package com.aoindustries.aoserv.daemon.dns;

import com.aoapps.encoding.ChainWriter;
import com.aoapps.io.posix.PosixFile;
import com.aoapps.io.posix.Stat;
import com.aoapps.net.InetAddress;
import com.aoindustries.aoserv.client.AoservConnector;
import com.aoindustries.aoserv.client.distribution.OperatingSystemVersion;
import com.aoindustries.aoserv.client.dns.Zone;
import com.aoindustries.aoserv.client.linux.Group;
import com.aoindustries.aoserv.client.linux.GroupServer;
import com.aoindustries.aoserv.client.linux.Server;
import com.aoindustries.aoserv.client.net.AppProtocol;
import com.aoindustries.aoserv.client.net.Bind;
import com.aoindustries.aoserv.client.net.Host;
import com.aoindustries.aoserv.daemon.AoservDaemon;
import com.aoindustries.aoserv.daemon.AoservDaemonConfiguration;
import com.aoindustries.aoserv.daemon.ftp.FTPManager;
import com.aoindustries.aoserv.daemon.posix.linux.PackageManager;
import com.aoindustries.aoserv.daemon.util.BuilderThread;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UncheckedIOException;
import java.net.ProtocolFamily;
import java.net.StandardProtocolFamily;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/aoindustries/aoserv/daemon/dns/DNSManager.class */
public final class DNSManager extends BuilderThread {
    private static final Logger logger;
    private static final String ACL = "10.0.0.0/8; 172.16.0.0/24; 192.168.0.0/16; 127.0.0.0/8; 207.126.57.0/24; 66.160.183.0/24; 64.62.174.0/24; 64.71.144.0/25; 65.19.176.24/29; 66.220.7.0/27;";
    private static final PosixFile newConfFile;
    private static final PosixFile confFile;
    private static final PosixFile namedZoneDir;
    private static final String[] centos5StaticFiles;
    private static final String[] centos7StaticFiles;
    private static DNSManager dnsManager;
    private static final Map<Zone, Long> zoneSerials;
    private static final Object rebuildLock;
    private static final Object restartLock;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static String[] getStaticFiles(int i) throws IllegalArgumentException {
        if (i == 67) {
            return centos5StaticFiles;
        }
        if (i == 70) {
            return centos7StaticFiles;
        }
        throw new IllegalArgumentException("Unsupported OperatingSystemVersion: " + i);
    }

    private DNSManager() {
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    protected boolean doRebuild() {
        HashMap hashMap;
        FileOutputStream secureOutputStream;
        try {
            AoservConnector connector = AoservDaemon.getConnector();
            Server thisServer = AoservDaemon.getThisServer();
            Host host = thisServer.getHost();
            OperatingSystemVersion operatingSystemVersion = host.getOperatingSystemVersion();
            int pkey = operatingSystemVersion.getPkey();
            if (pkey != 67 && pkey != 70) {
                throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
            }
            int id = thisServer.getUidMin().getId();
            int id2 = thisServer.getGidMin().getId();
            synchronized (rebuildLock) {
                AppProtocol appProtocol = AoservDaemon.getConnector().getNet().getAppProtocol().get("DNS");
                if (appProtocol == null) {
                    throw new SQLException("Unable to find Protocol: DNS");
                }
                List<Bind> netBinds = host.getNetBinds(appProtocol);
                if (!netBinds.isEmpty()) {
                    GroupServer linuxServerGroup = thisServer.getLinuxServerGroup(Group.NAMED);
                    if (linuxServerGroup == null) {
                        throw new SQLException("Unable to find GroupServer: " + Group.NAMED + " on " + thisServer.getHostname());
                    }
                    int id3 = linuxServerGroup.getGid().getId();
                    boolean[] zArr = {false};
                    if (pkey == 67) {
                        PackageManager.installPackages(PackageManager.PackageName.BIND, PackageManager.PackageName.CACHING_NAMESERVER);
                    } else {
                        if (pkey != 70) {
                            throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                        }
                        PackageManager.installPackage(PackageManager.PackageName.BIND, () -> {
                            try {
                                AoservDaemon.exec("/usr/bin/systemctl", "enable", "named");
                                zArr[0] = true;
                            } catch (IOException e) {
                                throw new UncheckedIOException(e);
                            }
                        });
                    }
                    ArrayList arrayList = new ArrayList();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    List<Zone> rows = connector.getDns().getZone().getRows();
                    for (Zone zone : rows) {
                        String file = zone.getFile();
                        long serial = zone.getSerial();
                        Long l = zoneSerials.get(zone);
                        PosixFile posixFile = new PosixFile(namedZoneDir, file, false);
                        Stat stat = posixFile.getStat();
                        if (l == null || l.longValue() != serial || !stat.exists()) {
