package org.eclipse.kura.net.admin;

import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.configuration.ComponentConfiguration;
import org.eclipse.kura.configuration.SelfConfiguringComponent;
import org.eclipse.kura.core.configuration.ComponentConfigurationImpl;
import org.eclipse.kura.core.configuration.metatype.ObjectFactory;
import org.eclipse.kura.core.configuration.metatype.Tad;
import org.eclipse.kura.core.configuration.metatype.Tocd;
import org.eclipse.kura.core.configuration.metatype.Tscalar;
import org.eclipse.kura.core.net.FirewallConfiguration;
import org.eclipse.kura.executor.CommandExecutorService;
import org.eclipse.kura.linux.net.iptables.LinuxFirewall;
import org.eclipse.kura.linux.net.iptables.LocalRule;
import org.eclipse.kura.linux.net.iptables.NATRule;
import org.eclipse.kura.linux.net.iptables.PortForwardRule;
import org.eclipse.kura.net.IPAddress;
import org.eclipse.kura.net.NetProtocol;
import org.eclipse.kura.net.NetworkPair;
import org.eclipse.kura.net.admin.event.FirewallConfigurationChangeEvent;
import org.eclipse.kura.net.configuration.NetworkConfigurationMessages;
import org.eclipse.kura.net.configuration.NetworkConfigurationPropertyNames;
import org.eclipse.kura.net.firewall.FirewallAutoNatConfig;
import org.eclipse.kura.net.firewall.FirewallNatConfig;
import org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP;
import org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP4;
import org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP;
import org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP4;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.event.EventAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/net/admin/FirewallConfigurationServiceImpl.class */
public class FirewallConfigurationServiceImpl implements FirewallConfigurationService, SelfConfiguringComponent {
    private static final Logger logger = LoggerFactory.getLogger(FirewallConfigurationServiceImpl.class);
    private EventAdmin eventAdmin;
    private LinuxFirewall firewall;
    private CommandExecutorService executorService;

    public void setEventAdmin(EventAdmin eventAdmin) {
        this.eventAdmin = eventAdmin;
    }

    public void unsetEventAdmin(EventAdmin eventAdmin) {
        if (this.eventAdmin == eventAdmin) {
            this.eventAdmin = null;
        }
    }

    public void setExecutorService(CommandExecutorService commandExecutorService) {
        this.executorService = commandExecutorService;
    }

    public void unsetExecutorService(CommandExecutorService commandExecutorService) {
        if (this.executorService == commandExecutorService) {
            this.executorService = null;
        }
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        logger.info("Activating FirewallConfigurationService...");
        this.firewall = getLinuxFirewall();
        updated(map);
        logger.info("Activating FirewallConfigurationService... Done.");
    }

    protected void deactivate(ComponentContext componentContext) {
        logger.info("Deactivating FirewallConfigurationService...");
        logger.info("Deactivating FirewallConfigurationService... Done.");
    }

    public synchronized void updated(Map<String, Object> map) {
        logger.debug("updated()");
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            logger.debug("updated() :: Props... {}={}", entry.getKey(), entry.getValue());
        }
        FirewallConfiguration firewallConfiguration = new FirewallConfiguration(map);
        try {
            setFirewallOpenPortConfiguration(firewallConfiguration.getOpenPortConfigs());
        } catch (KuraException e) {
            logger.error("Failed to set Firewall Open Ports Configuration", e);
        }
        try {
            setFirewallPortForwardingConfiguration(firewallConfiguration.getPortForwardConfigs());
        } catch (KuraException e2) {
            logger.error("Failed to set Firewall Port Forwarding Configuration", e2);
        }
        try {
            setFirewallNatConfiguration(firewallConfiguration.getNatConfigs());
        } catch (KuraException e3) {
            logger.error("Failed to set Firewall NAT Configuration", e3);
        }
        this.eventAdmin.postEvent(new FirewallConfigurationChangeEvent(map));
    }

