package com.aoindustries.aoserv.daemon.net.fail2ban;

import com.aoapps.collections.AoCollections;
import com.aoapps.encoding.ChainWriter;
import com.aoapps.io.posix.PosixFile;
import com.aoapps.lang.Strings;
import com.aoindustries.aoserv.client.AoservConnector;
import com.aoindustries.aoserv.client.distribution.OperatingSystemVersion;
import com.aoindustries.aoserv.client.net.Bind;
import com.aoindustries.aoserv.client.net.FirewallZone;
import com.aoindustries.aoserv.client.net.Host;
import com.aoindustries.aoserv.daemon.AoservDaemon;
import com.aoindustries.aoserv.daemon.AoservDaemonConfiguration;
import com.aoindustries.aoserv.daemon.email.ImapManager;
import com.aoindustries.aoserv.daemon.posix.linux.PackageManager;
import com.aoindustries.aoserv.daemon.util.BuilderThread;
import com.aoindustries.aoserv.daemon.util.DaemonFileUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.EnumMap;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/aoindustries/aoserv/daemon/net/fail2ban/Fail2banManager.class */
public final class Fail2banManager extends BuilderThread {
    private static final Logger logger;
    private static Fail2banManager fail2banManager;
    private static final PosixFile JAIL_D;
    private static final Object rebuildLock;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/aoindustries/aoserv/daemon/net/fail2ban/Fail2banManager$Jail.class */
    private enum Jail {
        CYRUS_IMAP("cyrus-imap", Fail2banManager.getSet("POP3", "IMAP2", "SIMAP", "SPOP3"), true, null),
        SENDMAIL_AUTH("sendmail-auth", Fail2banManager.getSet("SMTP", "SMTPS", "submission"), true, null),
        SENDMAIL_DISCONNECT("sendmail-disconnect", Fail2banManager.getSet("SMTP", "SMTPS", "submission"), false, PackageManager.PackageName.FAIL2BAN_FILTER_SENDMAIL_DISCONNECT),
        SSHD("sshd", Fail2banManager.getSet("SSH"), true, null);

        private final String name;
        private final Set<String> protocols;
        private final String jaildFilename;
        private final String removeOldJaildFilename;
        private final PackageManager.PackageName filterPackage;

        Jail(String str, Set set, String str2, String str3, PackageManager.PackageName packageName) {
            this.name = str;
            this.protocols = set;
            this.jaildFilename = str2;
            this.removeOldJaildFilename = str3;
            this.filterPackage = packageName;
        }

        Jail(String str, Set set, boolean z, PackageManager.PackageName packageName) {
            this(str, set, "50-" + str + ".local", z ? "50-" + str + ".conf" : null, packageName);
        }

        String getName() {
            return this.name;
        }

        Set<String> getProtocols() {
            return this.protocols;
        }

        String getJaildFilename() {
            return this.jaildFilename;
        }

        String getRemoveOldJaildFilename() {
            return this.removeOldJaildFilename;
        }

        PackageManager.PackageName getFilterPackage() {
            return this.filterPackage;
        }
    }

