package com.ibm.ws.collective.member;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.collective.member.internal.TraceConstants;
import com.ibm.ws.collective.member.internal.ssh.SSHKeyGeneratorImpl;
import com.ibm.ws.collective.member.internal.ssh.SSHKeyUtility;
import com.ibm.ws.collective.member.internal.ssh.SSHKeyUtilityImpl;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.kernel.service.utils.FrameworkState;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import javax.management.AttributeNotFoundException;
import javax.management.Notification;
import javax.management.NotificationListener;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.event.Event;
import org.osgi.service.event.EventAdmin;
import org.osgi.service.event.EventHandler;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/collective/member/ServerManagementPublisher.class */
public abstract class ServerManagementPublisher implements EventHandler, NotificationListener {
    protected static final TraceComponent tc = Tr.register(ServerManagementPublisher.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    public static final String REGISTRATION_MBEAN = "WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration";
    public static final String KEY_EVENT_ADMIN_REF = "eventAdmin";
    public static final String KEY_LOCATION_ADMIN_REF = "locationAdmin";
    public static final String KEY_HOST_AUTH_CONFIG_REF = "hostAuthConfig";
    public static final String KEY_MEMBER_JMX_ENDPOINT_REF = "memberJMXEndpoint";
    protected final AtomicServiceReference<EventAdmin> eventAdminRef;
    protected final AtomicServiceReference<WsLocationAdmin> locationAdminRef;
    protected final AtomicServiceReference<HostAuthConfig> hostAuthConfigRef;
    protected final AtomicServiceReference<MemberJMXEndpoint> memberJMXEndpointRef;
    public static final String PATH_HOST_AUTH_INFO = "sys.host.auth.info";
    public static final String PATH_JMX_AUTH_INFO = "sys.jmx.auth.info";
    private boolean publishedHostAuthInfo;
    private boolean publishedJMXAuthInfo;
    protected ExecutorService executorService;
    protected ServiceRegistration<EventHandler> jmxEndpointChangeListnerReg;
    protected SSHKeyUtility sshKeyUtil;
    static final long serialVersionUID = 8376640043517294405L;

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    @TraceOptions
    /* loaded from: input_file:com/ibm/ws/collective/member/ServerManagementPublisher$JMXEndpointUpdatedEventHandler.class */
    public final class JMXEndpointUpdatedEventHandler implements EventHandler {
        static final long serialVersionUID = 5200377927526877262L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.collective.member.ServerManagementPublisher$JMXEndpointUpdatedEventHandler", JMXEndpointUpdatedEventHandler.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

        public JMXEndpointUpdatedEventHandler() {
        }

        public void handleEvent(Event event) {
            if (event == null) {
                if (ServerManagementPublisher.tc.isDebugEnabled()) {
                    Tr.debug(ServerManagementPublisher.tc, "JMXEndpointUpdatedEventHandler received a null event, ignoring...", new Object[0]);
                }
            } else if (!MemberJMXEndpoint.MEMBER_JMX_ENDPOINT_CHANGED_TOPIC.equals(event.getTopic())) {
                if (ServerManagementPublisher.tc.isDebugEnabled()) {
                    Tr.debug(ServerManagementPublisher.tc, "JMXEndpointUpdatedEventHandler received an unexpected topic, ignoring...", new Object[0]);
                }
            } else if (ServerManagementPublisher.this.executorService == null) {
                if (ServerManagementPublisher.tc.isEventEnabled()) {
                    Tr.event(ServerManagementPublisher.tc, "The executorService is null, we've been deactivated so nothing to do...", new Object[0]);
                }
            } else {
                ServerManagementPublisher.this.executorService.submit(new PublishAuthInfo());
                if (ServerManagementPublisher.tc.isEventEnabled()) {
                    Tr.event(ServerManagementPublisher.tc, "The JMX endpoint has changed. The management configuration has been scheduled for publishing", new Object[0]);
                }
            }
        }
    }

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    @TraceOptions
    /* loaded from: input_file:com/ibm/ws/collective/member/ServerManagementPublisher$PublishAuthInfo.class */
    public final class PublishAuthInfo implements Callable<Object> {
        static final long serialVersionUID = 2838524416489989174L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.collective.member.ServerManagementPublisher$PublishAuthInfo", PublishAuthInfo.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

        public PublishAuthInfo() {
        }

        @Override // java.util.concurrent.Callable
        public Object call() throws Exception {
            ServerManagementPublisher.this.publishAuthInfo();
            return null;
        }
    }

    protected abstract String getCollectivePublicKey() throws AttributeNotFoundException, Exception;

