package org.graylog2.bootstrap;

import com.codahale.metrics.MetricRegistry;
import com.codahale.metrics.jmx.JmxReporter;
import com.codahale.metrics.log4j2.InstrumentedAppender;
import com.github.joschi.jadconfig.JadConfig;
import com.github.joschi.jadconfig.ParameterException;
import com.github.joschi.jadconfig.Repository;
import com.github.joschi.jadconfig.RepositoryException;
import com.github.joschi.jadconfig.ValidationException;
import com.github.joschi.jadconfig.guava.GuavaConverterFactory;
import com.github.joschi.jadconfig.guice.NamedConfigParametersModule;
import com.github.joschi.jadconfig.jodatime.JodaTimeConverterFactory;
import com.github.joschi.jadconfig.repositories.EnvironmentRepository;
import com.github.joschi.jadconfig.repositories.PropertiesRepository;
import com.github.joschi.jadconfig.repositories.SystemPropertiesRepository;
import com.github.rvesse.airline.annotations.Command;
import com.github.rvesse.airline.annotations.Option;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.google.inject.Binder;
import com.google.inject.CreationException;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Stage;
import com.google.inject.name.Names;
import com.google.inject.spi.Message;
import io.netty.util.internal.logging.InternalLoggerFactory;
import io.netty.util.internal.logging.Slf4JLoggerFactory;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.nio.file.AccessDeniedException;
import java.nio.file.Path;
import java.security.Security;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.core.Filter;
import org.apache.logging.log4j.core.Layout;
import org.apache.logging.log4j.core.LoggerContext;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.graylog2.Configuration;
import org.graylog2.bootstrap.commands.MigrateCmd;
import org.graylog2.configuration.PathConfiguration;
import org.graylog2.configuration.TLSProtocolsConfiguration;
import org.graylog2.featureflag.FeatureFlags;
import org.graylog2.featureflag.FeatureFlagsFactory;
import org.graylog2.plugin.DocsHelper;
import org.graylog2.plugin.Plugin;
import org.graylog2.plugin.PluginBootstrapConfig;
import org.graylog2.plugin.PluginLoaderConfig;
import org.graylog2.plugin.PluginMetaData;
import org.graylog2.plugin.ServerStatus;
import org.graylog2.plugin.Tools;
import org.graylog2.plugin.Version;
import org.graylog2.plugin.system.NodeIdPersistenceException;
import org.graylog2.shared.UI;
import org.graylog2.shared.bindings.GuiceInjectorHolder;
import org.graylog2.shared.bindings.IsDevelopmentBindings;
import org.graylog2.shared.bindings.PluginBindings;
import org.graylog2.shared.metrics.MetricRegistryFactory;
import org.graylog2.shared.plugins.ChainingClassLoader;
import org.graylog2.shared.plugins.PluginLoader;
import org.graylog2.shared.utilities.ExceptionUtils;
import org.graylog2.storage.UnsupportedSearchException;
import org.graylog2.storage.versionprobe.ElasticsearchProbeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/bootstrap/CmdLineTool.class */
public abstract class CmdLineTool implements CliCommand {
    public static final String GRAYLOG_ENVIRONMENT_VAR_PREFIX = "GRAYLOG_";
    public static final String GRAYLOG_SYSTEM_PROP_PREFIX = "graylog.";
    private static final Logger LOG;
    protected static final Version version;
    protected static final String FILE_SEPARATOR;
    protected static final String TMPDIR;
    protected final JadConfig jadConfig;
    protected final Configuration configuration;
    protected final ChainingClassLoader chainingClassLoader;

    @Option(name = {"--dump-config"}, description = "Show the effective Graylog configuration and exit")
    protected boolean dumpConfig;

    @Option(name = {"--dump-default-config"}, description = "Show the default configuration and exit")
    protected boolean dumpDefaultConfig;

    @Option(name = {"-d", "--debug"}, description = "Run Graylog in debug mode")
    private boolean debug;

    @Option(name = {"-f", "--configfile"}, description = "Configuration file for Graylog")
    private String configFile;

