package org.dasein.cloud.test;

import java.util.Collection;
import java.util.Iterator;
import java.util.Locale;
import java.util.UUID;
import javax.annotation.Nonnull;
import junit.framework.Assert;
import org.dasein.cloud.CloudException;
import org.dasein.cloud.CloudProvider;
import org.dasein.cloud.InternalException;
import org.dasein.cloud.OperationNotSupportedException;
import org.dasein.cloud.ResourceStatus;
import org.dasein.cloud.network.Direction;
import org.dasein.cloud.network.Firewall;
import org.dasein.cloud.network.FirewallRule;
import org.dasein.cloud.network.FirewallSupport;
import org.dasein.cloud.network.NetworkServices;
import org.dasein.cloud.network.Permission;
import org.dasein.cloud.network.Protocol;
import org.dasein.cloud.network.RuleTarget;
import org.dasein.cloud.network.VLAN;
import org.dasein.cloud.util.APITrace;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/dasein/cloud/test/FirewallTestCase.class */
public class FirewallTestCase extends BaseTestCase {
    private String killFirewallId;
    private CloudProvider provider;
    private Firewall testFirewall;
    private String testRuleId;
    private VLAN testVlan;
    public static final String T_FIREWALL_CONTENT = "testFirewallContent";
    public static final String T_GET_FIREWALL = "testGetFirewall";
    public static final String T_LIST_FIREWALL_RULES = "testListFirewallRules";
    public static final String T_ADD_STD_EGRESS_ALLOW = "testAddStandardEgressAllow";
    public static final String T_ADD_STD_EGRESS_DENY = "testAddStandardEgressDeny";
    public static final String T_ADD_STD_INGRESS_ALLOW = "testAddStandardIngressAllow";
    public static final String T_ADD_STD_INGRESS_DENY = "testAddStandardIngressDeny";
    public static final String T_REV_STD_EGRESS_ALLOW = "testRevokeStandardEgressAllow";
    public static final String T_REV_STD_EGRESS_DENY = "testRevokeStandardEgressDeny";
    public static final String T_REV_STD_INGRESS_ALLOW = "testRevokeStandardIngressAllow";
    public static final String T_REV_STD_INGRESS_DENY = "testRevokeStandardIngressDeny";
    private static final String[] needsFirewalls = {T_FIREWALL_CONTENT, T_GET_FIREWALL, T_LIST_FIREWALL_RULES, T_ADD_STD_EGRESS_ALLOW, T_ADD_STD_EGRESS_DENY, T_ADD_STD_INGRESS_ALLOW, T_ADD_STD_INGRESS_DENY, T_REV_STD_EGRESS_ALLOW, T_REV_STD_EGRESS_DENY, T_REV_STD_INGRESS_ALLOW, T_REV_STD_INGRESS_DENY};
    public static final String T_CREATE_VLAN_FIREWALL = "testCreateVLANFirewall";
    public static final String T_DELETE_FIREWALL = "testDeleteFirewall";
    public static final String T_ADD_VLAN_EGRESS_ALLOW = "testAddVLANEgressAllow";
    public static final String T_ADD_VLAN_EGRESS_DENY = "testAddVLANEgressDeny";
    public static final String T_ADD_VLAN_INGRESS_ALLOW = "testAddVLANIngressAllow";
    public static final String T_ADD_VLAN_INGRESS_DENY = "testAddVLANIngressDeny";
    public static final String T_REV_VLAN_EGRESS_ALLOW = "testRevokeVLANEgressAllow";
    public static final String T_REV_VLAN_EGRESS_DENY = "testRevokeVLANEgressDeny";
    public static final String T_REV_VLAN_INGRESS_ALLOW = "testRevokeVLANIngressAllow";
    public static final String T_REV_VLAN_INGRESS_DENY = "testRevokeVLANIngressDeny";
    private static final String[] needsVlans = {T_CREATE_VLAN_FIREWALL, T_DELETE_FIREWALL, T_ADD_VLAN_EGRESS_ALLOW, T_ADD_VLAN_EGRESS_DENY, T_ADD_VLAN_INGRESS_ALLOW, T_ADD_VLAN_INGRESS_DENY, T_REV_VLAN_EGRESS_ALLOW, T_REV_VLAN_EGRESS_DENY, T_REV_VLAN_INGRESS_ALLOW, T_REV_VLAN_INGRESS_DENY};
    private static int port = 81;

    public FirewallTestCase(String str) {
        super(str);
    }

    @Nonnull
    private FirewallSupport getSupport() {
        NetworkServices networkServices = this.provider.getNetworkServices();
        Assert.assertNotNull("No network services are part of this cloud", networkServices);
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        Assert.assertNotNull("No firewall support is part of this cloud", firewallSupport);
        return firewallSupport;
    }

