package org.opendaylight.netvirt.aclservice;

import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.genius.datastoreutils.DataStoreJobCoordinator;
import org.opendaylight.genius.mdsalutil.ActionInfo;
import org.opendaylight.genius.mdsalutil.FlowEntity;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.netvirt.aclservice.api.AclServiceListener;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterfaceCacheUtil;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netvirt/aclservice/AbstractAclServiceImpl.class */
public abstract class AbstractAclServiceImpl implements AclServiceListener {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractAclServiceImpl.class);
    protected final IMdsalApiManager mdsalManager;
    protected final DataBroker dataBroker;
    protected final Class<? extends ServiceModeBase> serviceMode;
    protected final AclDataUtil aclDataUtil;
    protected final AclServiceUtils aclServiceUtils;

    public AbstractAclServiceImpl(Class<? extends ServiceModeBase> cls, DataBroker dataBroker, IMdsalApiManager iMdsalApiManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils) {
        this.dataBroker = dataBroker;
        this.mdsalManager = iMdsalApiManager;
        this.serviceMode = cls;
        this.aclDataUtil = aclDataUtil;
        this.aclServiceUtils = aclServiceUtils;
    }

    public boolean applyAcl(AclInterface aclInterface) {
        if (aclInterface == null) {
            LOG.error("port cannot be null");
            return false;
        }
        if (aclInterface.getSecurityGroups() == null) {
            LOG.info("Port {} without SGs", aclInterface.getInterfaceId());
            return false;
        }
        BigInteger dpId = aclInterface.getDpId();
        if (dpId == null || aclInterface.getLPortTag() == null) {
            LOG.error("Unable to find DpId from ACL interface with id {}", aclInterface.getInterfaceId());
            return false;
        }
        LOG.debug("Applying ACL on port {} with DpId {}", aclInterface, dpId);
        programAclWithAllowedAddress(aclInterface, aclInterface.getAllowedAddressPairs(), AclServiceManager.Action.ADD, 0);
        updateRemoteAclFilterTable(aclInterface, 0);
        return true;
    }

    public boolean bindAcl(AclInterface aclInterface) {
        if (aclInterface == null || aclInterface.getSecurityGroups() == null) {
            LOG.error("Port and port security groups cannot be null for binding ACL service, port={}", aclInterface);
            return false;
        }
        bindService(aclInterface);
        if (aclInterface.getDpId() == null) {
            return true;
        }
        updateRemoteAclFilterTable(aclInterface, 0);
        return true;
    }

    public boolean rebindAcl(AclInterface aclInterface, AclInterface aclInterface2) {
        if (aclInterface2 == null || aclInterface2.getSecurityGroups() == null) {
            LOG.error("Port and port security groups cannot be null for binding ACL service, port={}", aclInterface2);
            return false;
        }
        if (aclInterface2.getDpId() == null) {
            return true;
        }
        updateRemoteAclFilterTable(aclInterface, 1);
        bindService(aclInterface2);
        updateRemoteAclFilterTable(aclInterface2, 0);
        return true;
    }

    public boolean unbindAcl(AclInterface aclInterface) {
        if (aclInterface == null) {
            LOG.error("Port cannot be null for unbinding ACL service");
            return false;
        }
        unbindService(aclInterface);
        updateRemoteAclFilterTable(aclInterface, 1);
        return true;
    }

    public boolean updateAcl(AclInterface aclInterface, AclInterface aclInterface2) {
        if (aclInterface2.getDpId() == null || aclInterface2.getLPortTag() == null) {
            LOG.debug("Unable to find DpId from ACL interface with id {} and lport {}", aclInterface2.getInterfaceId(), aclInterface2.getLPortTag());
            return false;
        }
        boolean z = true;
        boolean booleanValue = aclInterface2.getPortSecurityEnabled().booleanValue();
        if (aclInterface.getPortSecurityEnabled().booleanValue() != booleanValue) {
            LOG.debug("On ACL update, Port security is {} for {}", booleanValue ? "Enabled" : "Disabled", aclInterface2.getInterfaceId());
            z = booleanValue ? applyAcl(aclInterface2) : removeAcl(aclInterface);
        } else if (booleanValue) {
            processInterfaceUpdate(aclInterface, aclInterface2);
            LOG.debug("On ACL update, ACL has been updated for {}", aclInterface2.getInterfaceId());
        }
        return z;
    }

