package org.apache.qpid.server.model.port;

import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import org.apache.qpid.server.configuration.CommonProperties;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.messages.PortMessages;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.Connection;
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.Protocol;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.SystemConfig;
import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.VirtualHostAlias;
import org.apache.qpid.server.model.port.AbstractPort;
import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.util.ParameterizedTypes;
import org.apache.qpid.server.util.PortUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/model/port/AbstractPort.class */
public abstract class AbstractPort<X extends AbstractPort<X>> extends AbstractConfiguredObject<X> implements Port<X> {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractPort.class);
    private final Container<?> _container;
    private final EventLogger _eventLogger;

    @ManagedAttributeField
    private int _port;

    @ManagedAttributeField
    private KeyStore<?> _keyStore;

    @ManagedAttributeField
    private Collection<TrustStore> _trustStores;

    @ManagedAttributeField
    private Set<Transport> _transports;

    @ManagedAttributeField
    private Set<Protocol> _protocols;

    @ManagedAttributeField
    private AuthenticationProvider _authenticationProvider;

    @ManagedAttributeField
    private boolean _needClientAuth;

    @ManagedAttributeField
    private boolean _wantClientAuth;

    @ManagedAttributeField
    private TrustStore<?> _clientCertRecorder;

    @ManagedAttributeField
    private boolean _allowConfidentialOperationsOnInsecureChannels;

    @ManagedAttributeField
    private String _bindingAddress;
    private List<String> _tlsProtocolBlackList;
    private List<String> _tlsProtocolWhiteList;
    private List<String> _tlsCipherSuiteWhiteList;
    private List<String> _tlsCipherSuiteBlackList;

    public AbstractPort(Map<String, Object> map, Container<?> container) {
        super(container, map);
        this._container = container;
        this._eventLogger = container.getEventLogger();
        this._eventLogger.message(PortMessages.CREATE(getName()));
    }

    @Override // org.apache.qpid.server.model.Port
    public String getBindingAddress() {
        return this._bindingAddress;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onOpen() {
        super.onOpen();
        this._tlsProtocolWhiteList = (List) getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_WHITE_LIST);
        this._tlsProtocolBlackList = (List) getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_PROTOCOL_BLACK_LIST);
        this._tlsCipherSuiteWhiteList = (List) getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_WHITE_LIST);
        this._tlsCipherSuiteBlackList = (List) getContextValue(List.class, ParameterizedTypes.LIST_OF_STRINGS, CommonProperties.QPID_SECURITY_TLS_CIPHER_SUITE_BLACK_LIST);
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateOnCreate() {
        super.validateOnCreate();
        String bindingAddress = getBindingAddress();
        if (PortUtil.isPortAvailable(bindingAddress, getPort())) {
            return;
        }
        Object[] objArr = new Object[2];
        objArr[0] = Integer.valueOf(getPort());
        objArr[1] = (bindingAddress == null || "".equals(bindingAddress)) ? "*" : bindingAddress;
        throw new IllegalConfigurationException(String.format("Cannot bind to port %d and binding address '%s'. Port is already is use.", objArr));
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onValidate() {
        super.onValidate();
        boolean isUsingTLSTransport = isUsingTLSTransport();
        if (isUsingTLSTransport && getKeyStore() == null) {
            throw new IllegalConfigurationException("Can't create a port which uses a secure transport but has no KeyStore");
        }
        if (!isDurable()) {
            throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
        }
        if (getPort() != 0) {
            for (C c : this._container.getChildren(Port.class)) {
                if (c != this && (c.getPort() == getPort() || c.getBoundPort() == getPort())) {
                    throw new IllegalConfigurationException("Can't add port " + getName() + " because port number " + getPort() + " is already configured for port " + c.getName());
                }
            }
        }
        validateAuthenticationMechanisms(getAuthenticationProvider(), getTransports());
        boolean z = getNeedClientAuth() || getWantClientAuth();
        if (z && (getTrustStores() == null || getTrustStores().isEmpty())) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
        }
        if (z && !isUsingTLSTransport) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
        }
        if (z && getClientCertRecorder() != null && !(getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore)) {
            throw new IllegalConfigurationException("Only trust stores of type ManagedCertificateStore may be used as the client certificate recorder");
        }
    }

    private void validateAuthenticationMechanisms(AuthenticationProvider<?> authenticationProvider, Set<Transport> set) {
        ArrayList arrayList = new ArrayList(authenticationProvider.getMechanisms());
        if (authenticationProvider.getDisabledMechanisms() != null) {
            arrayList.removeAll(authenticationProvider.getDisabledMechanisms());
        }
        if (arrayList.isEmpty()) {
            throw new IllegalConfigurationException("The authentication provider '" + authenticationProvider.getName() + "' on port '" + getName() + "' has all authentication mechanisms disabled.");
        }
        if (!hasNonTLSTransport(set) || authenticationProvider.getSecureOnlyMechanisms() == null) {
            return;
        }
        arrayList.removeAll(authenticationProvider.getSecureOnlyMechanisms());
        if (arrayList.isEmpty()) {
            throw new IllegalConfigurationException("The port '" + getName() + "' allows for non TLS connections, but all authentication mechanisms of the authentication provider '" + authenticationProvider.getName() + "' are disabled on non-secure connections.");
        }
    }

    @Override // org.apache.qpid.server.model.Port
    public AuthenticationProvider getAuthenticationProvider() {
        return ((SystemConfig) getAncestor(SystemConfig.class)).isManagementMode() ? this._container.getManagementModeAuthenticationProvider() : this._authenticationProvider;
    }

