package org.dasein.cloud.test.network;

import java.util.Arrays;
import java.util.Iterator;
import java.util.Random;
import java.util.UUID;
import org.dasein.cloud.CloudException;
import org.dasein.cloud.InternalException;
import org.dasein.cloud.OperationNotSupportedException;
import org.dasein.cloud.network.Direction;
import org.dasein.cloud.network.Firewall;
import org.dasein.cloud.network.FirewallRule;
import org.dasein.cloud.network.NetworkFirewallSupport;
import org.dasein.cloud.network.NetworkServices;
import org.dasein.cloud.network.Permission;
import org.dasein.cloud.network.Protocol;
import org.dasein.cloud.network.RuleTarget;
import org.dasein.cloud.test.DaseinTestManager;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;

/* loaded from: input_file:org/dasein/cloud/test/network/StatefulNetworkFirewallTests.class */
public class StatefulNetworkFirewallTests {
    private static DaseinTestManager tm;

    @Rule
    public final TestName name = new TestName();
    private String testFirewallId;
    private String testRuleId;
    private String testSubnetId;
    private String testVLANId;
    private static final Random random = new Random();
    private static int port = 81;

    @BeforeClass
    public static void configure() {
        tm = new DaseinTestManager(StatefulNetworkFirewallTests.class);
    }

    @AfterClass
    public static void cleanUp() {
        if (tm != null) {
            tm.close();
        }
    }

    @Before
    public void before() {
        NetworkServices networkServices;
        NetworkFirewallSupport networkFirewallSupport;
        NetworkServices networkServices2;
        NetworkFirewallSupport networkFirewallSupport2;
        RuleTarget global;
        RuleTarget cidr;
        tm.begin(this.name.getMethodName());
        Assume.assumeTrue(!tm.isTestSkipped());
        if (this.name.getMethodName().equals("createFirewall")) {
            this.testVLANId = tm.getTestVLANId(DaseinTestManager.STATEFUL, true, null);
            return;
        }
        if (this.name.getMethodName().equals("removeFirewall")) {
            this.testFirewallId = tm.getTestNetworkFirewallId(DaseinTestManager.REMOVED, true, null);
            return;
        }
        if (this.name.getMethodName().startsWith("add")) {
            this.testFirewallId = tm.getTestNetworkFirewallId(DaseinTestManager.STATEFUL, true, null);
            return;
        }
        if (!this.name.getMethodName().startsWith("revoke")) {
            if (this.name.getMethodName().equals("associateWithSubnet")) {
                this.testFirewallId = tm.getTestNetworkFirewallId(DaseinTestManager.STATEFUL, true, null);
                if (this.testFirewallId == null || (networkServices = tm.getProvider().getNetworkServices()) == null || (networkFirewallSupport = networkServices.getNetworkFirewallSupport()) == null) {
                    return;
                }
                try {
                    Firewall firewall = networkFirewallSupport.getFirewall(this.testFirewallId);
                    if (firewall != null) {
                        this.testVLANId = firewall.getProviderVlanId();
                        if (this.testVLANId != null) {
                            this.testSubnetId = tm.getTestSubnetId(DaseinTestManager.STATEFUL, true, this.testVLANId, null);
                        }
                    }
                    return;
                } catch (Throwable th) {
                    return;
                }
            }
            return;
        }
        this.testFirewallId = tm.getTestNetworkFirewallId(DaseinTestManager.STATEFUL, true, null);
        if (this.testFirewallId == null || (networkServices2 = tm.getProvider().getNetworkServices()) == null || (networkFirewallSupport2 = networkServices2.getNetworkFirewallSupport()) == null) {
            return;
        }
        Permission permission = null;
        Direction direction = null;
        int i = port;
        port = i + 1;
        if (this.name.getMethodName().endsWith("IngressAllow")) {
            direction = Direction.INGRESS;
            permission = Permission.ALLOW;
        } else if (this.name.getMethodName().endsWith("IngressDeny")) {
            direction = Direction.INGRESS;
            permission = Permission.DENY;
        } else if (this.name.getMethodName().endsWith("EgressAllow")) {
            direction = Direction.EGRESS;
            permission = Permission.ALLOW;
        } else if (this.name.getMethodName().endsWith("EgressDeny")) {
            direction = Direction.EGRESS;
            permission = Permission.DENY;
        }
        if (direction == null || permission == null) {
            return;
        }
        if (direction.equals(Direction.INGRESS)) {
            global = RuleTarget.getCIDR(NetworkResources.TEST_CIDR);
            cidr = RuleTarget.getGlobal(this.testFirewallId);
        } else {
            global = RuleTarget.getGlobal(this.testFirewallId);
            cidr = RuleTarget.getCIDR(NetworkResources.TEST_CIDR);
        }
        try {
            this.testRuleId = networkFirewallSupport2.authorize(this.testFirewallId, direction, permission, global, Protocol.TCP, cidr, i, i, random.nextInt(50) + 1);
        } catch (Throwable th2) {
        }
    }

