package org.opends.server.admin;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.naming.ldap.Rdn;
import org.opends.messages.AdminMessages;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.server.ServerManagementContext;
import org.opends.server.admin.std.meta.LDAPConnectionHandlerCfgDefn;
import org.opends.server.admin.std.server.AdministrationConnectorCfg;
import org.opends.server.admin.std.server.ConnectionHandlerCfg;
import org.opends.server.admin.std.server.FileBasedKeyManagerProviderCfg;
import org.opends.server.admin.std.server.FileBasedTrustManagerProviderCfg;
import org.opends.server.admin.std.server.KeyManagerProviderCfg;
import org.opends.server.admin.std.server.LDAPConnectionHandlerCfg;
import org.opends.server.admin.std.server.TrustManagerProviderCfg;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.SynchronousStrategy;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.ldap.LDAPConnectionHandler;
import org.opends.server.types.AddressMask;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.FilePermission;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.util.CertificateManager;
import org.opends.server.util.SetupUtils;

/* loaded from: input_file:org/opends/server/admin/AdministrationConnector.class */
public final class AdministrationConnector implements ConfigurationChangeListener<AdministrationConnectorCfg> {
    public static final int DEFAULT_ADMINISTRATION_CONNECTOR_PORT = 4444;
    public static final int ADMIN_CERT_VALIDITY = 730;
    private static final String FRIENDLY_NAME = "Administration Connector";
    private LDAPConnectionHandler adminConnectionHandler;
    private AdministrationConnectorCfg config;
    private static final String ADMIN_CLASS_NAME = "org.opends.server.protocols.ldap.LDAPConnectionHandler";
    private static final boolean ADMIN_ALLOW_LDAP_V2 = false;
    private static final boolean ADMIN_ALLOW_START_TLS = false;
    private static final boolean ADMIN_ENABLED = true;
    private static final boolean ADMIN_KEEP_STATS = true;
    private static final boolean ADMIN_USE_SSL = true;
    private static final int ADMIN_ACCEPT_BACKLOG = 128;
    private static final boolean ADMIN_ALLOW_TCP_REUSE_ADDRESS = true;
    private static final long ADMIN_MAX_BLOCKED_WRITE_TIME_LIMIT = 120000;
    private static final int ADMIN_MAX_REQUEST_SIZE = 5000000;
    private static final int ADMIN_WRITE_BUFFER_SIZE = 4096;
    private static final int ADMIN_NUM_REQUEST_HANDLERS = 1;
    private static final boolean ADMIN_SEND_REJECTION_NOTICE = true;
    private static final boolean ADMIN_USE_TCP_KEEP_ALIVE = true;
    private static final boolean ADMIN_USE_TCP_NO_DELAY = true;
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private static final SortedSet<AddressMask> ADMIN_ALLOWED_CLIENT = new TreeSet();
    private static final SortedSet<AddressMask> ADMIN_DENIED_CLIENT = new TreeSet();
    private static final LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy ADMIN_SSL_CLIENT_AUTH_POLICY = LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy.DISABLED;
    private static final SortedSet<String> ADMIN_SSL_CIPHER_SUITE = new TreeSet();
    private static final SortedSet<String> ADMIN_SSL_PROTOCOL = new TreeSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/admin/AdministrationConnector$FakeLDAPConnectionHandlerCfg.class */
    public static class FakeLDAPConnectionHandlerCfg implements LDAPConnectionHandlerCfg {
        private final AdministrationConnectorCfg config;