    @Option(name = {"-ff", "--featureflagfile"}, description = "Configuration file for Graylog feature flags")
    private String customFeatureFlagFile;
    protected String commandName;
    protected Injector injector;
    protected Injector bootstrapConfigInjector;
    protected FeatureFlags featureFlags;
    protected PluginLoader pluginLoader;

    protected CmdLineTool(Configuration configuration) {
        this(null, configuration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CmdLineTool(String str, Configuration configuration) {
        this.dumpConfig = false;
        this.dumpDefaultConfig = false;
        this.debug = false;
        this.configFile = "/etc/graylog/server/server.conf";
        this.customFeatureFlagFile = "/etc/graylog/server/feature-flag.conf";
        this.commandName = "command";
        this.jadConfig = new JadConfig();
        this.jadConfig.addConverterFactory(new GuavaConverterFactory());
        this.jadConfig.addConverterFactory(new JodaTimeConverterFactory());
        if (str != null) {
            this.commandName = str;
        } else if (getClass().isAnnotationPresent(Command.class)) {
            this.commandName = getClass().getAnnotation(Command.class).name();
        } else {
            this.commandName = "tool";
        }
        this.configuration = configuration;
        this.chainingClassLoader = new ChainingClassLoader(getClass().getClassLoader());
    }

    protected boolean validateConfiguration() {
        return true;
    }

    public boolean isDumpConfig() {
        return this.dumpConfig;
    }

    public boolean isDumpDefaultConfig() {
        return this.dumpDefaultConfig;
    }

    public boolean isDebug() {
        return this.debug;
    }

    protected abstract List<Module> getCommandBindings(FeatureFlags featureFlags);

    protected abstract List<Object> getCommandConfigurationBeans();

    public boolean isMigrationCommand() {
        return this.commandName.equals(MigrateCmd.MIGRATION_COMMAND);
    }

    protected void beforeStart() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void beforeStart(TLSProtocolsConfiguration tLSProtocolsConfiguration, PathConfiguration pathConfiguration) {
    }

    protected void beforeInjectorCreation(Set<Plugin> set) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void applySecuritySettings(TLSProtocolsConfiguration tLSProtocolsConfiguration) {
        setSystemPropertyIfEmpty("jdk.tls.ephemeralDHKeySize", "2048");
        setSystemPropertyIfEmpty("jdk.tls.rejectClientInitiatedRenegotiation", "true");
        ImmutableSet configuredTlsProtocols = tLSProtocolsConfiguration.getConfiguredTlsProtocols();
        List list = (List) Stream.of((Object[]) Security.getProperty("jdk.tls.disabledAlgorithms").split(",")).map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toList());
        if (configuredTlsProtocols == null || !(configuredTlsProtocols.isEmpty() || configuredTlsProtocols.contains("TLSv1") || configuredTlsProtocols.contains("TLSv1.1"))) {
            list.addAll(ImmutableSet.of("CBC", "3DES"));
            Security.setProperty("jdk.tls.disabledAlgorithms", String.join(", ", list));
        } else {
            ImmutableSet of = configuredTlsProtocols.isEmpty() ? ImmutableSet.of("TLSv1", "TLSv1.1") : configuredTlsProtocols;
            Security.setProperty("jdk.tls.disabledAlgorithms", String.join(", ", (List) list.stream().filter(str -> {
                return !of.contains(str);
            }).collect(Collectors.toList())));
        }
        Security.addProvider(new BouncyCastleProvider());
    }

    private static void setSystemPropertyIfEmpty(String str, String str2) {
        if (System.getProperty(str) == null) {
            System.setProperty(str, str2);
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            doRun(setupLogger());
        } catch (Throwable th) {
            LOG.error("Startup error:", th);
            throw th;
        }
    }

