package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.HashMultiset;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Multiset;
import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.api.sf.ChainActionDefinition;
import org.opendaylight.groupbasedpolicy.dto.EpgKeyDto;
import org.opendaylight.groupbasedpolicy.neutron.mapper.EndpointRegistrator;
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronSecurityGroupAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NetworkUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.SecurityGroupUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.SecurityRuleUtils;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.RegisterEndpointInputBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.register.endpoint.input.AddressEndpointRegBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev170511.IpPrefixType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.SfcActionCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroupBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ExternalImplicitGroupBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelector;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelectorBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelector;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelectorBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstance;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstanceBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.networks.rev150712.networks.attributes.networks.Network;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroup;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.security.groups.SecurityGroupKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRules;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRuleKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAware.class */
public class NeutronSecurityRuleAware implements NeutronAware<SecurityRule> {
    private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityRuleAware.class);
    public static final InstanceIdentifier<SecurityRule> SECURITY_RULE_WILDCARD_IID = InstanceIdentifier.builder(Neutron.class).child(SecurityRules.class).child(SecurityRule.class).build();
    private static final String CONTRACT_PROVIDER = "Contract provider: ";
    private final DataBroker dataProvider;
    private final Multiset<InstanceIdentifier<ClassifierInstance>> createdClassifierInstances;
    private final Multiset<InstanceIdentifier<ActionInstance>> createdActionInstances;
    private final Map<SecurityRuleKey, SecurityRule> pendingCreatedRules;
    private final Map<SecurityGroupKey, SecurityGroup> pendingDeletedGroups;
    static final String PROVIDED_BY = "provided_by-";
    static final String POSSIBLE_CONSUMER = "possible_consumer-";
    private final EndpointRegistrator epRegistrator;

    public NeutronSecurityRuleAware(DataBroker dataBroker, EndpointRegistrator endpointRegistrator) {
        this(dataBroker, HashMultiset.create(), HashMultiset.create(), endpointRegistrator);
    }

    @VisibleForTesting
    NeutronSecurityRuleAware(DataBroker dataBroker, Multiset<InstanceIdentifier<ClassifierInstance>> multiset, Multiset<InstanceIdentifier<ActionInstance>> multiset2, EndpointRegistrator endpointRegistrator) {
        this.dataProvider = (DataBroker) Preconditions.checkNotNull(dataBroker);
        this.createdClassifierInstances = (Multiset) Preconditions.checkNotNull(multiset);
        this.createdActionInstances = (Multiset) Preconditions.checkNotNull(multiset2);
        this.pendingCreatedRules = new HashMap();
        this.pendingDeletedGroups = new HashMap();
        this.epRegistrator = (EndpointRegistrator) Preconditions.checkNotNull(endpointRegistrator);
    }

    @Override // org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronAware
    public void onCreated(SecurityRule securityRule, Neutron neutron) {
        LOG.trace("created securityRule - {}", securityRule);
        if (neutron.getSecurityGroups() == null || neutron.getSecurityGroups().getSecurityGroup() == null || neutron.getSecurityGroups().getSecurityGroup().stream().noneMatch(securityGroup -> {
            return securityGroup.getKey().getUuid().equals(securityRule.getSecurityGroupId());
        })) {
            this.pendingCreatedRules.put(securityRule.getKey(), securityRule);
            LOG.warn("Security group of security rule {} does not exist yet. The rule will be processedwhen the missing security group is created.", securityRule.getKey());
            return;
        }
        ReadWriteTransaction newReadWriteTransaction = this.dataProvider.newReadWriteTransaction();
        if (addNeutronSecurityRule(securityRule, neutron, newReadWriteTransaction)) {
            DataStoreHelper.submitToDs(newReadWriteTransaction);
        } else {
            newReadWriteTransaction.cancel();
        }
    }

    public void flushPendingSecurityRulesFor(@Nonnull SecurityGroupKey securityGroupKey, Neutron neutron) {
        ((List) this.pendingCreatedRules.values().stream().filter(securityRule -> {
            return securityRule.getSecurityGroupId().equals(securityGroupKey.getUuid());
        }).collect(Collectors.toList())).forEach(securityRule2 -> {
            LOG.trace("Flushing pending security rule {}", securityRule2);
            ReadWriteTransaction newReadWriteTransaction = this.dataProvider.newReadWriteTransaction();
            if (addNeutronSecurityRule(securityRule2, neutron, newReadWriteTransaction)) {
                DataStoreHelper.submitToDs(newReadWriteTransaction);
            } else {
                newReadWriteTransaction.cancel();
            }
            this.pendingCreatedRules.remove(securityRule2.getKey());
        });
    }