    @Override // org.dasein.cloud.test.BaseTestCase
    public int getFirewallReuseCount() {
        return needsFirewalls.length;
    }

    @Override // org.dasein.cloud.test.BaseTestCase
    public int getVlanReuseCount() {
        return needsVlans.length;
    }

    @Before
    public void setUp() throws InstantiationException, IllegalAccessException, CloudException, InternalException {
        begin();
        this.provider = getProvider();
        this.provider.connect(getTestContext());
        if (getName().equals(T_FIREWALL_CONTENT) || getName().equals(T_GET_FIREWALL)) {
            this.testFirewall = findTestFirewall(this.provider, getSupport(), true, true, true);
        }
        if (getName().equals(T_CREATE_VLAN_FIREWALL) || getName().equals(T_DELETE_FIREWALL)) {
            this.testVlan = findTestVLAN(this.provider, this.provider.getNetworkServices().getVlanSupport(), true, true);
            if (this.testVlan != null) {
                boolean z = false;
                for (Direction direction : Direction.values()) {
                    Permission[] values = Permission.values();
                    int length = values.length;
                    int i = 0;
                    while (true) {
                        if (i < length) {
                            if (getSupport().supportsRules(direction, values[i], true)) {
                                z = true;
                                break;
                            }
                            i++;
                        }
                    }
                }
                if (z) {
                    Assert.fail("Unable to set up a VLAN for VLAN firewall tests");
                }
            }
        }
        if (getName().equals(T_DELETE_FIREWALL)) {
            String str = getName() + (System.currentTimeMillis() % 10000);
            if (!getSupport().supportsRules(Direction.INGRESS, Permission.ALLOW, false) && !getSupport().supportsRules(Direction.EGRESS, Permission.ALLOW, false) && !getSupport().supportsRules(Direction.INGRESS, Permission.DENY, false) && !getSupport().supportsRules(Direction.EGRESS, Permission.DENY, false)) {
                this.killFirewallId = getSupport().createInVLAN(str, str, this.testVlan.getProviderVlanId());
            }
            if (this.killFirewallId == null) {
                this.killFirewallId = getSupport().create(str, str);
            }
        }
        if (getName().equals(T_LIST_FIREWALL_RULES) || getName().equals(T_ADD_STD_EGRESS_ALLOW) || getName().equals(T_ADD_STD_EGRESS_DENY) || getName().equals(T_ADD_STD_INGRESS_ALLOW) || getName().equals(T_ADD_STD_INGRESS_DENY) || getName().equals(T_REV_STD_EGRESS_ALLOW) || getName().equals(T_REV_STD_EGRESS_DENY) || getName().equals(T_REV_STD_INGRESS_ALLOW) || getName().equals(T_REV_STD_INGRESS_DENY)) {
            this.testFirewall = findTestFirewall(this.provider, getSupport(), false, false, true);
            Assert.assertNotNull("No test firewall was created", this.testFirewall);
            if (!getName().startsWith("testAdd")) {
                this.testRuleId = getSupport().authorize(this.testFirewall.getProviderFirewallId(), "209.98.98.98/32", Protocol.TCP, 80, 80);
            }
        }
        if (getName().equals(T_ADD_VLAN_EGRESS_ALLOW) || getName().equals(T_ADD_VLAN_EGRESS_DENY) || getName().equals(T_ADD_VLAN_INGRESS_ALLOW) || getName().equals(T_ADD_VLAN_INGRESS_DENY) || getName().equals(T_REV_VLAN_EGRESS_ALLOW) || getName().equals(T_REV_VLAN_EGRESS_DENY) || getName().equals(T_REV_VLAN_INGRESS_ALLOW) || getName().equals(T_REV_VLAN_INGRESS_DENY)) {
            this.provider.getNetworkServices().getVlanSupport();
            if (this.testVlan != null) {
                boolean z2 = false;
                for (Direction direction2 : Direction.values()) {
                    Permission[] values2 = Permission.values();
                    int length2 = values2.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 < length2) {
                            if (getSupport().supportsRules(direction2, values2[i2], true)) {
                                z2 = true;
                                break;
                            }
                            i2++;
                        }
                    }
                }
                if (z2) {
                    Assert.fail("Unable to set up a VLAN for VLAN firewall tests");
                }
            }
            String str2 = getName() + (System.currentTimeMillis() % 10000);
            if (getSupport().supportsRules(Direction.INGRESS, Permission.ALLOW, true) || getSupport().supportsRules(Direction.EGRESS, Permission.ALLOW, true) || getSupport().supportsRules(Direction.INGRESS, Permission.DENY, true) || getSupport().supportsRules(Direction.EGRESS, Permission.DENY, false)) {
                this.killFirewallId = getSupport().createInVLAN(str2, str2, this.testVlan.getProviderVlanId());
                this.testFirewall = getSupport().getFirewall(this.killFirewallId);
            }
            if (getName().startsWith("testAdd") || this.testFirewall == null) {
                return;
            }
            this.testRuleId = getSupport().authorize(this.testFirewall.getProviderFirewallId(), "209.98.98.98/32", Protocol.TCP, 80, 80);
        }
    }

