package org.jclouds.googlecomputeengine.compute.extensions;

import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.inject.Inject;
import javax.inject.Named;
import org.jclouds.compute.domain.SecurityGroup;
import org.jclouds.compute.extensions.SecurityGroupExtension;
import org.jclouds.compute.functions.GroupNamingConvention;
import org.jclouds.domain.Location;
import org.jclouds.gogrid.reference.GoGridQueryParams;
import org.jclouds.googlecomputeengine.GoogleComputeEngineApi;
import org.jclouds.googlecomputeengine.compute.strategy.CreateNodesWithGroupEncodedIntoNameThenAddToSet;
import org.jclouds.googlecomputeengine.config.UserProject;
import org.jclouds.googlecomputeengine.domain.Firewall;
import org.jclouds.googlecomputeengine.domain.Instance;
import org.jclouds.googlecomputeengine.domain.Network;
import org.jclouds.googlecomputeengine.domain.Operation;
import org.jclouds.googlecomputeengine.domain.SlashEncodedIds;
import org.jclouds.googlecomputeengine.domain.internal.NetworkAndAddressRange;
import org.jclouds.googlecomputeengine.options.FirewallOptions;
import org.jclouds.googlecomputeengine.options.ListOptions;
import org.jclouds.googlecomputeengine.predicates.NetworkFirewallPredicates;
import org.jclouds.net.domain.IpPermission;
import org.jclouds.net.domain.IpProtocol;
import org.jclouds.util.Predicates2;
import shaded.com.google.common.base.Function;
import shaded.com.google.common.base.Preconditions;
import shaded.com.google.common.base.Predicate;
import shaded.com.google.common.base.Predicates;
import shaded.com.google.common.base.Supplier;
import shaded.com.google.common.cache.LoadingCache;
import shaded.com.google.common.collect.ImmutableSet;
import shaded.com.google.common.collect.Iterables;
import shaded.com.google.common.collect.Multimap;
import shaded.com.google.common.util.concurrent.Atomics;

/* loaded from: input_file:WEB-INF/lib/jclouds-shaded-2.6.jar:org/jclouds/googlecomputeengine/compute/extensions/GoogleComputeEngineSecurityGroupExtension.class */
public class GoogleComputeEngineSecurityGroupExtension implements SecurityGroupExtension {
    protected final Supplier<String> userProject;
    protected final GroupNamingConvention.Factory namingConvention;
    protected final LoadingCache<NetworkAndAddressRange, Network> networkCreator;
    protected final Function<Network, SecurityGroup> groupConverter;
    protected final GoogleComputeEngineApi api;
    protected final Predicate<AtomicReference<Operation>> operationDonePredicate;
    protected final long operationCompleteCheckInterval;
    protected final long operationCompleteCheckTimeout;

    @Inject
    public GoogleComputeEngineSecurityGroupExtension(GoogleComputeEngineApi googleComputeEngineApi, @UserProject Supplier<String> supplier, GroupNamingConvention.Factory factory, LoadingCache<NetworkAndAddressRange, Network> loadingCache, Function<Network, SecurityGroup> function, @Named("global") Predicate<AtomicReference<Operation>> predicate, @Named("jclouds.google-compute-engine.operation-complete-interval") Long l, @Named("jclouds.google-compute-engine.operation-complete-timeout") Long l2) {
        this.api = (GoogleComputeEngineApi) Preconditions.checkNotNull(googleComputeEngineApi, "api");
        this.userProject = (Supplier) Preconditions.checkNotNull(supplier, "userProject");
        this.namingConvention = (GroupNamingConvention.Factory) Preconditions.checkNotNull(factory, "namingConvention");
        this.networkCreator = (LoadingCache) Preconditions.checkNotNull(loadingCache, "networkCreator");
        this.groupConverter = (Function) Preconditions.checkNotNull(function, "groupConverter");
        this.operationCompleteCheckInterval = ((Long) Preconditions.checkNotNull(l, "operation completed check interval")).longValue();
        this.operationCompleteCheckTimeout = ((Long) Preconditions.checkNotNull(l2, "operation completed check timeout")).longValue();
        this.operationDonePredicate = (Predicate) Preconditions.checkNotNull(predicate, "operationDonePredicate");
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public Set<SecurityGroup> listSecurityGroups() {
        return this.api.getNetworkApiForProject(this.userProject.get2()).list().concat().transform(this.groupConverter).toSet();
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public Set<SecurityGroup> listSecurityGroupsInLocation(Location location) {
        return listSecurityGroups();
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public Set<SecurityGroup> listSecurityGroupsForNode(String str) {
        SlashEncodedIds fromSlashEncoded = SlashEncodedIds.fromSlashEncoded(str);
        Instance inZone = this.api.getInstanceApiForProject(this.userProject.get2()).getInZone(fromSlashEncoded.getFirstId(), fromSlashEncoded.getSecondId());
        if (inZone == null) {
            return ImmutableSet.of();
        }
        ImmutableSet.Builder builder = ImmutableSet.builder();
        Iterator<Instance.NetworkInterface> it = inZone.getNetworkInterfaces().iterator();
        while (it.hasNext()) {
            String path = it.next().getNetwork().getPath();
            SecurityGroup groupForTagsInNetwork = groupForTagsInNetwork(this.api.getNetworkApiForProject(this.userProject.get2()).get(path.substring(path.lastIndexOf(47) + 1)), inZone.getTags().getItems());
            if (groupForTagsInNetwork != null) {
                builder.add((ImmutableSet.Builder) groupForTagsInNetwork);
            }
        }
        return builder.build();
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup getSecurityGroupById(String str) {
        Preconditions.checkNotNull(str, GoGridQueryParams.ID_KEY);
        Network network = this.api.getNetworkApiForProject(this.userProject.get2()).get(str);
        if (network == null) {
            return null;
        }
        return this.groupConverter.apply(network);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup createSecurityGroup(String str, Location location) {
        return createSecurityGroup(str);
    }

