package org.opendaylight.netvirt.neutronvpn;

import com.google.common.collect.ImmutableBiMap;
import java.util.Collections;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.datastoreutils.AsyncDataTreeChangeListenerBase;
import org.opendaylight.genius.infra.Datastore;
import org.opendaylight.genius.infra.ManagedNewTransactionRunner;
import org.opendaylight.genius.infra.ManagedNewTransactionRunnerImpl;
import org.opendaylight.infrautils.jobcoordinator.JobCoordinator;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.AccessLists;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.AclKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.AccessListEntries;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.Ace;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.AceBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.AceKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.ActionsBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.MatchesBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.AceIpBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv4Builder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160218.access.lists.acl.access.list.entries.ace.matches.ace.type.ace.ip.ace.ip.version.AceIpv6Builder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160218.acl.transport.header.fields.DestinationPortRangeBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttr;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.SecurityRuleAttrBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolBase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolIcmp;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolIcmpV6;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolUdp;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.SecurityRuleAttributes;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRules;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
import org.opendaylight.yangtools.yang.binding.DataObject;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.common.Empty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/opendaylight/netvirt/neutronvpn/NeutronSecurityRuleListener.class */
public class NeutronSecurityRuleListener extends AsyncDataTreeChangeListenerBase<SecurityRule, NeutronSecurityRuleListener> {
    private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityRuleListener.class);
    private static final ImmutableBiMap<Class<? extends DirectionBase>, Class<? extends org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.DirectionBase>> DIRECTION_MAP = ImmutableBiMap.of(DirectionEgress.class, NeutronSecurityRuleConstants.DIRECTION_EGRESS, DirectionIngress.class, NeutronSecurityRuleConstants.DIRECTION_INGRESS);
    private static final ImmutableBiMap<Class<? extends ProtocolBase>, Short> PROTOCOL_MAP = ImmutableBiMap.of(ProtocolIcmp.class, NeutronSecurityRuleConstants.PROTOCOL_ICMP, ProtocolTcp.class, NeutronSecurityRuleConstants.PROTOCOL_TCP, ProtocolUdp.class, NeutronSecurityRuleConstants.PROTOCOL_UDP, ProtocolIcmpV6.class, NeutronSecurityRuleConstants.PROTOCOL_ICMPV6);
    private final DataBroker dataBroker;
    private final ManagedNewTransactionRunner txRunner;
    private final JobCoordinator jobCoordinator;

    @Inject
    public NeutronSecurityRuleListener(DataBroker dataBroker, JobCoordinator jobCoordinator) {
        super(SecurityRule.class, NeutronSecurityRuleListener.class);
        this.dataBroker = dataBroker;
        this.txRunner = new ManagedNewTransactionRunnerImpl(dataBroker);
        this.jobCoordinator = jobCoordinator;
    }

    @PostConstruct
    public void init() {
        LOG.info("{} init", getClass().getSimpleName());
        registerListener(LogicalDatastoreType.CONFIGURATION, this.dataBroker);
    }

    protected InstanceIdentifier<SecurityRule> getWildCardPath() {
        return InstanceIdentifier.create(Neutron.class).child(SecurityRules.class).child(SecurityRule.class);
    }

    protected void add(InstanceIdentifier<SecurityRule> instanceIdentifier, SecurityRule securityRule) {
        LOG.trace("added securityRule: {}", securityRule);
        try {
            Ace build = toAceBuilder(securityRule, false).build();
            InstanceIdentifier<Ace> aceInstanceIdentifier = getAceInstanceIdentifier(securityRule);
            this.jobCoordinator.enqueueJob(securityRule.getSecurityGroupId().getValue(), () -> {
                return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(Datastore.CONFIGURATION, typedWriteTransaction -> {
                    typedWriteTransaction.put(aceInstanceIdentifier, build, true);
                }));
            }, 3);
        } catch (Exception e) {
            LOG.error("Exception occured while adding acl for security rule: {}. ", securityRule, e);
        }
    }

    private InstanceIdentifier<Ace> getAceInstanceIdentifier(SecurityRule securityRule) {
        return InstanceIdentifier.builder(AccessLists.class).child(Acl.class, new AclKey(securityRule.getSecurityGroupId().getValue(), NeutronSecurityRuleConstants.ACLTYPE)).child(AccessListEntries.class).child(Ace.class, new AceKey(securityRule.getUuid().getValue())).build();
    }

    private AceBuilder toAceBuilder(SecurityRule securityRule, boolean z) {
        AceIpBuilder aceIpBuilder = new AceIpBuilder();
        SecurityRuleAttrBuilder securityRuleAttrBuilder = new SecurityRuleAttrBuilder();
        DestinationPortRangeBuilder destinationPortRangeBuilder = new DestinationPortRangeBuilder();
        boolean z2 = false;
        if (securityRule.getDirection() != null) {
            securityRuleAttrBuilder.setDirection((Class) DIRECTION_MAP.get(securityRule.getDirection()));
            z2 = securityRule.getDirection().equals(DirectionIngress.class);
        }
        if (securityRule.getPortRangeMax() != null) {
            destinationPortRangeBuilder.setUpperPort(new PortNumber(securityRule.getPortRangeMax()));
        }
        if (securityRule.getPortRangeMin() != null) {
            destinationPortRangeBuilder.setLowerPort(new PortNumber(securityRule.getPortRangeMin()));
            aceIpBuilder.setDestinationPortRange(destinationPortRangeBuilder.build());
        }
        AceIpBuilder handleRemoteIpPrefix = handleRemoteIpPrefix(securityRule, aceIpBuilder, z2);
        if (securityRule.getRemoteGroupId() != null) {
            securityRuleAttrBuilder.setRemoteGroupId(securityRule.getRemoteGroupId());
        }
        if (securityRule.getProtocol() != null) {
            SecurityRuleAttributes.Protocol protocol = securityRule.getProtocol();
            if (protocol.getUint8() != null) {
                handleRemoteIpPrefix.setProtocol(protocol.getUint8());
            } else {
                handleRemoteIpPrefix.setProtocol((Short) PROTOCOL_MAP.get(protocol.getIdentityref()));
            }
        }
        securityRuleAttrBuilder.setDeleted(Boolean.valueOf(z));
        MatchesBuilder matchesBuilder = new MatchesBuilder();
        matchesBuilder.setAceType(handleRemoteIpPrefix.build());
        ActionsBuilder actionsBuilder = new ActionsBuilder();
        actionsBuilder.setPacketHandling(new PermitBuilder().setPermit(Empty.getInstance()).build());
        AceBuilder aceBuilder = new AceBuilder();
        aceBuilder.withKey(new AceKey(securityRule.getUuid().getValue()));
        aceBuilder.setRuleName(securityRule.getUuid().getValue());
        aceBuilder.setMatches(matchesBuilder.build());
        aceBuilder.setActions(actionsBuilder.build());
        aceBuilder.addAugmentation(SecurityRuleAttr.class, securityRuleAttrBuilder.build());
        return aceBuilder;
    }

