package org.opendaylight.netvirt.aclservice;

import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.datastoreutils.DataStoreJobCoordinator;
import org.opendaylight.genius.mdsalutil.InstructionInfo;
import org.opendaylight.genius.mdsalutil.MDSALUtil;
import org.opendaylight.genius.mdsalutil.MatchInfoBase;
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
import org.opendaylight.genius.mdsalutil.instructions.InstructionWriteMetadata;
import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
import org.opendaylight.genius.mdsalutil.matches.MatchArpSha;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetSource;
import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
import org.opendaylight.genius.utils.ServiceIndex;
import org.opendaylight.netvirt.aclservice.api.AclServiceManager;
import org.opendaylight.netvirt.aclservice.api.utils.AclInterface;
import org.opendaylight.netvirt.aclservice.utils.AclConstants;
import org.opendaylight.netvirt.aclservice.utils.AclDataUtil;
import org.opendaylight.netvirt.aclservice.utils.AclServiceOFFlowBuilder;
import org.opendaylight.netvirt.aclservice.utils.AclServiceUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.Matches;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIp;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.ServiceModeIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.servicebinding.rev160406.service.bindings.services.info.BoundServices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.IpPrefixOrAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.interfaces._interface.AllowedAddressPairs;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netvirt/aclservice/AbstractEgressAclServiceImpl.class */
public abstract class AbstractEgressAclServiceImpl extends AbstractAclServiceImpl {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractEgressAclServiceImpl.class);

