package org.onosproject.openstacknetworking.switching;

import java.util.Map;
import org.onlab.packet.Ethernet;
import org.onlab.packet.Ip4Address;
import org.onlab.packet.Ip4Prefix;
import org.onlab.packet.IpPrefix;
import org.onlab.packet.TpPort;
import org.onosproject.core.ApplicationId;
import org.onosproject.net.DeviceId;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flow.TrafficTreatment;
import org.onosproject.net.flowobjective.DefaultForwardingObjective;
import org.onosproject.net.flowobjective.FlowObjectiveService;
import org.onosproject.net.flowobjective.ForwardingObjective;
import org.onosproject.openstackinterface.OpenstackInterfaceService;
import org.onosproject.openstackinterface.OpenstackSecurityGroup;
import org.onosproject.openstackinterface.OpenstackSecurityGroupRule;
import org.onosproject.openstacknetworking.OpenstackPortInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/onosproject/openstacknetworking/switching/OpenstackSecurityGroupRulePopulator.class */
public class OpenstackSecurityGroupRulePopulator {
    private OpenstackInterfaceService openstackService;
    private FlowObjectiveService flowObjectiveService;
    private ApplicationId appId;
    private static final String PROTO_ICMP = "ICMP";
    private static final String PROTO_TCP = "TCP";
    private static final String PROTO_UDP = "UDP";
    private static final String ETHTYPE_IPV4 = "IPV4";
    private static final int ACL_RULE_PRIORITY = 30000;
    private static Logger log = LoggerFactory.getLogger(OpenstackSecurityGroupRulePopulator.class);
    private static final IpPrefix IP_PREFIX_ANY = Ip4Prefix.valueOf("0.0.0.0/0");

    public OpenstackSecurityGroupRulePopulator(ApplicationId applicationId, OpenstackInterfaceService openstackInterfaceService, FlowObjectiveService flowObjectiveService) {
        this.appId = applicationId;
        this.openstackService = openstackInterfaceService;
        this.flowObjectiveService = flowObjectiveService;
    }

    public void populateSecurityGroupRules(DeviceId deviceId, String str, Ip4Address ip4Address, Map<String, OpenstackPortInfo> map) {
        OpenstackSecurityGroup securityGroup = this.openstackService.getSecurityGroup(str);
        if (securityGroup != null) {
            securityGroup.rules().stream().forEach(openstackSecurityGroupRule -> {
                if (openstackSecurityGroupRule.remoteGroupId() == null || openstackSecurityGroupRule.remoteGroupId().equals("null")) {
                    setSecurityGroupRule(deviceId, openstackSecurityGroupRule, ip4Address, openstackSecurityGroupRule.remoteIpPrefix());
                } else {
                    this.openstackService.ports().stream().filter(openstackPort -> {
                        return openstackPort.securityGroups().contains(openstackSecurityGroupRule.remoteGroupId());
                    }).flatMap(openstackPort2 -> {
                        return openstackPort2.fixedIps().values().stream();
                    }).forEach(ip4Address2 -> {
                        setSecurityGroupRule(deviceId, openstackSecurityGroupRule, ip4Address, IpPrefix.valueOf(ip4Address2, 32));
                    });
                }
            });
            this.openstackService.ports().stream().forEach(openstackPort -> {
                openstackPort.securityGroups().stream().forEach(str2 -> {
                    this.openstackService.getSecurityGroup(str2).rules().stream().filter(openstackSecurityGroupRule2 -> {
                        return openstackSecurityGroupRule2.remoteGroupId().equals(str);
                    }).forEach(openstackSecurityGroupRule3 -> {
                        Ip4Address ip4Address2 = (Ip4Address) openstackPort.fixedIps().values().stream().findAny().orElse(null);
                        OpenstackPortInfo openstackPortInfo = (OpenstackPortInfo) map.get(OpenstackSwitchingManager.PORTNAME_PREFIX_VM + openstackPort.id().substring(0, 11));
                        if (openstackPortInfo == null || ip4Address2 == null) {
                            return;
                        }
                        setSecurityGroupRule(openstackPortInfo.deviceId(), openstackSecurityGroupRule3, ip4Address2, IpPrefix.valueOf(ip4Address, 32));
                    });
                });
            });
        }
    }

    public void removeSecurityGroupRules(DeviceId deviceId, String str, Ip4Address ip4Address, Map<String, OpenstackPortInfo> map, Map<String, OpenstackSecurityGroup> map2) {
        OpenstackSecurityGroup openstackSecurityGroup = map2.get(str);
        if (openstackSecurityGroup != null) {
            openstackSecurityGroup.rules().stream().forEach(openstackSecurityGroupRule -> {
                if (openstackSecurityGroupRule.remoteGroupId() == null || openstackSecurityGroupRule.remoteGroupId().equals("null")) {
                    removeSecurityGroupRule(deviceId, openstackSecurityGroupRule, ip4Address, openstackSecurityGroupRule.remoteIpPrefix());
                } else {
                    map.values().stream().filter(openstackPortInfo -> {
                        return openstackPortInfo.securityGroups().contains(openstackSecurityGroupRule.remoteGroupId());
                    }).map((v0) -> {
                        return v0.ip();
                    }).forEach(ip4Address2 -> {
                        removeSecurityGroupRule(deviceId, openstackSecurityGroupRule, ip4Address, IpPrefix.valueOf(ip4Address2, 32));
                    });
                }
            });
            map.values().stream().forEach(openstackPortInfo -> {
                openstackPortInfo.securityGroups().forEach(str2 -> {
                    ((OpenstackSecurityGroup) map2.get(str2)).rules().stream().filter(openstackSecurityGroupRule2 -> {
                        return openstackSecurityGroupRule2.remoteGroupId().equals(str);
                    }).forEach(openstackSecurityGroupRule3 -> {
                        removeSecurityGroupRule(openstackPortInfo.deviceId(), openstackSecurityGroupRule3, openstackPortInfo.ip(), IpPrefix.valueOf(ip4Address, 32));
                    });
                });
            });
        }
    }