    public SecurityGroup createSecurityGroup(String str) {
        Preconditions.checkNotNull(str, "name");
        return this.groupConverter.apply(this.networkCreator.apply(new NetworkAndAddressRange(str, CreateNodesWithGroupEncodedIntoNameThenAddToSet.DEFAULT_INTERNAL_NETWORK_RANGE, null)));
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean removeSecurityGroup(String str) {
        Preconditions.checkNotNull(str, GoGridQueryParams.ID_KEY);
        if (this.api.getNetworkApiForProject(this.userProject.get2()).get(str) == null) {
            return false;
        }
        Iterator<Firewall> it = this.api.getFirewallApiForProject(this.userProject.get2()).list(new ListOptions.Builder().filter("network eq .*/" + str)).concat().iterator();
        while (it.hasNext()) {
            AtomicReference newReference = Atomics.newReference(this.api.getFirewallApiForProject(this.userProject.get2()).delete(it.next().getName()));
            Predicates2.retry(this.operationDonePredicate, this.operationCompleteCheckTimeout, this.operationCompleteCheckInterval, TimeUnit.MILLISECONDS).apply(newReference);
            Preconditions.checkState(!((Operation) newReference.get()).getHttpError().isPresent(), "Could not delete firewall, operation failed" + newReference);
        }
        AtomicReference newReference2 = Atomics.newReference(this.api.getNetworkApiForProject(this.userProject.get2()).delete(str));
        Predicates2.retry(this.operationDonePredicate, this.operationCompleteCheckTimeout, this.operationCompleteCheckInterval, TimeUnit.MILLISECONDS).apply(newReference2);
        Preconditions.checkState(!((Operation) newReference2.get()).getHttpError().isPresent(), "Could not create network, operation failed" + newReference2);
        return true;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup securityGroup) {
        Preconditions.checkNotNull(securityGroup, "group");
        Preconditions.checkNotNull(ipPermission, "ipPermission");
        Preconditions.checkNotNull(Boolean.valueOf(this.api.getNetworkApiForProject(this.userProject.get2()).get(securityGroup.getId()) == null), "network for group is null");
        if (this.api.getFirewallApiForProject(this.userProject.get2()).list(new ListOptions.Builder().filter("network eq .*/" + securityGroup.getName())).concat().anyMatch(NetworkFirewallPredicates.providesIpPermission(ipPermission))) {
            return securityGroup;
        }
        FirewallOptions firewallOptions = new FirewallOptions();
        String uniqueNameForGroup = this.namingConvention.createWithoutPrefix().uniqueNameForGroup(securityGroup.getName());
        firewallOptions.name(uniqueNameForGroup);
        firewallOptions.network(securityGroup.getUri());
        if (!ipPermission.getGroupIds().isEmpty()) {
            firewallOptions.sourceTags(ipPermission.getGroupIds());
        }
        if (!ipPermission.getCidrBlocks().isEmpty()) {
            firewallOptions.sourceRanges(ipPermission.getCidrBlocks());
        }
        Firewall.Rule.Builder builder = Firewall.Rule.builder();
        builder.IpProtocol(ipPermission.getIpProtocol());
        if (ipPermission.getToPort() > 0) {
            builder.addPortRange(Integer.valueOf(ipPermission.getFromPort()), Integer.valueOf(ipPermission.getToPort()));
        }
        firewallOptions.addAllowedRule(builder.build());
        AtomicReference newReference = Atomics.newReference(this.api.getFirewallApiForProject(this.userProject.get2()).createInNetwork(uniqueNameForGroup, securityGroup.getUri(), firewallOptions));
        Predicates2.retry(this.operationDonePredicate, this.operationCompleteCheckTimeout, this.operationCompleteCheckInterval, TimeUnit.MILLISECONDS).apply(newReference);
