package org.onosproject.openstacknetworking.switching;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
import org.onlab.packet.Ethernet;
import org.onlab.packet.Ip4Address;
import org.onlab.packet.IpPrefix;
import org.onlab.packet.TpPort;
import org.onlab.util.Tools;
import org.onosproject.core.ApplicationId;
import org.onosproject.net.DeviceId;
import org.onosproject.net.Host;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flowobjective.DefaultForwardingObjective;
import org.onosproject.net.flowobjective.FlowObjectiveService;
import org.onosproject.net.flowobjective.ForwardingObjective;
import org.onosproject.openstackinterface.OpenstackInterfaceService;
import org.onosproject.openstackinterface.OpenstackPort;
import org.onosproject.openstackinterface.OpenstackSecurityGroup;
import org.onosproject.openstackinterface.OpenstackSecurityGroupRule;
import org.onosproject.openstacknetworking.AbstractVmHandler;
import org.onosproject.openstacknetworking.Constants;
import org.onosproject.openstacknetworking.OpenstackSecurityGroupService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(immediate = true)
/* loaded from: input_file:org/onosproject/openstacknetworking/switching/OpenstackSecurityGroupManager.class */
public class OpenstackSecurityGroupManager extends AbstractVmHandler implements OpenstackSecurityGroupService {

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected OpenstackInterfaceService openstackService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected FlowObjectiveService flowObjectiveService;
    private static final String PROTO_ICMP = "ICMP";
    private static final String PROTO_TCP = "TCP";
    private static final String PROTO_UDP = "UDP";
    private static final String ETHTYPE_IPV4 = "IPV4";
    private ApplicationId appId;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final Map<Host, Set<SecurityGroupRule>> securityGroupRuleMap = Maps.newConcurrentMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/onosproject/openstacknetworking/switching/OpenstackSecurityGroupManager$SecurityGroupRule.class */
    public final class SecurityGroupRule {
        private final OpenstackSecurityGroupRule rule;
        private final IpPrefix remoteIp;

        private SecurityGroupRule(OpenstackSecurityGroupRule openstackSecurityGroupRule, IpPrefix ipPrefix) {
            this.rule = openstackSecurityGroupRule;
            this.remoteIp = ipPrefix;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public OpenstackSecurityGroupRule rule() {
            return this.rule;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public IpPrefix remoteIp() {
            return this.remoteIp;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof SecurityGroupRule)) {
                return false;
            }
            SecurityGroupRule securityGroupRule = (SecurityGroupRule) obj;
            return Objects.equals(this.rule, securityGroupRule.rule) && Objects.equals(this.remoteIp, securityGroupRule.remoteIp);
        }

        public int hashCode() {
            return Objects.hash(this.rule, this.remoteIp);
        }
    }

    @Activate
    protected void activate() {
        super.activate();
        this.appId = this.coreService.registerApplication("org.onosproject.openstackswitching");
    }

    @Deactivate
    protected void deactivate() {
        super.deactivate();
    }

    public void updateSecurityGroup(OpenstackPort openstackPort) {
        if (openstackPort.status().equals(OpenstackPort.PortStatus.ACTIVE)) {
            Optional vmByPortId = getVmByPortId(openstackPort.id());
            if (vmByPortId.isPresent()) {
                this.eventExecutor.execute(() -> {
                    updateSecurityGroupRules((Host) vmByPortId.get(), true);
                });
            } else {
                this.log.debug("No host found with {}", openstackPort.id());
            }
        }
    }

    private void populateSecurityGroupRules(String str, boolean z) {
        this.securityGroupRuleMap.entrySet().stream().filter(entry -> {
            return getTenantId((Host) entry.getKey()).equals(str);
        }).forEach(entry2 -> {
            Host host = (Host) entry2.getKey();
            ((Set) entry2.getValue()).forEach(securityGroupRule -> {
                setSecurityGroupRule(host.location().deviceId(), securityGroupRule.rule(), getIp(host), securityGroupRule.remoteIp(), z);
            });
        });
        this.log.debug("Updated security group rules for {}", str);
    }

    private void setSecurityGroupRule(DeviceId deviceId, OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix, boolean z) {
        ForwardingObjective.Builder buildFlowObjective = buildFlowObjective(openstackSecurityGroupRule, ip4Address, ipPrefix);
        if (buildFlowObjective == null) {
            return;
        }
        if (z) {
            this.flowObjectiveService.forward(deviceId, buildFlowObjective.add());
        } else {
            this.flowObjectiveService.forward(deviceId, buildFlowObjective.remove());
        }
    }

