package com.gemstone.gemfire.management.internal.security;

import com.gemstone.gemfire.GemFireConfigException;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.security.Authenticator;
import java.lang.management.ManagementFactory;
import java.security.AccessController;
import java.security.Principal;
import java.util.Collections;
import java.util.Properties;
import java.util.Set;
import javax.management.InstanceAlreadyExistsException;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.QueryExp;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.MBeanServerForwarder;
import javax.security.auth.Subject;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/gemstone/gemfire/management/internal/security/ManagementInterceptor.class */
public class ManagementInterceptor implements JMXAuthenticator {
    public static final String USER_NAME = "security-username";
    public static final String PASSWORD = "security-password";
    public static final String OBJECT_NAME_ACCESSCONTROL = "GemFire:service=AccessControl,type=Distributed";
    private MBeanServerWrapper mBeanServerForwarder = new MBeanServerWrapper(this);
    private Logger logger;
    private static Class accessControlKlass = null;
    private static Class authenticatorClass = null;

    public ManagementInterceptor(Logger logger) {
        this.logger = logger;
        registerAccessContorlMbean();
        LogService.getLogger().info("Starting management interceptor");
    }

    private void registerAccessContorlMbean() {
        try {
            AccessControl accessControl = new AccessControl(this);
            ObjectName objectName = new ObjectName(OBJECT_NAME_ACCESSCONTROL);
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            if (platformMBeanServer.queryNames(objectName, (QueryExp) null).isEmpty()) {
                try {
                    try {
                        try {
                            platformMBeanServer.registerMBean(accessControl, objectName);
                            this.logger.info("Registered AccessContorlMBean on " + objectName);
                        } catch (NotCompliantMBeanException e) {
                            throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e);
                        }
                    } catch (InstanceAlreadyExistsException e2) {
                        throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e2);
                    }
                } catch (MBeanRegistrationException e3) {
                    throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e3);
                }
            }
        } catch (MalformedObjectNameException e4) {
            e4.printStackTrace();
        }
    }

    public Subject authenticate(Object obj) {
        String str;
        String str2;
        if (obj instanceof String[]) {
            String[] strArr = (String[]) obj;
            str = strArr[0];
            str2 = strArr[1];
        } else {
            if (obj == null) {
            }
            str = "empty";
            str2 = "emptypwd";
        }
        Properties properties = new Properties();
        properties.put(USER_NAME, str);
        properties.put(PASSWORD, str2);
        getAuthenticator(properties).authenticate(properties, null);
        return new Subject(true, Collections.singleton(new JMXPrincipal(str)), Collections.EMPTY_SET, Collections.EMPTY_SET);
    }

    public void authorize(ObjectName objectName, String str, Object[] objArr) {
        Subject subject;
        try {
            if (objectName.equals(new ObjectName(OBJECT_NAME_ACCESSCONTROL))) {
                this.logger.info("Granting access to accessContorlMXBean.. name=" + objectName);
                return;
            }
        } catch (MalformedObjectNameException e) {
        }
        if ("GemFire".equals(objectName.getDomain()) && (subject = Subject.getSubject(AccessController.getContext())) != null) {
            if (str.equals("createMBean") || str.equals("unregisterMBean")) {
                throw new SecurityException("Access denied");
            }
            Set principals = subject.getPrincipals(JMXPrincipal.class);
            subject.getPublicCredentials();
            if (principals == null || principals.isEmpty()) {
                throw new SecurityException("Access denied");
            }
            Principal principal = (Principal) principals.iterator().next();
            LogService.getLogger().info("Name=" + objectName + " methodName=" + str + " principal=" + principal.getName());
            if ("getAttribute".equals(str) || "getAttributes".equals(str)) {
                return;
            }
            boolean authorizeOperation = getAccessControl(principal).authorizeOperation(null, buildContext(objectName, str, objArr));
            LogService.getLogger().info("Name=" + objectName + " methodName=" + str + " result=" + authorizeOperation + " principal=" + principal.getName());
            if (!authorizeOperation) {
                throw new SecurityException("Access denied");
            }
        }
    }

    public MBeanServerForwarder getMBeanServerForwarder() {
        return this.mBeanServerForwarder;
    }

    public com.gemstone.gemfire.security.AccessControl getAccessControl(Principal principal) {
        if (accessControlKlass == null) {
            try {
                accessControlKlass = Class.forName(System.getProperty(ResourceConstants.RESORUCE_AUTH_ACCESSOR));
            } catch (ClassNotFoundException e) {
                this.logger.error(e);
                throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e);
            }
        }
        try {
            com.gemstone.gemfire.security.AccessControl accessControl = (com.gemstone.gemfire.security.AccessControl) accessControlKlass.newInstance();
            accessControl.init(principal, null, null);
            LogService.getLogger().info("Returning resource accessControl");
            return accessControl;
        } catch (IllegalAccessException e2) {
            this.logger.error(e2);
            throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e2);
        } catch (InstantiationException e3) {
            this.logger.error(e3);
            throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e3);
        }
    }

    private Authenticator getAuthenticator(Properties properties) {
        if (authenticatorClass == null) {
            try {
                authenticatorClass = Class.forName(System.getProperty(ResourceConstants.RESORUCE_AUTHENTICATOR));
            } catch (ClassNotFoundException e) {
                this.logger.error(e);
                throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e);
            }
        }
        try {
            Authenticator authenticator = (Authenticator) authenticatorClass.newInstance();
            authenticator.init(properties, null, null);
            LogService.getLogger().info("Returning resource authenticator " + authenticator);
            return authenticator;
        } catch (IllegalAccessException e2) {
            this.logger.error(e2);
            throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e2);
        } catch (InstantiationException e3) {
            this.logger.error(e3);
            throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource", e3);
        }
    }

    private ResourceOperationContext buildContext(ObjectName objectName, String str, Object[] objArr) {
        if (objArr != null) {
            LogService.getLogger().info("Params length=" + objArr.length);
            for (int i = 0; i < objArr.length; i++) {
                LogService.getLogger().info("Params[" + i + "] is " + arrayString(objArr[i]));
            }
        }
        if (objectName.getKeyProperty("service") == null && "processCommand".equals(str)) {
            CLIOperationContext cLIOperationContext = new CLIOperationContext((String) ((Object[]) objArr[0])[0]);
            LogService.getLogger().info("Returning CLIContext for " + str);
            return cLIOperationContext;
        }
        JMXOperationContext jMXOperationContext = new JMXOperationContext(objectName, str);
        LogService.getLogger().info("Returning JMXOperationContext for " + str);
        return jMXOperationContext;
    }

    private String arrayString(Object obj) {
        StringBuilder sb = new StringBuilder();
        if (obj instanceof Object[]) {
            for (Object obj2 : (Object[]) obj) {
                sb.append(obj2).append(" ");
            }
        }
        return sb.toString();
    }
}