    public boolean addNeutronSecurityRule(SecurityRule securityRule, Neutron neutron, ReadWriteTransaction readWriteTransaction) {
        return addNeutronSecurityRuleWithAction(securityRule, neutron, MappingUtils.ALLOW_ACTION_CHOICE, readWriteTransaction);
    }

    public boolean addNeutronSecurityRuleWithAction(SecurityRule securityRule, Neutron neutron, ActionChoice actionChoice, ReadWriteTransaction readWriteTransaction) {
        TenantId tenantId = new TenantId(securityRule.getTenantId().getValue());
        Uuid securityGroupId = securityRule.getSecurityGroupId();
        EndpointGroupId endpointGroupId = new EndpointGroupId(securityGroupId.getValue());
        SingleRuleContract createSingleRuleContract = createSingleRuleContract(securityRule, createContractDescription(securityRule, neutron), actionChoice, neutron);
        Contract contract = createSingleRuleContract.getContract();
        readWriteTransaction.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contract.getId()), contract, true);
        writeProviderNamedSelectorToEpg(getSelectorNameWithConsumer(securityRule, neutron), contract.getId(), new EpgKeyDto(endpointGroupId, tenantId), readWriteTransaction);
        if (securityRule.getRemoteGroupId() != null) {
            Uuid remoteGroupId = securityRule.getRemoteGroupId();
            designContractsBetweenProviderAndConsumer(tenantId, securityGroupId, remoteGroupId, neutron, readWriteTransaction);
            designContractsBetweenProviderAndConsumer(tenantId, remoteGroupId, securityGroupId, neutron, readWriteTransaction);
        } else {
            for (Uuid uuid : SecurityRuleUtils.findSecurityGroupsHavingSecurityRules(neutron)) {
                designContractsBetweenProviderAndConsumer(tenantId, securityGroupId, uuid, neutron, readWriteTransaction);
                designContractsBetweenProviderAndConsumer(tenantId, uuid, securityGroupId, neutron, readWriteTransaction);
            }
        }
        createClassifierInstanceIfNotExists(tenantId, createSingleRuleContract.getSingleClassifierRule().getClassifierInstance(), readWriteTransaction);
        createAllowActionInstanceIfNotExists(tenantId, readWriteTransaction);
        return true;
    }

    @VisibleForTesting
    static Description createContractDescription(SecurityRule securityRule, Neutron neutron) {
        Optional<SecurityGroup> findSecurityGroup = SecurityGroupUtils.findSecurityGroup(securityRule.getSecurityGroupId(), neutron.getSecurityGroups());
        if (findSecurityGroup.isPresent()) {
            return new Description(CONTRACT_PROVIDER + SecurityGroupUtils.getNameOrUuid((SecurityGroup) findSecurityGroup.get()));
        }
        LOG.error("Neutron Security Group with UUID {} does not exist but it is in {}", securityRule.getSecurityGroupId().getValue(), securityRule);
        throw new IllegalStateException("Neutron Security Group with UUID " + securityRule.getSecurityGroupId().getValue() + " does not exist.");
    }