    private Fail2banManager() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> Set<T> getSet(T... tArr) {
        return AoCollections.optimalUnmodifiableSet(new HashSet(Arrays.asList(tArr)));
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    protected boolean doRebuild() {
        boolean z;
        boolean z2;
        try {
            Host host = AoservDaemon.getThisServer().getHost();
            OperatingSystemVersion operatingSystemVersion = host.getOperatingSystemVersion();
            int pkey = operatingSystemVersion.getPkey();
            synchronized (rebuildLock) {
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                try {
                    if (pkey != 70) {
                        throw new AssertionError("Unexpected OperatingSystemVersion: " + operatingSystemVersion);
                    }
                    boolean z3 = PackageManager.getInstalledPackage(PackageManager.PackageName.FIREWALLD) != null;
                    Jail[] values = Jail.values();
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("jails: " + Arrays.asList(values));
                    }
                    List<Bind> netBinds = host.getNetBinds();
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("netBinds: " + netBinds);
                    }
                    EnumMap enumMap = new EnumMap(Jail.class);
                    for (Bind bind : netBinds) {
                        if (!bind.getIpAddress().getInetAddress().isLoopback()) {
                            for (Jail jail : values) {
                                if (jail.getProtocols().contains(bind.getAppProtocol().getProtocol())) {
                                    if (z3) {
                                        z2 = false;
                                        Iterator it = bind.getFirewalldZones().iterator();
                                        while (true) {
                                            if (!it.hasNext()) {
                                                break;
                                            }
                                            if (((FirewallZone) it.next()).getFail2ban()) {
                                                z2 = true;
                                                break;
                                            }
                                        }
                                    } else {
                                        z2 = true;
                                    }
                                    if (z2) {
                                        SortedSet sortedSet = (SortedSet) enumMap.get(jail);
                                        if (sortedSet == null) {
                                            TreeSet treeSet = new TreeSet();
                                            sortedSet = treeSet;
                                            enumMap.put((EnumMap) jail, (Jail) treeSet);
                                        }
                                        sortedSet.add(Integer.valueOf(bind.getPort().getPort()));
                                    }
                                }
                            }
                        }
                    }
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("jailPorts: " + enumMap);
                    }
                    boolean[] zArr = {false};
                    if (enumMap.isEmpty()) {
                        z = PackageManager.getInstalledPackage(PackageManager.PackageName.FAIL2BAN_SERVER) != null;
                    } else {
                        PackageManager.installPackage(PackageManager.PackageName.FAIL2BAN_SERVER, () -> {
                            zArr[0] = true;
                        });
                        z = true;
                        if (z3) {
                            PackageManager.installPackage(PackageManager.PackageName.FAIL2BAN_FIREWALLD, () -> {
                                zArr[0] = true;
                            });
                        }
                    }
                    if (z) {
                        boolean z4 = false;
                        EnumSet noneOf = EnumSet.noneOf(PackageManager.PackageName.class);
                        EnumSet noneOf2 = EnumSet.noneOf(PackageManager.PackageName.class);
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        for (Jail jail2 : values) {
                            PackageManager.PackageName filterPackage = jail2.getFilterPackage();
                            if (filterPackage != null) {
                                noneOf.add(filterPackage);
                            }
                            PosixFile posixFile = new PosixFile(JAIL_D, jail2.getJaildFilename(), true);
                            SortedSet sortedSet2 = (SortedSet) enumMap.get(jail2);
                            if (sortedSet2 != null) {
                                if (filterPackage != null && noneOf2.add(filterPackage)) {
                                    PackageManager.installPackage(filterPackage, () -> {
                                        zArr[0] = true;
                                    });
                                }
                                if (jail2 == Jail.CYRUS_IMAP) {
                                    z4 = ImapManager.hasSecondaryService();
                                    if (z4) {
                                        PackageManager.installPackage(PackageManager.PackageName.FAIL2BAN_FILTER_CYRUS_IMAP_MORE_SERVICES, () -> {
                                            zArr[0] = true;
                                        });
                                    }
                                }
                                byteArrayOutputStream.reset();
                                ChainWriter chainWriter = new ChainWriter(byteArrayOutputStream);
                                try {
                                    chainWriter.print("#\n");
                                    chainWriter.print("# Generated by ").print(Fail2banManager.class.getName()).print('\n');
                                    chainWriter.print("#\n");
                                    chainWriter.print('[').print(jail2.getName()).print("]\n");
                                    chainWriter.print("enabled = true\n");
                                    chainWriter.print("port = ");
                                    if (!$assertionsDisabled && sortedSet2.isEmpty()) {
                                        throw new AssertionError();
                                    }
                                    Strings.join(sortedSet2, ",", chainWriter);
                                    chainWriter.print('\n');
                                    chainWriter.close();
                                    if (DaemonFileUtils.atomicWrite(posixFile, byteArrayOutputStream.toByteArray(), 420L, 0, 0, null, linkedHashSet)) {
                                        zArr[0] = true;
                                    }
                                } catch (Throwable th) {
                                    try {
                                        chainWriter.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                    throw th;
                                }
                            } else if (posixFile.getStat().exists()) {
                                posixFile.delete();
                                zArr[0] = true;
                            }
                            String removeOldJaildFilename = jail2.getRemoveOldJaildFilename();
                            if (removeOldJaildFilename != null) {
                                PosixFile posixFile2 = new PosixFile(JAIL_D, removeOldJaildFilename, true);
                                if (posixFile2.getStat().exists()) {
                                    posixFile2.delete();
                                    zArr[0] = true;
                                }
                            }
                        }
                        if (AoservDaemonConfiguration.isPackageManagerUninstallEnabled()) {
                            Iterator it2 = noneOf.iterator();
                            while (it2.hasNext()) {
                                PackageManager.PackageName packageName = (PackageManager.PackageName) it2.next();
                                if (!noneOf2.contains(packageName) && PackageManager.removePackage(packageName)) {
                                    zArr[0] = true;
                                }
                            }
                            if (!z4 && PackageManager.removePackage(PackageManager.PackageName.FAIL2BAN_FILTER_CYRUS_IMAP_MORE_SERVICES)) {
                                zArr[0] = true;
                            }
                        }
                    }
                    DaemonFileUtils.restorecon(linkedHashSet);
                    linkedHashSet.clear();
                    if (!enumMap.isEmpty()) {
                        if (!$assertionsDisabled && !z) {
                            throw new AssertionError();
                        }
                        AoservDaemon.exec("/usr/bin/systemctl", "enable", "fail2ban.service");
                        if (zArr[0]) {
                            AoservDaemon.exec("/usr/bin/systemctl", "restart", "fail2ban.service");
                        } else {
                            AoservDaemon.exec("/usr/bin/systemctl", "start", "fail2ban.service");
                        }
                    } else if (z) {
                        AoservDaemon.exec("/usr/bin/systemctl", "stop", "fail2ban.service");
                        AoservDaemon.exec("/usr/bin/systemctl", "disable", "fail2ban.service");
                    }
                    DaemonFileUtils.restorecon(linkedHashSet);
                } catch (Throwable th3) {
                    DaemonFileUtils.restorecon(linkedHashSet);
                    throw th3;
                }
            }
            return true;
        } catch (ThreadDeath e) {
            throw e;
        } catch (Throwable th4) {
            logger.log(Level.SEVERE, (String) null, th4);
            return false;
        }
    }