    public void doRun(Level level) {
        MetricRegistry create = MetricRegistryFactory.create();
        this.featureFlags = getFeatureFlags(create);
        this.pluginLoader = getPluginLoader(getPluginPath(this.configFile).toFile(), this.chainingClassLoader);
        installCommandConfig();
        installPluginBootstrapConfig(this.pluginLoader);
        if (isDumpDefaultConfig()) {
            dumpDefaultConfigAndExit();
        }
        installConfigRepositories();
        beforeStart();
        beforeStart(parseAndGetTLSConfiguration(), parseAndGetPathConfiguration(this.configFile));
        processConfiguration(this.jadConfig);
        this.bootstrapConfigInjector = setupBootstrapConfigInjector();
        Set<Plugin> loadPlugins = loadPlugins();
        installPluginConfig(loadPlugins);
        processConfiguration(this.jadConfig);
        if (isDumpConfig()) {
            dumpCurrentConfigAndExit();
        }
        if (!validateConfiguration()) {
            LOG.error("Validating configuration file failed - exiting.");
            System.exit(1);
        }
        LOG.info("Running with JVM arguments: {}", Joiner.on(' ').join(ManagementFactory.getRuntimeMXBean().getInputArguments()));
        beforeInjectorCreation(loadPlugins);
        this.injector = setupInjector(new IsDevelopmentBindings(), new NamedConfigParametersModule(this.jadConfig.getConfigurationBeans()), new PluginBindings(loadPlugins), binder -> {
            binder.bind(MetricRegistry.class).toInstance(create);
        });
        if (this.injector == null) {
            LOG.error("Injector could not be created, exiting! (Please include the previous error messages in bug reports.)");
            System.exit(1);
        }
        addInstrumentedAppender(create);
        JmxReporter.forRegistry(create).build().start();
        startCommand();
    }

    protected PluginLoader getPluginLoader(File file, ChainingClassLoader chainingClassLoader) {
        return new PluginLoader(file, chainingClassLoader);
    }

    private void installPluginBootstrapConfig(PluginLoader pluginLoader) {
        Set<PluginBootstrapConfig> loadPluginBootstrapConfigs = pluginLoader.loadPluginBootstrapConfigs();
        JadConfig jadConfig = this.jadConfig;
        Objects.requireNonNull(jadConfig);
        loadPluginBootstrapConfigs.forEach((v1) -> {
            r1.addConfigurationBean(v1);
        });
    }

    private TLSProtocolsConfiguration parseAndGetTLSConfiguration() {
        JadConfig jadConfig = new JadConfig();
        jadConfig.setRepositories(getConfigRepositories(this.configFile));
        TLSProtocolsConfiguration tLSProtocolsConfiguration = new TLSProtocolsConfiguration();
        jadConfig.addConfigurationBean(tLSProtocolsConfiguration);
        processConfiguration(jadConfig);
        return tLSProtocolsConfiguration;
    }

    private PathConfiguration parseAndGetPathConfiguration(String str) {
        PathConfiguration pathConfiguration = new PathConfiguration();
        processConfiguration(new JadConfig(getConfigRepositories(str), new Object[]{pathConfiguration}));
        return pathConfiguration;
    }

    private void installCommandConfig() {
        List<Object> commandConfigurationBeans = getCommandConfigurationBeans();
        JadConfig jadConfig = this.jadConfig;
        Objects.requireNonNull(jadConfig);
        commandConfigurationBeans.forEach(jadConfig::addConfigurationBean);
    }

    private void installPluginConfig(Set<Plugin> set) {
        Stream flatMap = set.stream().flatMap(plugin -> {
            return plugin.modules().stream();
        }).flatMap(pluginModule -> {
            return pluginModule.getConfigBeans().stream();
        });
        JadConfig jadConfig = this.jadConfig;
        Objects.requireNonNull(jadConfig);
        flatMap.forEach((v1) -> {
            r1.addConfigurationBean(v1);
        });
    }

    protected abstract void startCommand();

    protected Level setupLogger() {
        Level level;
        if (isDebug()) {
            LOG.info("Running in Debug mode");
            level = Level.DEBUG;
            InternalLoggerFactory.setDefaultFactory(Slf4JLoggerFactory.INSTANCE);
        } else {
            level = onlyLogErrors() ? Level.ERROR : Level.INFO;
        }
        initializeLogging(level);
        return level;
    }