        Preconditions.checkState(!((Operation) newReference.get()).getHttpError().isPresent(), "Could not create firewall, operation failed" + newReference);
        return getSecurityGroupById(securityGroup.getId());
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup addIpPermission(IpProtocol ipProtocol, int i, int i2, Multimap<String, String> multimap, Iterable<String> iterable, Iterable<String> iterable2, SecurityGroup securityGroup) {
        IpPermission.Builder builder = IpPermission.builder();
        builder.ipProtocol(ipProtocol);
        builder.fromPort(i);
        builder.toPort(i2);
        builder.groupIds(iterable2);
        builder.cidrBlocks(iterable);
        return addIpPermission(builder.build(), securityGroup);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup securityGroup) {
        Preconditions.checkNotNull(securityGroup, "group");
        Preconditions.checkNotNull(ipPermission, "ipPermission");
        Preconditions.checkNotNull(Boolean.valueOf(this.api.getNetworkApiForProject(this.userProject.get2()).get(securityGroup.getId()) == null), "network for group is null");
        Iterator<Firewall> it = this.api.getFirewallApiForProject(this.userProject.get2()).list(new ListOptions.Builder().filter("network eq .*/" + securityGroup.getName())).concat().iterator();
        while (it.hasNext()) {
            Firewall next = it.next();
            if (NetworkFirewallPredicates.equalsIpPermission(ipPermission).apply(next)) {
                AtomicReference newReference = Atomics.newReference(this.api.getFirewallApiForProject(this.userProject.get2()).delete(next.getName()));
                Predicates2.retry(this.operationDonePredicate, this.operationCompleteCheckTimeout, this.operationCompleteCheckInterval, TimeUnit.MILLISECONDS).apply(newReference);
                Preconditions.checkState(!((Operation) newReference.get()).getHttpError().isPresent(), "Could not delete firewall, operation failed" + newReference);
            }
        }
        return getSecurityGroupById(securityGroup.getId());
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup removeIpPermission(IpProtocol ipProtocol, int i, int i2, Multimap<String, String> multimap, Iterable<String> iterable, Iterable<String> iterable2, SecurityGroup securityGroup) {
        IpPermission.Builder builder = IpPermission.builder();
        builder.ipProtocol(ipProtocol);
        builder.fromPort(i);
        builder.toPort(i2);
        builder.groupIds(iterable2);
        builder.cidrBlocks(iterable);
        return removeIpPermission(builder.build(), securityGroup);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsTenantIdGroupNamePairs() {
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsTenantIdGroupIdPairs() {
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsGroupIds() {
        return true;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsPortRangesForGroups() {
        return true;
    }

    private SecurityGroup groupForTagsInNetwork(Network network, final Set<String> set) {
        if (this.api.getFirewallApiForProject(this.userProject.get2()).list(new ListOptions.Builder().filter("network eq .*/" + network.getName())).concat().filter(new Predicate<Firewall>() { // from class: org.jclouds.googlecomputeengine.compute.extensions.GoogleComputeEngineSecurityGroupExtension.1
            @Override // shaded.com.google.common.base.Predicate
            public boolean apply(Firewall firewall) {
                return Iterables.any(firewall.getTargetTags(), Predicates.in(set)) || Predicates.equalTo(0).apply(Integer.valueOf(firewall.getTargetTags().size()));
            }
        }).toSet().isEmpty()) {
            return null;
        }
        return this.groupConverter.apply(network);
    }
}