    public static void start() throws IOException, SQLException {
        OperatingSystemVersion operatingSystemVersion = AoservDaemon.getThisServer().getHost().getOperatingSystemVersion();
        int pkey = operatingSystemVersion.getPkey();
        synchronized (System.out) {
            if (pkey != 64 && pkey != 63 && pkey != 67 && pkey != 69) {
                if (AoservDaemonConfiguration.isManagerEnabled(Fail2banManager.class) && fail2banManager == null) {
                    System.out.print("Starting Fail2banManager: ");
                    if (pkey == 70) {
                        AoservConnector connector = AoservDaemon.getConnector();
                        fail2banManager = new Fail2banManager();
                        connector.getNet().getFirewallZone().addTableListener(fail2banManager, 0L);
                        connector.getNet().getBind().addTableListener(fail2banManager, 0L);
                        connector.getNet().getBindFirewallZone().addTableListener(fail2banManager, 0L);
                        PackageManager.addPackageListener(fail2banManager);
                        System.out.println("Done");
                    } else {
                        System.out.println("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                    }
                }
            }
        }
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    public String getProcessTimerDescription() {
        return "Rebuild Fail2ban Configuration";
    }

    static {
        $assertionsDisabled = !Fail2banManager.class.desiredAssertionStatus();
        logger = Logger.getLogger(Fail2banManager.class.getName());
        JAIL_D = new PosixFile("/etc/fail2ban/jail.d");
        rebuildLock = new Object();
    }
}
