package sun.management.jmxremote;

import com.sun.jmx.remote.internal.RMIExporter;
import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.UnknownHostException;
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
import java.rmi.RemoteException;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.UnicastRemoteObject;
import java.security.KeyStore;
import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.management.MBeanServer;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnectorServer;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.security.auth.Subject;
import sun.management.Agent;
import sun.management.AgentConfigurationError;
import sun.management.ConnectorAddressLink;
import sun.management.FileSystem;
import sun.management.snmp.util.MibLogger;
import sun.rmi.server.UnicastRef;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2;

/* loaded from: input_file:sun/management/jmxremote/ConnectorBootstrap.class */
public final class ConnectorBootstrap {
    private static final MibLogger log = new MibLogger(ConnectorBootstrap.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/management/jmxremote/ConnectorBootstrap$AccessFileCheckerAuthenticator.class */
    public static class AccessFileCheckerAuthenticator implements JMXAuthenticator {
        private final Map<String, Object> environment;
        private final Properties properties;
        private final String accessFile;

        public AccessFileCheckerAuthenticator(Map<String, Object> map) throws IOException {
            this.environment = map;
            this.accessFile = (String) map.get("jmx.remote.x.access.file");
            this.properties = propertiesFromFile(this.accessFile);
        }

        @Override // javax.management.remote.JMXAuthenticator
        public Subject authenticate(Object obj) {
            Subject authenticate = new JMXPluggableAuthenticator(this.environment).authenticate(obj);
            checkAccessFileEntries(authenticate);
            return authenticate;
        }

        private void checkAccessFileEntries(Subject subject) {
            if (subject == null) {
                throw new SecurityException("Access denied! No matching entries found in the access file [" + this.accessFile + "] as the authenticated Subject is null");
            }
            Set<Principal> principals = subject.getPrincipals();
            Iterator<Principal> it = principals.iterator();
            while (it.hasNext()) {
                if (this.properties.containsKey(it.next2().getName())) {
                    return;
                }
            }
            HashSet hashSet = new HashSet();
            Iterator<Principal> it2 = principals.iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next2().getName());
            }
            throw new SecurityException("Access denied! No entries found in the access file [" + this.accessFile + "] for any of the authenticated identities " + ((Object) hashSet));
        }

        private static Properties propertiesFromFile(String str) throws IOException {
            Properties properties = new Properties();
            if (str == null) {
                return properties;
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            properties.load(fileInputStream);
            fileInputStream.close();
            return properties;
        }
    }

    /* loaded from: input_file:sun/management/jmxremote/ConnectorBootstrap$DefaultValues.class */
    public interface DefaultValues {
        public static final String PORT = "0";
        public static final String CONFIG_FILE_NAME = "management.properties";
        public static final String USE_LOCAL_ONLY = "true";
        public static final String USE_SSL = "true";
        public static final String USE_REGISTRY_SSL = "false";
        public static final String USE_AUTHENTICATION = "true";
        public static final String PASSWORD_FILE_NAME = "jmxremote.password";
        public static final String ACCESS_FILE_NAME = "jmxremote.access";
        public static final String SSL_NEED_CLIENT_AUTH = "false";
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/management/jmxremote/ConnectorBootstrap$JMXConnectorServerData.class */
    public static class JMXConnectorServerData {
        JMXConnectorServer jmxConnectorServer;
        JMXServiceURL jmxRemoteURL;

        public JMXConnectorServerData(JMXConnectorServer jMXConnectorServer, JMXServiceURL jMXServiceURL) {
            this.jmxConnectorServer = jMXConnectorServer;
            this.jmxRemoteURL = jMXServiceURL;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/management/jmxremote/ConnectorBootstrap$PermanentExporter.class */
    public static class PermanentExporter implements RMIExporter {
        Remote firstExported;

        private PermanentExporter() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v11, types: [sun.rmi.server.UnicastServerRef] */
        @Override // com.sun.jmx.remote.internal.RMIExporter
        public Remote exportObject(Remote remote, int i, RMIClientSocketFactory rMIClientSocketFactory, RMIServerSocketFactory rMIServerSocketFactory) throws RemoteException {
            synchronized (this) {
                if (this.firstExported == null) {
                    this.firstExported = remote;
                }
            }
            return ((rMIClientSocketFactory == null && rMIServerSocketFactory == null) ? new UnicastServerRef(i) : new UnicastServerRef2(i, rMIClientSocketFactory, rMIServerSocketFactory)).exportObject(remote, null, true);
        }

