package org.apache.geode.management.internal;

import com.healthmarketscience.rmiio.exporter.RemoteStreamExporter;
import java.io.IOException;
import java.io.Serializable;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.UnknownHostException;
import java.rmi.AlreadyBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.UnicastRemoteObject;
import java.util.HashMap;
import javax.management.InstanceAlreadyExistsException;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.ObjectName;
import javax.management.QueryExp;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnectorServer;
import javax.management.remote.rmi.RMIJRMPServerImpl;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.geode.GemFireConfigException;
import org.apache.geode.cache.CacheFactory;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.internal.GemFireVersion;
import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.security.shiro.JMXShiroAuthenticator;
import org.apache.geode.internal.tcp.TCPConduit;
import org.apache.geode.management.ManagementException;
import org.apache.geode.management.ManagementService;
import org.apache.geode.management.ManagerMXBean;
import org.apache.geode.management.internal.beans.FileUploader;
import org.apache.geode.management.internal.security.AccessControlMBean;
import org.apache.geode.management.internal.security.MBeanServerWrapper;
import org.apache.geode.management.internal.security.ResourceConstants;
import org.apache.geode.management.internal.unsafe.ReadOpFileAccessController;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.server.Server;

/* loaded from: input_file:org/apache/geode/management/internal/ManagementAgent.class */
public class ManagementAgent {
    private static final Logger logger = LogService.getLogger();
    private Registry registry;
    private JMXConnectorServer jmxConnectorServer;
    private JMXShiroAuthenticator shiroAuthenticator;
    private final DistributionConfig config;
    private final SecurityService securityService;
    private RMIClientSocketFactory rmiClientSocketFactory;
    private RMIServerSocketFactory rmiServerSocketFactory;
    private int port;
    private static final String PULSE_EMBEDDED_PROP = "pulse.embedded";
    private static final String PULSE_HOST_PROP = "pulse.host";
    private static final String PULSE_PORT_PROP = "pulse.port";
    private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
    private static final String PULSE_USESSL_LOCATOR = "pulse.useSSL.locator";
    private Server httpServer;
    private boolean running = false;
    private boolean isHttpServiceRunning = false;
    private RemoteStreamExporter remoteStreamExporter = null;
    private final String GEMFIRE_VERSION = GemFireVersion.getGemFireVersion();
    private final AgentUtil agentUtil = new AgentUtil(this.GEMFIRE_VERSION);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geode/management/internal/ManagementAgent$GemFireRMIServerSocketFactory.class */
    public static class GemFireRMIServerSocketFactory implements RMIServerSocketFactory, Serializable {
        private static final long serialVersionUID = -811909050641332716L;
        private transient SocketCreator sc;
        private final InetAddress bindAddr;

        public GemFireRMIServerSocketFactory(SocketCreator socketCreator, InetAddress inetAddress) {
            this.sc = socketCreator;
            this.bindAddr = inetAddress;
        }

        public ServerSocket createServerSocket(int i) throws IOException {
            return this.sc.createServerSocket(i, TCPConduit.getBackLog(), this.bindAddr);
        }
    }

    public ManagementAgent(DistributionConfig distributionConfig, SecurityService securityService) {
        this.config = distributionConfig;
        this.securityService = securityService;
    }

    public synchronized boolean isRunning() {
        return this.running;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean isHttpServiceRunning() {
        return this.isHttpServiceRunning;
    }

    private synchronized void setHttpServiceRunning(boolean z) {
        this.isHttpServiceRunning = z;
    }

    private boolean isAPIRestServiceRunning(InternalCache internalCache) {
        return (internalCache == null || internalCache.getRestAgent() == null || !internalCache.getRestAgent().isRunning()) ? false : true;
    }

    private boolean isServerNode(InternalCache internalCache) {
        return (internalCache.getInternalDistributedSystem().getDistributedMember().getVmKind() == 11 || internalCache.getInternalDistributedSystem().getDistributedMember().getVmKind() == 12 || internalCache.isClient()) ? false : true;
    }

    public synchronized void startAgent(InternalCache internalCache) {
        if (!isAPIRestServiceRunning(internalCache)) {
            startHttpService(isServerNode(internalCache));
        } else if (logger.isDebugEnabled()) {
            logger.debug("Developer REST APIs webapp is already running, Not Starting M&M REST and pulse!");
        }
        if (this.running || this.config.getJmxManagerPort() == 0) {
            return;
        }
        try {
            configureAndStart();
            this.running = true;
        } catch (IOException e) {
            throw new ManagementException(e);
        }
    }