    @VisibleForTesting
    SingleRuleContract createSingleRuleContract(SecurityRule securityRule, Description description, ActionChoice actionChoice, Neutron neutron) {
        if (securityRule.getRemoteIpPrefix() == null) {
            return new SingleRuleContract(securityRule, 400, description, actionChoice);
        }
        if (neutron.getNetworks() != null && neutron.getNetworks().getNetwork() != null) {
            java.util.Optional findAny = neutron.getNetworks().getNetwork().stream().filter(network -> {
                return NetworkUtils.isRouterExternal(network);
            }).findAny();
            if (findAny.isPresent()) {
                WriteTransaction newWriteOnlyTransaction = this.dataProvider.newWriteOnlyTransaction();
                newWriteOnlyTransaction.merge(LogicalDatastoreType.CONFIGURATION, IidFactory.externalImplicitGroupIid(new TenantId(securityRule.getTenantId().getValue()), MappingUtils.EPG_EXTERNAL_ID), new ExternalImplicitGroupBuilder().setId(MappingUtils.EPG_EXTERNAL_ID).build(), true);
                newWriteOnlyTransaction.merge(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(new TenantId(securityRule.getTenantId().getValue()), MappingUtils.EPG_EXTERNAL_ID), new EndpointGroupBuilder().setId(MappingUtils.EPG_EXTERNAL_ID).build(), true);
                DataStoreHelper.submitToDs(newWriteOnlyTransaction);
                AddressEndpointRegBuilder endpointGroup = new AddressEndpointRegBuilder().setAddress(String.valueOf(securityRule.getRemoteIpPrefix().getValue())).setAddressType(IpPrefixType.class).setContextType(MappingUtils.L3_CONTEXT).setContextId(new ContextId(((Network) findAny.get()).getUuid().getValue())).setTenant(new TenantId(securityRule.getTenantId().getValue())).setTimestamp(Long.valueOf(System.currentTimeMillis())).setEndpointGroup(ImmutableList.of(MappingUtils.EPG_EXTERNAL_ID));
                if (this.epRegistrator.registerEndpoint(new RegisterEndpointInputBuilder().setAddressEndpointReg(ImmutableList.of(endpointGroup.build())).build())) {
                    LOG.info("Registering endpoint representing remote-ip-prefix {}", endpointGroup.getKey());
                } else {
                    LOG.error("Failed to register endpoint {}", endpointGroup.getKey());
                }
            }
        }
        return new SingleRuleContract(securityRule, 0, description, actionChoice);
    }

    @VisibleForTesting
    void designContractsBetweenProviderAndConsumer(TenantId tenantId, Uuid uuid, Uuid uuid2, Neutron neutron, ReadWriteTransaction readWriteTransaction) {
        Set<SecurityRule> providedSecRulesBetween = getProvidedSecRulesBetween(uuid, uuid2, neutron);
        Set<SecurityRule> providedSecRulesBetween2 = getProvidedSecRulesBetween(uuid2, uuid, neutron);
        EndpointGroupId endpointGroupId = new EndpointGroupId(uuid2.getValue());
        for (SecurityRule securityRule : providedSecRulesBetween) {
            if (isProviderSecRuleSuitableForConsumerSecRules(securityRule, providedSecRulesBetween2)) {
                writeConsumerNamedSelectorToEpg(getSelectorNameWithProvider(securityRule, neutron), SecRuleEntityDecoder.getContractId(securityRule), new EpgKeyDto(endpointGroupId, tenantId), readWriteTransaction);
            }
        }
    }

    @VisibleForTesting
    Set<SecurityRule> getProvidedSecRulesBetween(Uuid uuid, Uuid uuid2, Neutron neutron) {
        return Sets.union(SecurityRuleUtils.findSecurityRulesBySecGroupAndRemoteSecGroup(uuid, uuid2, neutron), SecurityRuleUtils.findSecurityRulesBySecGroupAndRemoteSecGroup(uuid, null, neutron));
    }

    @VisibleForTesting
    static boolean isProviderSecRuleSuitableForConsumerSecRules(SecurityRule securityRule, Set<SecurityRule> set) {
        HasDirection.Direction direction = SecRuleEntityDecoder.getDirection(securityRule);
        for (SecurityRule securityRule2 : set) {
            if (isDirectionOpposite(direction, SecRuleEntityDecoder.getDirection(securityRule2)) && isOneWithinTwo(securityRule, securityRule2)) {
                return true;
            }
        }
        return false;
    }

    public boolean changeActionOfNeutronSecurityRule(SecurityRule securityRule, ActionChoice actionChoice, Neutron neutron, ReadWriteTransaction readWriteTransaction) {
        addSfcChainActionInstance(actionChoice, new TenantId(securityRule.getTenantId().getValue()), readWriteTransaction);
        LOG.trace("Changing to action {} for secuirity group rule {}", actionChoice, securityRule);
        return addNeutronSecurityRuleWithAction(securityRule, neutron, actionChoice, readWriteTransaction);
    }

    private void addSfcChainActionInstance(ActionChoice actionChoice, TenantId tenantId, ReadWriteTransaction readWriteTransaction) {
        if (actionChoice instanceof SfcActionCase) {
            String sfcChainName = ((SfcActionCase) actionChoice).getSfcChainName();
            ActionName actionName = new ActionName(sfcChainName);
            readWriteTransaction.put(LogicalDatastoreType.CONFIGURATION, IidFactory.actionInstanceIid(tenantId, actionName), new ActionInstanceBuilder().setName(actionName).setActionDefinitionId(ChainActionDefinition.ID).setParameterValue(ImmutableList.of(new ParameterValueBuilder().setName(new ParameterName("sfc-chain-name")).setStringValue(sfcChainName).build())).build(), true);
        }
    }