    private void processInterfaceUpdate(AclInterface aclInterface, AclInterface aclInterface2) {
        BigInteger dpId = aclInterface2.getDpId();
        List<AllowedAddressPairs> updatedAllowedAddressPairs = AclServiceUtils.getUpdatedAllowedAddressPairs(aclInterface2.getAllowedAddressPairs(), aclInterface.getAllowedAddressPairs());
        List<AllowedAddressPairs> updatedAllowedAddressPairs2 = AclServiceUtils.getUpdatedAllowedAddressPairs(aclInterface.getAllowedAddressPairs(), aclInterface2.getAllowedAddressPairs());
        if (updatedAllowedAddressPairs2 != null && !updatedAllowedAddressPairs2.isEmpty()) {
            programAclWithAllowedAddress(aclInterface2, updatedAllowedAddressPairs2, AclServiceManager.Action.UPDATE, 1);
        }
        if (updatedAllowedAddressPairs != null && !updatedAllowedAddressPairs.isEmpty()) {
            programAclWithAllowedAddress(aclInterface2, updatedAllowedAddressPairs, AclServiceManager.Action.UPDATE, 0);
        }
        updateArpForAllowedAddressPairs(dpId, aclInterface2.getLPortTag().intValue(), updatedAllowedAddressPairs2, aclInterface2.getAllowedAddressPairs());
        if (aclInterface2.getSubnetIpPrefixes() != null && aclInterface.getSubnetIpPrefixes() == null) {
            programBroadcastRules(aclInterface2, 0);
        }
        updateAclInterfaceInCache(aclInterface);
        updateCustomRules(aclInterface, aclInterface.getSecurityGroups(), 1, aclInterface2.getAllowedAddressPairs());
        updateRemoteAclFilterTable(aclInterface, 1);
        updateAclInterfaceInCache(aclInterface2);
        updateCustomRules(aclInterface2, aclInterface2.getSecurityGroups(), 0, aclInterface2.getAllowedAddressPairs());
        updateRemoteAclFilterTable(aclInterface2, 0);
    }

    private void updateAclInterfaceInCache(AclInterface aclInterface) {
        AclInterfaceCacheUtil.addAclInterfaceToCache(aclInterface.getInterfaceId(), aclInterface);
        this.aclDataUtil.addOrUpdateAclInterfaceMap(aclInterface.getSecurityGroups(), aclInterface);
    }

    private void updateCustomRules(AclInterface aclInterface, List<Uuid> list, int i, List<AllowedAddressPairs> list2) {
        programAclRules(aclInterface, list, i);
        syncRemoteAclRules(list, i, aclInterface.getInterfaceId(), list2);
    }

    private void syncRemoteAclRules(List<Uuid> list, int i, String str, List<AllowedAddressPairs> list2) {
        if (list == null) {
            LOG.warn("security groups are null");
            return;
        }
        for (Uuid uuid : list) {
            Map<String, Set<AclInterface>> remoteAclInterfaces = this.aclDataUtil.getRemoteAclInterfaces(uuid);
            if (remoteAclInterfaces != null) {
                for (Map.Entry<String, Set<AclInterface>> entry : remoteAclInterfaces.entrySet()) {
                    String key = entry.getKey();
                    for (AclInterface aclInterface : entry.getValue()) {
                        if (!str.equals(aclInterface.getInterfaceId()) && (aclInterface.getSecurityGroups() == null || aclInterface.getSecurityGroups().size() != 1)) {
                            Iterator<Ace> it = AclServiceUtils.getAceWithRemoteAclId(this.dataBroker, aclInterface, uuid).iterator();
                            while (it.hasNext()) {
                                programAceRule(aclInterface, i, key, it.next(), list2);
                            }
                        }
                    }
                }
            }
        }
    }

    private void programAclWithAllowedAddress(AclInterface aclInterface, List<AllowedAddressPairs> list, AclServiceManager.Action action, int i) {
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        LOG.debug("Applying ACL Allowed Address on DpId {}, lportTag {}, Action {}", new Object[]{dpId, Integer.valueOf(intValue), action});
        List<Uuid> securityGroups = aclInterface.getSecurityGroups();
        String interfaceId = aclInterface.getInterfaceId();
        programGeneralFixedRules(aclInterface, "", list, action, i);
        programSpecificFixedRules(dpId, "", list, intValue, interfaceId, action, i);
        if (action == AclServiceManager.Action.ADD || action == AclServiceManager.Action.REMOVE) {
            programAclRules(aclInterface, securityGroups, i);
        }
        syncRemoteAclRules(securityGroups, i, interfaceId, list);
    }