    public synchronized void stopAgent() {
        stopHttpService();
        if (this.running) {
            if (logger.isDebugEnabled()) {
                logger.debug("Stopping jmx manager agent");
            }
            try {
                this.jmxConnectorServer.stop();
                UnicastRemoteObject.unexportObject(this.registry, true);
                this.running = false;
            } catch (Exception e) {
                throw new ManagementException(e);
            }
        }
    }

    private void startHttpService(boolean z) {
        ManagerMXBean managerMXBean = ((SystemManagementService) ManagementService.getManagementService(CacheFactory.getAnyInstance())).getManagerMXBean();
        if (this.config.getHttpServicePort() == 0) {
            setStatusMessage(managerMXBean, "Embedded HTTP server configured not to start (http-service-port=0) or (jmx-manager-http-port=0)");
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Attempting to start HTTP service on port ({}) at bind-address ({})...", Integer.valueOf(this.config.getHttpServicePort()), this.config.getHttpServiceBindAddress());
        }
        String findWarLocation = this.agentUtil.findWarLocation("geode-web");
        if (findWarLocation == null && logger.isDebugEnabled()) {
            logger.debug("Unable to find GemFire Management REST API WAR file; the Management REST Interface for GemFire will not be accessible.");
        }
        String findWarLocation2 = this.agentUtil.findWarLocation("geode-pulse");
        if (findWarLocation2 == null) {
            setStatusMessage(managerMXBean, "Unable to find Pulse web application WAR file; Pulse for GemFire will not be accessible");
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to find Pulse web application WAR file; Pulse for GemFire will not be accessible");
            }
        } else {
            String jmxManagerPasswordFile = this.config.getJmxManagerPasswordFile();
            if (this.securityService.isIntegratedSecurity() || StringUtils.isNotBlank(jmxManagerPasswordFile)) {
                System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
            }
        }
        String findWarLocation3 = this.agentUtil.findWarLocation("geode-web-api");
        if (findWarLocation3 == null) {
            setStatusMessage(managerMXBean, "Unable to find GemFire Developer REST API WAR file; the Developer REST Interface for GemFire will not be accessible.");
            if (logger.isDebugEnabled()) {
                logger.debug("Unable to find GemFire Developer REST API WAR file; the Developer REST Interface for GemFire will not be accessible.");
            }
        }
        try {
            if (this.agentUtil.isWebApplicationAvailable(findWarLocation, findWarLocation2, findWarLocation3)) {
                String httpServiceBindAddress = this.config.getHttpServiceBindAddress();
                int httpServicePort = this.config.getHttpServicePort();
                boolean z2 = false;
                this.httpServer = JettyHelper.initJetty(httpServiceBindAddress, httpServicePort, SSLConfigurationFactory.getSSLConfigForComponent(this.config, SecurableCommunicationChannel.WEB));
                if (this.agentUtil.isWebApplicationAvailable(findWarLocation)) {
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/gemfire", findWarLocation, this.securityService);
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/geode-mgmt", findWarLocation, this.securityService);
                }
                if (this.agentUtil.isWebApplicationAvailable(findWarLocation2)) {
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/pulse", findWarLocation2, this.securityService);
                }
                if (!z || !this.config.getStartDevRestApi()) {
                    setStatusMessage(managerMXBean, "Developer REST API web application will not start when start-dev-rest-api is not set and node is not server");
                    if (logger.isDebugEnabled()) {
                        logger.debug("Developer REST API web application will not start when start-dev-rest-api is not set and node is not server");
                    }
                } else if (this.agentUtil.isWebApplicationAvailable(findWarLocation3)) {
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/geode", findWarLocation3, this.securityService);
                    this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/gemfire-api", findWarLocation3, this.securityService);
                    z2 = true;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Starting HTTP embedded server on port ({}) at bind-address ({})...", Integer.valueOf(this.httpServer.getConnectors()[0].getPort()), httpServiceBindAddress);
                }
                System.setProperty(PULSE_EMBEDDED_PROP, DistributionConfig.CLIENT_CONFLATION_PROP_VALUE_ON);
                System.setProperty(PULSE_HOST_PROP, "" + this.config.getJmxManagerBindAddress());
                System.setProperty(PULSE_PORT_PROP, "" + this.config.getJmxManagerPort());
                SocketCreator socketCreatorForComponent = SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
                SocketCreator socketCreatorForComponent2 = SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR);
                System.setProperty(PULSE_USESSL_MANAGER, socketCreatorForComponent.useSSL() + "");
                System.setProperty(PULSE_USESSL_LOCATOR, socketCreatorForComponent2.useSSL() + "");
                this.httpServer = JettyHelper.startJetty(this.httpServer);
                if (this.agentUtil.isWebApplicationAvailable(findWarLocation2)) {
                    managerMXBean.setPulseURL("http://".concat(getHost(httpServiceBindAddress)).concat(":").concat(String.valueOf(httpServicePort)).concat("/pulse/"));
                }
                if (z2) {
                    ((InternalCache) CacheFactory.getAnyInstance()).setRESTServiceRunning(true);
                    RestAgent.createParameterizedQueryRegion();
                }
                setHttpServiceRunning(true);
            }
        } catch (Exception e) {
            stopHttpService();
            setStatusMessage(managerMXBean, "HTTP service failed to start with " + e.getClass().getSimpleName() + " '" + e.getMessage() + "'");
            throw new ManagementException("HTTP service failed to start", e);
        }
    }

