package org.apache.geode.management.internal.cli.commands;

import java.io.File;
import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Properties;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.annotations.Immutable;
import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.management.cli.CliMetaData;
import org.apache.geode.management.internal.JmxManagerLocatorRequest;
import org.apache.geode.management.internal.JmxManagerLocatorResponse;
import org.apache.geode.management.internal.SSLUtil;
import org.apache.geode.management.internal.cli.LogWrapper;
import org.apache.geode.management.internal.cli.domain.ConnectToLocatorResult;
import org.apache.geode.management.internal.cli.result.model.InfoResultModel;
import org.apache.geode.management.internal.cli.result.model.ResultModel;
import org.apache.geode.management.internal.cli.shell.Gfsh;
import org.apache.geode.management.internal.cli.shell.JmxOperationInvoker;
import org.apache.geode.management.internal.cli.shell.OperationInvoker;
import org.apache.geode.management.internal.cli.util.ConnectionEndpoint;
import org.apache.geode.management.internal.i18n.CliStrings;
import org.apache.geode.management.internal.web.shell.HttpOperationInvoker;
import org.apache.geode.security.AuthenticationFailedException;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;

/* loaded from: input_file:org/apache/geode/management/internal/cli/commands/ConnectCommand.class */
public class ConnectCommand extends OfflineGfshCommand {
    static final int CONNECT_LOCATOR_TIMEOUT_MS = 60000;
    private static final int VERSION_MAJOR = 0;
    private static final int VERSION_MINOR = 1;

    @Immutable
    private static final UserInputProperty[] USER_INPUT_PROPERTIES = {UserInputProperty.KEYSTORE, UserInputProperty.KEYSTORE_PASSWORD, UserInputProperty.KEYSTORE_TYPE, UserInputProperty.TRUSTSTORE, UserInputProperty.TRUSTSTORE_PASSWORD, UserInputProperty.TRUSTSTORE_TYPE, UserInputProperty.CIPHERS, UserInputProperty.PROTOCOL, UserInputProperty.COMPONENT};

