package org.apache.brooklyn.util.jmx.jmxmp;

import java.io.FileInputStream;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.rmi.registry.LocateRegistry;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnectorServer;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.brooklyn.util.jmx.jmxrmi.JmxRmiAgent;

/* loaded from: input_file:brooklyn-jmxmp-agent-shaded-1.2.0-20240504-1734.jar:org/apache/brooklyn/util/jmx/jmxmp/JmxmpAgent.class */
public class JmxmpAgent {
    public static final String JMXMP_PORT_PROPERTY = "brooklyn.jmxmp.port";
    public static final String RMI_HOSTNAME_PROPERTY = "java.rmi.server.hostname";
    public static final String JMX_SERVER_ADDRESS_WILDCARD_PROPERTY = "jmx.remote.server.address.wildcard";
    public static final String RMI_REGISTRY_PORT_PROPERTY = "brooklyn.jmxmp.rmi-port";
    public static final String USE_SSL_PROPERTY = "com.sun.management.jmxremote.ssl";
    public static final String AUTHENTICATE_CLIENTS_PROPERTY = "brooklyn.jmxmp.ssl.authenticate";
    public static final String JMXMP_KEYSTORE_FILE_PROPERTY = "brooklyn.jmxmp.ssl.keyStore";
    public static final String JMXMP_KEYSTORE_PASSWORD_PROPERTY = "brooklyn.jmxmp.ssl.keyStorePassword";
    public static final String JMXMP_KEYSTORE_KEY_PASSWORD_PROPERTY = "brooklyn.jmxmp.ssl.keyStore.keyPassword";
    public static final String JMXMP_KEYSTORE_TYPE_PROPERTY = "brooklyn.jmxmp.ssl.keyStoreType";
    public static final String JMXMP_TRUSTSTORE_FILE_PROPERTY = "brooklyn.jmxmp.ssl.trustStore";
    public static final String JMXMP_TRUSTSTORE_PASSWORD_PROPERTY = "brooklyn.jmxmp.ssl.trustStorePassword";
    public static final String JMXMP_TRUSTSTORE_TYPE_PROPERTY = "brooklyn.jmxmp.ssl.trustStoreType";
    public static final String TLS_NEED_AUTHENTICATE_CLIENTS_PROPERTY = "jmx.remote.tls.need.client.authentication";
    public static final String TLS_WANT_AUTHENTICATE_CLIENTS_PROPERTY = "jmx.remote.tls.want.client.authentication";
    public static final String TLS_SOCKET_FACTORY_PROPERTY = "jmx.remote.tls.socket.factory";
    public static final String TLS_JMX_REMOTE_PROFILES = "TLS";
    public static final int JMXMP_DEFAULT_PORT = 11099;

    public static void premain(String str) {
        doMain(str);
    }

    public static void agentmain(String str) {
        doMain(str);
    }

    public static void doMain(final String str) {
        Thread thread = new Thread() { // from class: org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgent.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                JmxmpAgent.doMainForeground(str);
            }
        };
        thread.setDaemon(true);
        thread.start();
    }

    public static void doMainForeground(String str) {
        final List<JMXConnectorServer> startConnectors = new JmxmpAgent().startConnectors(System.getProperties());
        if (startConnectors.isEmpty()) {
            return;
        }
        Runtime.getRuntime().addShutdownHook(new Thread("jmxmp-agent-shutdownHookThread") { // from class: org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgent.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                for (JMXConnectorServer jMXConnectorServer : startConnectors) {
                    try {
                        jMXConnectorServer.stop();
                    } catch (Exception e) {
                        System.err.println("Error closing jmxmp connector " + jMXConnectorServer + " in shutdown hook (continuing): " + e);
                    }
                }
            }
        });
    }

    public List<JMXConnectorServer> startConnectors(Properties properties) {
        ArrayList arrayList = new ArrayList();
        addIfNotNull(startJmxmpConnector(properties), arrayList);
        addIfNotNull(startNormalJmxRmiConnectorIfRequested(properties), arrayList);
        return arrayList;
    }

    private static <T> void addIfNotNull(T t, List<T> list) {
        if (t != null) {
            list.add(t);
        }
    }

    public JMXConnectorServer startJmxmpConnector(Properties properties) {
        try {
            JMXServiceURL jMXServiceURL = new JMXServiceURL("service:jmx:jmxmp://" + getLocalhostHostname(properties) + ":" + Integer.parseInt(properties.getProperty(JMXMP_PORT_PROPERTY, JmxRmiAgent.JMX_SERVER_DEFAULT_PORT)));
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            propagate(properties, linkedHashMap, "jmx.remote.server.address.wildcard", null);
            if (asBoolean(properties, USE_SSL_PROPERTY, false, true)) {
                setSslEnvFromProperties(linkedHashMap, properties);
            } else if (asBoolean(properties, AUTHENTICATE_CLIENTS_PROPERTY, false, true)) {
                throw new IllegalStateException("Client authentication not supported when not using SSL");
            }
            JMXConnectorServer newJMXConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jMXServiceURL, linkedHashMap, ManagementFactory.getPlatformMBeanServer());
            newJMXConnectorServer.start();
            System.out.println("JmxmpAgent active at: " + jMXServiceURL);
            return newJMXConnectorServer;
        } catch (RuntimeException e) {
            System.err.println("Unable to start JmxmpAgent: " + e);
            throw e;
        } catch (Exception e2) {
            System.err.println("Unable to start JmxmpAgent: " + e2);
            throw new RuntimeException(e2);
        }
    }