    private String getHost(String str) throws UnknownHostException {
        return StringUtils.isNotBlank(this.config.getJmxManagerHostnameForClients()) ? this.config.getJmxManagerHostnameForClients() : StringUtils.isNotBlank(str) ? InetAddress.getByName(str).getHostAddress() : SocketCreator.getLocalHost().getHostAddress();
    }

    private void setStatusMessage(ManagerMXBean managerMXBean, String str) {
        managerMXBean.setPulseURL("");
        managerMXBean.setStatusMessage(str);
    }

    private void stopHttpService() {
        if (this.httpServer != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Stopping the HTTP service...");
            }
            try {
                try {
                    try {
                        this.httpServer.stop();
                        this.httpServer.destroy();
                    } catch (Exception e) {
                        logger.error("Failed to properly release resources held by the HTTP service: {}", e.getMessage(), e);
                    } finally {
                    }
                } catch (Exception e2) {
                    try {
                        logger.warn("Failed to stop the HTTP service because: {}", e2.getMessage(), e2);
                        this.httpServer.destroy();
                    } catch (Exception e3) {
                        logger.error("Failed to properly release resources held by the HTTP service: {}", e3.getMessage(), e3);
                    } finally {
                    }
                }
            } catch (Throwable th) {
                try {
                    try {
                        this.httpServer.destroy();
                    } catch (Exception e4) {
                        logger.error("Failed to properly release resources held by the HTTP service: {}", e4.getMessage(), e4);
                        this.httpServer = null;
                        System.clearProperty("catalina.base");
                        System.clearProperty("catalina.home");
                    }
                    throw th;
                } catch (Throwable th2) {
                    throw th2;
                }
            }
        }
    }

    private void configureAndStart() throws IOException {
        String jmxManagerBindAddress;
        InetAddress byName;
        this.port = this.config.getJmxManagerPort();
        if (StringUtils.isBlank(this.config.getJmxManagerBindAddress())) {
            jmxManagerBindAddress = SocketCreator.getLocalHost().getHostName();
            byName = null;
        } else {
            jmxManagerBindAddress = this.config.getJmxManagerBindAddress();
            byName = InetAddress.getByName(jmxManagerBindAddress);
        }
        String jmxManagerHostnameForClients = this.config.getJmxManagerHostnameForClients();
        if (StringUtils.isNotBlank(jmxManagerHostnameForClients)) {
            System.setProperty("java.rmi.server.hostname", jmxManagerHostnameForClients);
        }
        SocketCreator socketCreatorForComponent = SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
        boolean useSSL = socketCreatorForComponent.useSSL();
        if (logger.isDebugEnabled()) {
            logger.debug("Starting jmx manager agent on port {}{}", Integer.valueOf(this.port), (byName != null ? " bound to " + byName : "") + (useSSL ? " using SSL" : ""));
        }
        this.rmiClientSocketFactory = useSSL ? new SslRMIClientSocketFactory() : null;
        this.rmiServerSocketFactory = new GemFireRMIServerSocketFactory(socketCreatorForComponent, byName);
        System.setProperty("sun.rmi.dgc.server.gcInterval", Long.toString(9223372036854775806L));
        this.registry = LocateRegistry.createRegistry(this.port, this.rmiClientSocketFactory, this.rmiServerSocketFactory);
        MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
        HashMap hashMap = new HashMap();
        final RMIJRMPServerImpl rMIJRMPServerImpl = new RMIJRMPServerImpl(this.port, this.rmiClientSocketFactory, this.rmiServerSocketFactory, hashMap);
        final JMXServiceURL jMXServiceURL = new JMXServiceURL("service:jmx:rmi://" + jmxManagerBindAddress + ":" + this.port + "/jndi/rmi://" + jmxManagerBindAddress + ":" + this.port + "/jmxrmi");
        this.jmxConnectorServer = new RMIConnectorServer(new JMXServiceURL("rmi", jmxManagerBindAddress, this.port), hashMap, rMIJRMPServerImpl, platformMBeanServer) { // from class: org.apache.geode.management.internal.ManagementAgent.1
            public JMXServiceURL getAddress() {
                return jMXServiceURL;
            }