        public FakeLDAPConnectionHandlerCfg(AdministrationConnectorCfg administrationConnectorCfg) {
            this.config = administrationConnectorCfg;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg, org.opends.server.admin.std.server.ConnectionHandlerCfg, org.opends.server.admin.Configuration
        public Class<? extends LDAPConnectionHandlerCfg> configurationClass() {
            return LDAPConnectionHandlerCfg.class;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public void addLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> configurationChangeListener) {
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public void removeLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> configurationChangeListener) {
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public int getAcceptBacklog() {
            return 128;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isAllowLDAPV2() {
            return false;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isAllowStartTLS() {
            return false;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isAllowTCPReuseAddress() {
            return true;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg, org.opends.server.admin.std.server.ConnectionHandlerCfg
        public String getJavaClass() {
            return AdministrationConnector.ADMIN_CLASS_NAME;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isKeepStats() {
            return true;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public String getKeyManagerProvider() {
            return this.config.getKeyManagerProvider();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public DN getKeyManagerProviderDN() {
            return this.config.getKeyManagerProviderDN();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public SortedSet<InetAddress> getListenAddress() {
            return this.config.getListenAddress();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public int getListenPort() {
            return this.config.getListenPort();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public long getMaxBlockedWriteTimeLimit() {
            return AdministrationConnector.ADMIN_MAX_BLOCKED_WRITE_TIME_LIMIT;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public long getMaxRequestSize() {
            return 5000000L;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public long getBufferSize() {
            return 4096L;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public int getNumRequestHandlers() {
            return 1;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isSendRejectionNotice() {
            return true;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public String getSSLCertNickname() {
            return this.config.getSSLCertNickname();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public SortedSet<String> getSSLCipherSuite() {
            return AdministrationConnector.ADMIN_SSL_CIPHER_SUITE;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy getSSLClientAuthPolicy() {
            return AdministrationConnector.ADMIN_SSL_CLIENT_AUTH_POLICY;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public SortedSet<String> getSSLProtocol() {
            return AdministrationConnector.ADMIN_SSL_PROTOCOL;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public String getTrustManagerProvider() {
            return this.config.getTrustManagerProvider();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public DN getTrustManagerProviderDN() {
            return this.config.getTrustManagerProviderDN();
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isUseSSL() {
            return true;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isUseTCPKeepAlive() {
            return true;
        }

        @Override // org.opends.server.admin.std.server.LDAPConnectionHandlerCfg
        public boolean isUseTCPNoDelay() {
            return true;
        }

        @Override // org.opends.server.admin.std.server.ConnectionHandlerCfg
        public void addChangeListener(ConfigurationChangeListener<ConnectionHandlerCfg> configurationChangeListener) {
        }

        @Override // org.opends.server.admin.std.server.ConnectionHandlerCfg
        public void removeChangeListener(ConfigurationChangeListener<ConnectionHandlerCfg> configurationChangeListener) {
        }

        @Override // org.opends.server.admin.std.server.ConnectionHandlerCfg
        public SortedSet<AddressMask> getAllowedClient() {
            return AdministrationConnector.ADMIN_ALLOWED_CLIENT;
        }

        @Override // org.opends.server.admin.std.server.ConnectionHandlerCfg
        public SortedSet<AddressMask> getDeniedClient() {
            return AdministrationConnector.ADMIN_DENIED_CLIENT;
        }

        @Override // org.opends.server.admin.std.server.ConnectionHandlerCfg
        public boolean isEnabled() {
            return true;
        }

        @Override // org.opends.server.admin.Configuration
        public DN dn() {
            return this.config.dn();
        }
    }

    public void initializeAdministrationConnector(AdministrationConnectorCfg administrationConnectorCfg) throws ConfigException, InitializationException {
        this.config = administrationConnectorCfg;
        FakeLDAPConnectionHandlerCfg fakeLDAPConnectionHandlerCfg = new FakeLDAPConnectionHandlerCfg(this.config);
        createSelfSignedCertifIfNeeded();
        this.adminConnectionHandler = new LDAPConnectionHandler(new SynchronousStrategy(), FRIENDLY_NAME);
        this.adminConnectionHandler.initializeConnectionHandler((LDAPConnectionHandlerCfg) fakeLDAPConnectionHandlerCfg);
        this.adminConnectionHandler.setAdminConnectionHandler();
        this.config.addChangeListener(this);
    }

    public LDAPConnectionHandler getConnectionHandler() {
        return this.adminConnectionHandler;
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(AdministrationConnectorCfg administrationConnectorCfg, List<Message> list) {
        return this.adminConnectionHandler.isConfigurationAcceptable(new FakeLDAPConnectionHandlerCfg(administrationConnectorCfg), list);
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(AdministrationConnectorCfg administrationConnectorCfg) {
        return new ConfigChangeResult(ResultCode.SUCCESS, true, new ArrayList());
    }

