.traceOn()) {
            logger.trace("consumeMessage", ">>>>> TLS client message <<<<<");
            logger.trace("consumeMessage", new StringBuffer().append("Profile Name : ").append(tLSMessage.getProfileName()).toString());
            logger.trace("consumeMessage", new StringBuffer().append("Status : ").append(tLSMessage.getStatus()).toString());
        }
        if (tLSMessage.getStatus() != 1) {
            throw new IOException(new StringBuffer().append("Unexpected TLS status [").append(tLSMessage.getStatus()).append("]").toString());
        }
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public boolean isComplete() {
        return this.completed;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public Subject activate() throws IOException {
        JMXPrincipal jMXPrincipal;
        Class<?> cls;
        if (logger.traceOn()) {
            logger.trace("activate", ">>>>> TLS handshake <<<<<");
            logger.trace("activate", "TLS: Start TLS Handshake");
        }
        this.ts.startHandshake();
        SSLSession session = this.ts.getSession();
        if (session != null) {
            if (logger.traceOn()) {
                logger.trace("activate", new StringBuffer().append("TLS: getCipherSuite = ").append(session.getCipherSuite()).toString());
                logger.trace("activate", new StringBuffer().append("TLS: getPeerHost = ").append(session.getPeerHost()).toString());
                if (bundledJSSE) {
                    logger.trace("activate", new StringBuffer().append("TLS: getProtocol = ").append(getProtocol(session)).toString());
                }
            }
            try {
                X509Certificate[] peerCertificateChain = session.getPeerCertificateChain();
                if (peerCertificateChain == null || peerCertificateChain[0] == null) {
                    logger.trace("activate", "TLS: No Client Authentication");
                } else {
                    String name = peerCertificateChain[0].getSubjectDN().getName();
                    if (bundledJSSE) {
                        try {
                            Class<?> cls2 = Class.forName(X500_PRINCIPAL);
                            Class<?>[] clsArr = new Class[1];
                            if (class$java$lang$String == null) {
                                cls = class$("java.lang.String");
                                class$java$lang$String = cls;
                            } else {
                                cls = class$java$lang$String;
                            }
                            clsArr[0] = cls;
                            jMXPrincipal = (Principal) cls2.getConstructor(clsArr).newInstance(name);
                        } catch (Exception e) {
                            logger.trace("activate", new StringBuffer().append("TLS: Client Authentication: ").append(e.getMessage()).toString());
                            logger.debug("activate", e);
                            logger.trace("activate", "TLS: Client Authentication: Got exception building the javax.security.auth.x500.X500Principal from the principal stored in the client's certificate.");
                            logger.trace("activate", new StringBuffer().append("TLS: Client Authentication: Subject DN = [").append(name).append("]").toString());
                            logger.trace("activate", new StringBuffer().append("TLS: Client Authentication: Default to JMXPrincipal[").append(name).append("]").toString());
                            jMXPrincipal = new JMXPrincipal(name);
                        }
                    } else {
                        jMXPrincipal = new JMXPrincipal(name);
                    }
                    JMXPrincipal jMXPrincipal2 = jMXPrincipal;
                    if (this.subject == null) {
                        this.subject = new Subject();
                    }
                    AccessController.doPrivileged(new PrivilegedAction(this, jMXPrincipal2) { // from class: com.sun.jmx.remote.opt.security.TLSServerHandler.1
                        private final Principal val$principal;
                        private final TLSServerHandler this$0;

                        {
                            this.this$0 = this;
                            this.val$principal = jMXPrincipal2;
                        }

                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            this.this$0.subject.getPrincipals().add(this.val$principal);
                            return null;
                        }
                    });
                    logger.trace("activate", new StringBuffer().append("TLS: Client Authentication OK! SubjectDN = ").append(jMXPrincipal2).toString());
                }
            } catch (SSLPeerUnverifiedException e2) {
                logger.trace("activate", new StringBuffer().append("TLS: No Client Authentication: ").append(e2.getMessage()).toString());
            }
            logger.trace("activate", "TLS: Finish TLS Handshake");
        }
        ((SocketConnectionIf) this.mc).setSocket(this.ts);
        return this.subject;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public void terminate() throws IOException {
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public String getName() {
        return this.profile;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class<?> cls4;
        Class cls5;
        Class cls6;
        boolean z = false;
        try {
            if (class$javax$net$ssl$SSLSession == null) {
                cls = class$("javax.net.ssl.SSLSession");
                class$javax$net$ssl$SSLSession = cls;
            } else {
                cls = class$javax$net$ssl$SSLSession;
            }
            getProtocol = cls.getMethod("getProtocol", new Class[0]);
            if (class$javax$net$ssl$SSLSocket == null) {
                cls2 = class$("javax.net.ssl.SSLSocket");
                class$javax$net$ssl$SSLSocket = cls2;
            } else {
                cls2 = class$javax$net$ssl$SSLSocket;
            }
            getEnabledProtocols = cls2.getMethod("getEnabledProtocols", new Class[0]);
            if (class$javax$net$ssl$SSLSocket == null) {
                cls3 = class$("javax.net.ssl.SSLSocket");
                class$javax$net$ssl$SSLSocket = cls3;
            } else {
                cls3 = class$javax$net$ssl$SSLSocket;
            }
            Class<?>[] clsArr = new Class[1];
            if (array$Ljava$lang$String == null) {
                cls4 = class$("[Ljava.lang.String;");
                array$Ljava$lang$String = cls4;
            } else {
                cls4 = array$Ljava$lang$String;
            }
            clsArr[0] = cls4;
            setEnabledProtocols = cls3.getMethod("setEnabledProtocols", clsArr);
            if (class$javax$net$ssl$SSLSocket == null) {
                cls5 = class$("javax.net.ssl.SSLSocket");
                class$javax$net$ssl$SSLSocket = cls5;
            } else {
                cls5 = class$javax$net$ssl$SSLSocket;
            }
            getWantClientAuth = cls5.getMethod("getWantClientAuth", new Class[0]);
            if (class$javax$net$ssl$SSLSocket == null) {
                cls6 = class$("javax.net.ssl.SSLSocket");
                class$javax$net$ssl$SSLSocket = cls6;
            } else {
                cls6 = class$javax$net$ssl$SSLSocket;
            }
            setWantClientAuth = cls6.getMethod("setWantClientAuth", Boolean.TYPE);
        } catch (Throwable th) {
            z = true;
        }
        bundledJSSE = !z;
        logger = new ClassLogger("javax.management.remote.misc", "TLSServerHandler");
    }
}