    @After
    public void after() {
        try {
            this.testVLANId = null;
            this.testFirewallId = null;
            this.testRuleId = null;
            tm.end();
        } catch (Throwable th) {
            tm.end();
            throw th;
        }
    }

    private void checkAddRule(Direction direction, Permission permission) throws CloudException, InternalException {
        RuleTarget cidr;
        RuleTarget global;
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        NetworkFirewallSupport networkFirewallSupport = networkServices.getNetworkFirewallSupport();
        if (networkFirewallSupport == null) {
            tm.ok("Network firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        if (this.testFirewallId == null) {
            if (networkFirewallSupport.getCapabilities().supportsNetworkFirewallCreation()) {
                Assert.fail("No test firewall even though these type of rules are supported");
                return;
            } else {
                tm.warn("Could not create a test firewall to verify rule adding, so this test is definitely not valid");
                return;
            }
        }
        int i = port;
        port = i + 1;
        if (direction.equals(Direction.INGRESS)) {
            global = RuleTarget.getCIDR(NetworkResources.TEST_CIDR);
            cidr = RuleTarget.getGlobal(this.testFirewallId);
        } else {
            cidr = RuleTarget.getCIDR(NetworkResources.TEST_CIDR);
            global = RuleTarget.getGlobal(this.testFirewallId);
        }
        String authorize = networkFirewallSupport.authorize(this.testFirewallId, direction, permission, global, Protocol.TCP, cidr, i, i, 10);
        boolean z = false;
        tm.out("New Rule", authorize);
        Iterator it = networkFirewallSupport.listRules(this.testFirewallId).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (((FirewallRule) it.next()).getProviderRuleId().equals(authorize)) {
                z = true;
                break;
            }
        }
        tm.out("Listed", z);
        Assert.assertTrue("Failed to identify new rule in the list of firewall rules", z);
    }

    private void checkRemoveRule() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        NetworkFirewallSupport networkFirewallSupport = networkServices.getNetworkFirewallSupport();
        if (networkFirewallSupport == null) {
            tm.ok("Network firewalls are not supported in " + tm.getProvider().getCloudName());
            return;
        }
        if (this.testRuleId == null) {
            Assert.fail("No test rule exists even though these type of rules are supported");
        }
        networkFirewallSupport.revoke(this.testRuleId);
        boolean z = false;
        Iterator it = networkFirewallSupport.listRules(this.testFirewallId).iterator();
        while (it.hasNext()) {
            if (((FirewallRule) it.next()).getProviderRuleId().equals(this.testRuleId)) {
                z = true;
            }
        }
        tm.out("Rule Present", z);
        Assert.assertFalse("Found the test rule among the rules for the network firewall post-removal", z);
    }

    @Test
    public void createFirewall() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
            return;
        }
        NetworkFirewallSupport networkFirewallSupport = networkServices.getNetworkFirewallSupport();
        if (networkFirewallSupport == null) {
            tm.ok("Network firewalls are not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
            return;
        }
        NetworkResources networkResources = DaseinTestManager.getNetworkResources();
        if (networkResources == null) {
            Assert.fail("Network resources failed to initialize for " + tm.getProvider().getCloudName());
            return;
        }
        if (!networkFirewallSupport.getCapabilities().supportsNetworkFirewallCreation()) {
            try {
                networkResources.provisionNetworkFirewall(this.name.getMethodName(), this.testVLANId == null ? UUID.randomUUID().toString() : this.testVLANId);
                Assert.fail("Network firewall provisioning completed even though network firewall creation is not supported");
                return;
            } catch (OperationNotSupportedException e) {
                tm.ok("Caught OperationNotSupportedException as expected for " + this.name.getMethodName());
                return;
            }
        }
        if (this.testVLANId == null) {
            Assert.fail("Network firewall creation is supposedly supported, but there's not a test VLAN ID");
            return;
        }
        String provisionNetworkFirewall = networkResources.provisionNetworkFirewall("provisionNetworkFirewall", this.testVLANId);
        tm.out("New Network Firewall", provisionNetworkFirewall);
        Assert.assertNotNull("No network firewall was created by this test", provisionNetworkFirewall);
    }

    @Test
    public void addIngressAllow() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.ALLOW);
    }

    @Test
    public void addIngressDeny() throws CloudException, InternalException {
        checkAddRule(Direction.INGRESS, Permission.DENY);
    }

