package org.dasein.cloud.test.network;

import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.UUID;
import javax.annotation.Nonnull;
import org.dasein.cloud.CloudException;
import org.dasein.cloud.InternalException;
import org.dasein.cloud.OperationNotSupportedException;
import org.dasein.cloud.Requirement;
import org.dasein.cloud.compute.ComputeServices;
import org.dasein.cloud.compute.VMLaunchOptions;
import org.dasein.cloud.compute.VirtualMachine;
import org.dasein.cloud.compute.VirtualMachineSupport;
import org.dasein.cloud.dc.DataCenter;
import org.dasein.cloud.network.Direction;
import org.dasein.cloud.network.Firewall;
import org.dasein.cloud.network.FirewallRule;
import org.dasein.cloud.network.FirewallSupport;
import org.dasein.cloud.network.NetworkServices;
import org.dasein.cloud.network.Permission;
import org.dasein.cloud.network.Protocol;
import org.dasein.cloud.network.RuleTarget;
import org.dasein.cloud.network.RuleTargetType;
import org.dasein.cloud.network.Subnet;
import org.dasein.cloud.network.VLAN;
import org.dasein.cloud.test.DaseinTestManager;
import org.dasein.cloud.test.compute.ComputeResources;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;

/* loaded from: input_file:org/dasein/cloud/test/network/StatefulFirewallTests.class */
public class StatefulFirewallTests {
    private static DaseinTestManager tm;
    private static int port = 81;

    @Rule
    public final TestName name = new TestName();
    private String testFirewallId;
    private String testRuleId;
    private String testVLANId;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.dasein.cloud.test.network.StatefulFirewallTests$1, reason: invalid class name */
    /* loaded from: input_file:org/dasein/cloud/test/network/StatefulFirewallTests$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$dasein$cloud$network$RuleTargetType = new int[RuleTargetType.values().length];

        static {
            try {
                $SwitchMap$org$dasein$cloud$network$RuleTargetType[RuleTargetType.CIDR.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$dasein$cloud$network$RuleTargetType[RuleTargetType.GLOBAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$dasein$cloud$network$RuleTargetType[RuleTargetType.VLAN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$dasein$cloud$network$RuleTargetType[RuleTargetType.VM.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    @BeforeClass
    public static void configure() {
        tm = new DaseinTestManager(StatefulFirewallTests.class);
    }

    @AfterClass
    public static void cleanUp() {
        if (tm != null) {
            tm.close();
        }
    }