    public ServerManagementPublisher() {
        this.eventAdminRef = new AtomicServiceReference<>("eventAdmin");
        this.locationAdminRef = new AtomicServiceReference<>(KEY_LOCATION_ADMIN_REF);
        this.hostAuthConfigRef = new AtomicServiceReference<>(KEY_HOST_AUTH_CONFIG_REF);
        this.memberJMXEndpointRef = new AtomicServiceReference<>(KEY_MEMBER_JMX_ENDPOINT_REF);
        this.publishedHostAuthInfo = false;
        this.publishedJMXAuthInfo = false;
        this.executorService = null;
        this.jmxEndpointChangeListnerReg = null;
        this.sshKeyUtil = new SSHKeyUtilityImpl();
    }

    public ServerManagementPublisher(SSHKeyUtility sSHKeyUtility) {
        this.eventAdminRef = new AtomicServiceReference<>("eventAdmin");
        this.locationAdminRef = new AtomicServiceReference<>(KEY_LOCATION_ADMIN_REF);
        this.hostAuthConfigRef = new AtomicServiceReference<>(KEY_HOST_AUTH_CONFIG_REF);
        this.memberJMXEndpointRef = new AtomicServiceReference<>(KEY_MEMBER_JMX_ENDPOINT_REF);
        this.publishedHostAuthInfo = false;
        this.publishedJMXAuthInfo = false;
        this.executorService = null;
        this.jmxEndpointChangeListnerReg = null;
        this.sshKeyUtil = sSHKeyUtility;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServiceRegistration<EventHandler> registerJMXEndpointChangeListener(ComponentContext componentContext) {
        Hashtable hashtable = new Hashtable();
        hashtable.put("event.topics", MemberJMXEndpoint.MEMBER_JMX_ENDPOINT_CHANGED_TOPIC);
        return componentContext.getBundleContext().registerService(EventHandler.class, new JMXEndpointUpdatedEventHandler(), hashtable);
    }

    @Trivial
    private void putIfDefined(Map<String, Object> map, Map<String, Object> map2, String str) {
        if (map.containsKey(str)) {
            map2.put(str, map.get(str));
        }
    }

    @Sensitive
    private Map<String, Object> buildHostAuthInfo(@Sensitive Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        hashMap.put(HostAuthConfig.KEY_OS_NAME, map.get(HostAuthConfig.KEY_OS_NAME));
        hashMap.put(HostAuthConfig.CFG_KEY_HOST_NAME, map.get(HostAuthConfig.CFG_KEY_HOST_NAME));
        hashMap.put(HostAuthConfig.CFG_KEY_PORT, map.get(HostAuthConfig.CFG_KEY_PORT));
        hashMap.put(HostAuthConfig.CFG_KEY_USER_ID, map.get(HostAuthConfig.CFG_KEY_USER_ID));
        putIfDefined(map, hashMap, HostAuthConfig.CFG_KEY_USER_PASSWORD);
        putIfDefined(map, hashMap, "sshPrivateKey");
        putIfDefined(map, hashMap, HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PASSWORD);
        putIfDefined(map, hashMap, HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY);
        putIfDefined(map, hashMap, HostAuthConfig.CFG_KEY_USE_SUDO);
        putIfDefined(map, hashMap, HostAuthConfig.CFG_KEY_SUDO_USER);
        putIfDefined(map, hashMap, HostAuthConfig.CFG_KEY_SUDO_USER_PASSWORD);
        return hashMap;
    }

    private void publishHostAuthInfo(EventAdmin eventAdmin, @Sensitive Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        if (map.isEmpty()) {
            hashMap.put("operation", "DELETE");
        } else {
            Map<String, Object> buildHostAuthInfo = buildHostAuthInfo(map);
            hashMap.put("operation", "UPDATE");
            hashMap.put("dataValue", buildHostAuthInfo);
        }
        hashMap.put("sendStatusEvent", "true");
        hashMap.put("dataName", PATH_HOST_AUTH_INFO);
        eventAdmin.postEvent(new Event("com/ibm/wsspi/collective/repository/publish/data", hashMap));
    }

    private Map<String, Object> buildJMXAuthInfo(MemberJMXEndpoint memberJMXEndpoint) {
        String hostName = memberJMXEndpoint.getHostName();
        String hTTPSPort = memberJMXEndpoint.getHTTPSPort();
        if (tc.isDebugEnabled()) {
            Tr.debug(this, tc, " Retrieved jmx endpoint info: hostName = " + hostName + ", httpsPort = " + hTTPSPort, new Object[0]);
        }
        HashMap hashMap = null;
        if (hostName == null || hTTPSPort == null) {
            Tr.warning(tc, "SERVER_MANAGEMENT_INCOMPLETE_ENDPOINT_DATA", new Object[0]);
        } else {
            hashMap = new HashMap();
            hashMap.put(MemberJMXEndpoint.JMX_HOST, hostName);
            hashMap.put(MemberJMXEndpoint.JMX_PORT, hTTPSPort);
        }
        return hashMap;
    }