        @Override // com.sun.jmx.remote.internal.RMIExporter
        public boolean unexportObject(Remote remote, boolean z) throws NoSuchObjectException {
            return UnicastRemoteObject.unexportObject(remote, z);
        }
    }

    /* loaded from: input_file:sun/management/jmxremote/ConnectorBootstrap$PropertyNames.class */
    public interface PropertyNames {
        public static final String PORT = "com.sun.management.jmxremote.port";
        public static final String CONFIG_FILE_NAME = "com.sun.management.config.file";
        public static final String USE_LOCAL_ONLY = "com.sun.management.jmxremote.local.only";
        public static final String USE_SSL = "com.sun.management.jmxremote.ssl";
        public static final String USE_REGISTRY_SSL = "com.sun.management.jmxremote.registry.ssl";
        public static final String USE_AUTHENTICATION = "com.sun.management.jmxremote.authenticate";
        public static final String PASSWORD_FILE_NAME = "com.sun.management.jmxremote.password.file";
        public static final String ACCESS_FILE_NAME = "com.sun.management.jmxremote.access.file";
        public static final String LOGIN_CONFIG_NAME = "com.sun.management.jmxremote.login.config";
        public static final String SSL_ENABLED_CIPHER_SUITES = "com.sun.management.jmxremote.ssl.enabled.cipher.suites";
        public static final String SSL_ENABLED_PROTOCOLS = "com.sun.management.jmxremote.ssl.enabled.protocols";
        public static final String SSL_NEED_CLIENT_AUTH = "com.sun.management.jmxremote.ssl.need.client.auth";
        public static final String SSL_CONFIG_FILE_NAME = "com.sun.management.jmxremote.ssl.config.file";
    }

    public static synchronized JMXConnectorServer initialize() {
        Properties loadManagementProperties = Agent.loadManagementProperties();
        if (loadManagementProperties == null) {
            return null;
        }
        return initialize(loadManagementProperties.getProperty(PropertyNames.PORT), loadManagementProperties);
    }