    private ForwardingObjective.Builder buildFlowObjective(OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix) {
        if (ipPrefix != null && ipPrefix.equals(IpPrefix.valueOf(ip4Address, 32))) {
            return null;
        }
        TrafficSelector.Builder builder = DefaultTrafficSelector.builder();
        buildMatchs(builder, openstackSecurityGroupRule, ip4Address, ipPrefix);
        return DefaultForwardingObjective.builder().withSelector(builder.build()).withTreatment(DefaultTrafficTreatment.builder().build()).withPriority(30000).withFlag(ForwardingObjective.Flag.SPECIFIC).fromApp(this.appId);
    }

    private void buildMatchs(TrafficSelector.Builder builder, OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix) {
        buildMatchEthType(builder, openstackSecurityGroupRule.ethertype());
        buildMatchDirection(builder, openstackSecurityGroupRule.direction(), ip4Address);
        buildMatchProto(builder, openstackSecurityGroupRule.protocol());
        buildMatchPort(builder, openstackSecurityGroupRule.protocol(), openstackSecurityGroupRule.direction(), openstackSecurityGroupRule.portRangeMax(), openstackSecurityGroupRule.portRangeMin());
        buildMatchRemoteIp(builder, ipPrefix, openstackSecurityGroupRule.direction());
    }

    private void buildMatchDirection(TrafficSelector.Builder builder, OpenstackSecurityGroupRule.Direction direction, Ip4Address ip4Address) {
        if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
            builder.matchIPSrc(IpPrefix.valueOf(ip4Address, 32));
        } else {
            builder.matchIPDst(IpPrefix.valueOf(ip4Address, 32));
        }
    }

    private void buildMatchEthType(TrafficSelector.Builder builder, String str) {
        builder.matchEthType(Ethernet.TYPE_IPV4);
        if (str == null || Objects.equals(str, "null") || str.toUpperCase().equals(ETHTYPE_IPV4)) {
            return;
        }
        this.log.debug("EthType {} is not supported yet in Security Group", str);
    }

    private void buildMatchRemoteIp(TrafficSelector.Builder builder, IpPrefix ipPrefix, OpenstackSecurityGroupRule.Direction direction) {
        if (ipPrefix == null || ipPrefix.getIp4Prefix().equals(Constants.IP_PREFIX_ANY)) {
            return;
        }
        if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
            builder.matchIPDst(ipPrefix);
        } else {
            builder.matchIPSrc(ipPrefix);
        }
    }

    private void buildMatchProto(TrafficSelector.Builder builder, String str) {
        if (str != null) {
            String upperCase = str.toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 82881:
                    if (upperCase.equals(PROTO_TCP)) {
                        z = true;
                        break;
                    }
                    break;
                case 83873:
                    if (upperCase.equals(PROTO_UDP)) {
                        z = 2;
                        break;
                    }
                    break;
                case 2241597:
                    if (upperCase.equals(PROTO_ICMP)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    builder.matchIPProtocol((byte) 1);
                    return;
                case true:
                    builder.matchIPProtocol((byte) 6);
                    return;
                case true:
                    builder.matchIPProtocol((byte) 17);
                    return;
                default:
                    return;
            }
        }
    }

    private void buildMatchPort(TrafficSelector.Builder builder, String str, OpenstackSecurityGroupRule.Direction direction, int i, int i2) {
        if (i <= 0 || i2 <= 0 || i != i2) {
            return;
        }
        if (str.toUpperCase().equals(PROTO_TCP)) {
            if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
                builder.matchTcpSrc(TpPort.tpPort(i2));
                return;
            } else {
                builder.matchTcpDst(TpPort.tpPort(i2));
                return;
            }
        }
        if (str.toUpperCase().equals(PROTO_UDP)) {
            if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
                builder.matchUdpSrc(TpPort.tpPort(i2));
            } else {
                builder.matchUdpDst(TpPort.tpPort(i2));
            }
        }
    }

    private void updateSecurityGroupRulesMap(Host host) {
        OpenstackPort port = this.openstackService.port(host.annotations().value("portId"));
        if (port == null) {
            this.log.debug("Failed to get OpenStack port information for {}", host);
            return;
        }
        HashSet newHashSet = Sets.newHashSet();
        port.securityGroups().forEach(str -> {
            OpenstackSecurityGroup securityGroup = this.openstackService.securityGroup(str);
            if (securityGroup != null) {
                securityGroup.rules().forEach(openstackSecurityGroupRule -> {
                    newHashSet.addAll(getSgRules(openstackSecurityGroupRule));
                });
            } else {
                this.log.warn("Failed to get security group {}", str);
            }
        });
        this.securityGroupRuleMap.put(host, newHashSet);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [java.util.Set] */
    private Set<SecurityGroupRule> getSgRules(OpenstackSecurityGroupRule openstackSecurityGroupRule) {
        HashSet newHashSet = Sets.newHashSet();
        if (openstackSecurityGroupRule.remoteGroupId() == null || openstackSecurityGroupRule.remoteGroupId().equals("null")) {
            newHashSet.add(new SecurityGroupRule(openstackSecurityGroupRule, openstackSecurityGroupRule.remoteIpPrefix()));
        } else {
            newHashSet = (Set) getRemoteIps(openstackSecurityGroupRule.tenantId(), openstackSecurityGroupRule.remoteGroupId()).stream().map(ipPrefix -> {
                return new SecurityGroupRule(openstackSecurityGroupRule, ipPrefix);
            }).collect(Collectors.toSet());
        }
        return newHashSet;
    }

