package org.dasein.cloud.google.network;

import com.google.api.client.googleapis.json.GoogleJsonResponseException;
import com.google.api.services.compute.Compute;
import com.google.api.services.compute.model.Firewall;
import com.google.api.services.compute.model.FirewallList;
import com.google.api.services.compute.model.Network;
import com.google.api.services.compute.model.NetworkList;
import com.google.api.services.compute.model.Operation;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Random;
import java.util.UUID;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.http.conn.util.InetAddressUtils;
import org.apache.log4j.Logger;
import org.dasein.cloud.CloudErrorType;
import org.dasein.cloud.CloudException;
import org.dasein.cloud.InternalException;
import org.dasein.cloud.OperationNotSupportedException;
import org.dasein.cloud.ProviderContext;
import org.dasein.cloud.ResourceStatus;
import org.dasein.cloud.VisibleScope;
import org.dasein.cloud.google.Google;
import org.dasein.cloud.google.GoogleException;
import org.dasein.cloud.google.GoogleMethod;
import org.dasein.cloud.google.GoogleOperationType;
import org.dasein.cloud.google.capabilities.GCEFirewallCapabilities;
import org.dasein.cloud.network.AbstractFirewallSupport;
import org.dasein.cloud.network.Direction;
import org.dasein.cloud.network.FirewallConstraints;
import org.dasein.cloud.network.FirewallCreateOptions;
import org.dasein.cloud.network.FirewallRule;
import org.dasein.cloud.network.Permission;
import org.dasein.cloud.network.Protocol;
import org.dasein.cloud.network.RuleTarget;
import org.dasein.cloud.network.RuleTargetType;
import org.dasein.cloud.util.APITrace;

/* loaded from: input_file:org/dasein/cloud/google/network/FirewallSupport.class */
public class FirewallSupport extends AbstractFirewallSupport<Google> {
    private static final Logger logger = Google.getLogger(org.dasein.cloud.network.FirewallSupport.class);
    private Google provider;
    private volatile transient GCEFirewallCapabilities capabilities;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FirewallSupport(Google google) {
        super(google);
        this.provider = null;
        this.provider = google;
    }

