package com.aoindustries.aoserv.daemon.iptables;

import com.aoindustries.aoserv.client.AOServConnector;
import com.aoindustries.aoserv.client.distribution.OperatingSystemVersion;
import com.aoindustries.aoserv.client.master.User;
import com.aoindustries.aoserv.client.net.reputation.Host;
import com.aoindustries.aoserv.client.net.reputation.Network;
import com.aoindustries.aoserv.client.net.reputation.Set;
import com.aoindustries.aoserv.daemon.AOServDaemon;
import com.aoindustries.aoserv.daemon.AOServDaemonConfiguration;
import com.aoindustries.aoserv.daemon.backup.BackupManager;
import com.aoindustries.aoserv.daemon.iptables.Ipset;
import com.aoindustries.aoserv.daemon.util.BuilderThread;
import com.aoindustries.io.unix.UnixFile;
import com.aoindustries.math.SafeMath;
import java.io.IOException;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/aoindustries/aoserv/daemon/iptables/IpReputationManager.class */
public final class IpReputationManager extends BuilderThread {
    private static IpReputationManager ipReputationManager;
    private static final String IPTABLES_DIR = "/etc/opt/aoserv-daemon/iptables";
    private static final String IPREPUTATION_SUBDIR = "ipreputation";
    private static final Logger logger = Logger.getLogger(IpReputationManager.class.getName());
    private static final Comparator<Host> badHostComparator = (host, host2) -> {
        short reputation = host.getReputation();
        short reputation2 = host2.getReputation();
        if (reputation < reputation2) {
            return -1;
        }
        if (reputation > reputation2) {
            return 1;
        }
        int host = host.getHost();
        int host2 = host2.getHost();
        if (host < host2) {
            return -1;
        }
        return host > host2 ? 1 : 0;
    };
    private static final Comparator<Network> goodNetworkComparator = (network, network2) -> {
        int counter = network.getCounter();
        int counter2 = network2.getCounter();
        if (counter > counter2) {
            return -1;
        }
        if (counter < counter2) {
            return 1;
        }
        int network = network.getNetwork();
        int network2 = network2.getNetwork();
        if (network < network2) {
            return -1;
        }
        return network > network2 ? 1 : 0;
    };
    private static final Comparator<Host> goodHostComparator = (host, host2) -> {
        short reputation = host.getReputation();
        short reputation2 = host2.getReputation();
        if (reputation > reputation2) {
            return -1;
        }
        if (reputation < reputation2) {
            return 1;
        }
        int host = host.getHost();
        int host2 = host2.getHost();
        if (host < host2) {
            return -1;
        }
        return host > host2 ? 1 : 0;
    };
    private static final Object rebuildLock = new Object();

    private static UnixFile getIptablesDir() throws IOException {
        UnixFile unixFile = new UnixFile(IPTABLES_DIR);
        if (!unixFile.getStat().exists()) {
            unixFile.mkdir(false, 448L);
        }
        return unixFile;
    }

    private static UnixFile getIpreputationDir() throws IOException {
        UnixFile unixFile = new UnixFile(getIptablesDir().getPath() + "/" + IPREPUTATION_SUBDIR);
        if (!unixFile.getStat().exists()) {
            unixFile.mkdir(false, 448L);
        }
        return unixFile;
    }

    private IpReputationManager() {
    }

    public static void start() throws IOException, SQLException {
        OperatingSystemVersion operatingSystemVersion = AOServDaemon.getThisServer().getHost().getOperatingSystemVersion();
        int pkey = operatingSystemVersion.getPkey();
        synchronized (System.out) {
            if (pkey != 45 && pkey != 47 && pkey != 67 && pkey != 70) {
                if (AOServDaemonConfiguration.isManagerEnabled(IpReputationManager.class) && ipReputationManager == null) {
                    System.out.print("Starting IpReputationManager: ");
                    if (pkey == 64 || pkey == 63) {
                        AOServConnector connector = AOServDaemon.getConnector();
                        User masterUser = connector.getCurrentAdministrator().getMasterUser();
                        if (masterUser == null) {
                            throw new AssertionError("Administrator is not a User");
                        }
                        if (masterUser.isRouter()) {
                            ipReputationManager = new IpReputationManager();
                            connector.getNet().getReputation().getSet().addTableListener(ipReputationManager, 0L);
                            connector.getNet().getReputation().getHost().addTableListener(ipReputationManager, 0L);
                            connector.getNet().getReputation().getNetwork().addTableListener(ipReputationManager, 0L);
                            System.out.println("Done");
                        } else {
                            System.out.println("Disabled: This is not a router");
                        }
                    } else {
                        System.out.println("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
                    }
                }
            }
        }
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    public String getProcessTimerDescription() {
        return "Rebuild IP Reputation Sets";
    }