    public static synchronized JMXConnectorServer initialize(String str, Properties properties) {
        try {
            int parseInt = Integer.parseInt(str);
            if (parseInt < 0) {
                throw new AgentConfigurationError(AgentConfigurationError.INVALID_JMXREMOTE_PORT, str);
            }
            String property = properties.getProperty(PropertyNames.USE_AUTHENTICATION, "true");
            boolean booleanValue = Boolean.valueOf(property).booleanValue();
            String property2 = properties.getProperty(PropertyNames.USE_SSL, "true");
            boolean booleanValue2 = Boolean.valueOf(property2).booleanValue();
            String property3 = properties.getProperty(PropertyNames.USE_REGISTRY_SSL, "false");
            boolean booleanValue3 = Boolean.valueOf(property3).booleanValue();
            String property4 = properties.getProperty(PropertyNames.SSL_ENABLED_CIPHER_SUITES);
            String[] strArr = null;
            if (property4 != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(property4, ",");
                int countTokens = stringTokenizer.countTokens();
                strArr = new String[countTokens];
                for (int i = 0; i < countTokens; i++) {
                    strArr[i] = stringTokenizer.nextToken();
                }
            }
            String property5 = properties.getProperty(PropertyNames.SSL_ENABLED_PROTOCOLS);
            String[] strArr2 = null;
            if (property5 != null) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(property5, ",");
                int countTokens2 = stringTokenizer2.countTokens();
                strArr2 = new String[countTokens2];
                for (int i2 = 0; i2 < countTokens2; i2++) {
                    strArr2[i2] = stringTokenizer2.nextToken();
                }
            }
            String property6 = properties.getProperty(PropertyNames.SSL_NEED_CLIENT_AUTH, "false");
            boolean booleanValue4 = Boolean.valueOf(property6).booleanValue();
            String property7 = properties.getProperty(PropertyNames.SSL_CONFIG_FILE_NAME);
            String str2 = null;
            String str3 = null;
            String str4 = null;
            if (booleanValue) {
                str2 = properties.getProperty(PropertyNames.LOGIN_CONFIG_NAME);
                if (str2 == null) {
                    str3 = properties.getProperty(PropertyNames.PASSWORD_FILE_NAME, getDefaultFileName(DefaultValues.PASSWORD_FILE_NAME));
                    checkPasswordFile(str3);
                }
                str4 = properties.getProperty(PropertyNames.ACCESS_FILE_NAME, getDefaultFileName(DefaultValues.ACCESS_FILE_NAME));
                checkAccessFile(str4);
            }
            if (log.isDebugOn()) {
                log.debug("initialize", Agent.getText("jmxremote.ConnectorBootstrap.initialize") + "\n\t" + PropertyNames.PORT + "=" + parseInt + "\n\t" + PropertyNames.USE_SSL + "=" + booleanValue2 + "\n\t" + PropertyNames.USE_REGISTRY_SSL + "=" + booleanValue3 + "\n\t" + PropertyNames.SSL_CONFIG_FILE_NAME + "=" + property7 + "\n\t" + PropertyNames.SSL_ENABLED_CIPHER_SUITES + "=" + property4 + "\n\t" + PropertyNames.SSL_ENABLED_PROTOCOLS + "=" + property5 + "\n\t" + PropertyNames.SSL_NEED_CLIENT_AUTH + "=" + booleanValue4 + "\n\t" + PropertyNames.USE_AUTHENTICATION + "=" + booleanValue + (booleanValue ? str2 == null ? "\n\tcom.sun.management.jmxremote.password.file=" + str3 : "\n\tcom.sun.management.jmxremote.login.config=" + str2 : "\n\t" + Agent.getText("jmxremote.ConnectorBootstrap.initialize.noAuthentication")) + (booleanValue ? "\n\tcom.sun.management.jmxremote.access.file=" + str4 : "") + "");
            }
            try {
                JMXConnectorServerData exportMBeanServer = exportMBeanServer(ManagementFactory.getPlatformMBeanServer(), parseInt, booleanValue2, booleanValue3, property7, strArr, strArr2, booleanValue4, booleanValue, str2, str3, str4);
                JMXConnectorServer jMXConnectorServer = exportMBeanServer.jmxConnectorServer;
                JMXServiceURL jMXServiceURL = exportMBeanServer.jmxRemoteURL;
                log.config("initialize", Agent.getText("jmxremote.ConnectorBootstrap.initialize.ready", jMXServiceURL.toString()));
                try {
                    HashMap hashMap = new HashMap();
                    hashMap.put("remoteAddress", jMXServiceURL.toString());
                    hashMap.put("authenticate", property);
                    hashMap.put("ssl", property2);
                    hashMap.put("sslRegistry", property3);
                    hashMap.put("sslNeedClientAuth", property6);
                    ConnectorAddressLink.exportRemote(hashMap);
                } catch (Exception e) {
                    log.debug("initialize", e);
                }
                return jMXConnectorServer;
            } catch (Exception e2) {
                throw new AgentConfigurationError(AgentConfigurationError.AGENT_EXCEPTION, e2, e2.toString());
            }
        } catch (NumberFormatException e3) {
            throw new AgentConfigurationError(AgentConfigurationError.INVALID_JMXREMOTE_PORT, e3, str);
        }
    }