    @CliMetaData(shellOnly = true, relatedTopic = {"GFSH", "JMX", "Manager"})
    @CliCommand(value = {"connect"}, help = "Connect to a jmx-manager either directly or via a Locator. If connecting via a Locator, and a jmx-manager doesn't already exist, the Locator will start one.")
    public ResultModel connect(@CliOption(key = {"locator"}, unspecifiedDefaultValue = "localhost[10334]", optionContext = "__locator__", help = "Network address of the Locator in the form: host[port].") ConnectionEndpoint connectionEndpoint, @CliOption(key = {"jmx-manager"}, optionContext = "__jmx-manager__", help = "Network address of the jmx-manager in the form: host[port].") ConnectionEndpoint connectionEndpoint2, @CliOption(key = {"use-http"}, specifiedDefaultValue = "true", unspecifiedDefaultValue = "false", help = "[Deprecated: inferred by the presence of --url]. Connects to Manager by sending HTTP requests to HTTP service hosting the Management REST API. You must first 'disconnect' in order to reconnect to the Manager via locator or jmx-manager using JMX.") boolean z, @CliOption(key = {"url"}, help = "Indicates the base URL to the Manager's HTTP service.  For example: 'http://<host>:<port>/gemfire/v1' Default is 'http://localhost:7070/geode-mgmt/v1'") String str, @CliOption(key = {"user"}, help = "User name to securely connect to the jmx-manager. If the --password parameter is not specified then it will be prompted for.") String str2, @CliOption(key = {"password"}, help = "Password to securely connect to the jmx-manager.") String str3, @CliOption(key = {"key-store"}, help = "Java keystore file containing this application's certificate and private key. If the --key-store-password parameter is not specified then it will be prompted for.") String str4, @CliOption(key = {"key-store-password"}, help = "Password to access the private key from the keystore file specified by --key-store.") String str5, @CliOption(key = {"trust-store"}, help = "Java keystore file containing the collection of CA certificates trusted by this application. If the --trust-store-password parameter is not specified then it will be prompted for.") String str6, @CliOption(key = {"trust-store-password"}, help = "Password to unlock the keystore file specified by --trust-store") String str7, @CliOption(key = {"ciphers"}, help = "SSL/TLS ciphers used when encrypting the connection. The default is \"any\".") String str8, @CliOption(key = {"protocols"}, help = "SSL/TLS protocol versions to enable when encrypting the connection. The default is \"any\".") String str9, @CliOption(key = {"security-properties-file"}, optionContext = "geode.converter.file", help = "The gfsecurity.properties file for configuring gfsh to connect to the Locator/Manager. The file's path can be absolute or relative to gfsh directory.") File file, @CliOption(key = {"use-ssl"}, specifiedDefaultValue = "true", unspecifiedDefaultValue = "false", help = "Whether to use SSL for communication with Locator and/or JMX Manager. If set to \"true\", \"gfsecurity.properties\" will also be read. SSL Options take precedence over the properties file. If none are specified, defaults will be used. The default value for this options is \"false\". This option is only required if JMX is to be used over SSL. For http, the protocol is inferred from the URL.") boolean z2, @CliOption(key = {"skip-ssl-validation"}, specifiedDefaultValue = "true", unspecifiedDefaultValue = "false", help = "When connecting via HTTP, connects using 1-way SSL validation rather than 2-way SSL validation.") boolean z3) {
        new ResultModel();
        Gfsh gfsh = getGfsh();
        if (gfsh != null && gfsh.isConnectedAndReady()) {
            return ResultModel.createInfo("Already connected to: " + getGfsh().getOperationInvoker().toString());
        }
        if (StringUtils.startsWith(str, "https")) {
            z2 = true;
        }
        Properties resolveSslProperties = resolveSslProperties(gfsh, z2, null, file, str4, str5, null, str6, str7, null, str8, str9, null);
        if (containsSSLConfig(resolveSslProperties) || containsLegacySSLConfig(resolveSslProperties)) {
            z2 = true;
        }
        if (str2 != null) {
            resolveSslProperties.setProperty("security-username", str2);
            if (str3 == null) {
                str3 = UserInputProperty.PASSWORD.promptForAcceptableValue(gfsh);
            }
            resolveSslProperties.setProperty(UserInputProperty.PASSWORD.getKey(), str3);
        }
        ResultModel httpConnect = StringUtils.isNotEmpty(str) ? httpConnect(resolveSslProperties, str, z3) : jmxConnect(resolveSslProperties, z2, connectionEndpoint2, connectionEndpoint, false);
        OperationInvoker operationInvoker = gfsh.getOperationInvoker();
        if (operationInvoker == null || !operationInvoker.isConnected()) {
            return httpConnect;
        }
        String version = gfsh.getVersion();
        String str10 = null;
        try {
            if (hasSameMajorMinor(gfsh.getGeodeSerializationVersion(), operationInvoker.getRemoteGeodeSerializationVersion())) {
                return httpConnect;
            }
        } catch (Exception e) {
            try {
                str10 = operationInvoker.getRemoteVersion();
            } catch (Exception e2) {
                gfsh.logInfo("failed to get the the remote version.", e2);
            }
        }
        operationInvoker.stop();
        return str10 == null ? ResultModel.createError(String.format("Cannot use a %s gfsh client to connect to this cluster.", version)) : ResultModel.createError(String.format("Cannot use a %s gfsh client to connect to a %s cluster.", version, str10));
    }

    private static boolean hasSameMajorMinor(String str, String str2) {
        return versionComponent(str2, 0).equalsIgnoreCase(versionComponent(str, 0)) && versionComponent(str2, 1).equalsIgnoreCase(versionComponent(str, 1));
    }

