package com.gemstone.gemfire.management.internal;

import com.gemstone.gemfire.GemFireConfigException;
import com.gemstone.gemfire.cache.CacheFactory;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.internal.GemFireVersion;
import com.gemstone.gemfire.internal.SocketCreator;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
import com.gemstone.gemfire.internal.tcp.TCPConduit;
import com.gemstone.gemfire.management.ManagementException;
import com.gemstone.gemfire.management.ManagementService;
import com.gemstone.gemfire.management.ManagerMXBean;
import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.management.internal.unsafe.ReadOpFileAccessController;
import java.io.IOException;
import java.io.Serializable;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import java.rmi.AlreadyBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.UnicastRemoteObject;
import java.util.HashMap;
import javax.management.InstanceAlreadyExistsException;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.ObjectName;
import javax.management.QueryExp;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnectorServer;
import javax.management.remote.rmi.RMIJRMPServerImpl;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.server.Server;

/* loaded from: input_file:com/gemstone/gemfire/management/internal/ManagementAgent.class */
public class ManagementAgent {
    private static final Logger logger = LogService.getLogger();
    private Registry registry;
    private JMXConnectorServer cs;
    private JMXShiroAuthenticator shiroAuthenticator;
    private final DistributionConfig config;
    private static final String PULSE_EMBEDDED_PROP = "pulse.embedded";
    private Server httpServer;
    private boolean running = false;
    private boolean isHttpServiceRunning = false;
    private final String GEMFIRE_VERSION = GemFireVersion.getGemFireVersion();
    private AgentUtil agentUtil = new AgentUtil(this.GEMFIRE_VERSION);

    /* loaded from: input_file:com/gemstone/gemfire/management/internal/ManagementAgent$GemFireRMIClientSocketFactory.class */
    private static class GemFireRMIClientSocketFactory implements RMIClientSocketFactory, Serializable {
        private static final long serialVersionUID = -7604285019188827617L;
        private transient SocketCreator sc;

        public GemFireRMIClientSocketFactory(SocketCreator socketCreator) {
            this.sc = socketCreator;
        }

        public Socket createSocket(String str, int i) throws IOException {
            return this.sc.connectForClient(str, i, 0);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/gemstone/gemfire/management/internal/ManagementAgent$GemFireRMIServerSocketFactory.class */
    public static class GemFireRMIServerSocketFactory implements RMIServerSocketFactory, Serializable {
        private static final long serialVersionUID = -811909050641332716L;
        private transient SocketCreator sc;
        private final InetAddress bindAddr;

        public GemFireRMIServerSocketFactory(SocketCreator socketCreator, InetAddress inetAddress) {
            this.sc = socketCreator;
            this.bindAddr = inetAddress;
        }

        public ServerSocket createServerSocket(int i) throws IOException {
            return this.sc.createServerSocket(i, TCPConduit.getBackLog(), this.bindAddr);
        }
    }

    public ManagementAgent(DistributionConfig distributionConfig) {
        this.config = distributionConfig;
    }

    public synchronized boolean isRunning() {
        return this.running;
    }

    public synchronized boolean isHttpServiceRunning() {
        return this.isHttpServiceRunning;
    }

    public synchronized void setHttpServiceRunning(boolean z) {
        this.isHttpServiceRunning = z;
    }

    private boolean isAPIRestServiceRunning(GemFireCacheImpl gemFireCacheImpl) {
        return (gemFireCacheImpl == null || gemFireCacheImpl.getRestAgent() == null || !gemFireCacheImpl.getRestAgent().isRunning()) ? false : true;
    }

    private boolean isServerNode(GemFireCacheImpl gemFireCacheImpl) {
        return (gemFireCacheImpl.getDistributedSystem().getDistributedMember().getVmKind() == 11 || gemFireCacheImpl.getDistributedSystem().getDistributedMember().getVmKind() == 12 || gemFireCacheImpl.isClient()) ? false : true;
    }