    public AbstractEgressAclServiceImpl(DataBroker dataBroker, IMdsalApiManager iMdsalApiManager, AclDataUtil aclDataUtil, AclServiceUtils aclServiceUtils) {
        super(ServiceModeIngress.class, dataBroker, iMdsalApiManager, aclDataUtil, aclServiceUtils);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    public void bindService(AclInterface aclInterface) {
        String interfaceId = aclInterface.getInterfaceId();
        DataStoreJobCoordinator.getInstance().enqueueJob(interfaceId, () -> {
            int i;
            ArrayList arrayList = new ArrayList();
            Long vpnId = aclInterface.getVpnId();
            if (vpnId != null) {
                i = 0 + 1;
                arrayList.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getVpnIdMetadata(vpnId.longValue()), MetaDataUtil.METADATA_MASK_VRFID, i));
                LOG.debug("Binding ACL service for interface {} with vpnId {}", interfaceId, vpnId);
            } else {
                Long elanId = aclInterface.getElanId();
                i = 0 + 1;
                arrayList.add(MDSALUtil.buildAndGetWriteMetadaInstruction(MetaDataUtil.getElanTagMetadata(elanId.longValue()), MetaDataUtil.METADATA_MASK_SERVICE, i));
                LOG.debug("Binding ACL service for interface {} with ElanTag {}", interfaceId, elanId);
            }
            arrayList.add(MDSALUtil.buildAndGetGotoTableInstruction((short) 211, i + 1));
            short index = ServiceIndex.getIndex("ACL_SERVICE", (short) 2);
            BoundServices boundServices = AclServiceUtils.getBoundServices(String.format("%s.%s.%s", "acl", "egressacl", interfaceId), index, 11, AclConstants.COOKIE_ACL_BASE, arrayList);
            InstanceIdentifier<BoundServices> buildServiceId = AclServiceUtils.buildServiceId(interfaceId, index, ServiceModeIngress.class);
            WriteTransaction newWriteOnlyTransaction = this.dataBroker.newWriteOnlyTransaction();
            newWriteOnlyTransaction.put(LogicalDatastoreType.CONFIGURATION, buildServiceId, boundServices, true);
            return Collections.singletonList(newWriteOnlyTransaction.submit());
        });
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void unbindService(AclInterface aclInterface) {
        String interfaceId = aclInterface.getInterfaceId();
        InstanceIdentifier<BoundServices> buildServiceId = AclServiceUtils.buildServiceId(interfaceId, ServiceIndex.getIndex("ACL_SERVICE", (short) 2), ServiceModeIngress.class);
        DataStoreJobCoordinator dataStoreJobCoordinator = DataStoreJobCoordinator.getInstance();
        LOG.debug("UnBinding ACL service for interface {}", interfaceId);
        dataStoreJobCoordinator.enqueueJob(interfaceId, () -> {
            WriteTransaction newWriteOnlyTransaction = this.dataBroker.newWriteOnlyTransaction();
            newWriteOnlyTransaction.delete(LogicalDatastoreType.CONFIGURATION, buildServiceId);
            ArrayList arrayList = new ArrayList();
            arrayList.add(newWriteOnlyTransaction.submit());
            return arrayList;
        });
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programGeneralFixedRules(AclInterface aclInterface, String str, List<AllowedAddressPairs> list, AclServiceManager.Action action, int i) {
        LOG.info("programFixedRules : {} default rules.", action == AclServiceManager.Action.ADD ? "adding" : "removing");
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        if (action == AclServiceManager.Action.ADD || action == AclServiceManager.Action.REMOVE) {
            Set<MacAddress> set = (Set) list.stream().map(allowedAddressPairs -> {
                return allowedAddressPairs.getMacAddress();
            }).collect(Collectors.toSet());
            egressAclDhcpAllowClientTraffic(dpId, set, intValue, i);
            egressAclDhcpv6AllowClientTraffic(dpId, set, intValue, i);
            egressAclDhcpDropServerTraffic(dpId, str, intValue, i);
            egressAclDhcpv6DropServerTraffic(dpId, str, intValue, i);
            egressAclIcmpv6DropRouterAdvts(dpId, intValue, i);
            egressAclIcmpv6AllowedList(dpId, intValue, i);
            programArpRule(dpId, list, intValue, i);
            programL2BroadcastAllowRule(aclInterface, i);
        }
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void updateArpForAllowedAddressPairs(BigInteger bigInteger, int i, List<AllowedAddressPairs> list, List<AllowedAddressPairs> list2) {
        list.removeAll(list2);
        programArpRule(bigInteger, list, i, 1);
        programArpRule(bigInteger, list2, i, 0);
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected boolean programAclRules(AclInterface aclInterface, List<Uuid> list, int i) {
        BigInteger dpId = aclInterface.getDpId();
        LOG.debug("Applying custom rules on DpId {}, lportTag {}", dpId, aclInterface.getLPortTag());
        if (list == null || dpId == null) {
            LOG.warn("one of the egress acl parameters can not be null. sg {}, dpId {}", list, dpId);
            return false;
        }
        Iterator<Uuid> it = list.iterator();
        while (it.hasNext()) {
            Acl acl = AclServiceUtils.getAcl(this.dataBroker, it.next().getValue());
            if (null == acl) {
                LOG.warn("The ACL is empty");
            } else {
                Iterator it2 = acl.getAccessListEntries().getAce().iterator();
                while (it2.hasNext()) {
                    programAceRule(aclInterface, i, acl.getAclName(), (Ace) it2.next(), null);
                }
            }
        }
        return true;
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programAceRule(AclInterface aclInterface, int i, String str, Ace ace, List<AllowedAddressPairs> list) {
        SecurityRuleAttr accesssListAttributes = AclServiceUtils.getAccesssListAttributes(ace);
        if (!accesssListAttributes.getDirection().equals(DirectionEgress.class)) {
            LOG.debug("Ignoring Ingress direction ACE Rule {}", ace.getRuleName());
            return;
        }
        Matches matches = ace.getMatches();
        Map<String, List<MatchInfoBase>> map = null;
        if (matches.getAceType() instanceof AceIp) {
            map = AclServiceOFFlowBuilder.programIpFlow(matches);
            if (list != null) {
                map = AclServiceUtils.getFlowForAllowedAddresses(list, map, false);
            } else if (accesssListAttributes.getRemoteGroupId() != null) {
                map = this.aclServiceUtils.getFlowForRemoteAcl(aclInterface, accesssListAttributes.getRemoteGroupId(), aclInterface.getInterfaceId(), map, false);
            }
        }
        int intValue = aclInterface.getLPortTag().intValue();
        if (null == map) {
            LOG.error("Failed to apply ACL {} lportTag {}", ace.getKey(), Integer.valueOf(intValue));
            return;
        }
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            syncSpecificAclFlow(aclInterface.getDpId(), intValue, i, ace, aclInterface.getInterfaceId(), map, it.next());
        }
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void updateRemoteAclTableForPort(AclInterface aclInterface, Uuid uuid, int i, AllowedAddressPairs allowedAddressPairs, BigInteger bigInteger, BigInteger bigInteger2) {
        Long elanId = aclInterface.getElanId();
        Long vpnId = aclInterface.getVpnId();
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(AclServiceUtils.buildIpAndDstServiceMatch(elanId, allowedAddressPairs, this.dataBroker, vpnId));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new InstructionWriteMetadata(AclServiceUtils.getAclIdMetadata(bigInteger), MetaDataUtil.METADATA_MASK_REMOTE_ACL_ID));
        arrayList2.add(new InstructionGotoTable(getEgressAclFilterTable()));
        syncFlow(bigInteger2, getEgressAclRemoteAclTable(), "Acl_Filter_Egress_" + new String(allowedAddressPairs.getIpAddress().getValue()) + "_" + (vpnId != null ? vpnId : elanId), AclConstants.NO_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, arrayList2, i);
    }