    @Nonnull
    public String authorize(@Nonnull String str, @Nonnull Direction direction, @Nonnull Permission permission, @Nonnull RuleTarget ruleTarget, @Nonnull Protocol protocol, @Nonnull RuleTarget ruleTarget2, int i, int i2, int i3) throws CloudException, InternalException {
        APITrace.begin(this.provider, "Firewall.authorize");
        try {
            if (Permission.DENY.equals(permission)) {
                throw new OperationNotSupportedException("GCE does not support DENY rules");
            }
            if (direction.equals(Direction.EGRESS)) {
                throw new OperationNotSupportedException("GCE does not support EGRESS rules");
            }
            Compute googleCompute = this.provider.getGoogleCompute();
            Firewall firewall = new Firewall();
            firewall.setName(((char) (new Random().nextInt(26) + 97)) + UUID.randomUUID().toString());
            if (protocol == Protocol.ICMP) {
                firewall.setDescription(ruleTarget.getCidr() + ":" + protocol.name());
            } else {
                firewall.setDescription(ruleTarget + ":" + protocol.name() + ":" + i + "-" + i2);
            }
            firewall.setNetwork(this.provider.m9getNetworkServices().m38getVlanSupport().getVlan(str.split("fw-")[1]).getTag("contentLink"));
            String str2 = i == i2 ? i + "" : i + "-" + i2;
            ArrayList arrayList = new ArrayList();
            Firewall.Allowed allowed = new Firewall.Allowed();
            allowed.setIPProtocol(protocol.name());
            if (protocol != Protocol.ICMP) {
                allowed.setPorts(Collections.singletonList(str2));
            }
            arrayList.add(allowed);
            firewall.setAllowed(arrayList);
            if (ruleTarget.getRuleTargetType().equals(RuleTargetType.VLAN) || ruleTarget.getRuleTargetType().equals(RuleTargetType.GLOBAL)) {
                throw new OperationNotSupportedException("GCE does not support VLAN or GLOBAL as valid source types");
            }
            if (ruleTarget.getRuleTargetType().equals(RuleTargetType.VM)) {
                firewall.setSourceTags(Collections.singletonList(this.provider.m10getComputeServices().m20getVirtualMachineSupport().getVmNameFromId(ruleTarget.getProviderVirtualMachineId())));
            } else if (ruleTarget.getRuleTargetType().equals(RuleTargetType.CIDR)) {
                firewall.setSourceRanges(Collections.singletonList(ruleTarget.getCidr()));
            }
            if (ruleTarget2.getRuleTargetType().equals(RuleTargetType.VM)) {
                firewall.setTargetTags(Collections.singletonList(this.provider.m10getComputeServices().m20getVirtualMachineSupport().getVmNameFromId(ruleTarget2.getProviderVirtualMachineId())));
            }
            Collection<FirewallRule> m35getRules = m35getRules(str);
            boolean z = true;
            String cidr = ruleTarget.getCidr();
            for (FirewallRule firewallRule : m35getRules) {
                boolean z2 = firewallRule.getProtocol() == protocol;
                boolean z3 = firewallRule.getStartPort() == i;
                boolean z4 = firewallRule.getEndPort() == i2;
                boolean z5 = ruleTarget.equals(firewallRule.getCidr().toString()) || ruleTarget.toString().equals(new StringBuilder().append("CIDR:").append(firewallRule.getCidr().toString()).toString()) || ruleTarget.toString().equals(new StringBuilder().append("VM:").append(firewallRule.getCidr().toString()).toString());
                boolean z6 = cidr == null || ruleTarget.getCidr().equals(firewallRule.getSourceEndpoint());
                boolean z7 = firewallRule.getDirection() == direction;
                if (protocol == Protocol.ICMP) {
                    if (z2 && z5) {
                        z = false;
                    } else if (z2 && z7 && z3 && z4 && z5) {
                        z = false;
                    }
                }
                if (z2 && z7 && z3 && z4 && z5) {
                    z = false;
                }
            }
            if (!z) {
                throw new CloudException("Duplicate rule already exists");
            }
            try {
                String operationTarget = new GoogleMethod(this.provider).getOperationTarget(this.provider.getContext(), (Operation) googleCompute.firewalls().insert(this.provider.getContext().getAccountNumber(), firewall).execute(), GoogleOperationType.GLOBAL_OPERATION, "", "", false);
                APITrace.end();
                return operationTarget;
            } catch (IOException e) {
                logger.error(e.getMessage());
                if (e.getClass() != GoogleJsonResponseException.class) {
                    throw new CloudException("An error occurred creating a new rule on " + str + ": " + e.getMessage());
                }
                GoogleJsonResponseException googleJsonResponseException = e;
                throw new GoogleException(CloudErrorType.GENERAL, googleJsonResponseException.getStatusCode(), googleJsonResponseException.getContent(), googleJsonResponseException.getDetails().getMessage());
            }
        } catch (Throwable th) {
            APITrace.end();
            throw th;
        }
    }

    @Nonnull
    public String create(@Nonnull FirewallCreateOptions firewallCreateOptions) throws InternalException, CloudException {
        throw new OperationNotSupportedException("GCE does not allow the creation/deletion of firewalls");
    }

    @Nonnull
    /* renamed from: getCapabilities, reason: merged with bridge method [inline-methods] */
    public GCEFirewallCapabilities m37getCapabilities() throws CloudException, InternalException {
        if (this.capabilities == null) {
            this.capabilities = new GCEFirewallCapabilities(getProvider());
        }
        return this.capabilities;
    }

    public void delete(@Nonnull String str) throws InternalException, CloudException {
        throw new OperationNotSupportedException("GCE does not allow the creation/deletion of firewalls");
    }

