package brooklyn.entity.java;

import brooklyn.config.ConfigKey;
import brooklyn.entity.basic.AbstractEntity;
import brooklyn.util.MutableMap;
import brooklyn.util.ResourceUtils;
import brooklyn.util.crypto.FluentKeySigner;
import brooklyn.util.crypto.SecureKeys;
import brooklyn.util.exceptions.Exceptions;
import brooklyn.util.jmx.jmxmp.JmxmpAgent;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;

/* loaded from: input_file:brooklyn/entity/java/JmxmpSslSupport.class */
public class JmxmpSslSupport {
    static final String BROOKLYN_VERSION = "0.5.0-SNAPSHOT";
    protected final JavaSoftwareProcessSshDriver driver;
    private KeyStore agentTrustStore;
    private KeyStore agentKeyStore;

    public JmxmpSslSupport(JavaSoftwareProcessSshDriver javaSoftwareProcessSshDriver) {
        this.driver = javaSoftwareProcessSshDriver;
    }

    public String getJmxSslKeyStoreFilePath() {
        return String.valueOf(this.driver.getRunDir()) + "/jmx-keystore";
    }

    public String getJmxSslTrustStoreFilePath() {
        return String.valueOf(this.driver.getRunDir()) + "/jmx-truststore";
    }

    public String getJmxmpAgentJarBasename() {
        return "brooklyn-jmxmp-agent-shaded-0.5.0-SNAPSHOT.jar";
    }

    public String getJmxmpAgentJarUrl() {
        return "classpath://" + getJmxmpAgentJarBasename();
    }

    public String getJmxmpAgentJarDestinationFilePath() {
        return String.valueOf(this.driver.getRunDir()) + "/" + getJmxmpAgentJarBasename();
    }

    public void applyAgentJmxJavaSystemProperties(MutableMap.Builder<String, Object> builder) {
        builder.put(JmxmpAgent.JMXMP_PORT_PROPERTY, this.driver.getJmxPort()).put(JmxmpAgent.USE_SSL_PROPERTY, true).put(JmxmpAgent.AUTHENTICATE_CLIENTS_PROPERTY, true).put("com.sun.management.jmxremote.authenticate", false);
        builder.put(JmxmpAgent.JMXMP_KEYSTORE_FILE_PROPERTY, getJmxSslKeyStoreFilePath()).put(JmxmpAgent.JMXMP_TRUSTSTORE_FILE_PROPERTY, getJmxSslTrustStoreFilePath());
    }

    public void applyAgentJmxJavaConfigOptions(List<String> list) {
        list.add("-javaagent:" + getJmxmpAgentJarDestinationFilePath());
    }

    public FluentKeySigner getBrooklynRootSigner() {
        return new FluentKeySigner("brooklyn-root");
    }

    public void install() {
        try {
            FluentKeySigner brooklynRootSigner = getBrooklynRootSigner();
            KeyPair newKeyPair = SecureKeys.newKeyPair();
            X509Certificate newCertificateFor = brooklynRootSigner.newCertificateFor("jmxmp-agent", newKeyPair);
            this.agentKeyStore = SecureKeys.newKeyStore();
            this.agentKeyStore.setKeyEntry("jmxmp-agent", newKeyPair.getPrivate(), "".toCharArray(), new Certificate[]{newCertificateFor});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.agentKeyStore.store(byteArrayOutputStream, "".toCharArray());
            this.agentTrustStore = SecureKeys.newKeyStore();
            this.agentTrustStore.setCertificateEntry("brooklyn", getJmxAccessCert());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            this.agentTrustStore.store(byteArrayOutputStream2, "".toCharArray());
            this.driver.getMachine().copyTo(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), getJmxSslKeyStoreFilePath());
            this.driver.getMachine().copyTo(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()), getJmxSslTrustStoreFilePath());
            this.driver.getMachine().copyTo(new ResourceUtils(this).getResourceFromUrl(getJmxmpAgentJarUrl()), getJmxmpAgentJarDestinationFilePath());
        } catch (Exception e) {
            throw Exceptions.propagate(e);
        }
    }

    protected <T> T getConfig(ConfigKey<T> configKey) {
        return (T) this.driver.getEntity().getConfig(configKey);
    }

    public synchronized Certificate getJmxAccessCert() {
        Certificate certificate = (Certificate) getConfig(UsesJmx.JMX_SSL_ACCESS_CERT);
        if (certificate != null) {
            return certificate;
        }
        KeyPair newKeyPair = SecureKeys.newKeyPair();
        X509Certificate newCertificateFor = getBrooklynRootSigner().newCertificateFor("brooklyn-jmx-access", newKeyPair);
        ((AbstractEntity) this.driver.getEntity()).setConfigEvenIfOwned((ConfigKey<ConfigKey<Certificate>>) UsesJmx.JMX_SSL_ACCESS_CERT, (ConfigKey<Certificate>) newCertificateFor);
        ((AbstractEntity) this.driver.getEntity()).setConfigEvenIfOwned((ConfigKey<ConfigKey<PrivateKey>>) UsesJmx.JMX_SSL_ACCESS_KEY, (ConfigKey<PrivateKey>) newKeyPair.getPrivate());
        return newCertificateFor;
    }

    public synchronized PrivateKey getJmxAccessKey() {
        PrivateKey privateKey = (PrivateKey) getConfig(UsesJmx.JMX_SSL_ACCESS_KEY);
        if (privateKey != null) {
            return privateKey;
        }
        getJmxAccessCert();
        return (PrivateKey) getConfig(UsesJmx.JMX_SSL_ACCESS_KEY);
    }
}