    private static String versionComponent(String str, int i) {
        String[] split = StringUtils.split(str, '.');
        return split.length >= i + 1 ? split[i] : "";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Properties resolveSslProperties(Gfsh gfsh, boolean z, File file, File file2, String... strArr) {
        Properties loadProperties = loadProperties(file, file2);
        if (containsLegacySSLConfig(loadProperties)) {
            return loadProperties;
        }
        if (!z && !containsSSLConfig(loadProperties) && !isSslImpliedBySslOptions(strArr)) {
            return loadProperties;
        }
        for (int i = 0; i < USER_INPUT_PROPERTIES.length; i++) {
            UserInputProperty userInputProperty = USER_INPUT_PROPERTIES[i];
            String str = null;
            if (strArr != null && strArr.length > i) {
                str = strArr[i];
            }
            String property = loadProperties.getProperty(userInputProperty.getKey());
            if (str != null) {
                loadProperties.setProperty(userInputProperty.getKey(), str);
            } else if (property == null) {
                loadProperties.setProperty(userInputProperty.getKey(), userInputProperty.promptForAcceptableValue(gfsh));
            }
        }
        return loadProperties;
    }

    boolean isSslImpliedBySslOptions(String... strArr) {
        return strArr != null && Arrays.stream(strArr).anyMatch((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    static boolean containsLegacySSLConfig(Properties properties) {
        return properties.stringPropertyNames().stream().anyMatch(str -> {
            return str.startsWith("cluster-ssl") || str.startsWith("jmx-manager-ssl-") || str.startsWith("http-service-ssl-");
        });
    }

    private static boolean containsSSLConfig(Properties properties) {
        return properties.stringPropertyNames().stream().anyMatch(str -> {
            return str.startsWith("ssl-");
        });
    }

    ResultModel httpConnect(Properties properties, String str, boolean z) {
        Gfsh gfsh = getGfsh();
        try {
            SSLConfig sSLConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(properties, SecurableCommunicationChannel.WEB);
            if (sSLConfigForComponent.isEnabled()) {
                configureHttpsURLConnection(sSLConfigForComponent, z);
                if (str.startsWith("http:")) {
                    str = str.replace("http:", "https:");
                }
            }
            HttpOperationInvoker httpOperationInvoker = new HttpOperationInvoker(gfsh, str, properties);
            gfsh.setOperationInvoker(httpOperationInvoker);
            LogWrapper.getInstance().info(CliStrings.format("Successfully connected to: {0}", httpOperationInvoker.toString()));
            return ResultModel.createInfo(CliStrings.format("Successfully connected to: {0}", httpOperationInvoker.toString()));
        } catch (SecurityException | AuthenticationFailedException e) {
            if (properties.containsKey("security-username")) {
                return handleException(e);
            }
            properties.setProperty(UserInputProperty.USERNAME.getKey(), UserInputProperty.USERNAME.promptForAcceptableValue(gfsh));
            properties.setProperty(UserInputProperty.PASSWORD.getKey(), UserInputProperty.PASSWORD.promptForAcceptableValue(gfsh));
            return httpConnect(properties, str, z);
        } catch (Exception e2) {
            return handleException(e2);
        }
    }