    @Before
    public void before() {
        VirtualMachineSupport virtualMachineSupport;
        NetworkServices networkServices;
        FirewallSupport firewallSupport;
        RuleTarget global;
        RuleTarget randomEndpoint;
        tm.begin(this.name.getMethodName());
        Assume.assumeTrue(!tm.isTestSkipped());
        if (this.name.getMethodName().equals("createVLANFirewall") || this.name.getMethodName().equals("createVLANFirewallWithRule") || this.name.getMethodName().equals("createVLANFirewallAndAddAndRemoveIcmpRule")) {
            this.testVLANId = tm.getTestVLANId(DaseinTestManager.STATEFUL, true, null);
            return;
        }
        if (this.name.getMethodName().equals("launchVM") || this.name.getMethodName().equals("verifyDuplicateRejection")) {
            ComputeServices computeServices = tm.getProvider().getComputeServices();
            if (computeServices == null) {
                virtualMachineSupport = null;
            } else {
                try {
                    virtualMachineSupport = computeServices.getVirtualMachineSupport();
                } catch (Throwable th) {
                    return;
                }
            }
            VirtualMachineSupport virtualMachineSupport2 = virtualMachineSupport;
            if ((virtualMachineSupport2 == null || virtualMachineSupport2.getCapabilities().identifyVlanRequirement().equals(Requirement.NONE)) ? false : true) {
                this.testVLANId = tm.getTestVLANId(DaseinTestManager.STATEFUL, true, null);
                if (this.testVLANId == null) {
                    this.testVLANId = tm.getTestVLANId(DaseinTestManager.STATELESS, false, null);
                }
            }
            NetworkServices networkServices2 = tm.getProvider().getNetworkServices();
            FirewallSupport firewallSupport2 = networkServices2 == null ? null : networkServices2.getFirewallSupport();
            if ((firewallSupport2 == null || firewallSupport2.getCapabilities().requiresVLAN().equals(Requirement.NONE)) ? false : true) {
                this.testFirewallId = tm.getTestVLANFirewallId(DaseinTestManager.STATEFUL, true, this.testVLANId);
            } else {
                this.testFirewallId = tm.getTestGeneralFirewallId(DaseinTestManager.STATEFUL, true);
            }
            return;
        }
        if (this.name.getMethodName().equals("removeFirewall")) {
            this.testFirewallId = tm.getTestAnyFirewallId(DaseinTestManager.REMOVED, true);
            return;
        }
        if (this.name.getMethodName().startsWith("addGeneral")) {
            this.testFirewallId = tm.getTestGeneralFirewallId(DaseinTestManager.STATEFUL, true);
            return;
        }
        if (this.name.getMethodName().startsWith("addVLAN")) {
            this.testFirewallId = tm.getTestVLANFirewallId(DaseinTestManager.STATEFUL, true, null);
            return;
        }
        if (this.name.getMethodName().startsWith("revoke")) {
            if (this.name.getMethodName().startsWith("revokeGeneral")) {
                this.testFirewallId = tm.getTestGeneralFirewallId(DaseinTestManager.STATEFUL, true);
            } else {
                this.testFirewallId = tm.getTestVLANFirewallId(DaseinTestManager.STATEFUL, true, null);
            }
            if (this.testFirewallId == null || (networkServices = tm.getProvider().getNetworkServices()) == null || (firewallSupport = networkServices.getFirewallSupport()) == null) {
                return;
            }
            Permission permission = null;
            Direction direction = null;
            int i = port;
            port = i + 1;
            if (this.name.getMethodName().contains("IngressAllow")) {
                direction = Direction.INGRESS;
                permission = Permission.ALLOW;
            } else if (this.name.getMethodName().contains("IngressDeny")) {
                direction = Direction.INGRESS;
                permission = Permission.DENY;
            } else if (this.name.getMethodName().contains("EgressAllow")) {
                direction = Direction.EGRESS;
                permission = Permission.ALLOW;
            } else if (this.name.getMethodName().contains("EgressDeny")) {
                direction = Direction.EGRESS;
                permission = Permission.DENY;
            }
            if (direction == null || permission == null) {
                return;
            }
            RuleTargetType ruleTargetType = RuleTargetType.CIDR;
            if (this.name.getMethodName().contains("Global") && !this.name.getMethodName().contains("OldStyle")) {
                ruleTargetType = RuleTargetType.GLOBAL;
            }
            if (direction.equals(Direction.INGRESS)) {
                global = getRandomEndpoint(ruleTargetType);
                randomEndpoint = RuleTarget.getGlobal(this.testFirewallId);
            } else {
                global = RuleTarget.getGlobal(this.testFirewallId);
                randomEndpoint = getRandomEndpoint(ruleTargetType);
            }
            try {
                this.testRuleId = firewallSupport.authorize(this.testFirewallId, direction, permission, global, Protocol.TCP, randomEndpoint, i, i, 0);
            } catch (Throwable th2) {
            }
        }
    }

    @After
    public void after() {
        try {
            this.testVLANId = null;
            this.testFirewallId = null;
            this.testRuleId = null;
            tm.end();
        } catch (Throwable th) {
            tm.end();
            throw th;
        }
    }

    @Nonnull
    private RuleTarget getRandomEndpoint(@Nonnull RuleTargetType ruleTargetType) {
        switch (AnonymousClass1.$SwitchMap$org$dasein$cloud$network$RuleTargetType[ruleTargetType.ordinal()]) {
            case 1:
                return RuleTarget.getCIDR(NetworkResources.TEST_CIDR);
            case 2:
                String testAnyFirewallId = tm.getTestAnyFirewallId("endpoint", true);
                if (testAnyFirewallId != null) {
                    return RuleTarget.getGlobal(testAnyFirewallId);
                }
                break;
        }
        Assert.fail("Unable to generate an appropriate endpoint type");
        return null;
    }