    public boolean removeAcl(AclInterface aclInterface) {
        if (aclInterface.getDpId() == null) {
            LOG.error("Unable to find DP Id from ACL interface with id {}", aclInterface.getInterfaceId());
            return false;
        }
        programAclWithAllowedAddress(aclInterface, aclInterface.getAllowedAddressPairs(), AclServiceManager.Action.REMOVE, 1);
        updateRemoteAclFilterTable(aclInterface, 1, true);
        return true;
    }

    public boolean applyAce(AclInterface aclInterface, String str, Ace ace) {
        if (!aclInterface.isPortSecurityEnabled().booleanValue() || aclInterface.getDpId() == null) {
            return false;
        }
        programAceRule(aclInterface, 0, str, ace, null);
        updateRemoteAclFilterTable(aclInterface, 0);
        return true;
    }

    public boolean removeAce(AclInterface aclInterface, String str, Ace ace) {
        if (!aclInterface.isPortSecurityEnabled().booleanValue() || aclInterface.getDpId() == null) {
            return false;
        }
        programAceRule(aclInterface, 1, str, ace, null);
        updateRemoteAclFilterTable(aclInterface, 1);
        return true;
    }

    public abstract void bindService(AclInterface aclInterface);

    protected abstract void unbindService(AclInterface aclInterface);

    protected abstract void programGeneralFixedRules(AclInterface aclInterface, String str, List<AllowedAddressPairs> list, AclServiceManager.Action action, int i);

    protected abstract void updateArpForAllowedAddressPairs(BigInteger bigInteger, int i, List<AllowedAddressPairs> list, List<AllowedAddressPairs> list2);

    protected abstract void programSpecificFixedRules(BigInteger bigInteger, String str, List<AllowedAddressPairs> list, int i, String str2, AclServiceManager.Action action, int i2);

    protected abstract boolean programAclRules(AclInterface aclInterface, List<Uuid> list, int i);

    protected abstract void programAceRule(AclInterface aclInterface, int i, String str, Ace ace, List<AllowedAddressPairs> list);

    protected abstract void programBroadcastRules(AclInterface aclInterface, int i);

    /* JADX INFO: Access modifiers changed from: protected */
    public void syncFlow(BigInteger bigInteger, short s, String str, int i, String str2, int i2, int i3, BigInteger bigInteger2, List<? extends MatchInfoBase> list, List<InstructionInfo> list2, int i4) {
        DataStoreJobCoordinator.getInstance().enqueueJob(str2, () -> {
            if (i4 == 1) {
                FlowEntity buildFlowEntity = MDSALUtil.buildFlowEntity(bigInteger, s, str, i, str2, i2, i3, bigInteger2, list, (List) null);
                LOG.trace("Removing Acl Flow DpnId {}, flowId {}", bigInteger, str);
                return Collections.singletonList(this.mdsalManager.removeFlow(bigInteger, buildFlowEntity));
            }
            FlowEntity buildFlowEntity2 = MDSALUtil.buildFlowEntity(bigInteger, s, str, i, str2, i2, i3, bigInteger2, list, list2);
            LOG.trace("Installing DpnId {}, flowId {}", bigInteger, str);
            return Collections.singletonList(this.mdsalManager.installFlow(bigInteger, buildFlowEntity2));
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<InstructionInfo> getDispatcherTableResubmitInstructions(List<ActionInfo> list) {
        short s = 17;
        if (ServiceModeEgress.class.equals(this.serviceMode)) {
            s = 220;
        }
        ArrayList arrayList = new ArrayList();
        list.add(new ActionNxResubmit(s));
        arrayList.add(new InstructionApplyActions(list));
        return arrayList;
    }

    private void updateRemoteAclFilterTable(AclInterface aclInterface, int i) {
        updateRemoteAclFilterTable(aclInterface, i, false);
    }