    private void writeProviderNamedSelectorToEpg(SelectorName selectorName, ContractId contractId, EpgKeyDto epgKeyDto, WriteTransaction writeTransaction) {
        ProviderNamedSelector build = new ProviderNamedSelectorBuilder().setName(selectorName).setContract(ImmutableList.of(contractId)).build();
        writeTransaction.put(LogicalDatastoreType.CONFIGURATION, IidFactory.providerNamedSelectorIid(epgKeyDto.getTenantId(), epgKeyDto.getEpgId(), build.getName()), build, true);
    }

    private void writeConsumerNamedSelectorToEpg(SelectorName selectorName, ContractId contractId, EpgKeyDto epgKeyDto, WriteTransaction writeTransaction) {
        ConsumerNamedSelector build = new ConsumerNamedSelectorBuilder().setName(selectorName).setContract(ImmutableList.of(contractId)).build();
        writeTransaction.put(LogicalDatastoreType.CONFIGURATION, IidFactory.consumerNamedSelectorIid(epgKeyDto.getTenantId(), epgKeyDto.getEpgId(), build.getName()), build, true);
    }

    @VisibleForTesting
    void createClassifierInstanceIfNotExists(TenantId tenantId, ClassifierInstance classifierInstance, WriteTransaction writeTransaction) {
        InstanceIdentifier classifierInstanceIid = IidFactory.classifierInstanceIid(tenantId, classifierInstance.getName());
        if (!this.createdClassifierInstances.contains(classifierInstanceIid)) {
            writeTransaction.put(LogicalDatastoreType.CONFIGURATION, classifierInstanceIid, classifierInstance, true);
        }
        this.createdClassifierInstances.add(classifierInstanceIid);
    }

    @VisibleForTesting
    void createAllowActionInstanceIfNotExists(TenantId tenantId, ReadWriteTransaction readWriteTransaction) {
        InstanceIdentifier actionInstanceIid = IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName());
        if (!this.createdActionInstances.contains(actionInstanceIid)) {
            readWriteTransaction.put(LogicalDatastoreType.CONFIGURATION, actionInstanceIid, MappingUtils.ACTION_ALLOW, true);
        }
        this.createdActionInstances.add(actionInstanceIid);
    }

    @Override // org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronAware
    public void onUpdated(SecurityRule securityRule, SecurityRule securityRule2, Neutron neutron, Neutron neutron2) {
        LOG.warn("updated securityRule - Never should be called - neutron API does not allow UPDATE on neutron security group rule. \nSecurity group rule: {}", securityRule2);
    }

    public void addPendingDeletedSecGroup(SecurityGroup securityGroup) {
        LOG.trace("Caching pending deleted security group {}", securityGroup.getKey());
        this.pendingDeletedGroups.put(securityGroup.getKey(), securityGroup);
    }

    @Override // org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronAware
    public void onDeleted(SecurityRule securityRule, Neutron neutron, Neutron neutron2) {
        LOG.trace("deleted securityRule - {}", securityRule);
        ReadWriteTransaction newReadWriteTransaction = this.dataProvider.newReadWriteTransaction();
        if (!deleteNeutronSecurityRule(securityRule, neutron, newReadWriteTransaction)) {
            newReadWriteTransaction.cancel();
            return;
        }
        DataStoreHelper.submitToDs(newReadWriteTransaction);
        if (neutron2 == null || neutron2.getSecurityRules() == null || neutron2.getSecurityRules().getSecurityRule() == null || neutron2.getSecurityRules().getSecurityRule().stream().noneMatch(securityRule2 -> {
            return securityRule2.getSecurityGroupId().equals(securityRule.getSecurityGroupId());
        })) {
            SecurityGroupKey securityGroupKey = new SecurityGroupKey(securityRule.getSecurityGroupId());
            if (this.pendingDeletedGroups.get(securityGroupKey) != null) {
                LOG.trace("Processing pending deleted security group {}", securityGroupKey);
                NeutronSecurityGroupAware.deleteGbpEndpointGroup(this.dataProvider, new TenantId(securityRule.getTenantId().getValue()), new EndpointGroupId(securityGroupKey.getUuid().getValue()));
                this.pendingDeletedGroups.remove(securityGroupKey);
            }
        }
    }

