package org.apache.qpid.server.management;

import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.management.JMException;
import javax.management.MBeanServer;
import javax.management.MBeanServerFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.sasl.AuthorizeCallback;
import org.apache.log4j.Logger;
import org.apache.qpid.AMQException;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.registry.IApplicationRegistry;
import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase;
import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedInitialiser;

/* loaded from: input_file:org/apache/qpid/server/management/JMXManagedObjectRegistry.class */
public class JMXManagedObjectRegistry implements ManagedObjectRegistry {
    private static final Logger _log = Logger.getLogger(JMXManagedObjectRegistry.class);
    private final MBeanServer _mbeanServer;
    private Registry _rmiRegistry;
    private JMXServiceURL _jmxURL;
    public static final String MANAGEMENT_PORT_CONFIG_PATH = "management.jmxport";
    public static final int MANAGEMENT_PORT_DEFAULT = 8999;

    /* loaded from: input_file:org/apache/qpid/server/management/JMXManagedObjectRegistry$UserCallbackHandler.class */
    private class UserCallbackHandler implements CallbackHandler {
        private final PrincipalDatabase _principalDatabase;

        protected UserCallbackHandler(PrincipalDatabase principalDatabase) {
            this._principalDatabase = principalDatabase;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    nameCallback = (NameCallback) callbackArr[i];
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    passwordCallback = (PasswordCallback) callbackArr[i];
                } else {
                    if (!(callbackArr[i] instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i]);
                    }
                    ((AuthorizeCallback) callbackArr[i]).setAuthorized(true);
                }
            }
            boolean z = false;
            if (nameCallback != null && passwordCallback != null) {
                try {
                    z = this._principalDatabase.verifyPassword(nameCallback.getDefaultName(), passwordCallback.getPassword());
                } catch (AccountNotFoundException e) {
                    IOException iOException = new IOException("User not authorized.  " + e);
                    iOException.initCause(e);
                    throw iOException;
                }
            }
            if (!z) {
                throw new IOException("User not authorized.");
            }
        }
    }

    public JMXManagedObjectRegistry() throws AMQException {
        _log.info("Initialising managed object registry using platform MBean server");
        this._mbeanServer = ApplicationRegistry.getInstance().getConfiguration().getBoolean("management.platform-mbeanserver", true) ? ManagementFactory.getPlatformMBeanServer() : MBeanServerFactory.createMBeanServer(ManagedObject.DOMAIN);
    }

    @Override // org.apache.qpid.server.management.ManagedObjectRegistry
    public void start() throws IOException {
        if (areOutOfTheBoxJMXOptionsSet()) {
            _log.info("JMX: Using the out of the box JMX Agent");
            return;
        }
        IApplicationRegistry applicationRegistry = ApplicationRegistry.getInstance();
        boolean z = applicationRegistry.getConfiguration().getBoolean("management.security-enabled", false);
        int i = applicationRegistry.getConfiguration().getInt(MANAGEMENT_PORT_CONFIG_PATH, MANAGEMENT_PORT_DEFAULT);
        if (!z) {
            startJMXConnectorServer(i);
            _log.warn("JMX: Started JMXConnector server on port '" + i + "' with security disabled");
            return;
        }
        this._jmxURL = new JMXServiceURL("jmxmp", (String) null, i);
        HashMap hashMap = new HashMap();
        PrincipalDatabase principalDatabase = null;
        Iterator<Map.Entry<String, PrincipalDatabase>> it = applicationRegistry.getDatabaseManager().getDatabases().entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, PrincipalDatabase> next = it.next();
            if (next.getValue() instanceof Base64MD5PasswordFilePrincipalDatabase) {
                principalDatabase = next.getValue();
                break;
            } else if (next.getValue() instanceof PlainPasswordFilePrincipalDatabase) {
                principalDatabase = next.getValue();
            }
        }
        if (principalDatabase instanceof Base64MD5PasswordFilePrincipalDatabase) {
            hashMap.put("jmx.remote.profiles", "SASL/CRAM-MD5");
            CRAMMD5HashedInitialiser cRAMMD5HashedInitialiser = new CRAMMD5HashedInitialiser();
            cRAMMD5HashedInitialiser.initialise(principalDatabase);
            hashMap.put("jmx.remote.sasl.callback.handler", cRAMMD5HashedInitialiser.getCallbackHandler());
        } else if (principalDatabase instanceof PlainPasswordFilePrincipalDatabase) {
            hashMap.put("jmx.remote.profiles", "SASL/PLAIN");
            hashMap.put("jmx.remote.sasl.callback.handler", new UserCallbackHandler(principalDatabase));
        }
        JMXConnectorServer newJMXConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(this._jmxURL, hashMap, this._mbeanServer);
        newJMXConnectorServer.setMBeanServerForwarder(MBeanInvocationHandlerImpl.newProxyInstance());
        newJMXConnectorServer.start();
        _log.warn("JMX: Started JMXConnector server  on port '" + i + "' with SASL");
    }

    private void startJMXConnectorServer(int i) throws IOException {
        startRMIRegistry(i);
        this._jmxURL = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:" + i + "/jmxrmi");
        JMXConnectorServerFactory.newJMXConnectorServer(this._jmxURL, (Map) null, this._mbeanServer).start();
    }

    @Override // org.apache.qpid.server.management.ManagedObjectRegistry
    public void registerObject(ManagedObject managedObject) throws JMException {
        this._mbeanServer.registerMBean(managedObject, managedObject.getObjectName());
    }

    @Override // org.apache.qpid.server.management.ManagedObjectRegistry
    public void unregisterObject(ManagedObject managedObject) throws JMException {
        this._mbeanServer.unregisterMBean(managedObject.getObjectName());
    }

    private boolean areOutOfTheBoxJMXOptionsSet() {
        return (System.getProperty("com.sun.management.jmxremote") == null && System.getProperty("com.sun.management.jmxremote.port") == null) ? false : true;
    }

    private void startRMIRegistry(int i) throws RemoteException {
        System.setProperty("java.rmi.server.randomIDs", "true");
        this._rmiRegistry = LocateRegistry.createRegistry(i);
    }

    @Override // org.apache.qpid.server.management.ManagedObjectRegistry
    public void close() throws RemoteException {
        if (this._rmiRegistry != null) {
            UnicastRemoteObject.unexportObject(this._rmiRegistry, true);
        }
    }
}