    public org.dasein.cloud.network.Firewall getFirewall(@Nonnull String str) throws InternalException, CloudException {
        if (!str.startsWith("fw-")) {
            return null;
        }
        ProviderContext context = this.provider.getContext();
        if (context == null) {
            throw new CloudException("No context has been established for this request");
        }
        Compute googleCompute = this.provider.getGoogleCompute();
        try {
            Network network = (Network) googleCompute.networks().get(context.getAccountNumber(), str.split("fw-")[1]).execute();
            FirewallList firewallList = (FirewallList) googleCompute.firewalls().list(context.getAccountNumber()).setFilter("network eq .*/" + network.getName()).execute();
            if (null != firewallList) {
                return toFirewall(network, firewallList.getItems());
            }
            throw new CloudException("Firewall Not Found.");
        } catch (IOException e) {
            logger.error("An error occurred while getting firewall " + str + ": " + e.getMessage());
            if (e.getClass() != GoogleJsonResponseException.class) {
                throw new CloudException(e.getMessage());
            }
            GoogleJsonResponseException googleJsonResponseException = e;
            throw new GoogleException(CloudErrorType.GENERAL, googleJsonResponseException.getStatusCode(), googleJsonResponseException.getContent(), googleJsonResponseException.getDetails().getMessage());
        }
    }

    @Nonnull
    /* renamed from: getRules, reason: merged with bridge method [inline-methods] */
    public Collection<FirewallRule> m35getRules(@Nonnull String str) throws InternalException, CloudException {
        ProviderContext context = this.provider.getContext();
        if (context == null) {
            throw new CloudException("No context has been established for this request");
        }
        if (null == context.getAccountNumber()) {
            throw new CloudException("Context for this request lacks a account number");
        }
        try {
            FirewallList firewallList = (FirewallList) this.provider.getGoogleCompute().firewalls().list(context.getAccountNumber()).setFilter("network eq .*" + str.replaceFirst("^fw-", "")).execute();
            return (firewallList == null || null == firewallList.getItems()) ? Collections.emptyList() : toFirewallRules(firewallList.getItems());
        } catch (IOException e) {
            logger.error("An error occurred while getting firewall " + str + ": " + e.getMessage());
            if (e.getClass() != GoogleJsonResponseException.class) {
                throw new CloudException(e.getMessage());
            }
            GoogleJsonResponseException googleJsonResponseException = e;
            throw new GoogleException(CloudErrorType.GENERAL, googleJsonResponseException.getStatusCode(), googleJsonResponseException.getContent(), googleJsonResponseException.getDetails().getMessage());
        }
    }

    public boolean isSubscribed() throws CloudException, InternalException {
        return true;
    }

    @Nonnull
    /* renamed from: list, reason: merged with bridge method [inline-methods] */
    public Collection<org.dasein.cloud.network.Firewall> m36list() throws InternalException, CloudException {
        org.dasein.cloud.network.Firewall firewall;
        ProviderContext context = this.provider.getContext();
        if (context == null) {
            throw new InternalException("No context was established");
        }
        ArrayList arrayList = new ArrayList();
        try {
            Compute googleCompute = this.provider.getGoogleCompute();
            NetworkList networkList = (NetworkList) googleCompute.networks().list(context.getAccountNumber()).execute();
            if (null != networkList) {
                List<Network> items = networkList.getItems();
                FirewallList firewallList = (FirewallList) googleCompute.firewalls().list(context.getAccountNumber()).execute();
                if (null != firewallList) {
                    List<Firewall> items2 = firewallList.getItems();
                    if (items != null && items.size() > 0) {
                        for (Network network : items) {
                            ArrayList arrayList2 = new ArrayList();
                            for (Firewall firewall2 : items2) {
                                if (firewall2.getNetwork().equals(network.getSelfLink())) {
                                    arrayList2.add(firewall2);
                                }
                            }
                            if (network != null && (firewall = toFirewall(network, arrayList2)) != null) {
                                arrayList.add(firewall);
                            }
                        }
                    }
                }
            }
            return arrayList;
        } catch (IOException e) {
            logger.error(e.getMessage());
            if (e.getClass() != GoogleJsonResponseException.class) {
                throw new CloudException("An error occurred while listing Firewalls: " + e.getMessage());
            }
            GoogleJsonResponseException googleJsonResponseException = e;
            throw new GoogleException(CloudErrorType.GENERAL, googleJsonResponseException.getStatusCode(), googleJsonResponseException.getContent(), googleJsonResponseException.getDetails().getMessage());
        }
    }