    public static JMXConnectorServer startLocalConnectorServer() {
        System.setProperty("java.rmi.server.randomIDs", "true");
        HashMap hashMap = new HashMap();
        hashMap.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
        String str = "localhost";
        InetAddress inetAddress = null;
        try {
            inetAddress = InetAddress.getByName(str);
            str = inetAddress.getHostAddress();
        } catch (UnknownHostException e) {
        }
        if (inetAddress == null || !inetAddress.isLoopbackAddress()) {
            str = "127.0.0.1";
        }
        MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
        try {
            JMXServiceURL jMXServiceURL = new JMXServiceURL("rmi", str, 0);
            Properties managementProperties = Agent.getManagementProperties();
            if (managementProperties == null) {
                managementProperties = new Properties();
            }
            if (Boolean.valueOf(managementProperties.getProperty(PropertyNames.USE_LOCAL_ONLY, "true")).booleanValue()) {
                hashMap.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new LocalRMIServerSocketFactory());
            }
            JMXConnectorServer newJMXConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jMXServiceURL, hashMap, platformMBeanServer);
            newJMXConnectorServer.start();
            return newJMXConnectorServer;
        } catch (Exception e2) {
            throw new AgentConfigurationError(AgentConfigurationError.AGENT_EXCEPTION, e2, e2.toString());
        }
    }

    private static void checkPasswordFile(String str) {
        if (str == null || str.length() == 0) {
            throw new AgentConfigurationError(AgentConfigurationError.PASSWORD_FILE_NOT_SET);
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new AgentConfigurationError(AgentConfigurationError.PASSWORD_FILE_NOT_FOUND, str);
        }
        if (!file.canRead()) {
            throw new AgentConfigurationError(AgentConfigurationError.PASSWORD_FILE_NOT_READABLE, str);
        }
        FileSystem open = FileSystem.open();
        try {
            if (!open.supportsFileSecurity(file) || open.isAccessUserOnly(file)) {
                return;
            }
            log.config("initialize", Agent.getText("jmxremote.ConnectorBootstrap.initialize.password.readonly", str));
            throw new AgentConfigurationError(AgentConfigurationError.PASSWORD_FILE_ACCESS_NOT_RESTRICTED, str);
        } catch (IOException e) {
            throw new AgentConfigurationError(AgentConfigurationError.PASSWORD_FILE_READ_FAILED, e, str);
        }
    }

    private static void checkAccessFile(String str) {
        if (str == null || str.length() == 0) {
            throw new AgentConfigurationError(AgentConfigurationError.ACCESS_FILE_NOT_SET);
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new AgentConfigurationError(AgentConfigurationError.ACCESS_FILE_NOT_FOUND, str);
        }
        if (!file.canRead()) {
            throw new AgentConfigurationError(AgentConfigurationError.ACCESS_FILE_NOT_READABLE, str);
        }
    }

    private static void checkRestrictedFile(String str) {
        if (str == null || str.length() == 0) {
            throw new AgentConfigurationError(AgentConfigurationError.FILE_NOT_SET);
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new AgentConfigurationError(AgentConfigurationError.FILE_NOT_FOUND, str);
        }
        if (!file.canRead()) {
            throw new AgentConfigurationError(AgentConfigurationError.FILE_NOT_READABLE, str);
        }
        FileSystem open = FileSystem.open();
        try {
            if (!open.supportsFileSecurity(file) || open.isAccessUserOnly(file)) {
                return;
            }
            log.config("initialize", Agent.getText("jmxremote.ConnectorBootstrap.initialize.file.readonly", str));
            throw new AgentConfigurationError(AgentConfigurationError.FILE_ACCESS_NOT_RESTRICTED, str);
        } catch (IOException e) {
            throw new AgentConfigurationError(AgentConfigurationError.FILE_READ_FAILED, e, str);
        }
    }

    private static String getDefaultFileName(String str) {
        String str2 = File.separator;
        return System.getProperty("java.home") + str2 + "lib" + str2 + "management" + str2 + str;
    }