    public JMXConnectorServer startNormalJmxRmiConnectorIfRequested(Properties properties) {
        try {
            String property = properties.getProperty(RMI_REGISTRY_PORT_PROPERTY);
            if (property == null || property.length() == 0) {
                return null;
            }
            int parseInt = Integer.parseInt(property);
            LocateRegistry.createRegistry(parseInt);
            RMIConnectorServer rMIConnectorServer = new RMIConnectorServer(new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:" + parseInt + "/jmxrmi"), (Map) null, ManagementFactory.getPlatformMBeanServer());
            rMIConnectorServer.start();
            return rMIConnectorServer;
        } catch (Exception e) {
            System.err.println("Unable to start JmxmpAgent: " + e);
            throw new RuntimeException(e);
        }
    }

    public static String getLocalhostHostname(Properties properties) throws UnknownHostException {
        String property = properties == null ? null : properties.getProperty("java.rmi.server.hostname");
        if (property == null || property.isEmpty()) {
            try {
                property = InetAddress.getLocalHost().getHostName();
            } catch (Exception e) {
                System.err.println("Misconfigured hostname when setting JmxmpAgent; reverting to 127.0.0.1: " + e);
                property = "127.0.0.1";
            }
        }
        return property;
    }

    private static boolean propagate(Properties properties, Map<String, Object> map, String str, Object obj) {
        Object property = properties.getProperty(str);
        if (property == null) {
            property = obj;
        }
        if (property == null) {
            return false;
        }
        map.put(str, property);
        return true;
    }

    private boolean asBoolean(Properties properties, String str, Boolean bool, Boolean bool2) {
        Object obj = properties.get(str);
        if (obj == null) {
            if (bool == null) {
                throw new IllegalStateException("Property '" + str + "' is required.");
            }
            return bool.booleanValue();
        }
        String obj2 = obj.toString();
        if ("true".equalsIgnoreCase(obj2)) {
            return true;
        }
        if ("false".equalsIgnoreCase(obj2)) {
            return false;
        }
        if (bool2 == null) {
            throw new IllegalStateException("Property '" + str + "' has illegal value '" + obj2 + "'; should be true or false");
        }
        return bool2.booleanValue();
    }

    public void setSslEnvFromProperties(Map<String, Object> map, Properties properties) throws Exception {
        TrustManager[] trustManagerArr;
        map.put("jmx.remote.profiles", TLS_JMX_REMOTE_PROFILES);
        boolean asBoolean = asBoolean(properties, AUTHENTICATE_CLIENTS_PROPERTY, true, null);
        if (asBoolean) {
            map.put(AUTHENTICATE_CLIENTS_PROPERTY, "true");
            propagate(properties, map, TLS_NEED_AUTHENTICATE_CLIENTS_PROPERTY, "true");
            propagate(properties, map, TLS_WANT_AUTHENTICATE_CLIENTS_PROPERTY, "true");
        }
        if (propagate(properties, map, TLS_SOCKET_FACTORY_PROPERTY, null)) {
            return;
        }
        String property = properties.getProperty(JMXMP_KEYSTORE_FILE_PROPERTY);
        String property2 = properties.getProperty(JMXMP_KEYSTORE_PASSWORD_PROPERTY, "");
        String property3 = properties.getProperty(JMXMP_KEYSTORE_TYPE_PROPERTY, KeyStore.getDefaultType());
        String property4 = properties.getProperty(JMXMP_KEYSTORE_KEY_PASSWORD_PROPERTY, "");
        KeyStore keyStore = KeyStore.getInstance(property3);
        if (property != null) {
            keyStore.load(new FileInputStream(property), property2.toCharArray());
        } else {
            keyStore.load(null, null);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, property4.toCharArray());
        String property5 = properties.getProperty(JMXMP_TRUSTSTORE_FILE_PROPERTY);
        String property6 = properties.getProperty(JMXMP_TRUSTSTORE_PASSWORD_PROPERTY, "");
        String property7 = properties.getProperty(JMXMP_TRUSTSTORE_TYPE_PROPERTY, KeyStore.getDefaultType());
        if (property5 != null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore2 = KeyStore.getInstance(property7);
            keyStore2.load(new FileInputStream(property5), property6.toCharArray());
            trustManagerFactory.init(keyStore2);
            trustManagerArr = new TrustManager[]{newInspectAllTrustManager((X509TrustManager) trustManagerFactory.getTrustManagers()[0])};
        } else {
            trustManagerArr = null;
            if (asBoolean) {
                System.err.println("Authentication required but no truststore supplied to JmxmpAgent. Client connections will likely fail.");
            }
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, null);
        map.put(TLS_SOCKET_FACTORY_PROPERTY, sSLContext.getSocketFactory());
    }

    public static final TrustManager newInspectAllTrustManager(final X509TrustManager x509TrustManager) {
        return new X509TrustManager() { // from class: org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgent.3
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        };
    }

    public static void main(String[] strArr) {
        premain("");
    }
}