    private AceIpBuilder handleEtherType(SecurityRule securityRule, AceIpBuilder aceIpBuilder) {
        if (NeutronSecurityRuleConstants.ETHERTYPE_IPV4.equals(securityRule.getEthertype())) {
            AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
            aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(NeutronSecurityRuleConstants.IPV4_ALL_NETWORK));
            aceIpv4Builder.setDestinationIpv4Network(new Ipv4Prefix(NeutronSecurityRuleConstants.IPV4_ALL_NETWORK));
            aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
        } else {
            AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
            aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(NeutronSecurityRuleConstants.IPV6_ALL_NETWORK));
            aceIpv6Builder.setDestinationIpv6Network(new Ipv6Prefix(NeutronSecurityRuleConstants.IPV6_ALL_NETWORK));
            aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
        }
        return aceIpBuilder;
    }

    private AceIpBuilder handleRemoteIpPrefix(SecurityRule securityRule, AceIpBuilder aceIpBuilder, boolean z) {
        if (securityRule.getRemoteIpPrefix() != null) {
            if (securityRule.getRemoteIpPrefix().getIpv4Prefix() != null) {
                AceIpv4Builder aceIpv4Builder = new AceIpv4Builder();
                if (z) {
                    aceIpv4Builder.setSourceIpv4Network(new Ipv4Prefix(securityRule.getRemoteIpPrefix().getIpv4Prefix().getValue()));
                } else {
                    aceIpv4Builder.setDestinationIpv4Network(new Ipv4Prefix(securityRule.getRemoteIpPrefix().getIpv4Prefix().getValue()));
                }
                aceIpBuilder.setAceIpVersion(aceIpv4Builder.build());
            } else {
                AceIpv6Builder aceIpv6Builder = new AceIpv6Builder();
                if (z) {
                    aceIpv6Builder.setSourceIpv6Network(new Ipv6Prefix(securityRule.getRemoteIpPrefix().getIpv6Prefix().getValue()));
                } else {
                    aceIpv6Builder.setDestinationIpv6Network(new Ipv6Prefix(securityRule.getRemoteIpPrefix().getIpv6Prefix().getValue()));
                }
                aceIpBuilder.setAceIpVersion(aceIpv6Builder.build());
            }
        } else if (securityRule.getEthertype() != null) {
            handleEtherType(securityRule, aceIpBuilder);
        }
        return aceIpBuilder;
    }

    protected void remove(InstanceIdentifier<SecurityRule> instanceIdentifier, SecurityRule securityRule) {
        LOG.trace("removed securityRule: {}", securityRule);
        InstanceIdentifier<Ace> aceInstanceIdentifier = getAceInstanceIdentifier(securityRule);
        try {
            Ace build = toAceBuilder(securityRule, true).build();
            this.jobCoordinator.enqueueJob(securityRule.getSecurityGroupId().getValue(), () -> {
                return Collections.singletonList(this.txRunner.callWithNewWriteOnlyTransactionAndSubmit(Datastore.CONFIGURATION, typedWriteTransaction -> {
                    typedWriteTransaction.merge(aceInstanceIdentifier, build, true);
                }));
            }, 3);
        } catch (Exception e) {
            LOG.warn("Exception occured while removing acl for security rule: {}. ", securityRule, e);
        }
    }

    protected void update(InstanceIdentifier<SecurityRule> instanceIdentifier, SecurityRule securityRule, SecurityRule securityRule2) {
        LOG.trace("updates on security rules not supported.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getDataTreeChangeListener, reason: merged with bridge method [inline-methods] */
    public NeutronSecurityRuleListener m20getDataTreeChangeListener() {
        return this;
    }

    protected /* bridge */ /* synthetic */ void add(InstanceIdentifier instanceIdentifier, DataObject dataObject) {
        add((InstanceIdentifier<SecurityRule>) instanceIdentifier, (SecurityRule) dataObject);
    }

    protected /* bridge */ /* synthetic */ void update(InstanceIdentifier instanceIdentifier, DataObject dataObject, DataObject dataObject2) {
        update((InstanceIdentifier<SecurityRule>) instanceIdentifier, (SecurityRule) dataObject, (SecurityRule) dataObject2);
    }

    protected /* bridge */ /* synthetic */ void remove(InstanceIdentifier instanceIdentifier, DataObject dataObject) {
        remove((InstanceIdentifier<SecurityRule>) instanceIdentifier, (SecurityRule) dataObject);
    }
}