    protected short getEgressAclFilterTable() {
        return (short) 213;
    }

    protected short getEgressAclRemoteAclTable() {
        return (short) 212;
    }

    protected abstract String syncSpecificAclFlow(BigInteger bigInteger, int i, int i2, Ace ace, String str, Map<String, List<MatchInfoBase>> map, String str2);

    protected void egressAclDhcpDropServerTraffic(BigInteger bigInteger, String str, int i, int i2) {
        syncFlow(bigInteger, (short) 211, "Egress_DHCP_Server_v4" + bigInteger + "_" + i + "_" + str + "_Drop_", AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildDhcpMatches(67, 68, i, ServiceModeEgress.class), Collections.emptyList(), i2);
    }

    protected void egressAclDhcpv6DropServerTraffic(BigInteger bigInteger, String str, int i, int i2) {
        syncFlow(bigInteger, (short) 211, "Egress_DHCP_Server_v6_" + bigInteger + "_" + i + "_" + str + "_Drop_", AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_SERVER_PORT_IPV6, AclConstants.DHCP_CLIENT_PORT_IPV6, i, ServiceModeEgress.class), Collections.emptyList(), i2);
    }

    private void egressAclIcmpv6DropRouterAdvts(BigInteger bigInteger, int i, int i2) {
        syncFlow(bigInteger, (short) 211, "Egress_ICMPv6_" + bigInteger + "_" + i + "_" + AclConstants.ICMPV6_TYPE_RA + "_Drop_", AclConstants.PROTO_IPV6_DROP_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildIcmpV6Matches(AclConstants.ICMPV6_TYPE_RA, 0, i, ServiceModeEgress.class), Collections.emptyList(), i2);
    }

    private void egressAclIcmpv6AllowedList(BigInteger bigInteger, int i, int i2) {
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions(new ArrayList());
        for (Integer num : AclConstants.allowedIcmpv6NdList()) {
            syncFlow(bigInteger, (short) 211, "Egress_ICMPv6_" + bigInteger + "_" + i + "_" + num + "_Permit_", AclConstants.PROTO_IPV6_ALLOWED_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, AclServiceUtils.buildIcmpV6Matches(num.intValue(), 0, i, ServiceModeEgress.class), dispatcherTableResubmitInstructions, i2);
        }
    }