    @Nonnull
    public Iterable<ResourceStatus> listFirewallStatus() throws InternalException, CloudException {
        ArrayList arrayList = new ArrayList();
        Iterator<org.dasein.cloud.network.Firewall> it = m36list().iterator();
        while (it.hasNext()) {
            arrayList.add(new ResourceStatus(it.next().getProviderFirewallId(), true));
        }
        return arrayList;
    }

    @Nonnull
    @Deprecated
    public Iterable<RuleTargetType> listSupportedDestinationTypes(boolean z) throws InternalException, CloudException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(RuleTargetType.VM);
        return arrayList;
    }

    @Nonnull
    @Deprecated
    public Iterable<Direction> listSupportedDirections(boolean z) throws InternalException, CloudException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Direction.INGRESS);
        return arrayList;
    }

    @Nonnull
    @Deprecated
    public Iterable<Permission> listSupportedPermissions(boolean z) throws InternalException, CloudException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Permission.ALLOW);
        return arrayList;
    }

    @Nonnull
    @Deprecated
    public Iterable<RuleTargetType> listSupportedSourceTypes(boolean z) throws InternalException, CloudException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(RuleTargetType.CIDR);
        arrayList.add(RuleTargetType.VM);
        return arrayList;
    }

    public void revoke(@Nonnull String str) throws InternalException, CloudException {
        APITrace.begin(this.provider, "Firewall.revoke");
        try {
            try {
                Compute googleCompute = this.provider.getGoogleCompute();
                if (str.contains("--")) {
                    String[] split = str.split("\\-\\-");
                    String str2 = split[0];
                    Firewall firewall = (Firewall) googleCompute.firewalls().get(this.provider.getContext().getAccountNumber(), str2).execute();
                    List sourceRanges = firewall.getSourceRanges();
                    Iterator it = sourceRanges.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String str3 = (String) it.next();
                        if (split[1].equals(str3)) {
                            sourceRanges.remove(str3);
                            break;
                        }
                    }
                    firewall.setSourceRanges(sourceRanges);
                    if (!new GoogleMethod(this.provider).getOperationComplete(this.provider.getContext(), (Operation) googleCompute.firewalls().update(this.provider.getContext().getAccountNumber(), str2, firewall).execute(), GoogleOperationType.GLOBAL_OPERATION, "", "")) {
                        throw new CloudException("An error occurred deleting the rule: Operation Timed Out");
                    }
                } else {
                    if (!new GoogleMethod(this.provider).getOperationComplete(this.provider.getContext(), (Operation) googleCompute.firewalls().delete(this.provider.getContext().getAccountNumber(), str).execute(), GoogleOperationType.GLOBAL_OPERATION, "", "")) {
                        throw new CloudException("An error occurred deleting the rule: Operation Timed Out");
                    }
                }
            } catch (IOException e) {
                logger.error(e.getMessage());
                if (e.getClass() != GoogleJsonResponseException.class) {
                    throw new CloudException("An error occurred while deleting the firewall rule: " + e.getMessage());
                }
                GoogleJsonResponseException googleJsonResponseException = e;
                throw new GoogleException(CloudErrorType.GENERAL, googleJsonResponseException.getStatusCode(), googleJsonResponseException.getContent(), googleJsonResponseException.getDetails().getMessage());
            }
        } finally {
            APITrace.end();
        }
    }

    public void revoke(@Nonnull String str, @Nonnull String str2, @Nonnull Protocol protocol, int i, int i2) throws CloudException, InternalException {
        revoke(str, Direction.INGRESS, str2, protocol, i, i2);
    }

    public void revoke(@Nonnull String str, @Nonnull Direction direction, @Nonnull String str2, @Nonnull Protocol protocol, int i, int i2) throws CloudException, InternalException {
        if (!direction.equals(Direction.INGRESS)) {
            throw new OperationNotSupportedException("GCE does not support outbound firewall rules");
        }
        revoke(str, Direction.INGRESS, Permission.ALLOW, str2, protocol, i, i2);
    }