    private void publishJMXAuthInfo(EventAdmin eventAdmin, MemberJMXEndpoint memberJMXEndpoint) {
        Map<String, Object> buildJMXAuthInfo = buildJMXAuthInfo(memberJMXEndpoint);
        if (buildJMXAuthInfo == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "We could not build the JMX auth info, nothing to publish. A warning will have been printed earlier to describe what went wrong.", new Object[0]);
            }
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put("operation", "UPDATE");
            hashMap.put("sendStatusEvent", "true");
            hashMap.put("dataName", PATH_JMX_AUTH_INFO);
            hashMap.put("dataValue", buildJMXAuthInfo);
            eventAdmin.postEvent(new Event("com/ibm/wsspi/collective/repository/publish/data", hashMap));
        }
    }

    private void validateMapInput(@Sensitive Map<String, Object> map) {
        if (map.containsKey(HostAuthConfig.CFG_KEY_USER_PASSWORD) && map.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            throw new IllegalStateException("This should never happen. We have a HostAuthConfig with both a user password and an SSH private key. This is not valid input for " + getClass().getCanonicalName());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void publishAuthInfo() throws Exception {
        this.publishedHostAuthInfo = false;
        this.publishedJMXAuthInfo = false;
        HashMap hashMap = new HashMap(getHostAuthConfigService().getHostAuthConfig());
        validateMapInput(hashMap);
        if (hashMap.containsKey(HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY) && ((Boolean) hashMap.get(HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY)).booleanValue()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Property useCollectiveSSHKey is enabled. Attempting to retrieve the collective-wide public SSH key.", new Object[0]);
            }
            try {
                String collectivePublicKey = getCollectivePublicKey();
                if (collectivePublicKey != null) {
                    String trim = collectivePublicKey.trim();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Successfully retrieved the collective-wide public SSH key from controller.", new Object[0]);
                    }
                    this.sshKeyUtil.updateAuthorizedKeys((String) hashMap.get(HostAuthConfig.CFG_KEY_USER_HOME), trim);
                    hashMap.remove(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH);
                    hashMap.remove(HostAuthConfig.CFG_KEY_SSH_PUBLIC_KEY_PATH);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The collective controller is not configured to use collective-wide SSH.", new Object[0]);
                    }
                    if (!hashMap.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
                        Tr.error(tc, "SERVER_MANAGEMENT_CONTROLLER_PUB_SSH_KEY_NOT_CONFIGURED", new Object[0]);
                        throw new Exception("The collective controller is not configured to use colelctive-wide SSH");
                    }
                    hashMap.put(HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY, false);
                }
            } catch (AttributeNotFoundException e) {
                FFDCFilter.processException(e, "com.ibm.ws.collective.member.ServerManagementPublisher", "317", this, new Object[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The collective controller does not support collective-wide SSH", new Object[0]);
                }
                if (!hashMap.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
                    Tr.error(tc, "SERVER_MANAGEMENT_CONTROLLER_PUB_SSH_KEY_NOT_SUPPORTED", new Object[0]);
                    throw new Exception("The collective controller does not support collective-wide SSH");
                }
                hashMap.put(HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY, false);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.collective.member.ServerManagementPublisher", "328", this, new Object[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "There was an error retrieving the collective-wide public SSH key from the collective controller: " + e2.getMessage(), new Object[0]);
                }
                if (!hashMap.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
                    Tr.error(tc, "SERVER_MANAGEMENT_CONTROLLER_PUB_SSH_KEY_ERROR", new Object[0]);
                    throw e2;
                }
                hashMap.put(HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY, false);
            }
        }
        if (hashMap.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            try {
                hashMap.put("sshPrivateKey", this.sshKeyUtil.useSSHKeyPair("Generated SSH key for Liberty server " + getEventAdminService().getServerName() + " for Liberty management.", (String) hashMap.get(HostAuthConfig.CFG_KEY_USER_HOME), (String) hashMap.get(HostAuthConfig.CFG_KEY_SSH_PUBLIC_KEY_PATH), (String) hashMap.get(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)));
            } catch (IOException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.collective.member.ServerManagementPublisher", "358", this, new Object[0]);
                Tr.error(tc, "SSH_KEYGEN_IOEXCEPTION", new Object[]{e3.getLocalizedMessage()});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to compute SSH keys. Caught IOException: " + e3.getMessage(), new Object[]{e3});
                }
            } catch (NoSuchAlgorithmException e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.collective.member.ServerManagementPublisher", "353", this, new Object[0]);
                Tr.error(tc, "SSH_KEYGEN_NOSUCHALGORITHMEXCEPTION", new Object[]{SSHKeyGeneratorImpl.ALGORITHM_RSA});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to compute SSH keys. Caught NoSuchAlgorithmException: " + e4.getMessage(), new Object[]{e4});
                }
            }
        }
        writeEffectiveConfigInfoMessage(hashMap);
        EventAdmin eventAdmin = (EventAdmin) this.eventAdminRef.getService();
        publishHostAuthInfo(eventAdmin, hashMap);
        publishJMXAuthInfo(eventAdmin, (MemberJMXEndpoint) this.memberJMXEndpointRef.getService());
    }