                            byteArrayOutputStream.reset();
                            PrintWriter printWriter = new PrintWriter(byteArrayOutputStream);
                            try {
                                zone.printZoneFile(printWriter);
                                printWriter.close();
                                byte[] byteArray = byteArrayOutputStream.toByteArray();
                                if (!stat.exists() || !posixFile.contentEquals(byteArray)) {
                                    PosixFile posixFile2 = new PosixFile(namedZoneDir, file + ".new", false);
                                    secureOutputStream = posixFile2.getSecureOutputStream(0, id3, 416L, true, id, id2);
                                    try {
                                        secureOutputStream.write(byteArray);
                                        if (secureOutputStream != null) {
                                            secureOutputStream.close();
                                        }
                                        posixFile2.renameTo(posixFile);
                                        zArr[0] = true;
                                    } finally {
                                    }
                                }
                                zoneSerials.put(zone, Long.valueOf(serial));
                            } catch (Throwable th) {
                                try {
                                    printWriter.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        }
                        arrayList.add(file);
                    }
                    byteArrayOutputStream.reset();
                    ChainWriter chainWriter = new ChainWriter(byteArrayOutputStream);
                    try {
                        chainWriter.print("//\n// named.conf\n//\n// Generated by ").print(DNSManager.class.getName()).print("\n//\n\n");
                        if (pkey == 67) {
                            chainWriter.print("options {\n\tdirectory \"").print(namedZoneDir.getPath()).print("\";\n\tlisten-on-v6 port 53 { ::1; };\n\tdump-file \"/var/named/data/cache_dump.db\";\n\tstatistics-file \"/var/named/data/named_stats.txt\";\n\tmemstatistics-file \"/var/named/data/named_mem_stats.txt\";\n\tallow-transfer { none; };\n\tnotify no;\n\tallow-query { 10.0.0.0/8; 172.16.0.0/24; 192.168.0.0/16; 127.0.0.0/8; 207.126.57.0/24; 66.160.183.0/24; 64.62.174.0/24; 64.71.144.0/25; 65.19.176.24/29; 66.220.7.0/27; };\n\tallow-recursion { 10.0.0.0/8; 172.16.0.0/24; 192.168.0.0/16; 127.0.0.0/8; 207.126.57.0/24; 66.160.183.0/24; 64.62.174.0/24; 64.71.144.0/25; 65.19.176.24/29; 66.220.7.0/27; };\n");
                            HashMap hashMap2 = new HashMap();
                            for (Bind bind : netBinds) {
                                int port = bind.getPort().getPort();
                                InetAddress inetAddress = bind.getIpAddress().getInetAddress();
                                Set set = (Set) hashMap2.get(Integer.valueOf(port));
                                if (set == null) {
                                    Integer valueOf = Integer.valueOf(port);
                                    HashSet hashSet = new HashSet();
                                    set = hashSet;
                                    hashMap2.put(valueOf, hashSet);
                                }
                                if (set.add(inetAddress)) {
                                    ProtocolFamily protocolFamily = inetAddress.getProtocolFamily();
                                    if (protocolFamily.equals(StandardProtocolFamily.INET)) {
                                        chainWriter.print("\tlisten-on port ").print(port).print(" { ").print(inetAddress.toString()).print("; };\n");
                                    } else {
                                        if (!protocolFamily.equals(StandardProtocolFamily.INET6)) {
                                            throw new AssertionError("Unexpected family: " + protocolFamily);
                                        }
                                        chainWriter.print("\tlisten-on-v6 port ").print(port).print(" { ").print(inetAddress.toString()).print("; };\n");
                                    }
                                }
                            }
                            chainWriter.print("};\nlogging {\n\tchannel default_debug {\n\t\tfile \"data/named.run\";\n\t\tseverity dynamic;\n\t};\n};\ninclude \"/etc/named.rfc1912.zones\";\n");
                            for (Zone zone2 : rows) {
                                chainWriter.print("\nzone \"").print(zone2.getZone()).print("\" IN {\n\ttype master;\n\tfile \"").print(zone2.getFile()).print("\";\n\tallow-query { any; };\n\tallow-update { none; };\n");
                                if (zone2.isArpa()) {
                                    chainWriter.print("\tallow-transfer { 216.218.133.2; };\n\tnotify explicit;\n\talso-notify { 216.218.130.2; 216.218.131.2; 216.218.132.2; 216.66.1.2; 216.66.80.18; };\n");
                                }
                                chainWriter.print("};\n");
                            }
                        } else {