    public boolean deleteNeutronSecurityRule(SecurityRule securityRule, Neutron neutron, ReadWriteTransaction readWriteTransaction) {
        TenantId tenantId = new TenantId(securityRule.getTenantId().getValue());
        Uuid securityGroupId = securityRule.getSecurityGroupId();
        deleteProviderNamedSelectorFromEpg(getSelectorNameWithConsumer(securityRule, neutron), new EpgKeyDto(new EndpointGroupId(securityGroupId.getValue()), tenantId), readWriteTransaction);
        if (securityRule.getRemoteGroupId() != null) {
            Uuid remoteGroupId = securityRule.getRemoteGroupId();
            undesignContractsBetweenProviderAndConsumer(tenantId, securityGroupId, remoteGroupId, securityRule, neutron, readWriteTransaction);
            undesignContractsBetweenProviderAndConsumer(tenantId, remoteGroupId, securityGroupId, securityRule, neutron, readWriteTransaction);
        } else {
            for (Uuid uuid : SecurityRuleUtils.findSecurityGroupsHavingSecurityRules(neutron)) {
                undesignContractsBetweenProviderAndConsumer(tenantId, securityGroupId, uuid, securityRule, neutron, readWriteTransaction);
                undesignContractsBetweenProviderAndConsumer(tenantId, uuid, securityGroupId, securityRule, neutron, readWriteTransaction);
            }
        }
        readWriteTransaction.delete(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, SecRuleEntityDecoder.getContractId(securityRule)));
        deleteClassifierInstanceIfNotUsed(tenantId, SecRuleEntityDecoder.getClassifierInstance(securityRule), readWriteTransaction);
        return true;
    }

    @VisibleForTesting
    void undesignContractsBetweenProviderAndConsumer(TenantId tenantId, Uuid uuid, Uuid uuid2, SecurityRule securityRule, Neutron neutron, ReadWriteTransaction readWriteTransaction) {
        Set<SecurityRule> providedSecRulesBetween = getProvidedSecRulesBetween(uuid, uuid2, neutron);
        Set<SecurityRule> providedSecRulesBetween2 = getProvidedSecRulesBetween(uuid2, uuid, neutron);
        EndpointGroupId endpointGroupId = new EndpointGroupId(uuid2.getValue());
        for (SecurityRule securityRule2 : providedSecRulesBetween) {
            if (isProvidersSecRuleSuitableForConsumersSecRulesAndGoodToRemove(securityRule2, providedSecRulesBetween2, securityRule)) {
                deleteConsumerNamedSelector(getSelectorNameWithProvider(securityRule2, neutron), new EpgKeyDto(endpointGroupId, tenantId), readWriteTransaction);
            }
        }
    }

    @VisibleForTesting
    static boolean isProvidersSecRuleSuitableForConsumersSecRulesAndGoodToRemove(SecurityRule securityRule, Set<SecurityRule> set, SecurityRule securityRule2) {
        HasDirection.Direction direction = SecRuleEntityDecoder.getDirection(securityRule);
        for (SecurityRule securityRule3 : set) {
            if (isRuleIdEqual(securityRule2, securityRule3) || isRuleIdEqual(securityRule2, securityRule)) {
                if (isDirectionOpposite(direction, SecRuleEntityDecoder.getDirection(securityRule3)) && isOneWithinTwo(securityRule, securityRule3)) {
                    return true;
                }
            }
        }
        return false;
    }

    @VisibleForTesting
    static boolean isRuleIdEqual(SecurityRule securityRule, SecurityRule securityRule2) {
        Preconditions.checkNotNull(securityRule);
        Preconditions.checkNotNull(securityRule2);
        return securityRule.getSecurityGroupId().equals(securityRule2.getSecurityGroupId());
    }

    private void deleteProviderNamedSelectorFromEpg(SelectorName selectorName, EpgKeyDto epgKeyDto, ReadWriteTransaction readWriteTransaction) {
        DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, IidFactory.providerNamedSelectorIid(epgKeyDto.getTenantId(), epgKeyDto.getEpgId(), selectorName), readWriteTransaction);
    }

    private void deleteConsumerNamedSelector(SelectorName selectorName, EpgKeyDto epgKeyDto, ReadWriteTransaction readWriteTransaction) {
        DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, IidFactory.consumerNamedSelectorIid(epgKeyDto.getTenantId(), epgKeyDto.getEpgId(), selectorName), readWriteTransaction);
    }

    private void deleteClassifierInstanceIfNotUsed(TenantId tenantId, ClassifierInstance classifierInstance, ReadWriteTransaction readWriteTransaction) {
        InstanceIdentifier classifierInstanceIid = IidFactory.classifierInstanceIid(tenantId, classifierInstance.getName());
        this.createdClassifierInstances.remove(classifierInstanceIid);
        if (this.createdClassifierInstances.contains(classifierInstanceIid)) {
            return;
        }
        DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, classifierInstanceIid, readWriteTransaction);
    }

