package org.jclouds.openstack.nova.v2_0.compute.functions;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Supplier;
import com.google.common.collect.FluentIterable;
import com.google.common.collect.Iterables;
import com.google.inject.Inject;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nullable;
import javax.annotation.Resource;
import javax.inject.Named;
import javax.inject.Singleton;
import org.jclouds.Context;
import org.jclouds.compute.domain.SecurityGroup;
import org.jclouds.compute.reference.ComputeServiceConstants;
import org.jclouds.domain.Location;
import org.jclouds.googlecomputeengine.compute.strategy.CreateNodesWithGroupEncodedIntoNameThenAddToSet;
import org.jclouds.logging.Logger;
import org.jclouds.net.domain.IpProtocol;
import org.jclouds.openstack.neutron.v2.NeutronApi;
import org.jclouds.openstack.neutron.v2.domain.Rule;
import org.jclouds.openstack.neutron.v2.domain.RuleDirection;
import org.jclouds.openstack.neutron.v2.domain.RuleProtocol;
import org.jclouds.openstack.neutron.v2.domain.SecurityGroup;
import org.jclouds.openstack.neutron.v2.features.SecurityGroupApi;
import org.jclouds.openstack.nova.v2_0.NovaApi;
import org.jclouds.openstack.nova.v2_0.compute.functions.NeutronSecurityGroupToSecurityGroup;
import org.jclouds.openstack.nova.v2_0.domain.Ingress;
import org.jclouds.openstack.nova.v2_0.domain.regionscoped.RegionAndId;
import org.jclouds.openstack.nova.v2_0.domain.regionscoped.RegionSecurityGroupNameAndPorts;
import org.jclouds.openstack.nova.v2_0.domain.regionscoped.SecurityGroupInRegion;
import org.jclouds.openstack.nova.v2_0.predicates.SecurityGroupPredicates;
import org.jclouds.rest.ApiContext;

@Singleton
/* loaded from: input_file:WEB-INF/lib/openstack-nova-2.1.0.jar:org/jclouds/openstack/nova/v2_0/compute/functions/CreateSecurityGroupIfNeeded.class */
public class CreateSecurityGroupIfNeeded implements Function<RegionSecurityGroupNameAndPorts, SecurityGroup> {

    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger = Logger.NULL;
    protected final NovaApi novaApi;
    private final Supplier<Map<String, Location>> locationIndex;
    private final Function<SecurityGroupInRegion, SecurityGroup> securityGroupInRegionSecurityGroupFunction;
    private final NeutronSecurityGroupToSecurityGroup.Factory neutronSecurityGroupToSecurityGroup;

    @Inject(optional = true)
    @Named("openstack-neutron")
    Supplier<Context> neutronContextSupplier;

    @VisibleForTesting
    @Inject
    public CreateSecurityGroupIfNeeded(NovaApi novaApi, Supplier<Map<String, Location>> supplier, Function<SecurityGroupInRegion, SecurityGroup> function, NeutronSecurityGroupToSecurityGroup.Factory factory) {
        this.novaApi = novaApi;
        this.locationIndex = supplier;
        this.securityGroupInRegionSecurityGroupFunction = function;
        this.neutronSecurityGroupToSecurityGroup = factory;
    }

    @Override // com.google.common.base.Function
    public SecurityGroup apply(RegionSecurityGroupNameAndPorts regionSecurityGroupNameAndPorts) {
        String region = regionSecurityGroupNameAndPorts.getRegion();
        Location location = this.locationIndex.get().get(region);
        this.logger.debug(">> creating securityGroup %s", regionSecurityGroupNameAndPorts);
        SecurityGroupApi neutronSecurityGroupApi = getNeutronSecurityGroupApi(region);
        if (neutronSecurityGroupApi != null) {
            return createSecurityGroupFrom(neutronSecurityGroupApi.create(SecurityGroup.CreateSecurityGroup.createBuilder().name(regionSecurityGroupNameAndPorts.getName()).description("security group created by jclouds").build()), location, regionSecurityGroupNameAndPorts.getPorts());
        }
        Optional<org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi> securityGroupApi = this.novaApi.getSecurityGroupApi(region);
        Preconditions.checkArgument(securityGroupApi.isPresent(), "Security groups are required, but the extension is not available in region %s!", region);
        FluentIterable<org.jclouds.openstack.nova.v2_0.domain.SecurityGroup> list = securityGroupApi.get().list();
        this.logger.debug(">> creating securityGroup %s", regionSecurityGroupNameAndPorts);
        try {
            org.jclouds.openstack.nova.v2_0.domain.SecurityGroup createWithDescription = securityGroupApi.get().createWithDescription(regionSecurityGroupNameAndPorts.getName(), regionSecurityGroupNameAndPorts.getName());
            this.logger.debug("<< created securityGroup(%s)", createWithDescription);
            Iterator<Integer> it = regionSecurityGroupNameAndPorts.getPorts().iterator();
            while (it.hasNext()) {
                authorizeGroupToItselfAndAllIPsToTCPPort(securityGroupApi.get(), createWithDescription, it.next().intValue());
            }
            return this.securityGroupInRegionSecurityGroupFunction.apply(new SecurityGroupInRegion(securityGroupApi.get().get(createWithDescription.getId()), region, list));
        } catch (IllegalStateException e) {
            this.logger.trace("<< trying to find securityGroup(%s): %s", regionSecurityGroupNameAndPorts, e.getMessage());
            org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup = (org.jclouds.openstack.nova.v2_0.domain.SecurityGroup) Iterables.find(list, SecurityGroupPredicates.nameEquals(regionSecurityGroupNameAndPorts.getName()));
            this.logger.debug("<< reused securityGroup(%s)", securityGroup.getId());
            return this.securityGroupInRegionSecurityGroupFunction.apply(new SecurityGroupInRegion(securityGroup, region, list));
        }
    }