    private void checkAddRule(Direction direction, Permission permission, boolean z, RuleTargetType ruleTargetType) throws CloudException, InternalException {
        RuleTarget randomEndpoint;
        RuleTarget global;
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        if (this.testFirewallId == null) {
            if (!firewallSupport.getCapabilities().supportsFirewallCreation(z)) {
                tm.warn("Could not create a test firewall to verify rule adding, so this test is definitely not valid");
                return;
            } else if (firewallSupport.getCapabilities().supportsRules(direction, permission, z)) {
                Assert.fail("No test firewall even though these type of rules are supported");
                return;
            } else {
                tm.ok("Rule type " + direction + "/" + permission + " not supported");
                return;
            }
        }
        int i = port;
        port = i + 1;
        if (direction.equals(Direction.INGRESS)) {
            global = getRandomEndpoint(ruleTargetType);
            randomEndpoint = RuleTarget.getGlobal(this.testFirewallId);
        } else {
            randomEndpoint = getRandomEndpoint(ruleTargetType);
            global = RuleTarget.getGlobal(this.testFirewallId);
        }
        boolean z2 = false;
        Iterator it = firewallSupport.getCapabilities().listSupportedSourceTypes(z).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (((RuleTargetType) it.next()).equals(global.getRuleTargetType())) {
                z2 = true;
                break;
            }
        }
        if (!z2) {
            tm.ok("Source type " + global.getRuleTargetType() + " is not supported");
            return;
        }
        boolean z3 = false;
        Iterator it2 = firewallSupport.getCapabilities().listSupportedDestinationTypes(z).iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            } else if (((RuleTargetType) it2.next()).equals(randomEndpoint.getRuleTargetType())) {
                z3 = true;
                break;
            }
        }
        if (!z3) {
            tm.ok("Destination type " + randomEndpoint.getRuleTargetType() + " is not supported");
            return;
        }
        if (!firewallSupport.getCapabilities().supportsRules(direction, permission, z)) {
            try {
                firewallSupport.authorize(this.testFirewallId, direction, permission, global, Protocol.TCP, randomEndpoint, i, i, 0);
                return;
            } catch (OperationNotSupportedException e) {
                tm.ok("OperationNotSupportedException caught indicating lack of support for " + direction + "/" + permission + "/" + z);
                return;
            }
        }
        String authorize = firewallSupport.authorize(this.testFirewallId, direction, permission, global, Protocol.TCP, randomEndpoint, i, i, 0);
        boolean z4 = false;
        tm.out("New Rule", authorize);
        Iterator it3 = firewallSupport.getRules(this.testFirewallId).iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            } else if (((FirewallRule) it3.next()).getProviderRuleId().equals(authorize)) {
                z4 = true;
                break;
            }
        }
        tm.out("Listed", z4);
        Assert.assertTrue("Failed to identify new rule in the list of firewall rules", z4);
    }