    private void egressAclDhcpAllowClientTraffic(BigInteger bigInteger, Set<MacAddress> set, int i, int i2) {
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions(new ArrayList());
        for (MacAddress macAddress : set) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(AclServiceUtils.buildDhcpMatches(68, 67, i, ServiceModeEgress.class));
            arrayList.add(new MatchEthernetSource(macAddress));
            syncFlow(bigInteger, (short) 211, "Egress_DHCP_Client_v4" + bigInteger + "_" + i + "_" + macAddress.getValue() + "_Permit_", AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
        }
    }

    private void egressAclDhcpv6AllowClientTraffic(BigInteger bigInteger, Set<MacAddress> set, int i, int i2) {
        List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions(new ArrayList());
        for (MacAddress macAddress : set) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(AclServiceUtils.buildDhcpV6Matches(AclConstants.DHCP_CLIENT_PORT_IPV6, AclConstants.DHCP_SERVER_PORT_IPV6, i, ServiceModeEgress.class));
            arrayList.add(new MatchEthernetSource(macAddress));
            syncFlow(bigInteger, (short) 211, "Egress_DHCP_Client_v6_" + bigInteger + "_" + i + "_" + macAddress.getValue() + "_Permit_", AclConstants.PROTO_DHCP_CLIENT_TRAFFIC_MATCH_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
        }
    }

    protected void programArpRule(BigInteger bigInteger, List<AllowedAddressPairs> list, int i, int i2) {
        for (AllowedAddressPairs allowedAddressPairs : list) {
            if (AclServiceUtils.isIPv4Address(allowedAddressPairs)) {
                IpPrefixOrAddress ipAddress = allowedAddressPairs.getIpAddress();
                MacAddress macAddress = allowedAddressPairs.getMacAddress();
                List<MatchInfoBase> buildArpIpMatches = AclServiceUtils.buildArpIpMatches(ipAddress);
                ArrayList arrayList = new ArrayList();
                arrayList.add(MatchEthernetType.ARP);
                arrayList.add(new MatchArpSha(macAddress));
                arrayList.add(new MatchEthernetSource(macAddress));
                arrayList.addAll(buildArpIpMatches);
                arrayList.add(buildLPortTagMatch(i));
                List<InstructionInfo> dispatcherTableResubmitInstructions = getDispatcherTableResubmitInstructions(new ArrayList());
                LOG.debug(i2 == 1 ? "Deleting " : "Adding ARP Rule on DPID {}, lportTag {}", bigInteger, Integer.valueOf(i));
                syncFlow(bigInteger, (short) 211, "Egress_ARP_" + bigInteger + "_" + i + "_" + allowedAddressPairs.getMacAddress().getValue() + String.valueOf(ipAddress.getValue()), AclConstants.PROTO_ARP_TRAFFIC_MATCH_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, dispatcherTableResubmitInstructions, i2);
            }
        }
    }

    @Override // org.opendaylight.netvirt.aclservice.AbstractAclServiceImpl
    protected void programBroadcastRules(AclInterface aclInterface, int i) {
        programL2BroadcastAllowRule(aclInterface, i);
    }

    private void programL2BroadcastAllowRule(AclInterface aclInterface, int i) {
        BigInteger dpId = aclInterface.getDpId();
        int intValue = aclInterface.getLPortTag().intValue();
        for (MacAddress macAddress : (Set) aclInterface.getAllowedAddressPairs().stream().map(allowedAddressPairs -> {
            return allowedAddressPairs.getMacAddress();
        }).collect(Collectors.toSet())) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new MatchEthernetSource(macAddress));
            arrayList.add(buildLPortTagMatch(intValue));
            syncFlow(dpId, (short) 211, "Egress_L2Broadcast_" + dpId + "_" + intValue + "_" + macAddress.getValue(), AclConstants.PROTO_L2BROADCAST_TRAFFIC_MATCH_PRIORITY.intValue(), "ACL", 0, 0, AclConstants.COOKIE_ACL_BASE, arrayList, getDispatcherTableResubmitInstructions(new ArrayList()), i);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MatchInfoBase buildLPortTagMatch(int i) {
        return AclServiceUtils.buildLPortTagMatch(i, ServiceModeEgress.class);
    }
}