    private static SslRMIServerSocketFactory createSslRMIServerSocketFactory(String str, String[] strArr, String[] strArr2, boolean z) {
        FileInputStream fileInputStream;
        if (str == null) {
            return new SslRMIServerSocketFactory(strArr, strArr2, z);
        }
        checkRestrictedFile(str);
        try {
            Properties properties = new Properties();
            FileInputStream fileInputStream2 = new FileInputStream(str);
            try {
                properties.load(new BufferedInputStream(fileInputStream2));
                fileInputStream2.close();
                String property = properties.getProperty("javax.net.ssl.keyStore");
                String property2 = properties.getProperty("javax.net.ssl.keyStorePassword", "");
                String property3 = properties.getProperty("javax.net.ssl.trustStore");
                String property4 = properties.getProperty("javax.net.ssl.trustStorePassword", "");
                char[] cArr = null;
                if (property2.length() != 0) {
                    cArr = property2.toCharArray();
                }
                char[] cArr2 = null;
                if (property4.length() != 0) {
                    cArr2 = property4.toCharArray();
                }
                KeyStore keyStore = null;
                if (property != null) {
                    keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    fileInputStream = new FileInputStream(property);
                    try {
                        keyStore.load(fileInputStream, cArr);
                        fileInputStream.close();
                    } finally {
                    }
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, cArr);
                KeyStore keyStore2 = null;
                if (property3 != null) {
                    keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    fileInputStream = new FileInputStream(property3);
                    try {
                        keyStore2.load(fileInputStream, cArr2);
                        fileInputStream.close();
                    } finally {
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                return new SSLContextRMIServerSocketFactory(sSLContext, strArr, strArr2, z);
            } catch (Throwable th) {
                fileInputStream2.close();
                throw th;
            }
        } catch (Exception e) {
            throw new AgentConfigurationError(AgentConfigurationError.AGENT_EXCEPTION, e, e.toString());
        }
    }

    private static JMXConnectorServerData exportMBeanServer(MBeanServer mBeanServer, int i, boolean z, boolean z2, String str, String[] strArr, String[] strArr2, boolean z3, boolean z4, String str2, String str3, String str4) throws IOException, MalformedURLException {
        System.setProperty("java.rmi.server.randomIDs", "true");
        JMXServiceURL jMXServiceURL = new JMXServiceURL("rmi", null, 0);
        HashMap hashMap = new HashMap();
        PermanentExporter permanentExporter = new PermanentExporter();
        hashMap.put(RMIExporter.EXPORTER_ATTRIBUTE, permanentExporter);
        if (z4) {
            if (str2 != null) {
                hashMap.put("jmx.remote.x.login.config", str2);
            }
            if (str3 != null) {
                hashMap.put("jmx.remote.x.password.file", str3);
            }
            hashMap.put("jmx.remote.x.access.file", str4);
            if (hashMap.get("jmx.remote.x.password.file") != 0 || hashMap.get("jmx.remote.x.login.config") != 0) {
                hashMap.put(JMXConnectorServer.AUTHENTICATOR, new AccessFileCheckerAuthenticator(hashMap));
            }
        }
        SslRMIClientSocketFactory sslRMIClientSocketFactory = null;
        SslRMIServerSocketFactory sslRMIServerSocketFactory = null;
        if (z || z2) {
            sslRMIClientSocketFactory = new SslRMIClientSocketFactory();
            sslRMIServerSocketFactory = createSslRMIServerSocketFactory(str, strArr, strArr2, z3);
        }
        if (z) {
            hashMap.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, sslRMIClientSocketFactory);
            hashMap.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, sslRMIServerSocketFactory);
        }
        JMXConnectorServer jMXConnectorServer = null;
        try {
            jMXConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jMXServiceURL, hashMap, mBeanServer);
            jMXConnectorServer.start();
            return new JMXConnectorServerData(jMXConnectorServer, new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + jMXServiceURL.getHost() + ":" + ((UnicastRef) (z2 ? new SingleEntryRegistry(i, sslRMIClientSocketFactory, sslRMIServerSocketFactory, "jmxrmi", permanentExporter.firstExported) : new SingleEntryRegistry(i, "jmxrmi", permanentExporter.firstExported)).getRef()).getLiveRef().getPort() + "/jmxrmi"));
        } catch (IOException e) {
            if (jMXConnectorServer == null) {
                throw new AgentConfigurationError(AgentConfigurationError.CONNECTOR_SERVER_IO_ERROR, e, jMXServiceURL.toString());
            }
            throw new AgentConfigurationError(AgentConfigurationError.CONNECTOR_SERVER_IO_ERROR, e, jMXConnectorServer.getAddress().toString());
        }
    }

    private ConnectorBootstrap() {
    }
}