    private void initializeLogging(Level level) {
        LoggerContext context = LogManager.getContext(false);
        org.apache.logging.log4j.core.config.Configuration configuration = context.getConfiguration();
        configuration.getLoggerConfig("").setLevel(level);
        configuration.getLoggerConfig(Main.class.getPackage().getName()).setLevel(level);
        context.updateLoggers(configuration);
    }

    private void addInstrumentedAppender(MetricRegistry metricRegistry) {
        InstrumentedAppender instrumentedAppender = new InstrumentedAppender(metricRegistry, (Filter) null, (Layout) null, false);
        instrumentedAppender.start();
        LoggerContext context = LogManager.getContext(false);
        org.apache.logging.log4j.core.config.Configuration configuration = context.getConfiguration();
        configuration.getLoggerConfig("").addAppender(instrumentedAppender, (Level) null, (Filter) null);
        context.updateLoggers(configuration);
    }

    protected boolean onlyLogErrors() {
        return false;
    }

    private void dumpCurrentConfigAndExit() {
        System.out.println(dumpConfiguration(this.jadConfig.dump()));
        System.exit(0);
    }

    private void dumpDefaultConfigAndExit() {
        this.bootstrapConfigInjector = setupBootstrapConfigInjector();
        installPluginConfig(this.pluginLoader.loadPlugins(this.bootstrapConfigInjector));
        dumpCurrentConfigAndExit();
    }

    private Path getPluginPath(String str) {
        PluginLoaderConfig pluginLoaderConfig = new PluginLoaderConfig();
        processConfiguration(new JadConfig(getConfigRepositories(str), new Object[]{pluginLoaderConfig}));
        return pluginLoaderConfig.getPluginDir();
    }

    private FeatureFlags getFeatureFlags(MetricRegistry metricRegistry) {
        return new FeatureFlagsFactory().createImmutableFeatureFlags(this.customFeatureFlagFile, metricRegistry);
    }

    protected Set<Plugin> loadPlugins() {
        HashSet hashSet = new HashSet();
        for (Plugin plugin : this.pluginLoader.loadPlugins(this.bootstrapConfigInjector)) {
            PluginMetaData metadata = plugin.metadata();
            if (!((Configuration) this.bootstrapConfigInjector.getInstance(Configuration.class)).isCloud() || !metadata.getUniqueId().equals("org.graylog.plugins.collector.CollectorPlugin")) {
                if (!capabilities().containsAll(metadata.getRequiredCapabilities())) {
                    LOG.debug("Skipping plugin \"{}\" because some capabilities are missing ({}).", metadata.getName(), Sets.difference(plugin.metadata().getRequiredCapabilities(), capabilities()));
                } else if (version.sameOrHigher(metadata.getRequiredVersion())) {
                    LOG.info("Loaded plugin: {}", plugin);
                    hashSet.add(plugin);
                } else {
                    LOG.error("Plugin \"" + metadata.getName() + "\" requires version " + metadata.getRequiredVersion() + " - not loading!");
                }
            }
        }
        return hashSet;
    }

    protected Collection<Repository> getConfigRepositories(String str) {
        return Arrays.asList(new EnvironmentRepository(GRAYLOG_ENVIRONMENT_VAR_PREFIX), new SystemPropertiesRepository(GRAYLOG_SYSTEM_PROP_PREFIX), new EnvironmentRepository("GRAYLOG2_"), new SystemPropertiesRepository("graylog2."), new PropertiesRepository(str));
    }

    private String dumpConfiguration(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        sb.append("# Configuration of graylog2-").append(this.commandName).append(" ").append(version).append(System.lineSeparator());
        sb.append("# Generated on ").append(Tools.nowUTC()).append(System.lineSeparator());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            sb.append(entry.getKey()).append('=').append(Strings.nullToEmpty(entry.getValue())).append(System.lineSeparator());
        }
        return sb.toString();
    }

    private void installConfigRepositories() {
        installConfigRepositories(this.jadConfig);
    }

    protected void installConfigRepositories(JadConfig jadConfig) {
        jadConfig.setRepositories(getConfigRepositories(this.configFile));
    }