    public void revoke(@Nonnull String str, @Nonnull Direction direction, @Nonnull Permission permission, @Nonnull String str2, @Nonnull Protocol protocol, int i, int i2) throws CloudException, InternalException {
        if (!direction.equals(Direction.INGRESS)) {
            throw new OperationNotSupportedException("GCE does not support outbound firewall rules");
        }
        if (!permission.equals(Permission.ALLOW)) {
            throw new OperationNotSupportedException("GCE does not support deny firewall rules");
        }
    }

    public void revoke(@Nonnull String str, @Nonnull Direction direction, @Nonnull Permission permission, @Nonnull String str2, @Nonnull Protocol protocol, @Nonnull RuleTarget ruleTarget, int i, int i2) throws CloudException, InternalException {
        if (!direction.equals(Direction.INGRESS)) {
            throw new OperationNotSupportedException("GCE does not support outbound firewall rules");
        }
        if (!permission.equals(Permission.ALLOW)) {
            throw new OperationNotSupportedException("GCE does not support deny firewall rules");
        }
        if (!str2.contains("/")) {
            if (!InetAddressUtils.isIPv4Address(str2)) {
                throw new OperationNotSupportedException("GCE only supports valid IPv4 addresses or cidrs as source targets");
            }
            str2 = str2 + "/32";
        } else if (!InetAddressUtils.isIPv4Address(str2.split("/")[0])) {
            throw new OperationNotSupportedException("GCE only supports valid IPv4 addresses or cidrs as source targets");
        }
        if (!ruleTarget.getRuleTargetType().equals(RuleTargetType.VM) && !ruleTarget.getRuleTargetType().equals(RuleTargetType.VLAN)) {
            throw new InternalException("GCE only supports VM or VLAN targets for firewall rules");
        }
        FirewallRule firewallRule = null;
        for (FirewallRule firewallRule2 : m35getRules(str)) {
            if (firewallRule2.getSourceEndpoint().getCidr().equals(str2) && firewallRule2.getProtocol().equals(protocol)) {
                if (!firewallRule2.getDestinationEndpoint().getRuleTargetType().equals(RuleTargetType.VM)) {
                    if (firewallRule2.getDestinationEndpoint().getRuleTargetType().equals(RuleTargetType.VLAN) && !firewallRule2.getDestinationEndpoint().getProviderVlanId().equals(ruleTarget.getProviderVlanId())) {
                    }
                    if (firewallRule2.getStartPort() == i) {
                        firewallRule = firewallRule2;
                    }
                } else if (firewallRule2.getDestinationEndpoint().getProviderVirtualMachineId().equals(ruleTarget.getProviderVirtualMachineId())) {
                    if (firewallRule2.getStartPort() == i && firewallRule2.getEndPort() == i2) {
                        firewallRule = firewallRule2;
                    }
                }
            }
        }
        if (firewallRule == null) {
            throw new InternalException("The rule for " + direction.name() + ", " + permission.name() + ", " + str2 + ", " + i + "-" + i2 + " does not exist");
        }
        revoke(firewallRule.getProviderRuleId());
    }

    @Nullable
    private org.dasein.cloud.network.Firewall toFirewall(@Nonnull Network network, @Nullable List<Firewall> list) {
        org.dasein.cloud.network.Firewall firewall = new org.dasein.cloud.network.Firewall();
        firewall.setProviderFirewallId("fw-" + network.getName());
        firewall.setVisibleScope(VisibleScope.ACCOUNT_GLOBAL);
        firewall.setAvailable(true);
        firewall.setActive(true);
        firewall.setName(network.getName() + " Firewall");
        firewall.setDescription(network.getDescription());
        firewall.setProviderVlanId(network.getName());
        if (list != null) {
            firewall.setRules(toFirewallRules(list));
        }
        return firewall;
    }