    @Override // org.eclipse.kura.net.admin.FirewallConfigurationService
    public FirewallConfiguration getFirewallConfiguration() throws KuraException {
        logger.debug("getting the firewall configuration");
        FirewallConfiguration firewallConfiguration = new FirewallConfiguration();
        for (LocalRule localRule : getLocalRules()) {
            if (localRule.getPortRange() != null) {
                logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPortRange());
                firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPortRange(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
            } else {
                logger.debug("getFirewallConfiguration() :: Adding local rule for {}", Integer.valueOf(localRule.getPort()));
                firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPort(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
            }
        }
        for (PortForwardRule portForwardRule : getPortForwardRules()) {
            try {
                logger.debug("getFirewallConfiguration() :: Adding port forwarding - inbound iface is {}", portForwardRule.getInboundIface());
                firewallConfiguration.addConfig(new FirewallPortForwardConfigIP4(portForwardRule.getInboundIface(), portForwardRule.getOutboundIface(), IPAddress.parseHostAddress(portForwardRule.getAddress()), NetProtocol.valueOf(portForwardRule.getProtocol()), portForwardRule.getInPort(), portForwardRule.getOutPort(), portForwardRule.isMasquerade(), new NetworkPair(IPAddress.parseHostAddress(portForwardRule.getPermittedNetwork()), (short) portForwardRule.getPermittedNetworkMask()), portForwardRule.getPermittedMAC(), portForwardRule.getSourcePortRange()));
            } catch (UnknownHostException e) {
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
            }
        }
        for (NATRule nATRule : getAutoNatRules()) {
            logger.debug("getFirewallConfiguration() :: Adding auto NAT rules {}", nATRule.getSourceInterface());
            firewallConfiguration.addConfig(new FirewallAutoNatConfig(nATRule.getSourceInterface(), nATRule.getDestinationInterface(), nATRule.isMasquerade()));
        }
        for (NATRule nATRule2 : getNatRules()) {
            logger.debug("getFirewallConfiguration() :: Adding NAT rules {}", nATRule2.getSourceInterface());
            firewallConfiguration.addConfig(new FirewallNatConfig(nATRule2.getSourceInterface(), nATRule2.getDestinationInterface(), nATRule2.getProtocol(), nATRule2.getSource(), nATRule2.getDestination(), nATRule2.isMasquerade(), nATRule2.getRuleType()));
        }
        return firewallConfiguration;
    }

    public ComponentConfiguration getConfiguration() throws KuraException {
        logger.debug("getConfiguration()");
        try {
            Map configurationProperties = getFirewallConfiguration().getConfigurationProperties();
            configurationProperties.put("kura.service.pid", FirewallConfigurationService.PID);
            configurationProperties.put("service.pid", FirewallConfigurationService.PID);
            return new ComponentConfigurationImpl(FirewallConfigurationService.PID, getDefinition(), configurationProperties);
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    @Override // org.eclipse.kura.net.admin.FirewallConfigurationService
    public void setFirewallOpenPortConfiguration(List<FirewallOpenPortConfigIP<? extends IPAddress>> list) throws KuraException {
        LocalRule localRule;
        logger.debug("setFirewallOpenPortConfiguration() :: Deleting local rules");
        deleteAllLocalRules();
        ArrayList<LocalRule> arrayList = new ArrayList<>();
        for (FirewallOpenPortConfigIP<? extends IPAddress> firewallOpenPortConfigIP : list) {
            if (firewallOpenPortConfigIP.getPermittedNetwork() == null || firewallOpenPortConfigIP.getPermittedNetwork().getIpAddress() == null) {
                try {
                    firewallOpenPortConfigIP.setPermittedNetwork(getNetworkPair00());
                } catch (UnknownHostException e) {
                    logger.info(e.getMessage(), e);
                }
            }
            try {
                if (firewallOpenPortConfigIP.getPortRange() != null) {
                    logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", firewallOpenPortConfigIP.getPortRange());
                    localRule = new LocalRule(firewallOpenPortConfigIP.getPortRange(), firewallOpenPortConfigIP.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(firewallOpenPortConfigIP.getPermittedNetwork().getIpAddress().getHostAddress()), firewallOpenPortConfigIP.getPermittedNetwork().getPrefix()), firewallOpenPortConfigIP.getPermittedInterfaceName(), firewallOpenPortConfigIP.getUnpermittedInterfaceName(), firewallOpenPortConfigIP.getPermittedMac(), firewallOpenPortConfigIP.getSourcePortRange());
                } else {
                    logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", Integer.valueOf(firewallOpenPortConfigIP.getPort()));
                    localRule = new LocalRule(firewallOpenPortConfigIP.getPort(), firewallOpenPortConfigIP.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(firewallOpenPortConfigIP.getPermittedNetwork().getIpAddress().getHostAddress()), firewallOpenPortConfigIP.getPermittedNetwork().getPrefix()), firewallOpenPortConfigIP.getPermittedInterfaceName(), firewallOpenPortConfigIP.getUnpermittedInterfaceName(), firewallOpenPortConfigIP.getPermittedMac(), firewallOpenPortConfigIP.getSourcePortRange());
                }
                arrayList.add(localRule);
            } catch (Exception e2) {
                logger.error("setFirewallOpenPortConfiguration() :: Failed to add local rule for: {}", Integer.valueOf(firewallOpenPortConfigIP.getPort()), e2);
            }
        }
        addLocalRules(arrayList);
    }

