package com.microsoft.jenkins.acs.commands;

import com.google.common.annotations.VisibleForTesting;
import com.microsoft.azure.management.Azure;
import com.microsoft.azure.management.compute.ContainerServiceOchestratorTypes;
import com.microsoft.azure.management.network.LoadBalancer;
import com.microsoft.azure.management.network.LoadBalancerBackend;
import com.microsoft.azure.management.network.LoadBalancerFrontend;
import com.microsoft.azure.management.network.LoadBalancingRule;
import com.microsoft.azure.management.network.LoadDistribution;
import com.microsoft.azure.management.network.NetworkSecurityGroup;
import com.microsoft.azure.management.network.NetworkSecurityRule;
import com.microsoft.azure.management.network.SecurityRuleAccess;
import com.microsoft.azure.management.network.SecurityRuleDirection;
import com.microsoft.azure.util.AzureCredentials;
import com.microsoft.jenkins.acs.Messages;
import com.microsoft.jenkins.acs.orchestrators.DeploymentConfig;
import com.microsoft.jenkins.acs.orchestrators.ServicePort;
import com.microsoft.jenkins.acs.util.AzureHelper;
import com.microsoft.jenkins.acs.util.Constants;
import com.microsoft.jenkins.azurecommons.JobContext;
import com.microsoft.jenkins.azurecommons.command.CommandState;
import com.microsoft.jenkins.azurecommons.command.IBaseCommandData;
import com.microsoft.jenkins.azurecommons.command.ICommand;
import hudson.EnvVars;
import hudson.FilePath;
import hudson.model.TaskListener;
import java.io.IOException;
import java.io.PrintStream;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import jenkins.security.MasterToSlaveCallable;

/* loaded from: input_file:WEB-INF/lib/azure-acs.jar:com/microsoft/jenkins/acs/commands/EnablePortCommand.class */
public class EnablePortCommand implements ICommand<IEnablePortCommandData>, Serializable {
    private static final long serialVersionUID = 1;
    public static final int LOAD_BALANCER_IDLE_TIMEOUT_IN_MINUTES = 5;

    /* loaded from: input_file:WEB-INF/lib/azure-acs.jar:com/microsoft/jenkins/acs/commands/EnablePortCommand$IEnablePortCommandData.class */
    public interface IEnablePortCommandData extends IBaseCommandData {
        String getAzureCredentialsId();

        String getConfigFilePaths();

        String getResourceGroupName();

        ContainerServiceOchestratorTypes getOrchestratorType();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/azure-acs.jar:com/microsoft/jenkins/acs/commands/EnablePortCommand$InvalidConfigException.class */
    public static final class InvalidConfigException extends Exception {
        InvalidConfigException(String str) {
            super(str);
        }
    }

    public void execute(IEnablePortCommandData iEnablePortCommandData) {
        JobContext jobContext = iEnablePortCommandData.getJobContext();
        final FilePath workspace = jobContext.getWorkspace();
        final TaskListener taskListener = jobContext.getTaskListener();
        final EnvVars envVars = iEnablePortCommandData.getEnvVars();
        final DeploymentConfig.Factory factory = new DeploymentConfig.Factory(iEnablePortCommandData.getConfigFilePaths());
        final ContainerServiceOchestratorTypes orchestratorType = iEnablePortCommandData.getOrchestratorType();
        final AzureCredentials.ServicePrincipal servicePrincipal = AzureCredentials.getServicePrincipal(iEnablePortCommandData.getAzureCredentialsId());
        final String resourceGroupName = iEnablePortCommandData.getResourceGroupName();
        try {
            iEnablePortCommandData.setCommandState((CommandState) workspace.act(new MasterToSlaveCallable<CommandState, Exception>() { // from class: com.microsoft.jenkins.acs.commands.EnablePortCommand.1
                /* renamed from: call, reason: merged with bridge method [inline-methods] */
                public CommandState m765call() throws Exception {
                    PrintStream logger = taskListener.getLogger();
                    Azure buildClientFromServicePrincipal = AzureHelper.buildClientFromServicePrincipal(servicePrincipal);
                    DeploymentConfig build = factory.build(orchestratorType, workspace, envVars);
                    String resourcePrefix = build.getResourcePrefix();
                    List<ServicePort> servicePorts = build.getServicePorts();
                    EnablePortCommand.createSecurityRules(buildClientFromServicePrincipal, resourceGroupName, resourcePrefix, servicePorts, logger);
                    EnablePortCommand.createLoadBalancerRules(buildClientFromServicePrincipal, resourceGroupName, resourcePrefix, servicePorts, logger);
                    return CommandState.Success;
                }
            }));
        } catch (Exception e) {
            if (e instanceof InterruptedException) {
                Thread.currentThread().interrupt();
            }
            iEnablePortCommandData.logError(e);
        }
    }