    @After
    public void tearDown() {
        try {
            try {
                if (this.testFirewall != null && getName().startsWith("testAdd")) {
                    Iterator it = getSupport().getRules(this.testFirewall.getProviderFirewallId()).iterator();
                    while (it.hasNext()) {
                        getSupport().revoke(((FirewallRule) it.next()).getProviderRuleId());
                    }
                }
            } finally {
                end();
            }
        } catch (Throwable th) {
        }
        this.testRuleId = null;
        cleanUp(this.provider);
        if (this.killFirewallId != null) {
            cleanFirewall(getSupport(), this.killFirewallId);
            this.killFirewallId = null;
        }
        this.testFirewall = null;
        this.testVlan = null;
        APITrace.report(getName());
        APITrace.reset();
        try {
            if (this.provider != null) {
                this.provider.close();
            }
        } catch (Throwable th2) {
        }
    }

    @Test
    public void testMetaData() throws CloudException, InternalException {
        FirewallSupport support = getSupport();
        boolean z = false;
        out("Firewall term:                       " + support.getProviderTermForFirewall(Locale.getDefault()));
        out("Subscribed:                          " + support.isSubscribed());
        out("Supports other firewalls as sources: " + support.supportsFirewallSources());
        for (Direction direction : Direction.values()) {
            for (Permission permission : Permission.values()) {
                boolean supportsRules = support.supportsRules(direction, permission, false);
                if (supportsRules) {
                    z = true;
                }
                out("Supports global " + direction + "/" + permission + ": " + supportsRules);
                boolean supportsRules2 = support.supportsRules(direction, permission, true);
                if (supportsRules2) {
                    z = true;
                }
                out("Supports VLAN " + direction + "/" + permission + ":   " + supportsRules2);
            }
        }
        Assert.assertNotNull("Provider term may not be null", support.getProviderTermForFirewall(Locale.getDefault()));
        Assert.assertTrue("No kinds of firewall rules are supported", z);
    }

    @Test
    public void testListFirewalls() throws CloudException, InternalException {
        Collection list = getSupport().list();
        boolean z = false;
        Assert.assertNotNull("The list of firewalls may not be null", list);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            out("Firewall: " + ((Firewall) it.next()));
            z = true;
        }
        if (z) {
            return;
        }
        out("WARNING: No firewalls were in the firewall list, so test may not be valid");
    }

    @Test
    public void testListFirewallStatus() throws CloudException, InternalException {
        Iterable listFirewallStatus = getSupport().listFirewallStatus();
        boolean z = false;
        Assert.assertNotNull("The list of firewall status may not be null", listFirewallStatus);
        Iterator it = listFirewallStatus.iterator();
        while (it.hasNext()) {
            out("Firewall status: " + ((ResourceStatus) it.next()));
            z = true;
        }
        if (z) {
            return;
        }
        out("WARNING: No firewalls were in the firewall status list, so test may not be valid");
    }

    @Test
    public void testFirewallContent() throws CloudException, InternalException {
        out("ID:          " + this.testFirewall.getProviderFirewallId());
        out("Active:      " + this.testFirewall.isActive());
        out("Available:   " + this.testFirewall.isAvailable());
        out("Region ID:   " + this.testFirewall.getRegionId());
        out("Name:        " + this.testFirewall.getName());
        out("VLAN ID:     " + this.testFirewall.getProviderVlanId());
        out("Description: " + this.testFirewall.getDescription());
        Assert.assertNotNull("Firewall ID may not be null", this.testFirewall.getProviderFirewallId());
        Assert.assertNotNull("Region ID may not be null", this.testFirewall.getRegionId());
        Assert.assertNotNull("Name may not be null", this.testFirewall.getName());
        Assert.assertNotNull("Description may not be null", this.testFirewall.getDescription());
    }