    private void checkRemoveRule(Direction direction, Permission permission, boolean z, boolean z2) throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        if (this.testRuleId == null) {
            if (!firewallSupport.getCapabilities().supportsRules(direction, permission, z)) {
                tm.ok("Rule type not supported");
                return;
            }
            RuleTargetType ruleTargetType = RuleTargetType.CIDR;
            if (this.name.getMethodName().contains("Global")) {
                ruleTargetType = RuleTargetType.GLOBAL;
            }
            boolean z3 = false;
            if (direction.equals(Direction.INGRESS)) {
                Iterator it = firewallSupport.getCapabilities().listSupportedSourceTypes(z).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    } else if (((RuleTargetType) it.next()).equals(ruleTargetType)) {
                        z3 = true;
                        break;
                    }
                }
            } else {
                Iterator it2 = firewallSupport.getCapabilities().listSupportedDestinationTypes(z).iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    } else if (((RuleTargetType) it2.next()).equals(ruleTargetType)) {
                        z3 = true;
                        break;
                    }
                }
            }
            if (!z3) {
                tm.ok("Rule targe type " + ruleTargetType + " is not supported");
                return;
            }
            Assert.fail("No test rule exists even though these type of rules are supported");
        }
        if (z2) {
            FirewallRule firewallRule = null;
            Iterator it3 = firewallSupport.getRules(this.testFirewallId).iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                FirewallRule firewallRule2 = (FirewallRule) it3.next();
                if (firewallRule2.getProviderRuleId().equals(this.testRuleId)) {
                    firewallRule = firewallRule2;
                    break;
                }
            }
            Assert.assertNotNull("Test firewall rule cannot be found for " + this.testRuleId, firewallRule);
            if (direction.equals(Direction.INGRESS)) {
                firewallSupport.revoke(this.testFirewallId, direction, permission, firewallRule.getSource(), firewallRule.getProtocol(), firewallRule.getDestinationEndpoint(), firewallRule.getStartPort(), firewallRule.getEndPort());
            } else {
                RuleTarget destinationEndpoint = firewallRule.getDestinationEndpoint();
                String str = null;
                switch (AnonymousClass1.$SwitchMap$org$dasein$cloud$network$RuleTargetType[destinationEndpoint.getRuleTargetType().ordinal()]) {
                    case 1:
                        str = destinationEndpoint.getCidr();
                        break;
                    case 2:
                        str = destinationEndpoint.getProviderFirewallId();
                        break;
                    case 3:
                        str = destinationEndpoint.getProviderVlanId();
                        break;
                    case 4:
                        str = destinationEndpoint.getProviderVirtualMachineId();
                        break;
                }
                junit.framework.Assert.assertNotNull("Unknown target type: " + destinationEndpoint.getRuleTargetType(), str);
                firewallSupport.revoke(this.testFirewallId, direction, permission, str, firewallRule.getProtocol(), firewallRule.getSourceEndpoint(), firewallRule.getStartPort(), firewallRule.getEndPort());
                try {
                    Thread.sleep(2000L);
                } catch (InterruptedException e) {
                }
            }
        } else {
            firewallSupport.revoke(this.testRuleId);
        }
        boolean z4 = false;
        Iterator it4 = firewallSupport.getRules(this.testFirewallId).iterator();
        while (it4.hasNext()) {
            if (((FirewallRule) it4.next()).getProviderRuleId().equals(this.testRuleId)) {
                z4 = true;
            }
        }
        tm.out("Rule Present", z4);
        Assert.assertFalse("Found the test rule among the rules for the firewall post-removal", z4);
    }

    @Test
    public void createGeneralFirewall() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        NetworkResources networkResources = DaseinTestManager.getNetworkResources();
        if (networkResources == null) {
            Assert.fail("Network resources failed to initialize for " + tm.getProvider().getCloudName());
            return;
        }
        if (firewallSupport.getCapabilities().supportsFirewallCreation(false)) {
            String provisionFirewall = networkResources.provisionFirewall("provisionFirewall", null);
            tm.out("New Firewall", provisionFirewall);
            Assert.assertNotNull("No firewall was created by this test", provisionFirewall);
        } else {
            try {
                networkResources.provisionFirewall(this.name.getMethodName(), null);
                Assert.fail("Firewall provisioning completed even though general firewall creation is not supported");
            } catch (OperationNotSupportedException e) {
                tm.ok("Caught OperationNotSupportedException as expected for " + this.name.getMethodName());
            }
        }
    }

    @Test
    public void createGeneralFirewallWithRule() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        NetworkResources networkResources = DaseinTestManager.getNetworkResources();
        if (networkResources == null) {
            Assert.fail("Network resources failed to initialize for " + tm.getProvider().getCloudName());
            return;
        }
        int i = port;
        port = i + 1;
        if (!firewallSupport.getCapabilities().supportsFirewallCreation(false)) {
            try {
                networkResources.provisionFirewall(this.name.getMethodName(), null, networkResources.constructRuleCreateOptions(i, Direction.INGRESS, Permission.ALLOW));
                Assert.fail("Firewall provisioning completed even though general firewall creation is not supported");
                return;
            } catch (OperationNotSupportedException e) {
                tm.ok("Caught OperationNotSupportedException as expected for " + this.name.getMethodName());
                return;
            }
        }
        String provisionFirewall = networkResources.provisionFirewall("provisionFirewall", null, networkResources.constructRuleCreateOptions(i, Direction.INGRESS, Permission.ALLOW));
        tm.out("New Firewall", provisionFirewall);
        Assert.assertNotNull("No firewall was created by this test", provisionFirewall);
        Collection rules = firewallSupport.getRules(provisionFirewall);
        tm.out("Initial rules", rules);
        Assert.assertNotNull("Firewall rules are null post firewall create of " + provisionFirewall, rules);
        boolean z = false;
        Iterator it = firewallSupport.getRules(provisionFirewall).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            FirewallRule firewallRule = (FirewallRule) it.next();
            tm.out("\tRule", firewallRule);
            RuleTarget sourceEndpoint = firewallRule.getSourceEndpoint();
            RuleTarget destinationEndpoint = firewallRule.getDestinationEndpoint();
            if (sourceEndpoint.getRuleTargetType().equals(RuleTargetType.CIDR) && destinationEndpoint.getRuleTargetType().equals(RuleTargetType.GLOBAL) && provisionFirewall.equals(destinationEndpoint.getProviderFirewallId()) && NetworkResources.TEST_CIDR.equals(sourceEndpoint.getCidr())) {
                z = true;
                break;
            }
        }
        Assert.assertTrue("The initial rule was not created with the test firewall", z);
    }