    @Test
    public void addEgressAllow() throws CloudException, InternalException {
        checkAddRule(Direction.EGRESS, Permission.ALLOW);
    }

    @Test
    public void addEgressDeny() throws CloudException, InternalException {
        checkAddRule(Direction.EGRESS, Permission.DENY);
    }

    @Test
    public void revokeIngressAllow() throws CloudException, InternalException {
        checkRemoveRule();
    }

    @Test
    public void revokeIngressDeny() throws CloudException, InternalException {
        checkRemoveRule();
    }

    @Test
    public void revokeEgressAllow() throws CloudException, InternalException {
        checkRemoveRule();
    }

    @Test
    public void revokeEgressDeny() throws CloudException, InternalException {
        checkRemoveRule();
    }

    @Test
    public void removeFirewall() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
            return;
        }
        NetworkFirewallSupport networkFirewallSupport = networkServices.getNetworkFirewallSupport();
        if (networkFirewallSupport == null) {
            tm.ok("Network firewalls are not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
            return;
        }
        if (this.testFirewallId == null) {
            if (!networkFirewallSupport.getCapabilities().supportsNetworkFirewallCreation()) {
                tm.ok("Firewall creation/deletion is not supported in " + tm.getProvider().getCloudName());
            }
            if (networkFirewallSupport.isSubscribed()) {
                Assert.fail("No test firewall for " + this.name.getMethodName());
                return;
            } else {
                tm.ok("Firewall support is not subscribed so this test is not entirely valid");
                return;
            }
        }
        Firewall firewall = networkFirewallSupport.getFirewall(this.testFirewallId);
        tm.out("Before", firewall);
        Assert.assertNotNull("Test firewall no longer exists, cannot test removing it", firewall);
        tm.out("Active", firewall.isActive());
        networkFirewallSupport.removeFirewall(new String[]{this.testFirewallId});
        try {
            Thread.sleep(5000L);
        } catch (InterruptedException e) {
        }
        Firewall firewall2 = networkFirewallSupport.getFirewall(this.testFirewallId);
        tm.out("After", firewall2);
        tm.out("Active", firewall2 == null ? "false" : Boolean.valueOf(firewall2.isActive()));
        Assert.assertTrue("The firewall remains available", firewall2 == null || !firewall2.isActive());
    }

    @Test
    public void associateWithSubnet() throws CloudException, InternalException {
        NetworkServices networkServices = tm.getProvider().getNetworkServices();
        if (networkServices == null) {
            tm.ok("Network services are not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
            return;
        }
        NetworkFirewallSupport networkFirewallSupport = networkServices.getNetworkFirewallSupport();
        if (networkFirewallSupport == null) {
            tm.ok("Network firewalls are not supported in " + tm.getContext().getRegionId() + " of " + tm.getProvider().getCloudName());
            return;
        }
        if (this.testFirewallId == null) {
            if (!networkFirewallSupport.getCapabilities().supportsNetworkFirewallCreation()) {
                tm.ok("Firewall creation/deletion is not supported in " + tm.getProvider().getCloudName());
            }
            if (networkFirewallSupport.isSubscribed()) {
                Assert.fail("No test firewall for " + this.name.getMethodName());
                return;
            } else {
                tm.ok("Firewall support is not subscribed so this test is not entirely valid");
                return;
            }
        }
        if (this.testSubnetId == null) {
            if (networkServices.getVlanSupport() == null || !networkServices.getVlanSupport().getCapabilities().allowsNewSubnetCreation()) {
                tm.ok("No subnets are supported in this cloud for association tests");
                return;
            } else {
                Assert.fail("Unable to identify a test subnet for the test " + this.name.getMethodName());
                return;
            }
        }
        Firewall firewall = networkFirewallSupport.getFirewall(this.testFirewallId);
        Assert.assertNotNull("The test firewall no longer exists", firewall);
        tm.out("Before", Arrays.toString(firewall.getSubnetAssociations()));
        networkFirewallSupport.associateWithSubnet(this.testFirewallId, this.testSubnetId);
        try {
            Thread.sleep(5000L);
        } catch (InterruptedException e) {
        }
        Firewall firewall2 = networkFirewallSupport.getFirewall(this.testFirewallId);
        Assert.assertNotNull("The test firewall no longer exists", firewall2);
        tm.out("After", Arrays.toString(firewall2.getSubnetAssociations()));
        boolean z = false;
        String[] subnetAssociations = firewall2.getSubnetAssociations();
        int length = subnetAssociations.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (subnetAssociations[i].equals(this.testSubnetId)) {
                z = true;
                break;
            }
            i++;
        }
        Assert.assertTrue("Unable to find test subnet among the network firewall's subnet associations", z);
    }
}