    ResultModel jmxConnect(Properties properties, boolean z, ConnectionEndpoint connectionEndpoint, ConnectionEndpoint connectionEndpoint2, boolean z2) {
        ConnectionEndpoint connectionEndpoint3 = null;
        Gfsh gfsh = getGfsh();
        if (connectionEndpoint != null) {
            connectionEndpoint3 = connectionEndpoint;
        } else {
            if (z) {
                try {
                    gfsh.logToFile("use-ssl is set to true. Connecting to Locator via SSL.", null);
                } catch (SecurityException | AuthenticationFailedException e) {
                    if (properties.containsKey("security-username")) {
                        return handleException(e, connectionEndpoint3);
                    }
                    properties.setProperty(UserInputProperty.USERNAME.getKey(), UserInputProperty.USERNAME.promptForAcceptableValue(gfsh));
                    properties.setProperty(UserInputProperty.PASSWORD.getKey(), UserInputProperty.PASSWORD.promptForAcceptableValue(gfsh));
                    return jmxConnect(properties, z, connectionEndpoint3, null, true);
                } catch (UnknownHostException e2) {
                    return handleException(e2, "JMX manager can't be reached. Hostname or IP address could not be found.");
                } catch (Exception e3) {
                    return handleException(e3, connectionEndpoint3);
                }
            }
            Gfsh.println(CliStrings.format("Connecting to Locator at {0} ..", new Object[]{connectionEndpoint2.toString(false)}));
            ConnectToLocatorResult connectToLocator = connectToLocator(connectionEndpoint2.getHost(), connectionEndpoint2.getPort(), CONNECT_LOCATOR_TIMEOUT_MS, properties);
            connectionEndpoint3 = connectToLocator.getMemberEndpoint();
            if (z && !connectToLocator.isJmxManagerSslEnabled()) {
                gfsh.logInfo("use-ssl is set to true. But JMX Manager doesn't support SSL, connecting without SSL.", null);
                z = false;
            }
        }
        if (z) {
            gfsh.logToFile("Connecting to manager via SSL.", null);
        }
        if (!z2) {
            Gfsh.println(CliStrings.format("Connecting to Manager at {0} ..", new Object[]{connectionEndpoint3.toString(false)}));
        }
        ResultModel resultModel = new ResultModel();
        InfoResultModel addInfo = resultModel.addInfo();
        gfsh.setOperationInvoker(new JmxOperationInvoker(connectionEndpoint3.getHost(), connectionEndpoint3.getPort(), properties));
        addInfo.addLine(CliStrings.format("Successfully connected to: {0}", connectionEndpoint3.toString(false)));
        LogWrapper.getInstance().info(CliStrings.format("Successfully connected to: {0}", connectionEndpoint3.toString(false)));
        return resultModel;
    }

    public static ConnectToLocatorResult connectToLocator(String str, int i, int i2, Properties properties) throws IOException, ClassNotFoundException {
        JmxManagerLocatorResponse send = JmxManagerLocatorRequest.send(str, i, i2, properties);
        if (!StringUtils.isBlank(send.getHost()) && send.getPort() != 0) {
            ConnectionEndpoint connectionEndpoint = new ConnectionEndpoint(send.getHost(), send.getPort());
            return new ConnectToLocatorResult(connectionEndpoint, CliStrings.format("Connecting to Manager at {0} ..", connectionEndpoint.toString(false)), send.isJmxManagerSslEnabled());
        }
        Throwable exception = send.getException();
        String str2 = "Locator could not find a JMX Manager";
        if (exception != null) {
            String message = exception.getMessage();
            str2 = "Exception caused JMX Manager startup to fail because: '".concat(StringUtils.isNotBlank(message) ? message : exception.toString()).concat("'");
        }
        throw new IllegalStateException(str2, exception);
    }

    private void configureHttpsURLConnection(SSLConfig sSLConfig, boolean z) {
        SSLContext createAndConfigureSSLContext = SSLUtil.createAndConfigureSSLContext(sSLConfig, z);
        if (z) {
            HttpsURLConnection.setDefaultHostnameVerifier((str, sSLSession) -> {
                return true;
            });
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(createAndConfigureSSLContext.getSocketFactory());
    }

    private ResultModel handleException(Exception exc) {
        return handleException(exc, exc.getMessage());
    }

    private ResultModel handleException(Exception exc, String str) {
        LogWrapper.getInstance().severe(str, exc);
        return ResultModel.createError(str);
    }

    private ResultModel handleException(Exception exc, ConnectionEndpoint connectionEndpoint) {
        return connectionEndpoint == null ? handleException(exc) : handleException(exc, CliStrings.format("Could not connect to : {0}. {1}", new Object[]{connectionEndpoint.toString(false), exc.getMessage()}));
    }
}