    @Test
    public void createVLANFirewall() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        NetworkResources networkResources = DaseinTestManager.getNetworkResources();
        if (networkResources == null) {
            Assert.fail("Network resources failed to initialize for " + tm.getProvider().getCloudName());
            return;
        }
        if (!firewallSupport.getCapabilities().supportsFirewallCreation(true)) {
            try {
                networkResources.provisionFirewall(this.name.getMethodName(), this.testVLANId == null ? UUID.randomUUID().toString() : this.testVLANId);
                Assert.fail("Firewall provisioning completed even though VLAN firewall creation is not supported");
                return;
            } catch (OperationNotSupportedException e) {
                tm.ok("Caught OperationNotSupportedException as expected for " + this.name.getMethodName());
                return;
            }
        }
        if (this.testVLANId == null) {
            Assert.fail("Firewall creation in VLANs is supposedly supported, but there's not test VLAN ID");
            return;
        }
        String provisionFirewall = networkResources.provisionFirewall("provision", this.testVLANId);
        tm.out("New VLAN Firewall", provisionFirewall);
        Assert.assertNotNull("No VLAN firewall was created by this test", provisionFirewall);
    }

    @Test
    public void createVLANFirewallWithRule() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        NetworkResources networkResources = DaseinTestManager.getNetworkResources();
        if (networkResources == null) {
            Assert.fail("Network resources failed to initialize for " + tm.getProvider().getCloudName());
            return;
        }
        int i = port;
        port = i + 1;
        if (!firewallSupport.getCapabilities().supportsFirewallCreation(true)) {
            try {
                networkResources.provisionFirewall(this.name.getMethodName(), this.testVLANId == null ? UUID.randomUUID().toString() : this.testVLANId, networkResources.constructRuleCreateOptions(i, Direction.INGRESS, Permission.ALLOW));
                Assert.fail("Firewall provisioning completed even though VLAN firewall creation is not supported");
                return;
            } catch (OperationNotSupportedException e) {
                tm.ok("Caught OperationNotSupportedException as expected for " + this.name.getMethodName());
                return;
            }
        }
        if (this.testVLANId == null) {
            Assert.fail("Firewall creation in VLANs is supposedly supported, but there's not test VLAN ID");
            return;
        }
        String provisionFirewall = networkResources.provisionFirewall("provision", this.testVLANId, networkResources.constructRuleCreateOptions(i, Direction.INGRESS, Permission.ALLOW));
        tm.out("New VLAN Firewall", provisionFirewall);
        Assert.assertNotNull("No VLAN firewall was created by this test", provisionFirewall);
        Collection rules = firewallSupport.getRules(provisionFirewall);
        tm.out("Initial rules", rules);
        Assert.assertNotNull("Firewall rules are null post firewall create of " + provisionFirewall, rules);
        boolean z = false;
        Iterator it = firewallSupport.getRules(provisionFirewall).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            FirewallRule firewallRule = (FirewallRule) it.next();
            tm.out("\tRule", firewallRule);
            RuleTarget sourceEndpoint = firewallRule.getSourceEndpoint();
            RuleTarget destinationEndpoint = firewallRule.getDestinationEndpoint();
            if (sourceEndpoint.getRuleTargetType().equals(RuleTargetType.CIDR) && destinationEndpoint.getRuleTargetType().equals(RuleTargetType.GLOBAL) && provisionFirewall.equals(destinationEndpoint.getProviderFirewallId()) && NetworkResources.TEST_CIDR.equals(sourceEndpoint.getCidr())) {
                z = true;
                break;
            }
        }
        Assert.assertTrue("The initial rule was not created with the test firewall", z);
    }

    @Test
    public void addGeneralIngressAllow() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.ALLOW, false, RuleTargetType.CIDR);
    }