    @Override // org.eclipse.kura.net.admin.FirewallConfigurationService
    public void setFirewallPortForwardingConfiguration(List<FirewallPortForwardConfigIP<? extends IPAddress>> list) throws KuraException {
        logger.debug("setFirewallPortForwardingConfiguration() :: Deleting port forward rules");
        deleteAllPortForwardRules();
        ArrayList<PortForwardRule> arrayList = new ArrayList<>();
        for (FirewallPortForwardConfigIP<? extends IPAddress> firewallPortForwardConfigIP : list) {
            logger.debug("setFirewallPortForwardingConfiguration() :: Adding port forward rule for: {}", Integer.valueOf(firewallPortForwardConfigIP.getInPort()));
            if (firewallPortForwardConfigIP.getPermittedNetwork() == null || firewallPortForwardConfigIP.getPermittedNetwork().getIpAddress() == null) {
                try {
                    firewallPortForwardConfigIP.setPermittedNetwork(getNetworkPair00());
                } catch (UnknownHostException e) {
                    logger.info(e.getMessage(), e);
                }
            }
            arrayList.add(new PortForwardRule().inboundIface(firewallPortForwardConfigIP.getInboundInterface()).outboundIface(firewallPortForwardConfigIP.getOutboundInterface()).address(firewallPortForwardConfigIP.getAddress().getHostAddress()).protocol(firewallPortForwardConfigIP.getProtocol().name()).inPort(firewallPortForwardConfigIP.getInPort()).outPort(firewallPortForwardConfigIP.getOutPort()).masquerade(firewallPortForwardConfigIP.isMasquerade()).permittedNetwork(firewallPortForwardConfigIP.getPermittedNetwork().getIpAddress().getHostAddress()).permittedNetworkMask(firewallPortForwardConfigIP.getPermittedNetwork().getPrefix()).permittedMAC(firewallPortForwardConfigIP.getPermittedMac()).sourcePortRange(firewallPortForwardConfigIP.getSourcePortRange()));
        }
        addPortForwardRules(arrayList);
    }