    private Set<IpPrefix> getRemoteIps(String str, String str2) {
        HashSet newHashSet = Sets.newHashSet();
        this.securityGroupRuleMap.entrySet().stream().filter(entry -> {
            return Objects.equals(getTenantId((Host) entry.getKey()), str);
        }).forEach(entry2 -> {
            if (((Set) entry2.getValue()).stream().anyMatch(securityGroupRule -> {
                return securityGroupRule.rule().secuityGroupId().equals(str2);
            })) {
                newHashSet.add(IpPrefix.valueOf(getIp((Host) entry2.getKey()), 32));
            }
        });
        return newHashSet;
    }

    private void updateSecurityGroupRules(Host host, boolean z) {
        String tenantId = getTenantId(host);
        populateSecurityGroupRules(tenantId, false);
        if (z) {
            updateSecurityGroupRulesMap(host);
        } else {
            this.securityGroupRuleMap.remove(host);
        }
        Tools.stream(this.hostService.getHosts()).filter(host2 -> {
            return Objects.equals(getTenantId(host2), getTenantId(host));
        }).forEach(this::updateSecurityGroupRulesMap);
        populateSecurityGroupRules(tenantId, true);
    }

    protected void hostDetected(Host host) {
        updateSecurityGroupRules(host, true);
        this.log.info("Applied security group rules for {}", host);
    }

    protected void hostRemoved(Host host) {
        updateSecurityGroupRules(host, false);
        this.log.info("Applied security group rules for {}", host);
    }

    public void reinstallVmFlow(Host host) {
        if (host == null) {
            this.hostService.getHosts().forEach(host2 -> {
                updateSecurityGroupRules(host2, true);
                this.log.info("Re-Install data plane flow of virtual machine {}", host2);
            });
        } else {
            this.securityGroupRuleMap.entrySet().stream().filter(entry -> {
                return ((Host) entry.getKey()).id().equals(host.id());
            }).forEach(entry2 -> {
                Host host3 = (Host) entry2.getKey();
                ((Set) entry2.getValue()).forEach(securityGroupRule -> {
                    setSecurityGroupRule(host3.location().deviceId(), securityGroupRule.rule(), getIp(host3), securityGroupRule.remoteIp(), true);
                });
            });
            this.log.info("Re-Install data plane flow of virtual machine {}", host);
        }
    }

    public void purgeVmFlow(Host host) {
        if (host == null) {
            this.securityGroupRuleMap.entrySet().stream().forEach(entry -> {
                Host host2 = (Host) entry.getKey();
                ((Set) entry.getValue()).forEach(securityGroupRule -> {
                    setSecurityGroupRule(host2.location().deviceId(), securityGroupRule.rule(), getIp(host2), securityGroupRule.remoteIp(), false);
                });
                this.log.info("Purge data plane flow of virtual machine {}", host2);
            });
        } else {
            this.securityGroupRuleMap.entrySet().stream().filter(entry2 -> {
                return ((Host) entry2.getKey()).id().equals(host.id());
            }).forEach(entry3 -> {
                Host host2 = (Host) entry3.getKey();
                ((Set) entry3.getValue()).forEach(securityGroupRule -> {
                    setSecurityGroupRule(host2.location().deviceId(), securityGroupRule.rule(), getIp(host2), securityGroupRule.remoteIp(), false);
                });
            });
            this.log.info("Purge data plane flow of virtual machine {}", host);
        }
    }

    protected void bindOpenstackService(OpenstackInterfaceService openstackInterfaceService) {
        this.openstackService = openstackInterfaceService;
    }

    protected void unbindOpenstackService(OpenstackInterfaceService openstackInterfaceService) {
        if (this.openstackService == openstackInterfaceService) {
            this.openstackService = null;
        }
    }

    protected void bindFlowObjectiveService(FlowObjectiveService flowObjectiveService) {
        this.flowObjectiveService = flowObjectiveService;
    }

    protected void unbindFlowObjectiveService(FlowObjectiveService flowObjectiveService) {
        if (this.flowObjectiveService == flowObjectiveService) {
            this.flowObjectiveService = null;
        }
    }
}