    private void createSelfSignedCertifIfNeeded() throws InitializationException {
        String str;
        try {
            String sSLCertNickname = this.config.getSSLCertNickname();
            KeyManagerProviderCfg adminConnectorKeyManagerConfig = getAdminConnectorKeyManagerConfig(this.config.getKeyManagerProvider());
            TrustManagerProviderCfg adminConnectorTrustManagerConfig = getAdminConnectorTrustManagerConfig(this.config.getTrustManagerProvider());
            if ((adminConnectorKeyManagerConfig instanceof FileBasedKeyManagerProviderCfg) && (adminConnectorTrustManagerConfig instanceof FileBasedTrustManagerProviderCfg)) {
                FileBasedKeyManagerProviderCfg fileBasedKeyManagerProviderCfg = (FileBasedKeyManagerProviderCfg) adminConnectorKeyManagerConfig;
                String fullPath = getFullPath(fileBasedKeyManagerProviderCfg.getKeyStoreFile());
                String fullPath2 = getFullPath(((FileBasedTrustManagerProviderCfg) adminConnectorTrustManagerConfig).getTrustStoreFile());
                String fullPath3 = getFullPath(fileBasedKeyManagerProviderCfg.getKeyStorePinFile());
                boolean z = false;
                boolean z2 = false;
                boolean z3 = false;
                int i = 0;
                if (new File(fullPath).exists()) {
                    z = true;
                    i = 0 + 1;
                }
                if (new File(fullPath2).exists()) {
                    z2 = true;
                    i++;
                }
                if (new File(fullPath3).exists()) {
                    z3 = true;
                    i++;
                }
                if (i == 3) {
                    return;
                }
                if (i != 0) {
                    str = "";
                    str = z ? "" : str + fullPath + " ";
                    if (!z2) {
                        str = str + fullPath2 + " ";
                    }
                    if (!z3) {
                        str = str + fullPath3 + " ";
                    }
                    Message message = AdminMessages.ERR_ADMIN_CERTIFICATE_GENERATION_MISSING_FILES.get(str);
                    ErrorLogger.logError(message);
                    throw new InitializationException(message);
                }
                String str2 = new String(SetupUtils.createSelfSignedCertificatePwd());
                CertificateManager certificateManager = new CertificateManager(getFullPath(fileBasedKeyManagerProviderCfg.getKeyStoreFile()), fileBasedKeyManagerProviderCfg.getKeyStoreType(), str2);
                certificateManager.generateSelfSignedCertificate(sSLCertNickname, "cn=" + Rdn.escapeValue(SetupUtils.getHostNameForCertificate(DirectoryServer.getServerRoot())) + ",O=" + FRIENDLY_NAME + " Self-Signed Certificate", ADMIN_CERT_VALIDITY);
                String fullPath4 = getFullPath("config" + File.separator + "admin-cert.txt");
                SetupUtils.exportCertificate(certificateManager, sSLCertNickname, fullPath4);
                new CertificateManager(fullPath2, CertificateManager.KEY_STORE_TYPE_JKS, str2).addCertificate(sSLCertNickname, new File(fullPath4));
                if (!new File(fullPath3).exists()) {
                    FileWriter fileWriter = new FileWriter(fullPath3);
                    PrintWriter printWriter = new PrintWriter(fileWriter);
                    printWriter.println(str2);
                    printWriter.flush();
                    printWriter.close();
                    fileWriter.close();
                }
                if (FilePermission.canSetPermissions()) {
                    try {
                        if (!FilePermission.setPermissions(new File(fullPath3), new FilePermission(384))) {
                            ErrorLogger.logError(AdminMessages.WARN_ADMIN_SET_PERMISSIONS_FAILED.get(fullPath3));
                        }
                    } catch (DirectoryException e) {
                        ErrorLogger.logError(AdminMessages.WARN_ADMIN_SET_PERMISSIONS_FAILED.get(fullPath3));
                    }
                }
                new File(fullPath4).delete();
            }
        } catch (IOException e2) {
            handleCertifExceptions(e2);
        } catch (KeyStoreException e3) {
            handleCertifExceptions(e3);
        } catch (CertificateEncodingException e4) {
            handleCertifExceptions(e4);
        } catch (ConfigException e5) {
            handleCertifExceptions(e5);
        }
    }

    private void handleCertifExceptions(Exception exc) throws InitializationException {
        if (DebugLogger.debugEnabled()) {
            TRACER.debugCaught(DebugLogLevel.ERROR, exc);
        }
        Message message = AdminMessages.ERR_ADMIN_CERTIFICATE_GENERATION.get(exc.getMessage());
        ErrorLogger.logError(message);
        throw new InitializationException(message);
    }

    private KeyManagerProviderCfg getAdminConnectorKeyManagerConfig(String str) throws ConfigException {
        return ServerManagementContext.getInstance().getRootConfiguration().getKeyManagerProvider(str);
    }

    private TrustManagerProviderCfg getAdminConnectorTrustManagerConfig(String str) throws ConfigException {
        return ServerManagementContext.getInstance().getRootConfiguration().getTrustManagerProvider(str);
    }

    private static String getFullPath(String str) {
        if (!new File(str).isAbsolute()) {
            str = DirectoryServer.getInstanceRoot() + File.separator + str;
        }
        return str;
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(AdministrationConnectorCfg administrationConnectorCfg, List list) {
        return isConfigurationChangeAcceptable2(administrationConnectorCfg, (List<Message>) list);
    }
}