                            if (pkey != 70) {
                                throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                            }
                            chainWriter.print("options {\n");
                            HashMap hashMap3 = new HashMap();
                            HashMap hashMap4 = new HashMap();
                            for (Bind bind2 : netBinds) {
                                int port2 = bind2.getPort().getPort();
                                InetAddress inetAddress2 = bind2.getIpAddress().getInetAddress();
                                ProtocolFamily protocolFamily2 = inetAddress2.getProtocolFamily();
                                if (protocolFamily2.equals(StandardProtocolFamily.INET)) {
                                    hashMap = hashMap3;
                                } else {
                                    if (!protocolFamily2.equals(StandardProtocolFamily.INET6)) {
                                        throw new AssertionError("Unexpected family: " + protocolFamily2);
                                    }
                                    hashMap = hashMap4;
                                }
                                Set set2 = (Set) hashMap.get(Integer.valueOf(port2));
                                if (set2 == null) {
                                    Integer valueOf2 = Integer.valueOf(port2);
                                    LinkedHashSet linkedHashSet = new LinkedHashSet();
                                    set2 = linkedHashSet;
                                    hashMap.put(valueOf2, linkedHashSet);
                                }
                                set2.add(inetAddress2);
                            }
                            for (Map.Entry entry : hashMap3.entrySet()) {
                                chainWriter.print("\tlisten-on port ").print(entry.getKey()).print(" {");
                                for (InetAddress inetAddress3 : (Set) entry.getValue()) {
                                    if (!$assertionsDisabled && !inetAddress3.getProtocolFamily().equals(StandardProtocolFamily.INET)) {
                                        throw new AssertionError();
                                    }
                                    chainWriter.print(' ').print(inetAddress3.toString()).print(';');
                                }
                                chainWriter.print(" };\n");
                            }
                            for (Map.Entry entry2 : hashMap4.entrySet()) {
                                chainWriter.print("\tlisten-on-v6 port ").print(entry2.getKey()).print(" {");
                                for (InetAddress inetAddress4 : (Set) entry2.getValue()) {
                                    if (!$assertionsDisabled && !inetAddress4.getProtocolFamily().equals(StandardProtocolFamily.INET6)) {
                                        throw new AssertionError();
                                    }
                                    chainWriter.print(' ').print(inetAddress4.toString()).print(';');
                                }
                                chainWriter.print(" };\n");
                            }
                            chainWriter.print("\tdirectory \t\"").print(namedZoneDir.getPath()).print("\";\n\tdump-file \t\"/var/named/data/cache_dump.db\";\n\tstatistics-file \"/var/named/data/named_stats.txt\";\n\tmemstatistics-file \"/var/named/data/named_mem_stats.txt\";\n\trecursing-file  \"/var/named/data/named.recursing\";\n\tsecroots-file   \"/var/named/data/named.secroots\";\n\n\tallow-query { 10.0.0.0/8; 172.16.0.0/24; 192.168.0.0/16; 127.0.0.0/8; 207.126.57.0/24; 66.160.183.0/24; 64.62.174.0/24; 64.71.144.0/25; 65.19.176.24/29; 66.220.7.0/27; };\n\tallow-recursion { 10.0.0.0/8; 172.16.0.0/24; 192.168.0.0/16; 127.0.0.0/8; 207.126.57.0/24; 66.160.183.0/24; 64.62.174.0/24; 64.71.144.0/25; 65.19.176.24/29; 66.220.7.0/27; };\n\tallow-query-cache { 10.0.0.0/8; 172.16.0.0/24; 192.168.0.0/16; 127.0.0.0/8; 207.126.57.0/24; 66.160.183.0/24; 64.62.174.0/24; 64.71.144.0/25; 65.19.176.24/29; 66.220.7.0/27; };\n\n\tallow-transfer { none; };\n\tnotify no;\n\n\tdnssec-enable yes;\n\tdnssec-validation yes;\n\n\t/* Path to ISC DLV key */\n\tbindkeys-file \"/etc/named.iscdlv.key\";\n\n\tmanaged-keys-directory \"/var/named/dynamic\";\n\n\tpid-file \"/run/named/named.pid\";\n\tsession-keyfile \"/run/named/session.key\";\n};\n\nlogging {\n\tchannel default_debug {\n\t\tfile \"data/named.run\";\n\t\tseverity dynamic;\n\t};\n};\n\nzone \".\" IN {\n\ttype hint;\n\tfile \"named.ca\";\n};\n\ninclude \"/etc/named.rfc1912.zones\";\ninclude \"/etc/named.root.key\";\n");
                            for (Zone zone3 : rows) {
                                chainWriter.print("\nzone \"").print(zone3.getZone()).print("\" IN {\n\ttype master;\n\tfile \"").print(zone3.getFile()).print("\";\n\tallow-query { any; };\n\tallow-update { none; };\n");
                                if (zone3.isArpa()) {
                                    chainWriter.print("\tallow-transfer { 216.218.133.2; };\n\tnotify explicit;\n\talso-notify { 216.218.130.2; 216.218.131.2; 216.218.132.2; 216.66.1.2; 216.66.80.18; };\n");
                                }
                                chainWriter.print("};\n");
