package org.kaazing.gateway.management.jmx;

import java.lang.management.ManagementFactory;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.URI;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
import javax.annotation.Resource;
import javax.management.MBeanServer;
import javax.management.Notification;
import javax.management.NotificationFilterSupport;
import javax.management.NotificationListener;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.MBeanServerForwarder;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.kaazing.gateway.management.ManagementService;
import org.kaazing.gateway.management.context.DefaultManagementContext;
import org.kaazing.gateway.management.context.ManagementContext;
import org.kaazing.gateway.security.RealmContext;
import org.kaazing.gateway.server.Launcher;
import org.kaazing.gateway.server.context.resolve.DefaultSecurityContext;
import org.kaazing.gateway.service.ServiceContext;
import org.kaazing.gateway.util.InternalSystemProperty;

/* loaded from: input_file:org/kaazing/gateway/management/jmx/JmxManagementService.class */
public class JmxManagementService implements ManagementService, NotificationListener {
    private DefaultSecurityContext securityContext;
    private ManagementContext managementContext;
    private JMXConnectorServer connectorServer;
    private MBeanServer mbeanServer;
    private Properties configuration;
    private static Registry sRMIRegistry;
    private JmxManagementServiceHandler handler;
    private ServiceContext serviceContext;

    /* loaded from: input_file:org/kaazing/gateway/management/jmx/JmxManagementService$MBSFInvocationHandler.class */
    private static class MBSFInvocationHandler implements InvocationHandler {
        private MBeanServer mbs;
        private final Collection<String> requiredRoles;

        public MBSFInvocationHandler(Collection<String> collection) {
            this.requiredRoles = collection;
        }

        public static MBeanServerForwarder newProxyInstance(Collection<String> collection) {
            return (MBeanServerForwarder) MBeanServerForwarder.class.cast(Proxy.newProxyInstance(MBeanServerForwarder.class.getClassLoader(), new Class[]{MBeanServerForwarder.class}, new MBSFInvocationHandler(collection)));
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            String name = method.getName();
            if (name.equals("getMBeanServer")) {
                return this.mbs;
            }
            if (name.equals("setMBeanServer")) {
                if (objArr[0] == null) {
                    throw new IllegalArgumentException("Null MBeanServer");
                }
                if (this.mbs != null) {
                    throw new IllegalArgumentException("MBeanServer object already initialized");
                }
                this.mbs = (MBeanServer) objArr[0];
                return null;
            }
            Subject subject = Subject.getSubject(AccessController.getContext());
            if (subject == null) {
                return method.invoke(this.mbs, objArr);
            }
            if (name.equals("createMBean") || name.equals("unregisterMBean")) {
                throw new SecurityException("Access denied");
            }
            if (this.requiredRoles.contains("*")) {
                return method.invoke(this.mbs, objArr);
            }
            Set<Principal> principals = subject.getPrincipals();
            if (principals == null || principals.isEmpty()) {
                throw new SecurityException("Access denied");
            }
            HashSet hashSet = new HashSet();
            Iterator<Principal> it = principals.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getName());
            }
            if (hashSet.containsAll(this.requiredRoles)) {
                return method.invoke(this.mbs, objArr);
            }
            throw new SecurityException("Access denied");
        }
    }

    /* loaded from: input_file:org/kaazing/gateway/management/jmx/JmxManagementService$RealmJMXAuthenticator.class */
    private static class RealmJMXAuthenticator implements JMXAuthenticator {
        private final RealmContext realm;

        public RealmJMXAuthenticator(RealmContext realmContext) {
            this.realm = realmContext;
        }

        public Subject authenticate(Object obj) {
            if (!(obj instanceof String[])) {
                if (obj == null) {
                    throw new SecurityException("Credentials required");
                }
                throw new SecurityException("Credentials should be String[]");
            }
            String[] strArr = (String[]) obj;
            if (strArr.length != 2) {
                throw new SecurityException("Credentials should have 2 elements");
            }
            String str = strArr[0];
            String str2 = strArr[1];
            try {
                Subject subject = new Subject();
                this.realm.getLoginContextFactory().createLoginContext(subject, str, str2.toCharArray()).login();
                return subject;
            } catch (LoginException e) {
                throw new SecurityException("Invalid credentials");
            }
        }
    }

    public void destroy() throws Exception {
    }

    @Override // org.kaazing.gateway.management.ManagementService
    public void init() {
    }

    public String getType() {
        return "management.jmx";
    }

    @Resource(name = "configuration")
    public void setConfiguration(Properties properties) {
        this.configuration = properties;
    }

    @Resource(name = "securityContext")
    public void setSecurityContext(DefaultSecurityContext defaultSecurityContext) {
        this.securityContext = defaultSecurityContext;
    }