    @Override // org.apache.qpid.server.model.Port
    public boolean isAllowConfidentialOperationsOnInsecureChannels() {
        return this._allowConfidentialOperationsOnInsecureChannels;
    }

    private boolean isUsingTLSTransport() {
        return isUsingTLSTransport(getTransports());
    }

    private boolean isUsingTLSTransport(Collection<Transport> collection) {
        return hasTransportOfType(collection, true);
    }

    private boolean hasNonTLSTransport(Collection<Transport> collection) {
        return hasTransportOfType(collection, false);
    }

    private boolean hasTransportOfType(Collection<Transport> collection, boolean z) {
        boolean z2 = false;
        if (collection != null) {
            Iterator<Transport> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (z == it.next().isSecure()) {
                    z2 = true;
                    break;
                }
            }
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        int port;
        super.validateChange(configuredObject, set);
        Port port2 = (Port) configuredObject;
        if (!getName().equals(port2.getName())) {
            throw new IllegalConfigurationException("Changing the port name is not allowed");
        }
        if (set.contains("port") && getPort() != (port = port2.getPort()) && port != 0) {
            for (C c : this._container.getChildren(Port.class)) {
                if (c.getBoundPort() == port || c.getPort() == port) {
                    throw new IllegalConfigurationException("Port number " + port + " is already in use by port " + c.getName());
                }
            }
        }
        Set<Transport> transports = port2.getTransports();
        port2.getProtocols();
        boolean isUsingTLSTransport = isUsingTLSTransport(transports);
        if (isUsingTLSTransport && port2.getKeyStore() == null) {
            throw new IllegalConfigurationException("Can't create port which requires SSL but has no key store configured.");
        }
        if (set.contains(Port.AUTHENTICATION_PROVIDER) || set.contains(Port.TRANSPORTS)) {
            validateAuthenticationMechanisms(port2.getAuthenticationProvider(), port2.getTransports());
        }
        boolean z = port2.getNeedClientAuth() || port2.getWantClientAuth();
        if (isUsingTLSTransport) {
            if ((port2.getTrustStores() == null || port2.getTrustStores().isEmpty()) && z) {
                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
            }
        } else if (z) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
        }
        if (z && port2.getClientCertRecorder() != null && !(port2.getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore)) {
            throw new IllegalConfigurationException("Only trust stores of type ManagedCertificateStore may be used as the client certificate recorder");
        }
    }

    @Override // org.apache.qpid.server.model.Port
    public int getPort() {
        return this._port;
    }

    @Override // org.apache.qpid.server.model.Port
    public Set<Transport> getTransports() {
        return this._transports;
    }

    @Override // org.apache.qpid.server.model.Port
    public Set<Protocol> getProtocols() {
        return this._protocols;
    }

    @Override // org.apache.qpid.server.model.Port
    public Collection<Connection> getConnections() {
        return getChildren(Connection.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public ListenableFuture<Void> onDelete() {
        this._eventLogger.message(PortMessages.DELETE(getType(), getName()));
        return super.onDelete();
    }

    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.ERRORED}, desiredState = State.ACTIVE)
    protected ListenableFuture<Void> activate() {
        try {
            setState(onActivate());
            return Futures.immediateFuture((Object) null);
        } catch (RuntimeException e) {
            setState(State.ERRORED);
            throw new IllegalConfigurationException("Unable to active port '" + getName() + "'of type " + getType() + " on " + getPort(), e);
        }
    }

    @StateTransition(currentState = {State.UNINITIALIZED}, desiredState = State.QUIESCED)
    private ListenableFuture<Void> startQuiesced() {
        setState(State.QUIESCED);
        return Futures.immediateFuture((Object) null);
    }

    @Override // org.apache.qpid.server.model.Port
    public NamedAddressSpace getAddressSpace(String str) {
        TreeSet treeSet = new TreeSet(VirtualHostAlias.COMPARATOR);
        treeSet.addAll(getChildren(VirtualHostAlias.class));
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            NamedAddressSpace addressSpace = ((VirtualHostAlias) it.next()).getAddressSpace(str);
            if (addressSpace != null) {
                return addressSpace;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public State onActivate() {
        return State.ACTIVE;
    }

    @Override // org.apache.qpid.server.model.Port
    public List<String> getTlsProtocolWhiteList() {
        return this._tlsProtocolWhiteList;
    }

    @Override // org.apache.qpid.server.model.Port
    public List<String> getTlsProtocolBlackList() {
        return this._tlsProtocolBlackList;
    }

    @Override // org.apache.qpid.server.model.Port
    public List<String> getTlsCipherSuiteWhiteList() {
        return this._tlsCipherSuiteWhiteList;
    }

    @Override // org.apache.qpid.server.model.Port
    public List<String> getTlsCipherSuiteBlackList() {
        return this._tlsCipherSuiteBlackList;
    }

    @Override // org.apache.qpid.server.model.Port
    public KeyStore getKeyStore() {
        return this._keyStore;
    }

    @Override // org.apache.qpid.server.model.Port
    public Collection<TrustStore> getTrustStores() {
        return this._trustStores;
    }

    @Override // org.apache.qpid.server.model.Port
    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    @Override // org.apache.qpid.server.model.Port
    public TrustStore<?> getClientCertRecorder() {
        return this._clientCertRecorder;
    }

    @Override // org.apache.qpid.server.model.Port
    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    @Override // org.apache.qpid.server.model.Port
    public SubjectCreator getSubjectCreator(boolean z, String str) {
        return new SubjectCreator(getAuthenticationProvider(), this._container.getChildren(GroupProvider.class), str != null ? getAddressSpace(str) : null);
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    protected void logOperation(String str) {
        this._eventLogger.message(PortMessages.OPERATION(str));
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public String toString() {
        return getCategoryClass().getSimpleName() + "[id=" + getId() + ", name=" + getName() + ", type=" + getType() + ", port=" + getPort() + "]";
    }
}