    @Test
    public void addGeneralIngressDeny() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.DENY, false, RuleTargetType.CIDR);
    }

    @Test
    public void addGeneralEgressAllow() throws CloudException, InternalException {
        checkAddRule(Direction.EGRESS, Permission.ALLOW, false, RuleTargetType.CIDR);
    }

    @Test
    public void addGeneralEgressDeny() throws CloudException, InternalException {
        checkAddRule(Direction.EGRESS, Permission.DENY, false, RuleTargetType.CIDR);
    }

    @Test
    public void addVLANIngressAllow() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.ALLOW, true, RuleTargetType.CIDR);
    }

    @Test
    public void addVLANIngressDeny() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.DENY, true, RuleTargetType.CIDR);
    }

    @Test
    public void addVLANEgressAllow() throws CloudException, InternalException {
        checkAddRule(Direction.EGRESS, Permission.ALLOW, true, RuleTargetType.CIDR);
    }

    @Test
    public void addVLANEgressDeny() throws CloudException, InternalException {
        checkAddRule(Direction.EGRESS, Permission.DENY, true, RuleTargetType.CIDR);
    }

    @Test
    public void addGeneralIngressAllowGlobal() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.ALLOW, false, RuleTargetType.GLOBAL);
    }

    @Test
    public void revokeGeneralIngressAllow() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.ALLOW, false, false);
    }

    @Test
    public void revokeGeneralIngressDeny() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.DENY, false, false);
    }

    @Test
    public void revokeGeneralEgressAllow() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.ALLOW, false, false);
    }

    @Test
    public void revokeGeneralEgressDeny() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.DENY, false, false);
    }

    @Test
    public void revokeVLANIngressAllow() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.ALLOW, true, false);
    }

    @Test
    public void revokeVLANIngressDeny() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.DENY, true, false);
    }

    @Test
    public void revokeVLANEgressAllow() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.ALLOW, true, false);
    }

    @Test
    public void revokeVLANEgressDeny() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.DENY, true, false);
    }

    @Test
    public void revokeGeneralIngressAllowOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.ALLOW, false, true);
    }

    @Test
    public void revokeGeneralIngressDenyOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.DENY, false, true);
    }

    @Test
    public void revokeGeneralEgressAllowOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.ALLOW, false, true);
    }

    @Test
    public void revokeGeneralEgressDenyOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.DENY, false, true);
    }

    @Test
    public void revokeVLANIngressAllowOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.ALLOW, true, true);
    }

    @Test
    public void revokeVLANIngressDenyOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.DENY, true, true);
    }

    @Test
    public void revokeVLANEgressAllowOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.ALLOW, true, true);
    }

    @Test
    public void revokeVLANEgressDenyOldStyle() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.DENY, true, true);
    }

    @Test
    public void revokeGeneralIngressAllowOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.ALLOW, false, true);
    }

    @Test
    public void revokeGeneralIngressDenyOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.DENY, false, true);
    }

    @Test
    public void revokeGeneralEgressAllowOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.ALLOW, false, true);
    }

    @Test
    public void revokeGeneralEgressDenyOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.DENY, false, true);
    }

    @Test
    public void revokeVLANIngressAllowOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.ALLOW, true, true);
    }

    @Test
    public void revokeVLANIngressDenyOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.INGRESS, Permission.DENY, true, true);
    }

    @Test
    public void revokeVLANEgressAllowOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.ALLOW, true, true);
    }

    @Test
    public void revokeVLANEgressDenyOldStyleGlobal() throws CloudException, InternalException {
        checkRemoveRule(Direction.EGRESS, Permission.DENY, true, true);
    }