    @Resource(name = "mbeanServer")
    public void setMBeanServer(MBeanServer mBeanServer) {
        this.mbeanServer = mBeanServer;
    }

    @Resource(name = DefaultManagementContext.NAME)
    public void setManagementContext(ManagementContext managementContext) {
        this.managementContext = managementContext;
    }

    private MBeanServer getMBeanServer() {
        if (this.mbeanServer == null) {
            this.mbeanServer = ManagementFactory.getPlatformMBeanServer();
        }
        return this.mbeanServer;
    }

    public void init(ServiceContext serviceContext) throws Exception {
        this.serviceContext = serviceContext;
        this.handler = new JmxManagementServiceHandler(serviceContext, this.managementContext, getMBeanServer());
        this.managementContext.setManagementSessionThreshold(InternalSystemProperty.MANAGEMENT_SESSION_THRESHOLD.getIntProperty(this.configuration).intValue());
        this.managementContext.addManagementServiceHandler(this.handler);
        this.managementContext.setActive(true);
    }

    public void start() throws Exception {
        this.managementContext.updateManagementContext(this.securityContext);
        if (this.connectorServer != null) {
            throw new IllegalStateException("Already started");
        }
        String str = this.serviceContext.getProperties().get("connector.server.address");
        URI uri = str != null ? new URI(str) : new URI("jmx://localhost:2020");
        int port = uri.getPort();
        if (port == -1) {
            port = 2020;
        }
        if (sRMIRegistry == null) {
            sRMIRegistry = LocateRegistry.createRegistry(port);
        }
        RealmContext serviceRealm = this.serviceContext.getServiceRealm();
        KeyStore keyStore = this.securityContext.getKeyStore();
        if (keyStore != null) {
            System.setProperty("javax.net.ssl.keyStore", this.securityContext.getKeyStoreFilePath());
            System.setProperty("javax.net.ssl.keyStoreType", keyStore.getType());
            char[] keyStorePassword = this.securityContext.getKeyStorePassword();
            if (keyStorePassword != null) {
                System.setProperty("javax.net.ssl.keyStorePassword", new String(keyStorePassword));
            }
        }
        HashMap hashMap = new HashMap();
        SslRMIClientSocketFactory sslRMIClientSocketFactory = new SslRMIClientSocketFactory();
        SslRMIServerSocketFactory sslRMIServerSocketFactory = new SslRMIServerSocketFactory();
        hashMap.put("jmx.remote.rmi.client.socket.factory", sslRMIClientSocketFactory);
        hashMap.put("jmx.remote.rmi.server.socket.factory", sslRMIServerSocketFactory);
        hashMap.put("jmx.remote.authenticator", new RealmJMXAuthenticator(serviceRealm));
        JMXServiceURL jMXServiceURL = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + uri.getHost() + ":" + port + "/jmxrmi");
        this.connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jMXServiceURL, hashMap, getMBeanServer());
        this.connectorServer.setMBeanServerForwarder(MBSFInvocationHandler.newProxyInstance(Arrays.asList(this.serviceContext.getRequireRoles())));
        NotificationFilterSupport notificationFilterSupport = new NotificationFilterSupport();
        notificationFilterSupport.enableType("jmx.remote.connection.opened");
        notificationFilterSupport.enableType("jmx.remote.connection.closed");
        this.connectorServer.addNotificationListener(this, notificationFilterSupport, (Object) null);
        this.connectorServer.start();
        Launcher.getGatewayStartupLogger().info(String.format("JMX Management service started with URI %s with service URI %s", uri, jMXServiceURL.toString()));
    }

    public void quiesce() throws Exception {
    }

    public void handleNotification(Notification notification, Object obj) {
        String type = notification.getType();
        if (type.equals("jmx.remote.connection.opened")) {
            this.managementContext.incrementManagementSessionCount();
        } else if (type.equals("jmx.remote.connection.closed")) {
            this.managementContext.decrementManagementSessionCount();
        }
    }

    public void stop() throws Exception {
        quiesce();
        String str = this.serviceContext.getProperties().get("connector.server.address");
        if (str == null) {
            str = "jmx://localhost:2020";
        }
        Launcher.getGatewayStartupLogger().info(String.format("Stopping JMX Management service with URI %s", str));
        this.handler.cleanupRegisteredBeans();
        if (this.connectorServer != null) {
            this.connectorServer.stop();
            this.connectorServer = null;
        }
        if (sRMIRegistry != null) {
            UnicastRemoteObject.unexportObject(sRMIRegistry, true);
            sRMIRegistry = null;
        }
    }
}