    private void setSecurityGroupRule(DeviceId deviceId, OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix) {
        ForwardingObjective.Builder buildFlowObjective = buildFlowObjective(deviceId, openstackSecurityGroupRule, ip4Address, ipPrefix);
        if (buildFlowObjective != null) {
            this.flowObjectiveService.forward(deviceId, buildFlowObjective.add());
        }
    }

    private void removeSecurityGroupRule(DeviceId deviceId, OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix) {
        ForwardingObjective.Builder buildFlowObjective = buildFlowObjective(deviceId, openstackSecurityGroupRule, ip4Address, ipPrefix);
        if (buildFlowObjective != null) {
            this.flowObjectiveService.forward(deviceId, buildFlowObjective.remove());
        }
    }

    ForwardingObjective.Builder buildFlowObjective(DeviceId deviceId, OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix) {
        if (ipPrefix != null && ipPrefix.equals(IpPrefix.valueOf(ip4Address, 32))) {
            return null;
        }
        TrafficSelector.Builder builder = DefaultTrafficSelector.builder();
        TrafficTreatment.Builder builder2 = DefaultTrafficTreatment.builder();
        buildMatchs(builder, openstackSecurityGroupRule, ip4Address, ipPrefix);
        return DefaultForwardingObjective.builder().withSelector(builder.build()).withTreatment(builder2.build()).withPriority(ACL_RULE_PRIORITY).withFlag(ForwardingObjective.Flag.SPECIFIC).fromApp(this.appId);
    }

    private void buildMatchs(TrafficSelector.Builder builder, OpenstackSecurityGroupRule openstackSecurityGroupRule, Ip4Address ip4Address, IpPrefix ipPrefix) {
        buildMatchEthType(builder, openstackSecurityGroupRule.ethertype());
        buildMatchDirection(builder, openstackSecurityGroupRule.direction(), ip4Address);
        buildMatchProto(builder, openstackSecurityGroupRule.protocol());
        buildMatchPort(builder, openstackSecurityGroupRule.protocol(), openstackSecurityGroupRule.direction(), openstackSecurityGroupRule.portRangeMax(), openstackSecurityGroupRule.portRangeMin());
        buildMatchRemoteIp(builder, ipPrefix, openstackSecurityGroupRule.direction());
    }

    private void buildMatchDirection(TrafficSelector.Builder builder, OpenstackSecurityGroupRule.Direction direction, Ip4Address ip4Address) {
        if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
            builder.matchIPSrc(IpPrefix.valueOf(ip4Address, 32));
        } else {
            builder.matchIPDst(IpPrefix.valueOf(ip4Address, 32));
        }
    }

    private void buildMatchEthType(TrafficSelector.Builder builder, String str) {
        builder.matchEthType(Ethernet.TYPE_IPV4);
        if (str == null || str == "null" || str.toUpperCase().equals(ETHTYPE_IPV4)) {
            return;
        }
        log.error("EthType {} is not supported yet in Security Group", str);
    }

    private void buildMatchRemoteIp(TrafficSelector.Builder builder, IpPrefix ipPrefix, OpenstackSecurityGroupRule.Direction direction) {
        if (ipPrefix == null || ipPrefix.getIp4Prefix().equals(IP_PREFIX_ANY)) {
            return;
        }
        if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
            builder.matchIPDst(ipPrefix);
        } else {
            builder.matchIPSrc(ipPrefix);
        }
    }

    private void buildMatchProto(TrafficSelector.Builder builder, String str) {
        if (str != null) {
            String upperCase = str.toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 82881:
                    if (upperCase.equals(PROTO_TCP)) {
                        z = true;
                        break;
                    }
                    break;
                case 83873:
                    if (upperCase.equals(PROTO_UDP)) {
                        z = 2;
                        break;
                    }
                    break;
                case 2241597:
                    if (upperCase.equals(PROTO_ICMP)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    builder.matchIPProtocol((byte) 1);
                    return;
                case true:
                    builder.matchIPProtocol((byte) 6);
                    return;
                case true:
                    builder.matchIPProtocol((byte) 17);
                    return;
                default:
                    return;
            }
        }
    }

    private void buildMatchPort(TrafficSelector.Builder builder, String str, OpenstackSecurityGroupRule.Direction direction, int i, int i2) {
        if (i <= 0 || i2 <= 0 || i != i2) {
            return;
        }
        if (str.toUpperCase().equals(PROTO_TCP)) {
            if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
                builder.matchTcpDst(TpPort.tpPort(i2));
                return;
            } else {
                builder.matchTcpSrc(TpPort.tpPort(i2));
                return;
            }
        }
        if (str.toUpperCase().equals(PROTO_UDP)) {
            if (direction.equals(OpenstackSecurityGroupRule.Direction.EGRESS)) {
                builder.matchUdpDst(TpPort.tpPort(i2));
            } else {
                builder.matchUdpSrc(TpPort.tpPort(i2));
            }
        }
    }
}