    private static void synchronizeHostIpset(Set<Host> set, Set.ConfidenceType confidenceType, Set.ReputationType reputationType, String str, UnixFile unixFile) throws IOException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(((Math.min(65536, set.size()) * 4) / 3) + 1);
        Iterator<Host> it = set.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(Integer.valueOf(it.next().getHost()));
            if (linkedHashSet.size() > 65535) {
                break;
            }
        }
        Ipset.synchronize(linkedHashSet, (short) 32, Ipset.NamespacePrefix.R.name() + reputationType.toChar() + confidenceType.toChar() + '_' + str, unixFile);
    }

    private static void synchronizeNetworkIpset(java.util.Set<Network> set, short s, String str, UnixFile unixFile) throws IOException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(((Math.min(65536, set.size()) * 4) / 3) + 1);
        Iterator<Network> it = set.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(Integer.valueOf(it.next().getNetwork()));
            if (linkedHashSet.size() > 65535) {
                break;
            }
        }
        Ipset.synchronize(linkedHashSet, s, Ipset.NamespacePrefix.R.name() + Set.ReputationType.GOOD.toChar() + "N_" + str, unixFile);
    }

    @Override // com.aoindustries.aoserv.daemon.util.BuilderThread
    protected boolean doRebuild() {
        try {
            AOServConnector connector = AOServDaemon.getConnector();
            OperatingSystemVersion operatingSystemVersion = AOServDaemon.getThisServer().getHost().getOperatingSystemVersion();
            int pkey = operatingSystemVersion.getPkey();
            if (pkey != 64 && pkey != 63 && pkey != 69) {
                throw new AssertionError("Unsupported OperatingSystemVersion: " + operatingSystemVersion);
            }
            synchronized (rebuildLock) {
                UnixFile ipreputationDir = getIpreputationDir();
                List<com.aoindustries.aoserv.client.net.reputation.Set> rows = connector.getNet().getReputation().getSet().getRows();
                HashSet hashSet = new HashSet(((rows.size() * 4) / 3) + 1);
                for (com.aoindustries.aoserv.client.net.reputation.Set set : rows) {
                    String identifier = set.getIdentifier();
                    short maxUncertainReputation = set.getMaxUncertainReputation();
                    short castShort = SafeMath.castShort(-maxUncertainReputation);
                    hashSet.add(identifier);
                    UnixFile unixFile = new UnixFile(ipreputationDir, identifier, true);
                    if (!unixFile.getStat().exists()) {
                        unixFile.mkdir(false, 448L);
                    }
                    TreeSet treeSet = new TreeSet(badHostComparator);
                    TreeSet treeSet2 = new TreeSet(badHostComparator);
                    TreeSet treeSet3 = new TreeSet(goodHostComparator);
                    TreeSet treeSet4 = new TreeSet(goodHostComparator);
                    for (Host host : set.getHosts()) {
                        short reputation = host.getReputation();
                        if (reputation < castShort) {
                            treeSet.add(host);
                        } else if (reputation < 0) {
                            treeSet2.add(host);
                        } else if (reputation > maxUncertainReputation) {
                            treeSet4.add(host);
                        } else {
                            if (reputation < 0) {
                                throw new AssertionError("rep=" + ((int) reputation));
                            }
                            treeSet3.add(host);
                        }
                    }
                    TreeSet treeSet5 = new TreeSet(goodNetworkComparator);
                    treeSet5.addAll(set.getNetworks());
                    synchronizeHostIpset(treeSet, Set.ConfidenceType.DEFINITE, Set.ReputationType.BAD, identifier, unixFile);
                    synchronizeHostIpset(treeSet2, Set.ConfidenceType.UNCERTAIN, Set.ReputationType.BAD, identifier, unixFile);
                    synchronizeHostIpset(treeSet3, Set.ConfidenceType.UNCERTAIN, Set.ReputationType.GOOD, identifier, unixFile);
                    synchronizeHostIpset(treeSet4, Set.ConfidenceType.DEFINITE, Set.ReputationType.GOOD, identifier, unixFile);
                    synchronizeNetworkIpset(treeSet5, set.getNetworkPrefix(), identifier, unixFile);
                }
                String[] list = ipreputationDir.list();
                if (list != null) {
                    ArrayList arrayList = new ArrayList();
                    for (String str : list) {
                        if (!hashSet.contains(str)) {
                            arrayList.add(new UnixFile(ipreputationDir, str, true).getFile());
                        }
                    }
                    BackupManager.backupAndDeleteFiles(arrayList);
                }
            }
            return true;
        } catch (ThreadDeath e) {
            throw e;
        } catch (Throwable th) {
            logger.log(Level.SEVERE, (String) null, th);
            return false;
        }
    }
}