    @Trivial
    private void writeEffectiveConfigInfoMessage(@Sensitive Map<String, Object> map) {
        if (map.isEmpty()) {
            Tr.info(tc, "HOST_AUTH_CONFIG_STATE_HOST_CREDENTIALS", new Object[0]);
            return;
        }
        if (((Boolean) map.get(HostAuthConfig.CFG_KEY_USE_COLLECTIVE_SSH_KEY)).booleanValue()) {
            Tr.info(tc, "HOST_AUTH_CONFIG_STATE_COLLECTIVE_SSH", new Object[0]);
            return;
        }
        String str = (String) map.get(HostAuthConfig.CFG_KEY_HOST_NAME);
        String num = ((Integer) map.get(HostAuthConfig.CFG_KEY_PORT)).toString();
        String str2 = (String) map.get(HostAuthConfig.CFG_KEY_USER_ID);
        Object obj = null;
        if (map.containsKey(HostAuthConfig.CFG_KEY_USER_PASSWORD)) {
            obj = "password";
        } else if (map.containsKey(HostAuthConfig.CFG_KEY_SSH_PRIVATE_KEY_PATH)) {
            obj = "ssh-key";
        }
        Tr.info(tc, "HOST_AUTH_CONFIG_STATE", new Object[]{str, num, str2, obj});
    }

    private void handleOurStatusEvent(@Sensitive Event event, String str) {
        if (event.containsProperty("errorMessage")) {
            if (FrameworkState.isStopping()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error during publishing while shutting down server " + str, new Object[]{event.getProperty("errorMessage")});
                    return;
                }
                return;
            } else {
                if (tc.isEventEnabled()) {
                    Tr.event(tc, "Error during publishing " + str, new Object[]{event.getProperty("errorMessage")});
                }
                Tr.error(tc, "PUBLISHED_SERVER_MANAGEMENT_INFO_ERROR", new Object[]{event.getProperty("errorMessage")});
                return;
            }
        }
        if (PATH_HOST_AUTH_INFO.equals(str)) {
            this.publishedHostAuthInfo = true;
        }
        if (PATH_JMX_AUTH_INFO.equals(str)) {
            this.publishedJMXAuthInfo = true;
        }
        if (this.publishedHostAuthInfo && this.publishedJMXAuthInfo) {
            Tr.info(tc, "PUBLISHED_SERVER_MANAGEMENT_INFO", new Object[0]);
        }
    }

    public void handleEvent(@Sensitive Event event) {
        if (event == null) {
            return;
        }
        Object property = event.getProperty("dataName");
        if (property instanceof String) {
            String str = (String) property;
            if (PATH_HOST_AUTH_INFO.equals(str) || PATH_JMX_AUTH_INFO.equals(str)) {
                handleOurStatusEvent(event, str);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Received unexpected event.", new Object[]{event});
            }
        }
    }

    @Trivial
    private HostAuthConfig getHostAuthConfigService() {
        HostAuthConfig hostAuthConfig = (HostAuthConfig) this.hostAuthConfigRef.getService();
        if (hostAuthConfig == null) {
            if (!FrameworkState.isStopping()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HostAuthConfigService is null and Framework is not in the process of stopping or already stopped", new Object[0]);
                }
                IllegalStateException illegalStateException = new IllegalStateException("The HostAuthConfig service is not available - it was likely accessed after it was deactivated.");
                illegalStateException.fillInStackTrace();
                throw illegalStateException;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Ignore that HostAuthConfigService is null because Framework is in the process of stopping or already stopped", new Object[0]);
            }
        }
        return hostAuthConfig;
    }

    @Trivial
    private WsLocationAdmin getEventAdminService() {
        WsLocationAdmin wsLocationAdmin = (WsLocationAdmin) this.locationAdminRef.getService();
        if (wsLocationAdmin == null) {
            if (!FrameworkState.isStopping()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "EventAdminService is null and Framework is not in the process of stopping or already stopped", new Object[0]);
                }
                IllegalStateException illegalStateException = new IllegalStateException("The EventAdmin service is not available - it was likely accessed after it was deactivated.");
                illegalStateException.fillInStackTrace();
                throw illegalStateException;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Ignore that EventAdminService is null because Framework is in the process of stopping or already stopped", new Object[0]);
            }
        }
        return wsLocationAdmin;
    }

    public void handleNotification(Notification notification, Object obj) {
    }
}