    private void updateRemoteAclFilterTable(AclInterface aclInterface, int i, boolean z) {
        if (aclInterface.getSecurityGroups() == null) {
            LOG.debug("Port {} without SGs", aclInterface.getInterfaceId());
            return;
        }
        if (AclServiceUtils.exactlyOneAcl(aclInterface)) {
            Uuid uuid = (Uuid) aclInterface.getSecurityGroups().get(0);
            BigInteger buildAclId = this.aclServiceUtils.buildAclId(uuid);
            if (this.aclDataUtil.getRemoteAcl(uuid) != null) {
                Set<BigInteger> collectDpns = collectDpns(this.aclDataUtil.getRemoteAclInterfaces(uuid));
                for (AllowedAddressPairs allowedAddressPairs : aclInterface.getAllowedAddressPairs()) {
                    if (AclServiceUtils.isNotIpv4AllNetwork(allowedAddressPairs)) {
                        Iterator<BigInteger> it = collectDpns.iterator();
                        while (it.hasNext()) {
                            updateRemoteAclTableForPort(aclInterface, uuid, i, allowedAddressPairs, buildAclId, it.next());
                        }
                    }
                }
                syncRemoteAclTableFromOtherDpns(aclInterface, uuid, buildAclId, i);
            } else {
                LOG.debug("Port {} with more than one SG ({}). Don't change ACL filter table", aclInterface.getInterfaceId(), Integer.valueOf(aclInterface.getSecurityGroups().size()));
            }
        } else if (aclInterface.getSecurityGroups() != null && aclInterface.getSecurityGroups().size() > 1) {
            updateRemoteAclTableForMultipleAcls(aclInterface, i, aclInterface.getInterfaceId());
        }
        syncRemoteAclTable(aclInterface, i, aclInterface.getInterfaceId(), z);
    }

    private void syncRemoteAclTableFromOtherDpns(AclInterface aclInterface, Uuid uuid, BigInteger bigInteger, int i) {
        List<AclInterface> interfaceList = this.aclDataUtil.getInterfaceList(uuid);
        BigInteger dpId = aclInterface.getDpId();
        boolean z = true;
        if (interfaceList != null) {
            Iterator<AclInterface> it = interfaceList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AclInterface next = it.next();
                if (!aclInterface.getInterfaceId().equals(next.getInterfaceId()) && dpId.equals(next.getDpId())) {
                    z = false;
                    break;
                }
            }
            if (z) {
                for (AclInterface aclInterface2 : interfaceList) {
                    if (!aclInterface.getInterfaceId().equals(aclInterface2.getInterfaceId())) {
                        Iterator it2 = aclInterface2.getAllowedAddressPairs().iterator();
                        while (it2.hasNext()) {
                            updateRemoteAclTableForPort(aclInterface2, uuid, i, (AllowedAddressPairs) it2.next(), bigInteger, aclInterface.getDpId());
                        }
                    }
                }
            }
        }
    }

    private void syncRemoteAclTable(AclInterface aclInterface, int i, String str, boolean z) {
        List<AclInterface> interfaceList;
        List<AclInterface> interfaceList2;
        for (Uuid uuid : aclInterface.getSecurityGroups()) {
            if (this.aclDataUtil.getRemoteAcl(uuid) != null && (interfaceList = this.aclDataUtil.getInterfaceList(uuid)) != null) {
                for (AclInterface aclInterface2 : interfaceList) {
                    if (!aclInterface2.getInterfaceId().equals(aclInterface.getInterfaceId()) && !AclServiceUtils.exactlyOneAcl(aclInterface2)) {
                        boolean z2 = true;
                        List<Uuid> securityGroups = aclInterface2.getSecurityGroups();
                        if (securityGroups != null) {
                            for (Uuid uuid2 : securityGroups) {
                                if (this.aclDataUtil.getRemoteAcl(uuid2) != null && (interfaceList2 = this.aclDataUtil.getInterfaceList(uuid2)) != null) {
                                    Iterator<AclInterface> it = interfaceList2.iterator();
                                    while (true) {
                                        if (it.hasNext()) {
                                            AclInterface next = it.next();
                                            if (!next.getInterfaceId().equals(aclInterface2.getInterfaceId()) && next.getSecurityGroups().size() == 1) {
                                                z2 = false;
                                                break;
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        int i2 = z ? 1 : z2 ? 1 : 0;
                        for (AllowedAddressPairs allowedAddressPairs : aclInterface2.getAllowedAddressPairs()) {
                            if (AclServiceUtils.isNotIpv4AllNetwork(allowedAddressPairs)) {
                                updateRemoteAclTableForPort(aclInterface2, uuid, i2, allowedAddressPairs, this.aclServiceUtils.buildAclId(uuid), aclInterface2.getDpId());
                            }
                        }
                    }
                }
            }
        }
    }

