package org.apache.james.modules.server;

import com.github.fge.lambdas.Throwing;
import com.google.common.collect.ImmutableMap;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.rmi.registry.LocateRegistry;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.james.filesystem.api.JamesDirectoriesProvider;
import org.apache.james.lifecycle.api.Startable;
import org.apache.james.util.FunctionalUtils;
import org.apache.james.util.RestrictingRMISocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/modules/server/JMXServer.class */
public class JMXServer implements Startable {
    private static final Logger LOGGER = LoggerFactory.getLogger(JMXServer.class);
    private final JmxConfiguration jmxConfiguration;
    private final String jmxPasswordFilePath;
    private final String jmxAccessFilePath;
    private JMXConnectorServer jmxConnectorServer;
    private RestrictingRMISocketFactory restrictingRMISocketFactory;
    private boolean isStarted = false;
    private final Set<String> registeredKeys = new HashSet();
    private final Object lock = new Object();

    @Inject
    public JMXServer(JmxConfiguration jmxConfiguration, JamesDirectoriesProvider jamesDirectoriesProvider) {
        this.jmxConfiguration = jmxConfiguration;
        this.jmxPasswordFilePath = jamesDirectoriesProvider.getConfDirectory() + "jmxremote.password";
        this.jmxAccessFilePath = jamesDirectoriesProvider.getConfDirectory() + "jmxremote.access";
    }

    public void start() {
        synchronized (this.lock) {
            if (this.jmxConfiguration.isEnabled()) {
                if (this.isStarted) {
                    return;
                }
                this.isStarted = true;
                doStart();
            }
        }
    }

    @PreDestroy
    public void stop() {
        synchronized (this.lock) {
            if (this.isStarted) {
                this.isStarted = false;
                doStop();
            }
        }
    }

    public void register(String str, Object obj) throws Exception {
        ManagementFactory.getPlatformMBeanServer().registerMBean(obj, new ObjectName(str));
        synchronized (this.lock) {
            this.registeredKeys.add(str);
        }
    }

    private void doStart() {
        try {
            String str = "service:jmx:rmi://" + this.jmxConfiguration.getHost().getHostName() + "/jndi/rmi://" + this.jmxConfiguration.getHost().getHostName() + ":" + this.jmxConfiguration.getHost().getPort() + "/jmxrmi";
            this.restrictingRMISocketFactory = new RestrictingRMISocketFactory(this.jmxConfiguration.getHost().getHostName());
            LocateRegistry.createRegistry(this.jmxConfiguration.getHost().getPort(), this.restrictingRMISocketFactory, this.restrictingRMISocketFactory);
            generateJMXPasswordFileIfNeed();
            if (!existJmxPasswordFile()) {
                LOGGER.warn("No authentication setted up for the JMX component. This expose you to local privilege escalation attacks risk.");
            }
            this.jmxConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(new JMXServiceURL(str), (Map) Optional.of(Boolean.valueOf(existJmxPasswordFile())).filter(FunctionalUtils.identityPredicate()).map(bool -> {
                return ImmutableMap.of("jmx.remote.x.password.file", this.jmxPasswordFilePath, "jmx.remote.x.access.file", this.jmxAccessFilePath);
            }).orElse(ImmutableMap.of()), ManagementFactory.getPlatformMBeanServer());
            this.jmxConnectorServer.start();
            LOGGER.info("JMX server started");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void doStop() {
        try {
            MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
            this.registeredKeys.forEach(Throwing.consumer(str -> {
                platformMBeanServer.unregisterMBean(new ObjectName(str));
            }));
            this.registeredKeys.clear();
            this.jmxConnectorServer.stop();
            this.restrictingRMISocketFactory.getSockets().forEach(Throwing.consumer((v0) -> {
                v0.close();
            }).sneakyThrow());
            LOGGER.info("JMX server stopped");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void generateJMXPasswordFileIfNeed() {
        if (!Boolean.parseBoolean(System.getProperty(JmxConfiguration.JMX_CREDENTIAL_GENERATION_ENABLE_PROPERTY_KEY, JmxConfiguration.JMX_CREDENTIAL_GENERATION_ENABLE_DEFAULT_VALUE)) || existJmxPasswordFile()) {
            return;
        }
        generateJMXPasswordFile();
    }

    private boolean existJmxPasswordFile() {
        return Files.exists(Path.of(this.jmxPasswordFilePath, new String[0]), new LinkOption[0]) && Files.exists(Path.of(this.jmxAccessFilePath, new String[0]), new LinkOption[0]);
    }

    private void generateJMXPasswordFile() {
        FileOutputStream fileOutputStream;
        try {
            File file = new File(this.jmxPasswordFilePath);
            if (!file.exists()) {
                try {
                    fileOutputStream = new FileOutputStream(file);
                    try {
                        IOUtils.write("james-admin " + RandomStringUtils.random(10, true, true) + "\n", fileOutputStream, StandardCharsets.UTF_8);
                        setPermissionOwnerOnly(file);
                        LOGGER.info("Generated JMX password file: " + file.getPath());
                        fileOutputStream.close();
                    } finally {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th) {
                            th.addSuppressed(th);
                        }
                    }
                } catch (IOException e) {
                    throw new RuntimeException("Error when creating JMX password file: " + file.getPath(), e);
                }
            }
            File file2 = new File(this.jmxAccessFilePath);
            if (!file2.exists()) {
                try {
                    fileOutputStream = new FileOutputStream(file2);
                    try {
                        IOUtils.write("james-admin readwrite\n", fileOutputStream, StandardCharsets.UTF_8);
                        setPermissionOwnerOnly(file2);
                        LOGGER.info("Generated JMX access file: " + file2.getPath());
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        throw th2;
                    }
                } catch (IOException e2) {
                    throw new RuntimeException("Error when creating JMX access file: " + file2.getPath(), e2);
                }
            }
        } catch (Exception e3) {
            LOGGER.warn("Failure to auto-generate JMX password, fallback to unsecure JMX", e3);
        }
    }

    private void setPermissionOwnerOnly(File file) throws IOException {
        Files.setPosixFilePermissions(file.toPath(), Set.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE));
    }
}