    @Override // org.eclipse.kura.net.admin.FirewallConfigurationService
    public void setFirewallNatConfiguration(List<FirewallNatConfig> list) throws KuraException {
        deleteAllNatRules();
        ArrayList<NATRule> arrayList = new ArrayList<>();
        for (FirewallNatConfig firewallNatConfig : list) {
            arrayList.add(new NATRule(firewallNatConfig.getSourceInterface(), firewallNatConfig.getDestinationInterface(), firewallNatConfig.getProtocol(), firewallNatConfig.getSource(), firewallNatConfig.getDestination(), firewallNatConfig.isMasquerade(), firewallNatConfig.getRuleType()));
        }
        addNatRules(arrayList);
    }

    protected void addLocalRules(ArrayList<LocalRule> arrayList) throws KuraException {
        this.firewall.addLocalRules(arrayList);
    }

    protected void addNatRules(ArrayList<NATRule> arrayList) throws KuraException {
        this.firewall.addNatRules(arrayList);
    }

    protected void addPortForwardRules(ArrayList<PortForwardRule> arrayList) throws KuraException {
        this.firewall.addPortForwardRules(arrayList);
    }

    protected void deleteAllLocalRules() throws KuraException {
        this.firewall.deleteAllLocalRules();
    }

    protected void deleteAllNatRules() throws KuraException {
        this.firewall.deleteAllNatRules();
    }

    protected void deleteAllPortForwardRules() throws KuraException {
        this.firewall.deleteAllPortForwardRules();
    }

    protected Set<NATRule> getAutoNatRules() throws KuraException {
        return this.firewall.getAutoNatRules();
    }

    protected Set<LocalRule> getLocalRules() throws KuraException {
        return this.firewall.getLocalRules();
    }

    protected Set<NATRule> getNatRules() throws KuraException {
        return this.firewall.getNatRules();
    }

    protected Set<PortForwardRule> getPortForwardRules() throws KuraException {
        return this.firewall.getPortForwardRules();
    }

    protected LinuxFirewall getLinuxFirewall() {
        if (this.firewall == null) {
            this.firewall = LinuxFirewall.getInstance(this.executorService);
        }
        return this.firewall;
    }

    private Tocd getDefinition() throws KuraException {
        ObjectFactory objectFactory = new ObjectFactory();
        Tocd createTocd = objectFactory.createTocd();
        createTocd.setName("FirewallConfigurationService");
        createTocd.setId(FirewallConfigurationService.PID);
        createTocd.setDescription("Firewall Configuration Service");
        Tad createTad = objectFactory.createTad();
        createTad.setId("firewall.open.ports");
        createTad.setName("firewall.open.ports");
        createTad.setType(Tscalar.STRING);
        createTad.setCardinality(0);
        createTad.setRequired(true);
        createTad.setDefault("");
        createTad.setDescription(NetworkConfigurationMessages.getMessage(NetworkConfigurationPropertyNames.PLATFORM_INTERFACES));
        createTocd.addAD(createTad);
        Tad createTad2 = objectFactory.createTad();
        createTad2.setId("firewall.port.forwarding");
        createTad2.setName("firewall.port.forwarding");
        createTad2.setType(Tscalar.STRING);
        createTad2.setCardinality(0);
        createTad2.setRequired(true);
        createTad2.setDefault("");
        createTad2.setDescription(NetworkConfigurationMessages.getMessage(NetworkConfigurationPropertyNames.PLATFORM_INTERFACES));
        createTocd.addAD(createTad2);
        Tad createTad3 = objectFactory.createTad();
        createTad3.setId("firewall.nat");
        createTad3.setName("firewall.nat");
        createTad3.setType(Tscalar.STRING);
        createTad3.setCardinality(0);
        createTad3.setRequired(true);
        createTad3.setDefault("");
        createTad3.setDescription(NetworkConfigurationMessages.getMessage(NetworkConfigurationPropertyNames.PLATFORM_INTERFACES));
        createTocd.addAD(createTad3);
        return createTocd;
    }

    private NetworkPair getNetworkPair00() throws UnknownHostException {
        return new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0);
    }

    @Override // org.eclipse.kura.net.admin.FirewallConfigurationService
    public void addFloodingProtectionRules(Set<String> set) {
        try {
            this.firewall.setAdditionalRules(new HashSet(), new HashSet(), set);
        } catch (KuraException e) {
            logger.error("Failed to set Firewall Flooding Protection Configuration", e);
        }
    }
}