    @Test
    public void testGetFirewall() throws CloudException, InternalException {
        Firewall firewall = getSupport().getFirewall(this.testFirewall.getProviderFirewallId());
        out("Got: " + firewall);
        Assert.assertNotNull("Could not find the test firewall", firewall);
    }

    @Test
    public void testGetBogusFirewall() throws CloudException, InternalException {
        Firewall firewall = getSupport().getFirewall(UUID.randomUUID().toString());
        out("Got: " + firewall);
        Assert.assertNull("Found a firewall matching the bogus ID", firewall);
    }

    @Test
    public void testCreateStandardFirewall() throws CloudException, InternalException {
        try {
            this.killFirewallId = getSupport().create(getName() + (System.currentTimeMillis() % 10000), "Test firewall for " + getName());
            out("Created: " + this.killFirewallId);
            Assert.assertNotNull("The create method must throw an exception or return a firewall ID", this.killFirewallId);
            Assert.assertNotNull("The newly created firewall doesn't really exist", getSupport().getFirewall(this.killFirewallId));
        } catch (OperationNotSupportedException e) {
            if (!getSupport().supportsRules(Direction.INGRESS, Permission.ALLOW, false) && !getSupport().supportsRules(Direction.EGRESS, Permission.ALLOW, false) && !getSupport().supportsRules(Direction.INGRESS, Permission.DENY, false) && !getSupport().supportsRules(Direction.EGRESS, Permission.DENY, false)) {
                out("Got error indicating lack of support for standard firewalls (OK)");
            }
            Assert.fail("Support for standard firewalls does not exist even though meta-data claims it is");
        }
    }

    @Test
    public void testCreateVLANFirewall() throws CloudException, InternalException {
        try {
            this.killFirewallId = getSupport().createInVLAN(getName() + (System.currentTimeMillis() % 10000), "Test firewall for " + getName(), this.testVlan == null ? UUID.randomUUID().toString() : this.testVlan.getProviderVlanId());
            out("Created: " + this.killFirewallId);
            Assert.assertNotNull("The create method must throw an exception or return a firewall ID", this.killFirewallId);
            Assert.assertNotNull("The newly created firewall doesn't really exist", getSupport().getFirewall(this.killFirewallId));
        } catch (OperationNotSupportedException e) {
            if (getSupport().supportsRules(Direction.INGRESS, Permission.ALLOW, true) || getSupport().supportsRules(Direction.EGRESS, Permission.ALLOW, true) || getSupport().supportsRules(Direction.INGRESS, Permission.DENY, true) || getSupport().supportsRules(Direction.EGRESS, Permission.DENY, true)) {
                Assert.fail("Support for VLAN firewalls does not exist even though meta-data claims it is");
            } else {
                out("Got error indicating lack of support for VLAN firewalls (OK)");
            }
        }
    }

    @Test
    public void testDeleteFirewall() throws CloudException, InternalException {
        getSupport().delete(this.killFirewallId);
        out("Deleted");
        Firewall firewall = getSupport().getFirewall(this.killFirewallId);
        Assert.assertTrue("Found the test firewall after delete", firewall == null || !firewall.isActive());
    }

    @Test
    public void testListFirewallRules() throws CloudException, InternalException {
        Collection rules = getSupport().getRules(this.testFirewall.getProviderFirewallId());
        boolean z = false;
        Assert.assertNotNull("Firewall rules may not be null", rules);
        Iterator it = rules.iterator();
        while (it.hasNext()) {
            out("Rule: " + ((FirewallRule) it.next()));
            z = true;
        }
        Assert.assertTrue("No firewall rule was found even though one is known to exist", z);
    }