    @VisibleForTesting
    static int filterPortsToOpen(Collection<NetworkSecurityRule> collection, Set<Integer> set, PrintStream printStream) throws InvalidConfigException {
        int i = Integer.MIN_VALUE;
        Iterator<NetworkSecurityRule> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            NetworkSecurityRule next = it.next();
            int priority = next.priority();
            if (priority > i) {
                i = priority;
            }
            if (SecurityRuleDirection.INBOUND.equals(next.direction()) && SecurityRuleAccess.ALLOW.equals(next.access())) {
                String destinationPortRange = next.destinationPortRange();
                if (destinationPortRange.equals(Constants.INVALID_OPTION)) {
                    printStream.println(Messages.EnablePortCommand_securityRuleAlreadyAllowAll(next.name(), destinationPortRange));
                    set.clear();
                    break;
                }
                if (destinationPortRange.contains("-")) {
                    String[] split = destinationPortRange.split("-", 2);
                    try {
                        int parseInt = Integer.parseInt(split[0]);
                        int parseInt2 = Integer.parseInt(split[1]);
                        Iterator<Integer> it2 = set.iterator();
                        while (it2.hasNext()) {
                            int intValue = it2.next().intValue();
                            if (intValue >= parseInt && intValue <= parseInt2) {
                                printStream.println(Messages.EnablePortCommand_securityRuleAlreadyAllowSingle(next.name(), destinationPortRange, String.valueOf(intValue)));
                                it2.remove();
                            }
                        }
                    } catch (NumberFormatException e) {
                        throw new InvalidConfigException(Messages.EnablePortCommand_securityRuleInvalidDestinationPortRange(destinationPortRange));
                    }
                } else {
                    int parseInt3 = Integer.parseInt(destinationPortRange);
                    if (set.remove(Integer.valueOf(parseInt3))) {
                        printStream.println(Messages.EnablePortCommand_securityRuleAlreadyAllowSingle(next.name(), destinationPortRange, String.valueOf(parseInt3)));
                    }
                }
            }
        }
        return i;
    }

    static void createSecurityRules(Azure azure, String str, String str2, List<ServicePort> list, PrintStream printStream) throws IOException, InvalidConfigException {
        if (list.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet();
        Iterator<ServicePort> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(Integer.valueOf(it.next().getHostPort()));
        }
        NetworkSecurityGroup networkSecurityGroup = null;
        Iterator<NetworkSecurityGroup> it2 = azure.networkSecurityGroups().listByResourceGroup(str).iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            NetworkSecurityGroup next = it2.next();
            if (next.name().startsWith(str2 + "-agent-public-nsg-")) {
                networkSecurityGroup = next;
                break;
            }
        }
        if (networkSecurityGroup == null) {
            printStream.println(Messages.EnablePortCommand_securityGroupNotFound());
            return;
        }
        int filterPortsToOpen = filterPortsToOpen(networkSecurityGroup.securityRules().values(), hashSet, printStream);
        NetworkSecurityGroup.Update update = networkSecurityGroup.update();
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            int intValue = ((Integer) it3.next()).intValue();
            printStream.println(Messages.EnablePortCommand_securityRuleNotFound(String.valueOf(intValue)));
            filterPortsToOpen += 10;
            if (filterPortsToOpen > 4096) {
                throw new InvalidConfigException(Messages.EnablePortCommand_exceedMaxPriority());
            }
            String str3 = "Allow_" + intValue;
            printStream.println(Messages.EnablePortCommand_creatingRule(String.valueOf(intValue), str3));
            update.defineRule(str3).allowInbound().fromAddress("Internet").fromAnyPort().toAnyAddress().toPort(intValue).withAnyProtocol().withDescription(Messages.EnablePortCommand_allowTraffic(String.valueOf(intValue))).withPriority(filterPortsToOpen).attach();
        }
        update.apply();
    }

    static void createLoadBalancerRules(Azure azure, String str, String str2, List<ServicePort> list, PrintStream printStream) throws IOException, InvalidConfigException {
        if (list.isEmpty()) {
            return;
        }
        LoadBalancer loadBalancer = null;
        Iterator<LoadBalancer> it = azure.loadBalancers().listByResourceGroup(str).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            LoadBalancer next = it.next();
            if (next.name().startsWith(str2 + "-agent-lb-")) {
                if (next.backends().size() != 1 || next.frontends().size() != 1) {
                    throw new InvalidConfigException(Messages.EnablePortCommand_missMatch());
                }
                loadBalancer = next;
            }
        }
        if (loadBalancer == null) {
            printStream.println(Messages.EnablePortCommand_lbNotFound());
            return;
        }
        LoadBalancerFrontend next2 = loadBalancer.frontends().values().iterator().next();
        LoadBalancerBackend next3 = loadBalancer.backends().values().iterator().next();
        LoadBalancer.Update update = loadBalancer.update();
        for (ServicePort servicePort : list) {
            boolean z = false;
            Iterator<LoadBalancingRule> it2 = loadBalancer.loadBalancingRules().values().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (servicePort.matchesLoadBalancingRule(it2.next())) {
                    printStream.println(Messages.EnablePortCommand_lbFound(String.valueOf(servicePort.getHostPort()), servicePort.getProtocol()));
                    z = true;
                    break;
                }
            }
            if (!z) {
                String str3 = "JLBRule" + servicePort.getProtocol().toString() + servicePort.getHostPort();
                printStream.println(Messages.EnablePortCommand_creatingLB(String.valueOf(servicePort.getHostPort()), str3));
                String str4 = "tcpPort" + servicePort.getHostPort() + "Probe";
                update.defineTcpProbe(str4).withPort(servicePort.getHostPort()).attach().defineLoadBalancingRule(str3).withProtocol(servicePort.getTransportProtocol()).withFrontend(next2.name()).withFrontendPort(servicePort.getHostPort()).withProbe(str4).withBackend(next3.name()).withBackendPort(servicePort.getHostPort()).withIdleTimeoutInMinutes(5).withLoadDistribution(LoadDistribution.DEFAULT).attach();
            }
        }
        update.apply();
    }
}