    @VisibleForTesting
    void deleteAllowActionInstanceIfNotUsed(TenantId tenantId, ReadWriteTransaction readWriteTransaction) {
        InstanceIdentifier actionInstanceIid = IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName());
        this.createdActionInstances.remove(actionInstanceIid);
        if (this.createdActionInstances.contains(actionInstanceIid)) {
            return;
        }
        DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, actionInstanceIid, readWriteTransaction);
    }

    private SelectorName getSelectorNameWithConsumer(SecurityRule securityRule, Neutron neutron) {
        StringBuilder append = new StringBuilder().append(SecRuleNameDecoder.getClauseName(securityRule).getValue());
        Uuid remoteGroupId = securityRule.getRemoteGroupId();
        if (remoteGroupId == null) {
            return new SelectorName(append.toString());
        }
        Optional<SecurityGroup> findSecurityGroup = SecurityGroupUtils.findSecurityGroup(securityRule.getRemoteGroupId(), neutron.getSecurityGroups());
        if (findSecurityGroup.isPresent()) {
            append.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(POSSIBLE_CONSUMER).append(SecurityGroupUtils.getNameOrUuid((SecurityGroup) findSecurityGroup.get()));
            return new SelectorName(append.toString());
        }
        LOG.error("Neutron Security Group with UUID {} does not exist but it is in {}", remoteGroupId.getValue(), securityRule);
        throw new IllegalStateException("Neutron Security Group with UUID " + remoteGroupId.getValue() + " does not exist.");
    }

    private SelectorName getSelectorNameWithProvider(SecurityRule securityRule, Neutron neutron) {
        ClauseName clauseName = SecRuleNameDecoder.getClauseName(securityRule);
        Uuid securityGroupId = securityRule.getSecurityGroupId();
        Optional<SecurityGroup> findSecurityGroup = SecurityGroupUtils.findSecurityGroup(securityRule.getSecurityGroupId(), neutron.getSecurityGroups());
        if (findSecurityGroup.isPresent()) {
            return new SelectorName(clauseName.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + PROVIDED_BY + SecurityGroupUtils.getNameOrUuid((SecurityGroup) findSecurityGroup.get()));
        }
        LOG.error("Neutron Security Group with UUID {} does not exist but it is in {}", securityGroupId.getValue(), securityRule);
        throw new IllegalStateException("Neutron Security Group with UUID " + securityGroupId.getValue() + " does not exist.");
    }

    @VisibleForTesting
    static boolean isDirectionOpposite(HasDirection.Direction direction, HasDirection.Direction direction2) {
        return (direction == HasDirection.Direction.In && direction2 == HasDirection.Direction.Out) || (direction == HasDirection.Direction.Out && direction2 == HasDirection.Direction.In);
    }

    @VisibleForTesting
    static boolean isOneWithinTwo(SecurityRule securityRule, SecurityRule securityRule2) {
        if (isOneGroupIdWithinTwoRemoteGroupId(securityRule, securityRule2) && isOneGroupIdWithinTwoRemoteGroupId(securityRule2, securityRule) && SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(securityRule, securityRule2) && SecRuleEntityDecoder.isProtocolOfOneWithinTwo(securityRule, securityRule2) && SecRuleEntityDecoder.isPortsOfOneWithinTwo(securityRule, securityRule2)) {
            return securityRule2.getRemoteIpPrefix() == null || securityRule.getRemoteIpPrefix() != null;
        }
        return false;
    }

    @VisibleForTesting
    static boolean isOneGroupIdWithinTwoRemoteGroupId(SecurityRule securityRule, SecurityRule securityRule2) {
        return securityRule2.getRemoteGroupId() == null || securityRule2.getRemoteGroupId().equals(securityRule.getSecurityGroupId());
    }
}