    @Nonnull
    private Collection<FirewallRule> toFirewallRules(@Nonnull List<Firewall> list) {
        int i;
        int i2;
        ArrayList arrayList = new ArrayList();
        for (Firewall firewall : list) {
            ArrayList<RuleTarget> arrayList2 = new ArrayList();
            if (firewall.getSourceRanges() != null) {
                for (String str : firewall.getSourceRanges()) {
                    if (InetAddressUtils.isIPv4Address(str)) {
                        str = str + "/32";
                    }
                    arrayList2.add(RuleTarget.getCIDR(str));
                }
            } else {
                if (firewall.getSourceTags() == null) {
                    return arrayList;
                }
                Iterator it = firewall.getSourceTags().iterator();
                while (it.hasNext()) {
                    arrayList2.add(RuleTarget.getVirtualMachine((String) it.next()));
                }
            }
            for (RuleTarget ruleTarget : arrayList2) {
                String str2 = arrayList2.size() > 1 ? "--" + ruleTarget.getCidr() : "";
                String substring = firewall.getNetwork().substring(firewall.getNetwork().lastIndexOf("/") + 1);
                for (Firewall.Allowed allowed : firewall.getAllowed()) {
                    Protocol protocol = Protocol.ANY;
                    try {
                        protocol = Protocol.valueOf(allowed.getIPProtocol().toUpperCase());
                    } catch (IllegalArgumentException e) {
                    }
                    if (protocol != Protocol.ICMP) {
                        if (null != allowed && null != allowed.getPorts()) {
                            for (String str3 : allowed.getPorts()) {
                                if (str3.indexOf("-") > 0) {
                                    String[] split = str3.split("-");
                                    i2 = Integer.valueOf(split[0]).intValue();
                                    i = Integer.valueOf(split[1]).intValue();
                                } else {
                                    int intValue = Integer.valueOf(str3).intValue();
                                    i = intValue;
                                    i2 = intValue;
                                }
                                if (firewall.getTargetTags() != null) {
                                    Iterator it2 = firewall.getTargetTags().iterator();
                                    while (it2.hasNext()) {
                                        arrayList.add(FirewallRule.getInstance(firewall.getName() + str2, "fw-" + substring, ruleTarget, Direction.INGRESS, protocol, Permission.ALLOW, RuleTarget.getVirtualMachine((String) it2.next()), i2, i));
                                    }
                                } else {
                                    arrayList.add(FirewallRule.getInstance(firewall.getName() + str2, "fw-" + substring, ruleTarget, Direction.INGRESS, protocol, Permission.ALLOW, RuleTarget.getVlan(substring), i2, i));
                                }
                            }
                        }
                    } else if (firewall.getTargetTags() != null) {
                        Iterator it3 = firewall.getTargetTags().iterator();
                        while (it3.hasNext()) {
                            arrayList.add(FirewallRule.getInstance(firewall.getName() + str2, "fw-" + substring, ruleTarget, Direction.INGRESS, protocol, Permission.ALLOW, RuleTarget.getVirtualMachine((String) it3.next()), 0, 0));
                        }
                    } else {
                        arrayList.add(FirewallRule.getInstance(firewall.getName() + str2, "fw-" + substring, ruleTarget, Direction.INGRESS, protocol, Permission.ALLOW, RuleTarget.getVlan(substring), 0, 0));
                    }
                }
            }
        }
        return arrayList;
    }

    @Nonnull
    public Map<FirewallConstraints.Constraint, Object> getActiveConstraintsForFirewall(@Nonnull String str) throws CloudException, InternalException {
        RuleTarget sourceEndpoint = ((FirewallRule) getFirewall(str).getRules().iterator().next()).getSourceEndpoint();
        HashMap hashMap = new HashMap();
        hashMap.put(FirewallConstraints.Constraint.PERMISSION, Permission.ALLOW);
        hashMap.put(FirewallConstraints.Constraint.DIRECTION, Direction.INGRESS);
        hashMap.put(FirewallConstraints.Constraint.SOURCE, sourceEndpoint);
        return hashMap;
    }

    @Nonnull
    @Deprecated
    public String getProviderTermForFirewall(@Nonnull Locale locale) {
        return "firewall";
    }
}