    public synchronized void startAgent(GemFireCacheImpl gemFireCacheImpl) {
        if (!isAPIRestServiceRunning(gemFireCacheImpl)) {
            startHttpService(isServerNode(gemFireCacheImpl));
        } else if (logger.isDebugEnabled()) {
            logger.debug("Developer REST APIs webapp is already running, Not Starting M&M REST and pulse!");
        }
        if (this.running || this.config.getJmxManagerPort() == 0) {
            return;
        }
        try {
            configureAndStart();
            this.running = true;
        } catch (IOException e) {
            throw new ManagementException(e);
        }
    }

    public synchronized void stopAgent() {
        stopHttpService();
        if (this.running) {
            if (logger.isDebugEnabled()) {
                logger.debug("Stopping jmx manager agent");
            }
            try {
                this.cs.stop();
                UnicastRemoteObject.unexportObject(this.registry, true);
                this.running = false;
            } catch (IOException e) {
                throw new ManagementException(e);
            }
        }
    }

    private void startHttpService(boolean z) {
        ManagerMXBean managerMXBean = ((SystemManagementService) ManagementService.getManagementService(CacheFactory.getAnyInstance())).getManagerMXBean();
        if (this.config.getHttpServicePort() == 0) {
            setStatusMessage(managerMXBean, "Embedded HTTP server configured not to start (http-service-port=0) or (jmx-manager-http-port=0)");
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Attempting to start HTTP service on port ({}) at bind-address ({})...", Integer.valueOf(this.config.getHttpServicePort()), this.config.getHttpServiceBindAddress());
        }
        String findWarLocation = this.agentUtil.findWarLocation("geode-web");
        if (findWarLocation == null && logger.isDebugEnabled()) {
            logger.debug("Unable to find GemFire Management REST API WAR file; the Management REST Interface for GemFire will not be accessible.");
        }
        String findWarLocation2 = this.agentUtil.findWarLocation("geode-pulse");
        if (findWarLocation2 == null) {
            setStatusMessage(managerMXBean, "Unable to find Pulse web application WAR file; Pulse for GemFire will not be accessible");
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to find Pulse web application WAR file; Pulse for GemFire will not be accessible");
            }
        } else if (isIntegratedSecurity()) {
            System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
        }
        String findWarLocation3 = this.agentUtil.findWarLocation("geode-web-api");
        if (findWarLocation3 == null) {
            setStatusMessage(managerMXBean, "Unable to find GemFire Developer REST API WAR file; the Developer REST Interface for GemFire will not be accessible.");
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to find GemFire Developer REST API WAR file; the Developer REST Interface for GemFire will not be accessible.");
            }
        }
        try {
            if (this.agentUtil.isWebApplicationAvailable(findWarLocation, findWarLocation2, findWarLocation3)) {
                String httpServiceBindAddress = this.config.getHttpServiceBindAddress();
                int httpServicePort = this.config.getHttpServicePort();
                boolean z2 = false;
                this.httpServer = JettyHelper.initJetty(httpServiceBindAddress, httpServicePort, this.config.getHttpServiceSSLEnabled(), this.config.getHttpServiceSSLRequireAuthentication(), this.config.getHttpServiceSSLProtocols(), this.config.getHttpServiceSSLCiphers(), this.config.getHttpServiceSSLProperties());
                if (this.agentUtil.isWebApplicationAvailable(findWarLocation)) {
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/gemfire", findWarLocation);
                }
                if (this.agentUtil.isWebApplicationAvailable(findWarLocation2)) {
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/pulse", findWarLocation2);
                }
                if (!z || !this.config.getStartDevRestApi()) {
                    setStatusMessage(managerMXBean, "Developer REST API web application will not start when start-dev-rest-api is not set and node is not server");
                    if (logger.isDebugEnabled()) {
                        logger.debug("Developer REST API web application will not start when start-dev-rest-api is not set and node is not server");
                    }
                } else if (this.agentUtil.isWebApplicationAvailable(findWarLocation3)) {
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/gemfire-api", findWarLocation3);
                    z2 = true;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Starting HTTP embedded server on port ({}) at bind-address ({})...", Integer.valueOf(this.httpServer.getConnectors()[0].getPort()), httpServiceBindAddress);
                }
                System.setProperty(PULSE_EMBEDDED_PROP, DistributionConfig.CLIENT_CONFLATION_PROP_VALUE_ON);
                this.httpServer = JettyHelper.startJetty(this.httpServer);
                if (this.agentUtil.isWebApplicationAvailable(findWarLocation2)) {
                    managerMXBean.setPulseURL("http://".concat(getHost(httpServiceBindAddress)).concat(":").concat(String.valueOf(httpServicePort)).concat("/pulse/"));
                }
                if (z2) {
                    ((GemFireCacheImpl) CacheFactory.getAnyInstance()).setRESTServiceRunning(true);
                    RestAgent.createParameterizedQueryRegion();
                }
                setHttpServiceRunning(true);
            }
        } catch (Exception e) {
            stopHttpService();
            setStatusMessage(managerMXBean, "HTTP service failed to start with " + e.getClass().getSimpleName() + " '" + e.getMessage() + "'");
            throw new ManagementException("HTTP service failed to start", e);
        }
    }