    private void updateRemoteAclTableForMultipleAcls(AclInterface aclInterface, int i, String str) {
        List<AclInterface> interfaceList;
        for (Uuid uuid : aclInterface.getSecurityGroups()) {
            if (this.aclDataUtil.getRemoteAcl(uuid) != null) {
                Acl acl = AclServiceUtils.getAcl(this.dataBroker, uuid.getValue());
                if (null == acl) {
                    LOG.debug("The ACL {} is empty", uuid);
                    return;
                }
                Set<BigInteger> collectDpns = collectDpns(this.aclDataUtil.getRemoteAclInterfaces(uuid));
                Iterator it = acl.getAccessListEntries().getAce().iterator();
                while (it.hasNext()) {
                    SecurityRuleAttr accesssListAttributes = AclServiceUtils.getAccesssListAttributes((Ace) it.next());
                    if (accesssListAttributes.getRemoteGroupId() != null && (interfaceList = this.aclDataUtil.getInterfaceList(accesssListAttributes.getRemoteGroupId())) != null) {
                        for (AclInterface aclInterface2 : interfaceList) {
                            if (!str.equals(aclInterface2.getInterfaceId()) && aclInterface2.getSecurityGroups() != null && aclInterface2.getSecurityGroups().size() == 1) {
                                BigInteger buildAclId = this.aclServiceUtils.buildAclId(accesssListAttributes.getRemoteGroupId());
                                for (AllowedAddressPairs allowedAddressPairs : aclInterface.getAllowedAddressPairs()) {
                                    if (AclServiceUtils.isNotIpv4AllNetwork(allowedAddressPairs)) {
                                        Iterator<BigInteger> it2 = collectDpns.iterator();
                                        while (it2.hasNext()) {
                                            updateRemoteAclTableForPort(aclInterface, accesssListAttributes.getRemoteGroupId(), i, allowedAddressPairs, buildAclId, it2.next());
                                        }
                                    }
                                }
                                syncRemoteAclTableFromOtherDpns(aclInterface, uuid, buildAclId, i);
                            }
                        }
                    }
                }
            }
        }
    }

    protected abstract void updateRemoteAclTableForPort(AclInterface aclInterface, Uuid uuid, int i, AllowedAddressPairs allowedAddressPairs, BigInteger bigInteger, BigInteger bigInteger2);

    protected String getOperAsString(int i) {
        String str;
        switch (i) {
            case AclConstants.ALL_LAYER4_PORT_MASK /* 0 */:
                str = "Add";
                break;
            case 1:
                str = "Del";
                break;
            case AclConstants.DEST_LOWER_PORT_2 /* 2 */:
                str = "Mod";
                break;
            default:
                str = "UNKNOWN";
                break;
        }
        return str;
    }

    protected Set<BigInteger> collectDpns(Map<String, Set<AclInterface>> map) {
        HashSet hashSet = new HashSet();
        if (map == null) {
            return hashSet;
        }
        for (Set<AclInterface> set : map.values()) {
            if (set != null) {
                Iterator<AclInterface> it = set.iterator();
                while (it.hasNext()) {
                    hashSet.add(it.next().getDpId());
                }
            }
        }
        return hashSet;
    }

    protected char[] getIpPrefixOrAddress(AllowedAddressPairs allowedAddressPairs) {
        if (allowedAddressPairs.getIpAddress().getIpAddress() != null) {
            return allowedAddressPairs.getIpAddress().getIpAddress().getValue();
        }
        if (allowedAddressPairs.getIpAddress().getIpPrefix() != null) {
            return allowedAddressPairs.getIpAddress().getIpPrefix().getValue();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getAclFlowPriority(String str, String str2, int i) {
        return i == 1 ? this.aclServiceUtils.releaseAndRemoveFlowPriorityFromCache(str, str2).intValue() : this.aclServiceUtils.allocateAndSaveFlowPriorityInCache(str, str2).intValue();
    }
}