    private void testAddRule(Direction direction, Permission permission) throws CloudException, InternalException {
        RuleTarget cidr;
        RuleTarget global;
        if (this.testFirewall == null) {
            if (!getSupport().supportsRules(direction, permission, getName().contains("VLAN"))) {
                out("Rule type not supported (OK)");
                return;
            }
            Assert.fail("No test firewall even though these type of rules are supported");
        }
        int i = port;
        port = i + 1;
        try {
            String providerFirewallId = this.testFirewall.getProviderFirewallId();
            if (providerFirewallId == null) {
                Assert.fail("Firewall has no ID");
            }
            if (direction.equals(Direction.INGRESS)) {
                global = RuleTarget.getCIDR("209.98.98.98/32");
                cidr = RuleTarget.getGlobal(providerFirewallId);
            } else {
                cidr = RuleTarget.getCIDR("209.98.98.98/32");
                global = RuleTarget.getGlobal(providerFirewallId);
            }
            String authorize = getSupport().authorize(providerFirewallId, direction, permission, global, Protocol.TCP, cidr, i, i, 0);
            out("Created rule: " + authorize);
            Iterator it = getSupport().getRules(providerFirewallId).iterator();
            while (it.hasNext()) {
                if (((FirewallRule) it.next()).getProviderRuleId().equals(authorize)) {
                    return;
                }
            }
            Assert.fail("Failed to identify new rule in the list of firewall rules");
        } catch (OperationNotSupportedException e) {
            boolean z = this.testFirewall.getProviderVlanId() != null;
            Assert.assertFalse("Attempt to authorize failed even though support is indicated", getSupport().supportsRules(direction, permission, z));
            out("Error indicating lack of support for " + direction + "/" + permission + "/" + z + " (OK)");
        }
    }

    @Test
    public void testAddStandardIngressAllow() throws CloudException, InternalException {
        testAddRule(Direction.INGRESS, Permission.ALLOW);
    }

    @Test
    public void testAddStandardIngressDeny() throws CloudException, InternalException {
        testAddRule(Direction.INGRESS, Permission.DENY);
    }

    @Test
    public void testAddStandardEgressAllow() throws CloudException, InternalException {
        testAddRule(Direction.EGRESS, Permission.ALLOW);
    }

    @Test
    public void testAddStandardEgressDeny() throws CloudException, InternalException {
        testAddRule(Direction.EGRESS, Permission.DENY);
    }

    @Test
    public void testAddVLANIngressAllow() throws CloudException, InternalException {
        testAddRule(Direction.INGRESS, Permission.ALLOW);
    }

    @Test
    public void testAddVLANIngressDeny() throws CloudException, InternalException {
        testAddRule(Direction.INGRESS, Permission.DENY);
    }

    @Test
    public void testAddVLANEgressAllow() throws CloudException, InternalException {
        testAddRule(Direction.EGRESS, Permission.ALLOW);
    }

    @Test
    public void testAddVLANEgressDeny() throws CloudException, InternalException {
        testAddRule(Direction.EGRESS, Permission.DENY);
    }

    private void testRemoveRule(Direction direction, Permission permission) throws CloudException, InternalException {
        if (this.testRuleId == null) {
            if (!getSupport().supportsRules(direction, permission, getName().contains("VLAN"))) {
                out("Rule type not supported (OK)");
                return;
            }
            Assert.fail("No test firewall even though these type of rules are supported");
        }
        getSupport().revoke(this.testRuleId);
        out("Removed rule: " + this.testRuleId);
        Iterator it = getSupport().getRules(this.testFirewall.getProviderFirewallId()).iterator();
        while (it.hasNext()) {
            if (((FirewallRule) it.next()).getProviderRuleId().equals(this.testRuleId)) {
                Assert.fail("Found the test rule among the rules for the firewall post-removal");
            }
        }
    }

    @Test
    public void testRevokeStandardIngressAllow() throws CloudException, InternalException {
        testRemoveRule(Direction.INGRESS, Permission.ALLOW);
    }

    @Test
    public void testRevokeStandardIngressDeny() throws CloudException, InternalException {
        testRemoveRule(Direction.INGRESS, Permission.DENY);
    }

    @Test
    public void testRevokeStandardEgressAllow() throws CloudException, InternalException {
        testRemoveRule(Direction.EGRESS, Permission.ALLOW);
    }

    @Test
    public void testRevokeStandardEgressDeny() throws CloudException, InternalException {
        testRemoveRule(Direction.EGRESS, Permission.DENY);
    }

    @Test
    public void testRevokeVLANIngressAllow() throws CloudException, InternalException {
        testRemoveRule(Direction.INGRESS, Permission.ALLOW);
    }

    @Test
    public void testRevokeVLANIngressDeny() throws CloudException, InternalException {
        testRemoveRule(Direction.INGRESS, Permission.DENY);
    }

    @Test
    public void testRevokeVLANEgressAllow() throws CloudException, InternalException {
        testRemoveRule(Direction.EGRESS, Permission.ALLOW);
    }

    @Test
    public void testRevokeVLANEgressDeny() throws CloudException, InternalException {
        testRemoveRule(Direction.EGRESS, Permission.DENY);
    }
}