                            }
                        }
                        chainWriter.close();
                        byte[] byteArray2 = byteArrayOutputStream.toByteArray();
                        if (!confFile.getStat().exists() || !confFile.contentEquals(byteArray2)) {
                            zArr[0] = true;
                            secureOutputStream = newConfFile.getSecureOutputStream(0, id3, 416L, true, id, id2);
                            try {
                                secureOutputStream.write(byteArray2);
                                if (secureOutputStream != null) {
                                    secureOutputStream.close();
                                }
                                newConfFile.renameTo(confFile);
                            } finally {
                            }
                        }
                        if (zArr[0]) {
                            restart();
                        }
                        arrayList.addAll(Arrays.asList(getStaticFiles(pkey)));
                        FTPManager.trimFiles(namedZoneDir, arrayList);
                    } catch (Throwable th3) {
                        try {
                            chainWriter.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                        throw th3;
                    }
                } else if (AoservDaemonConfiguration.isPackageManagerUninstallEnabled()) {
                    if (pkey == 67) {
                        PackageManager.removePackage(PackageManager.PackageName.CACHING_NAMESERVER);
                        PackageManager.removePackage(PackageManager.PackageName.BIND);
                    } else {
                        if (pkey != 70) {
                            throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                        }
                        PackageManager.removePackage(PackageManager.PackageName.BIND);
                    }
                }
            }
            return true;
        } catch (ThreadDeath e) {
            throw e;
        } catch (Throwable th5) {
            logger.log(Level.SEVERE, (String) null, th5);
            return false;
        }
    }

    private static void restart() throws IOException, SQLException {
        AppProtocol appProtocol = AoservDaemon.getConnector().getNet().getAppProtocol().get("DNS");
        if (appProtocol == null) {
            throw new SQLException("Unable to find AppProtocol: DNS");
        }
        Host host = AoservDaemon.getThisServer().getHost();
        if (host.getNetBinds(appProtocol).isEmpty()) {
            return;
        }
        OperatingSystemVersion operatingSystemVersion = host.getOperatingSystemVersion();
        int pkey = operatingSystemVersion.getPkey();
        synchronized (restartLock) {
            if (pkey == 67) {
                AoservDaemon.exec("/etc/rc.d/init.d/named", "restart");
            } else {
                if (pkey != 70) {
                    throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                }
                AoservDaemon.exec("/usr/bin/systemctl", "reload-or-restart", "named");
            }
        }
    }

    public static void start() throws IOException, SQLException {
        OperatingSystemVersion operatingSystemVersion = AoservDaemon.getThisServer().getHost().getOperatingSystemVersion();
        int pkey = operatingSystemVersion.getPkey();
        synchronized (System.out) {
            if (pkey != 64 && pkey != 63 && pkey != 69) {
                if (AoservDaemonConfiguration.isManagerEnabled(DNSManager.class) && dnsManager == null) {
                    System.out.print("Starting DNSManager: ");
                    if (pkey == 67 || pkey == 70) {
                        AoservConnector connector = AoservDaemon.getConnector();
                        dnsManager = new DNSManager();
                        connector.getDns().getZone().addTableListener(dnsManager, 0L);
                        connector.getDns().getRecord().addTableListener(dnsManager, 0L);
                        connector.getNet().getBind().addTableListener(dnsManager, 0L);
                        System.out.println("Done");
                    } else {
                        System.out.println("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                    }
                }
            }
        }
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    public String getProcessTimerDescription() {
        return "Rebuild DNS";
    }

    static {
        $assertionsDisabled = !DNSManager.class.desiredAssertionStatus();
        logger = Logger.getLogger(DNSManager.class.getName());
        newConfFile = new PosixFile("/etc/named.conf.new");
        confFile = new PosixFile("/etc/named.conf");
        namedZoneDir = new PosixFile("/var/named");
        centos5StaticFiles = new String[]{"chroot", "data", "localdomain.zone", "localhost.zone", "named.broadcast", "named.ca", "named.ip6.local", "named.local", "named.zero", "slaves"};
        centos7StaticFiles = new String[]{"data", "dynamic", "named.ca", "named.empty", "named.localhost", "named.loopback", "slaves"};
        zoneSerials = new HashMap();
        rebuildLock = new Object();
        restartLock = new Object();
    }
}