    @Test
    public void removeFirewall() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("No network services in this cloud");
            return;
        }
        FirewallSupport firewallSupport = networkServices.getFirewallSupport();
        if (firewallSupport == null) {
            tm.ok("No VLAN support in this cloud");
            return;
        }
        if (this.testFirewallId == null) {
            if (!firewallSupport.getCapabilities().supportsFirewallCreation(true) && !firewallSupport.getCapabilities().supportsFirewallCreation(false)) {
                tm.ok("Firewall creation/deletion is not supported in " + tm.getProvider().getCloudName());
                return;
            } else if (firewallSupport.isSubscribed()) {
                Assert.fail("No test firewall for " + this.name.getMethodName());
                return;
            } else {
                tm.ok("Firewall support is not subscribed so this test is not entirely valid");
                return;
            }
        }
        if (!firewallSupport.getCapabilities().supportsFirewallDeletion()) {
            try {
                firewallSupport.delete(this.testFirewallId);
                Assert.fail("Firewall deletion not supported but completed without error");
                return;
            } catch (OperationNotSupportedException e) {
                tm.ok("Caught not supported exception for delete Firewall in cloud that does not support firewall deletion");
                return;
            }
        }
        Firewall firewall = firewallSupport.getFirewall(this.testFirewallId);
        tm.out("Before", firewall);
        Assert.assertNotNull("Test firewall no longer exists, cannot test removing it", firewall);
        tm.out("Active", firewall.isActive());
        firewallSupport.delete(this.testFirewallId);
        try {
            Thread.sleep(5000L);
        } catch (InterruptedException e2) {
        }
        Firewall firewall2 = firewallSupport.getFirewall(this.testFirewallId);
        tm.out("After", firewall2);
        tm.out("Active", firewall2 == null ? "false" : Boolean.valueOf(firewall2.isActive()));
        Assert.assertTrue("The firewall remains available", firewall2 == null || !firewall2.isActive());
    }

    @Test
    public void launchVM() throws CloudException, InternalException {
        ComputeServices computeServices = tm.getProvider().getComputeServices();
        if (computeServices == null) {
            tm.ok("No compute services in " + tm.getProvider().getCloudName());
            return;
        }
        VirtualMachineSupport virtualMachineSupport = computeServices.getVirtualMachineSupport();
        if (virtualMachineSupport == null) {
            tm.ok("No virtual machine support in " + tm.getProvider().getCloudName());
            return;
        }
        boolean z = !virtualMachineSupport.getCapabilities().identifyVlanRequirement().equals(Requirement.NONE);
        String str = null;
        if (z && this.testVLANId == null) {
            Assert.fail("No test VLAN exists to test launching a VM behind a firewall");
        } else if (z) {
            str = tm.getTestSubnetId(DaseinTestManager.STATEFUL, true, this.testVLANId, null);
        }
        ComputeResources computeResources = DaseinTestManager.getComputeResources();
        if (computeResources != null) {
            String testVMProductId = tm.getTestVMProductId();
            Assert.assertNotNull("Unable to identify a VM product for test launch", testVMProductId);
            String testImageId = tm.getTestImageId(DaseinTestManager.STATELESS, false);
            Assert.assertNotNull("Unable to identify a test image for test launch", testImageId);
            VMLaunchOptions vMLaunchOptions = VMLaunchOptions.getInstance(testVMProductId, testImageId, "dsnfw" + (System.currentTimeMillis() % 10000), "Dasein Firewall Launch " + System.currentTimeMillis(), "Test launch for a VM in a firewall");
            if (this.testFirewallId == null) {
                NetworkServices networkServices = tm.getProvider().getNetworkServices();
                FirewallSupport firewallSupport = networkServices == null ? null : networkServices.getFirewallSupport();
                if (firewallSupport == null || !firewallSupport.isSubscribed()) {
                    tm.ok("Launching behind firewalls is not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
                    return;
                } else if (firewallSupport.getCapabilities().supportsFirewallCreation(z)) {
                    Assert.fail("No test firewall was established for testing");
                    return;
                } else {
                    tm.warn("Unable to test the ability to launch a VM behind a firewall due to lack of ability to create firewalls, test is invalid");
                    return;
                }
            }
            vMLaunchOptions.behindFirewalls(new String[]{this.testFirewallId});
            if (str != null) {
                Subnet subnet = tm.getProvider().getNetworkServices().getVlanSupport().getSubnet(str);
                Assert.assertNotNull("Subnet went away before test could be executed", subnet);
                String providerDataCenterId = subnet.getProviderDataCenterId();
                if (providerDataCenterId == null) {
                    Iterator it = tm.getProvider().getDataCenterServices().listDataCenters(tm.getContext().getRegionId()).iterator();
                    while (it.hasNext()) {
                        providerDataCenterId = ((DataCenter) it.next()).getProviderDataCenterId();
                    }
                }
                Assert.assertNotNull("Could not identify a data center for VM launch", providerDataCenterId);
                vMLaunchOptions.inDataCenter(providerDataCenterId);
                vMLaunchOptions.inSubnet((String) null, providerDataCenterId, this.testVLANId, str);
            } else if (this.testVLANId != null) {
                VLAN vlan = tm.getProvider().getNetworkServices().getVlanSupport().getVlan(this.testVLANId);
                Assert.assertNotNull("VLAN went away before test could be executed", vlan);
                String providerDataCenterId2 = vlan.getProviderDataCenterId();
                if (providerDataCenterId2 == null) {
                    Iterator it2 = tm.getProvider().getDataCenterServices().listDataCenters(tm.getContext().getRegionId()).iterator();
                    while (it2.hasNext()) {
                        providerDataCenterId2 = ((DataCenter) it2.next()).getProviderDataCenterId();
                    }
                }
                Assert.assertNotNull("Could not identify a data center for VM launch", providerDataCenterId2);
                vMLaunchOptions.inDataCenter(providerDataCenterId2);
                vMLaunchOptions.inVlan((String) null, providerDataCenterId2, this.testVLANId);
            }
            String provisionVM = computeResources.provisionVM(virtualMachineSupport, "fwLaunch", vMLaunchOptions, vMLaunchOptions.getDataCenterId());
            tm.out("Virtual Machine", provisionVM);
            Assert.assertNotNull("No error received launching VM behind firewall, but there was no virtual machine", provisionVM);
            VirtualMachine virtualMachine = virtualMachineSupport.getVirtualMachine(provisionVM);
            Assert.assertNotNull("Launched VM does not exist", virtualMachine);
            tm.out("Behind firewalls", Arrays.toString(virtualMachine.getProviderFirewallIds()));
            String[] providerFirewallIds = virtualMachine.getProviderFirewallIds();
            Assert.assertNotNull("The VM firewalls should not be null", providerFirewallIds);
            Assert.assertEquals("The number of firewalls is incorrect", 1L, providerFirewallIds.length);
            Assert.assertEquals("The firewall IDs do not match the test firewall", this.testFirewallId, providerFirewallIds[0]);
        }
    }