    private String getHost(String str) throws UnknownHostException {
        return !StringUtils.isBlank(this.config.getJmxManagerHostnameForClients()) ? this.config.getJmxManagerHostnameForClients() : !StringUtils.isBlank(str) ? InetAddress.getByName(str).getHostAddress() : SocketCreator.getLocalHost().getHostAddress();
    }

    private void setStatusMessage(ManagerMXBean managerMXBean, String str) {
        managerMXBean.setPulseURL("");
        managerMXBean.setStatusMessage(str);
    }

    private void stopHttpService() {
        if (this.httpServer != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Stopping the HTTP service...");
            }
            try {
                try {
                    try {
                        this.httpServer.stop();
                        this.httpServer.destroy();
                    } catch (Exception e) {
                        logger.error("Failed to properly release resources held by the HTTP service: {}", e.getMessage(), e);
                    } finally {
                    }
                } catch (Exception e2) {
                    try {
                        logger.warn("Failed to stop the HTTP service because: {}", e2.getMessage(), e2);
                        this.httpServer.destroy();
                    } catch (Exception e3) {
                        logger.error("Failed to properly release resources held by the HTTP service: {}", e3.getMessage(), e3);
                    } finally {
                    }
                }
            } catch (Throwable th) {
                try {
                    try {
                        this.httpServer.destroy();
                    } catch (Exception e4) {
                        logger.error("Failed to properly release resources held by the HTTP service: {}", e4.getMessage(), e4);
                        this.httpServer = null;
                        System.clearProperty("catalina.base");
                        System.clearProperty("catalina.home");
                    }
                    throw th;
                } catch (Throwable th2) {
                    throw th2;
                }
            }
        }
    }