    private org.jclouds.compute.domain.SecurityGroup createSecurityGroupFrom(final org.jclouds.openstack.neutron.v2.domain.SecurityGroup securityGroup, Location location, Set<Integer> set) {
        org.jclouds.compute.domain.SecurityGroup apply = this.neutronSecurityGroupToSecurityGroup.create(location).apply(securityGroup);
        this.logger.debug("<< created securityGroup(%s)", apply);
        SecurityGroupApi neutronSecurityGroupApi = getNeutronSecurityGroupApi(location.getId());
        try {
            Iterator<Integer> it = set.iterator();
            while (it.hasNext()) {
                int intValue = it.next().intValue();
                this.logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", apply, Integer.valueOf(intValue));
                neutronSecurityGroupApi.create(Rule.CreateRule.createBuilder(RuleDirection.INGRESS, RegionAndId.fromSlashEncoded(apply.getId()).getId()).protocol(RuleProtocol.TCP).portRangeMin(Integer.valueOf(intValue)).portRangeMax(Integer.valueOf(intValue)).remoteIpPrefix(CreateNodesWithGroupEncodedIntoNameThenAddToSet.EXTERIOR_RANGE).build());
                this.logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", apply, Integer.valueOf(intValue));
            }
            return apply;
        } catch (IllegalStateException e) {
            this.logger.trace("<< trying to find securityGroup(%s): %s", securityGroup, e.getMessage());
            return (org.jclouds.compute.domain.SecurityGroup) neutronSecurityGroupApi.listSecurityGroups().concat().filter(new Predicate<org.jclouds.openstack.neutron.v2.domain.SecurityGroup>() { // from class: org.jclouds.openstack.nova.v2_0.compute.functions.CreateSecurityGroupIfNeeded.1
                @Override // com.google.common.base.Predicate
                public boolean apply(@Nullable org.jclouds.openstack.neutron.v2.domain.SecurityGroup securityGroup2) {
                    return securityGroup2.getName().equals(securityGroup.getName());
                }
            }).transform(this.neutronSecurityGroupToSecurityGroup.create(location)).first().orNull();
        }
    }

    private SecurityGroupApi getNeutronSecurityGroupApi(String str) {
        if (this.neutronContextSupplier == null) {
            return null;
        }
        return ((NeutronApi) ((ApiContext) this.neutronContextSupplier.get()).getApi()).getSecurityGroupApi(str);
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [org.jclouds.openstack.nova.v2_0.domain.Ingress$Builder] */
    private void authorizeGroupToItselfAndAllIPsToTCPPort(org.jclouds.openstack.nova.v2_0.extensions.SecurityGroupApi securityGroupApi, org.jclouds.openstack.nova.v2_0.domain.SecurityGroup securityGroup, int i) {
        this.logger.debug(">> authorizing securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, Integer.valueOf(i));
        securityGroupApi.createRuleAllowingCidrBlock(securityGroup.getId(), Ingress.builder().ipProtocol(IpProtocol.TCP).fromPort(i).toPort(i).build(), CreateNodesWithGroupEncodedIntoNameThenAddToSet.EXTERIOR_RANGE);
        this.logger.debug("<< authorized securityGroup(%s) permission to 0.0.0.0/0 on port %d", securityGroup, Integer.valueOf(i));
    }
}
