package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.mapper.portsecurity;

import com.google.common.annotations.VisibleForTesting;
import java.util.Collections;
import java.util.Set;
import org.opendaylight.groupbasedpolicy.dto.IndexedTenant;
import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfContext;
import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.endpoint.EndpointManager;
import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowTable;
import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ExternalImplicitGroup;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlan;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlanGpe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/groupbasedpolicy/renderer/ofoverlay/mapper/portsecurity/PortSecurity.class */
public class PortSecurity extends FlowTable {
    private static final Logger LOG = LoggerFactory.getLogger(PortSecurity.class);
    private static final Integer DROP = 1;
    private static final Integer L2FLOW = 100;
    private static final Integer DROP_ARP = 110;
    private static final Integer DROP_IPV4 = 111;
    private static final Integer DROP_IPV6 = 112;
    private static final Integer DHCP_DORA = 115;
    private static final Integer L3IP_FLOW = 120;
    private static final Integer L3ARP_FLOW = 121;
    private static final Integer ALLOW_EXTERNAL = 200;
    private static final Integer POP_VLAN_TAG_EXTERNAL = 210;
    private static final Integer ALLOW_FROM_TUNNEL = 300;
    private final short tableId;

    public PortSecurity(OfContext ofContext, short s) {
        super(ofContext);
        this.tableId = s;
    }

    @Override // org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowTable
    public short getTableId() {
        return this.tableId;
    }

    @Override // org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OfTable
    public void sync(Endpoint endpoint, OfWriter ofWriter) {
        NodeId endpointNodeId = this.ctx.getEndpointManager().getEndpointNodeId(endpoint);
        if (endpointNodeId == null) {
            LOG.warn("Endpoint {} has no location specified, skipped", endpoint);
        } else {
            syncFlows(new PortSecurityFlows(endpointNodeId, Short.valueOf(this.tableId)), endpointNodeId, endpoint, ofWriter);
        }
    }

    @VisibleForTesting
    void syncFlows(PortSecurityFlows portSecurityFlows, NodeId nodeId, Endpoint endpoint, OfWriter ofWriter) {
        Tenant tenant;
        portSecurityFlows.dropFlow(DROP.intValue(), null, ofWriter);
        portSecurityFlows.dropFlow(DROP_ARP.intValue(), FlowUtils.ARP, ofWriter);
        portSecurityFlows.dropFlow(DROP_IPV4.intValue(), FlowUtils.IPv4, ofWriter);
        portSecurityFlows.dropFlow(DROP_IPV6.intValue(), FlowUtils.IPv6, ofWriter);
        short tableid_source_mapper = this.ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER();
        NodeConnectorId tunnelPort = this.ctx.getSwitchManager().getTunnelPort(nodeId, TunnelTypeVxlan.class);
        if (tunnelPort != null) {
            portSecurityFlows.allowFromTunnelFlow(tableid_source_mapper, ALLOW_FROM_TUNNEL.intValue(), tunnelPort, ofWriter);
        }
        NodeConnectorId tunnelPort2 = this.ctx.getSwitchManager().getTunnelPort(nodeId, TunnelTypeVxlanGpe.class);
        if (tunnelPort2 != null) {
            portSecurityFlows.allowFromTunnelFlow(tableid_source_mapper, ALLOW_FROM_TUNNEL.intValue(), tunnelPort2, ofWriter);
        }
        TenantId tenant2 = endpoint.getTenant();
        if (EndpointManager.isInternal(endpoint, getExternalImplicitGroupsForTenant(tenant2))) {
            NodeConnectorId endpointNodeConnectorId = this.ctx.getEndpointManager().getEndpointNodeConnectorId(endpoint);
            MacAddress macAddress = endpoint.getMacAddress();
            if (endpointNodeConnectorId != null && macAddress != null) {
                portSecurityFlows.l3Flow(tableid_source_mapper, endpoint, endpointNodeConnectorId, macAddress, L3IP_FLOW.intValue(), false, ofWriter);
                portSecurityFlows.l3Flow(tableid_source_mapper, endpoint, endpointNodeConnectorId, macAddress, L3ARP_FLOW.intValue(), true, ofWriter);
                portSecurityFlows.l3DhcpDoraFlow(tableid_source_mapper, endpointNodeConnectorId, macAddress, DHCP_DORA.intValue(), ofWriter);
                portSecurityFlows.l2flow(tableid_source_mapper, endpointNodeConnectorId, macAddress, L2FLOW.intValue(), ofWriter);
            }
        } else if (LOG.isTraceEnabled()) {
            LOG.trace("External Endpoint is ignored in PortSecurity: {}", endpoint);
        }
        short tableid_ingress_nat = this.ctx.getPolicyManager().getTABLEID_INGRESS_NAT();
        for (NodeConnectorId nodeConnectorId : this.ctx.getSwitchManager().getExternalPorts(nodeId)) {
            if (tenant2 != null && this.ctx.getTenant(tenant2) != null && (tenant = this.ctx.getTenant(tenant2).getTenant()) != null && tenant.getForwardingContext() != null && tenant.getForwardingContext().getL2FloodDomain() != null) {
                portSecurityFlows.popVlanTagsOnExternalPortFlows(tableid_ingress_nat, nodeConnectorId, tenant.getForwardingContext().getL2FloodDomain(), POP_VLAN_TAG_EXTERNAL.intValue(), ofWriter);
            }
            portSecurityFlows.allowFromExternalPortFlow(tableid_ingress_nat, nodeConnectorId, ALLOW_EXTERNAL.intValue(), ofWriter);
        }
    }

    private Set<ExternalImplicitGroup> getExternalImplicitGroupsForTenant(TenantId tenantId) {
        IndexedTenant tenant = this.ctx.getTenant(tenantId);
        return tenant == null ? Collections.emptySet() : tenant.getExternalImplicitGroups();
    }
}