    private void configureAndStart() throws IOException {
        String jmxManagerBindAddress;
        InetAddress byName;
        int jmxManagerPort = this.config.getJmxManagerPort();
        if (this.config.getJmxManagerBindAddress().equals("")) {
            jmxManagerBindAddress = SocketCreator.getLocalHost().getHostName();
            byName = null;
        } else {
            jmxManagerBindAddress = this.config.getJmxManagerBindAddress();
            byName = InetAddress.getByName(jmxManagerBindAddress);
        }
        boolean jmxManagerSSLEnabled = this.config.getJmxManagerSSLEnabled();
        if (logger.isDebugEnabled()) {
            logger.debug("Starting jmx manager agent on port {}{}", Integer.valueOf(jmxManagerPort), (byName != null ? " bound to " + byName : "") + (jmxManagerSSLEnabled ? " using SSL" : ""));
        }
        SocketCreator createNonDefaultInstance = SocketCreator.createNonDefaultInstance(jmxManagerSSLEnabled, this.config.getJmxManagerSSLRequireAuthentication(), this.config.getJmxManagerSSLProtocols(), this.config.getJmxManagerSSLCiphers(), this.config.getJmxSSLProperties());
        SslRMIClientSocketFactory sslRMIClientSocketFactory = jmxManagerSSLEnabled ? new SslRMIClientSocketFactory() : null;
        GemFireRMIServerSocketFactory gemFireRMIServerSocketFactory = new GemFireRMIServerSocketFactory(createNonDefaultInstance, byName);
        System.setProperty("sun.rmi.dgc.server.gcInterval", Long.toString(9223372036854775806L));
        this.registry = LocateRegistry.createRegistry(jmxManagerPort, sslRMIClientSocketFactory, gemFireRMIServerSocketFactory);
        MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
        HashMap hashMap = new HashMap();
        final RMIJRMPServerImpl rMIJRMPServerImpl = new RMIJRMPServerImpl(jmxManagerPort, sslRMIClientSocketFactory, gemFireRMIServerSocketFactory, hashMap);
        final JMXServiceURL jMXServiceURL = new JMXServiceURL("service:jmx:rmi://" + jmxManagerBindAddress + ":" + jmxManagerPort + "/jndi/rmi://" + jmxManagerBindAddress + ":" + jmxManagerPort + "/jmxrmi");
        this.cs = new RMIConnectorServer(new JMXServiceURL("rmi", jmxManagerBindAddress, jmxManagerPort), hashMap, rMIJRMPServerImpl, platformMBeanServer) { // from class: com.gemstone.gemfire.management.internal.ManagementAgent.1
            public JMXServiceURL getAddress() {
                return jMXServiceURL;
            }

            public synchronized void start() throws IOException {
                try {
                    ManagementAgent.this.registry.bind("jmxrmi", rMIJRMPServerImpl);
                    super.start();
                } catch (AlreadyBoundException e) {
                    IOException iOException = new IOException(e.getMessage());
                    iOException.initCause(e);
                    throw iOException;
                }
            }
        };
        if (!StringUtils.isBlank(this.config.getShiroInit()) || isIntegratedSecurity()) {
            this.shiroAuthenticator = new JMXShiroAuthenticator();
            hashMap.put("jmx.remote.authenticator", this.shiroAuthenticator);
            this.cs.addNotificationListener(this.shiroAuthenticator, (NotificationFilter) null, this.cs.getAttributes());
            this.cs.setMBeanServerForwarder(new MBeanServerWrapper());
            registerAccessControlMBean();
        } else {
            String jmxManagerPasswordFile = this.config.getJmxManagerPasswordFile();
            if (jmxManagerPasswordFile != null && jmxManagerPasswordFile.length() > 0) {
                hashMap.put("jmx.remote.x.password.file", jmxManagerPasswordFile);
            }
            String jmxManagerAccessFile = this.config.getJmxManagerAccessFile();
            if (jmxManagerAccessFile != null && jmxManagerAccessFile.length() > 0) {
                new ReadOpFileAccessController(jmxManagerAccessFile).setMBeanServer(platformMBeanServer);
            }
        }
        this.cs.start();
        if (logger.isDebugEnabled()) {
            logger.debug("Finished starting jmx manager agent.");
        }
    }

    private void registerAccessControlMBean() {
        try {
            AccessControlMBean accessControlMBean = new AccessControlMBean();
            ObjectName objectName = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL);
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            if (platformMBeanServer.queryNames(objectName, (QueryExp) null).isEmpty()) {
                try {
                    try {
                        platformMBeanServer.registerMBean(accessControlMBean, objectName);
                        logger.info("Registered AccessContorlMBean on " + objectName);
                    } catch (InstanceAlreadyExistsException e) {
                        throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e);
                    }
                } catch (NotCompliantMBeanException e2) {
                    throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e2);
                } catch (MBeanRegistrationException e3) {
                    throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e3);
                }
            }
        } catch (MalformedObjectNameException e4) {
            throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e4);
        }
    }

    private boolean isIntegratedSecurity() {
        String securityManager = this.config.getSecurityManager();
        return (securityManager == null || securityManager.isEmpty()) ? false : true;
    }
}