    protected void processConfiguration(JadConfig jadConfig) {
        try {
            jadConfig.process();
        } catch (RepositoryException e) {
            LOG.error("Couldn't load configuration: {}", e.getMessage());
            System.exit(1);
        } catch (ParameterException | ValidationException e2) {
            LOG.error("Invalid configuration", e2);
            System.exit(1);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<Module> getSharedBindingsModules() {
        return Lists.newArrayList();
    }

    protected Injector setupInjector(Module... moduleArr) {
        try {
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.addAll(getSharedBindingsModules());
            builder.addAll(getCommandBindings(this.featureFlags));
            builder.addAll(Arrays.asList(moduleArr));
            builder.add(binder -> {
                binder.bind(ChainingClassLoader.class).toInstance(this.chainingClassLoader);
                featureFlagsBinding(binder);
                binder.bind(String.class).annotatedWith(Names.named("BootstrapCommand")).toInstance(this.commandName);
            });
            return GuiceInjectorHolder.createInjector(builder.build());
        } catch (Exception e) {
            LOG.error("Injector creation failed!", e);
            return null;
        } catch (CreationException e2) {
            annotateInjectorCreationException(e2);
            return null;
        }
    }

    protected Injector setupBootstrapConfigInjector() {
        Injector injector = null;
        try {
            injector = Guice.createInjector(Stage.PRODUCTION, ImmutableList.of(new NamedConfigParametersModule(this.jadConfig.getConfigurationBeans()), (v0) -> {
                v0.requireExplicitBindings();
            }, this::featureFlagsBinding));
        } catch (CreationException e) {
            annotateInjectorCreationException(e);
        } catch (Exception e2) {
            LOG.error("Injector creation failed!", e2);
        }
        if (injector == null) {
            LOG.error("Injector for bootstrap configuration could not be created, exiting! (Please include the previous error messages in bug reports.)");
            System.exit(1);
        }
        return injector;
    }

    private void featureFlagsBinding(Binder binder) {
        binder.bind(FeatureFlags.class).toInstance(this.featureFlags);
    }

    protected void annotateInjectorCreationException(CreationException creationException) {
        annotateInjectorExceptions(creationException.getErrorMessages());
        throw creationException;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void annotateInjectorExceptions(Collection<Message> collection) {
        for (Message message : collection) {
            Throwable rootCause = ExceptionUtils.getRootCause(message.getCause());
            if (rootCause instanceof NodeIdPersistenceException) {
                LOG.error(UI.wallString("Unable to read or persist your NodeId file. This means your node id file (" + this.configuration.getNodeIdFile() + ") is not readable or writable by the current user. The following exception might give more information: " + message, new String[0]));
                System.exit(-1);
            } else if (rootCause instanceof AccessDeniedException) {
                LOG.error(UI.wallString("Unable to access file " + rootCause.getMessage(), new String[0]));
                System.exit(-2);
            } else if (rootCause instanceof UnsupportedSearchException) {
                LOG.error(UI.wallString("Unsupported search version: " + ((UnsupportedSearchException) rootCause).getSearchMajorVersion(), DocsHelper.PAGE_ES_VERSIONS.toString()));
                System.exit(-3);
            } else if (rootCause instanceof ElasticsearchProbeException) {
                LOG.error(UI.wallString(rootCause.getMessage(), DocsHelper.PAGE_ES_CONFIGURATION.toString()));
                System.exit(-4);
            } else {
                LOG.error("Guice error (more detail on log level debug): {}", message.getMessage());
                if (rootCause != null) {
                    LOG.debug("Stacktrace:", rootCause);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<ServerStatus.Capability> capabilities() {
        return Collections.emptySet();
    }

    static {
        System.setProperty("java.util.logging.manager", "org.apache.logging.log4j.jul.LogManager");
        LOG = LoggerFactory.getLogger(CmdLineTool.class);
        version = Version.CURRENT_CLASSPATH;
        FILE_SEPARATOR = System.getProperty("file.separator");
        TMPDIR = System.getProperty("java.io.tmpdir", "/tmp");
    }
}