    @Test
    public void createVLANFirewallAndAddAndRemoveIcmpRule() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices != null) {
            FirewallSupport firewallSupport = networkServices.getFirewallSupport();
            try {
                Assert.assertNotNull("failed to generate a vlan ICMP rule", firewallSupport.authorize("fw-" + this.testVLANId, "0.0.0.0/0", Protocol.ICMP, -1, -1));
            } catch (Exception e) {
                Assert.fail("authorize returned exception " + e);
            }
            for (FirewallRule firewallRule : firewallSupport.getRules("fw-" + this.testVLANId)) {
                tm.out("fw-" + this.testVLANId + " - " + firewallRule.getProtocol());
                try {
                    firewallSupport.revoke(firewallRule.getProviderRuleId());
                } catch (Exception e2) {
                    Assert.fail("revoke returned  exception " + e2);
                }
            }
            Assert.assertTrue("Just deleted all firewall rules. why are rules still present!", firewallSupport.getRules("fw-" + this.testVLANId).isEmpty());
        }
    }

    @Test
    public void verifyDuplicateRejection() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices != null) {
            FirewallSupport firewallSupport = networkServices.getFirewallSupport();
            if (firewallSupport == null) {
                tm.ok("Firewalls are not supported in " + tm.getProvider().getCloudName());
                return;
            }
            try {
                Assert.assertNotNull("Failed to generate a VLAN ICMP rule", firewallSupport.authorize(this.testFirewallId, "0.0.0.0/0", Protocol.ICMP, -1, -1));
                try {
                    firewallSupport.authorize(this.testFirewallId, "0.0.0.0/0", Protocol.ICMP, -1, -1);
                    Assert.fail("should have generated a duplicate rule exception.");
                } catch (CloudException e) {
                    tm.ok("Exception occurred as expected when trying to create a duplicate rule: " + e.getMessage());
                }
            } finally {
                for (FirewallRule firewallRule : firewallSupport.getRules(this.testFirewallId)) {
                    tm.out(this.testFirewallId + " - " + firewallRule.getProtocol());
                    firewallSupport.revoke(firewallRule.getProviderRuleId());
                }
                Assert.assertTrue("The rules have not been deleted", firewallSupport.getRules(this.testFirewallId).isEmpty());
            }
        }
    }
}