            public synchronized void start() throws IOException {
                try {
                    ManagementAgent.this.registry.bind("jmxrmi", rMIJRMPServerImpl);
                    super.start();
                } catch (AlreadyBoundException e) {
                    throw new IOException(e.getMessage(), e);
                }
            }
        };
        if (this.securityService.isIntegratedSecurity()) {
            this.shiroAuthenticator = new JMXShiroAuthenticator(this.securityService);
            hashMap.put("jmx.remote.authenticator", this.shiroAuthenticator);
            this.jmxConnectorServer.addNotificationListener(this.shiroAuthenticator, (NotificationFilter) null, this.jmxConnectorServer.getAttributes());
            this.jmxConnectorServer.setMBeanServerForwarder(new MBeanServerWrapper(this.securityService));
        } else {
            String jmxManagerPasswordFile = this.config.getJmxManagerPasswordFile();
            if (jmxManagerPasswordFile != null && jmxManagerPasswordFile.length() > 0) {
                hashMap.put("jmx.remote.x.password.file", jmxManagerPasswordFile);
            }
            String jmxManagerAccessFile = this.config.getJmxManagerAccessFile();
            if (jmxManagerAccessFile != null && jmxManagerAccessFile.length() > 0) {
                new ReadOpFileAccessController(jmxManagerAccessFile).setMBeanServer(platformMBeanServer);
            }
        }
        registerAccessControlMBean();
        registerFileUploaderMBean();
        this.jmxConnectorServer.start();
        if (logger.isDebugEnabled()) {
            logger.debug("Finished starting jmx manager agent.");
        }
    }

    private void registerAccessControlMBean() {
        try {
            AccessControlMBean accessControlMBean = new AccessControlMBean(this.securityService);
            ObjectName objectName = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL);
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            if (platformMBeanServer.queryNames(objectName, (QueryExp) null).isEmpty()) {
                try {
                    platformMBeanServer.registerMBean(accessControlMBean, objectName);
                    logger.info("Registered AccessControlMBean on " + objectName);
                } catch (InstanceAlreadyExistsException | MBeanRegistrationException | NotCompliantMBeanException e) {
                    throw new GemFireConfigException("Error while configuring access control for jmx resource", e);
                }
            }
        } catch (MalformedObjectNameException e2) {
            throw new GemFireConfigException("Error while configuring access control for jmx resource", e2);
        }
    }

    private void registerFileUploaderMBean() {
        try {
            ObjectName objectName = new ObjectName(ManagementConstants.OBJECTNAME__FILEUPLOADER_MBEAN);
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            if (platformMBeanServer.queryNames(objectName, (QueryExp) null).isEmpty()) {
                platformMBeanServer.registerMBean(new FileUploader(getRemoteStreamExporter()), objectName);
                logger.info("Registered FileUploaderMBean on " + objectName);
            }
        } catch (InstanceAlreadyExistsException | MBeanRegistrationException | NotCompliantMBeanException | MalformedObjectNameException e) {
            throw new GemFireConfigException("Error while configuring FileUploader MBean", e);
        }
    }

    public JMXConnectorServer getJmxConnectorServer() {
        return this.jmxConnectorServer;
    }

    public synchronized RemoteStreamExporter getRemoteStreamExporter() {
        if (this.remoteStreamExporter == null) {
            this.remoteStreamExporter = new GeodeRemoteStreamExporter(this.port, this.rmiClientSocketFactory, this.rmiServerSocketFactory);
        }
        return this.remoteStreamExporter;
    }
}
