package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;

import com.google.common.base.Optional;
import com.google.common.collect.ImmutableSortedSet;
import com.google.common.collect.UnmodifiableIterator;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.opendaylight.groupbasedpolicy.api.sf.AllowActionDefinition;
import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.PolicyContext;
import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.RendererResolvedPolicy;
import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier;
import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.SubjectFeatures;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev170511.Subnet;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev170511.SubnetAugmentRenderer;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.EndpointPolicyParticipation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpointKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.RendererForwardingByTenant;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.actions.Action;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.resolved.rules.ResolvedRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/groupbasedpolicy/renderer/vpp/policy/acl/AccessListUtil.class */
public class AccessListUtil {
    private static final Logger LOG = LoggerFactory.getLogger(AccessListUtil.class);
    static final String UNDERSCORE = "_";
    private static final String PERMIT_EXTERNAL_INGRESS = "permit_external_ingress";
    private static final String PERMIT_EXTERNAL_EGRESS = "permit_external_egress";
    private static final String DENY_INGRESS_IPV4 = "deny_ingress_ipv4";
    private static final String DENY_INGRESS_IPV6 = "deny_ingress_ipv6";
    private static final String DENY_EGRESS_IPV4 = "deny_egress_ipv4";
    private static final String DENY_EGRESS_IPV6 = "deny_egress_ipv6";

    /* loaded from: input_file:org/opendaylight/groupbasedpolicy/renderer/vpp/policy/acl/AccessListUtil$ACE_DIRECTION.class */
    public enum ACE_DIRECTION {
        INGRESS,
        EGRESS
    }

    private AccessListUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configureLocalRules(PolicyContext policyContext, RendererEndpointKey rendererEndpointKey, ACE_DIRECTION ace_direction, AccessListWrapper accessListWrapper) {
        policyContext.getPolicyTable().row(rendererEndpointKey).keySet().stream().filter(peerEndpointKey -> {
            return peerHasLocation(policyContext, peerEndpointKey);
        }).forEach(peerEndpointKey2 -> {
            ArrayList arrayList = new ArrayList();
            ((ImmutableSortedSet) policyContext.getPolicyTable().get(rendererEndpointKey, peerEndpointKey2)).forEach(rendererResolvedPolicy -> {
                arrayList.addAll(resolveAclRulesFromPolicy(rendererResolvedPolicy, calculateClassifDirection(rendererResolvedPolicy.getRendererEndpointParticipation(), ace_direction), rendererEndpointKey, peerEndpointKey2));
            });
            if (validateAndUpdateAddressesInRules(arrayList, rendererEndpointKey, peerEndpointKey2, policyContext, ace_direction, true)) {
                accessListWrapper.writeRules(arrayList);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HasDirection.Direction calculateClassifDirection(EndpointPolicyParticipation endpointPolicyParticipation, ACE_DIRECTION ace_direction) {
        return (EndpointPolicyParticipation.PROVIDER.equals(endpointPolicyParticipation) && ACE_DIRECTION.INGRESS.equals(ace_direction)) ? HasDirection.Direction.Out : (EndpointPolicyParticipation.CONSUMER.equals(endpointPolicyParticipation) && ACE_DIRECTION.EGRESS.equals(ace_direction)) ? HasDirection.Direction.Out : HasDirection.Direction.In;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean validateAndUpdateAddressesInRules(List<GbpAceBuilder> list, RendererEndpointKey rendererEndpointKey, PeerEndpointKey peerEndpointKey, PolicyContext policyContext, ACE_DIRECTION ace_direction, boolean z) {
        for (AddressMapper addressMapper : Arrays.asList(new SourceMapper(ace_direction), new DestinationMapper(ace_direction))) {
            if (peerHasLocation(policyContext, peerEndpointKey) && z) {
                if (!addressMapper.updateRules(list, findAddrEp(policyContext, rendererEndpointKey), findAddrEp(policyContext, peerEndpointKey))) {
                    return false;
                }
            } else if (!peerHasLocation(policyContext, peerEndpointKey) && !z) {
                addressMapper.updateExtRules(list, findAddrEp(policyContext, rendererEndpointKey), null);
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean peerHasLocation(PolicyContext policyContext, PeerEndpointKey peerEndpointKey) {
        return policyContext.getAddrEpByKey().get(AddressEndpointUtils.fromPeerEpKey(peerEndpointKey)) != null;
    }

    static AddressEndpointWithLocation findAddrEp(PolicyContext policyContext, RendererEndpointKey rendererEndpointKey) {
        return (AddressEndpointWithLocation) policyContext.getAddrEpByKey().get(AddressEndpointUtils.fromRendererEpKey(rendererEndpointKey));
    }

    private static AddressEndpointWithLocation findAddrEp(PolicyContext policyContext, PeerEndpointKey peerEndpointKey) {
        return (AddressEndpointWithLocation) policyContext.getAddrEpByKey().get(AddressEndpointUtils.fromPeerEpKey(peerEndpointKey));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public static String resolveAceName(@Nonnull RuleName ruleName, @Nonnull RendererEndpointKey rendererEndpointKey, @Nonnull PeerEndpointKey peerEndpointKey) {
        return ruleName.getValue() + UNDERSCORE + rendererEndpointKey.getAddress() + UNDERSCORE + peerEndpointKey.getAddress();
    }

    private static List<GbpAceBuilder> resolveAclRulesFromPolicy(RendererResolvedPolicy rendererResolvedPolicy, HasDirection.Direction direction, RendererEndpointKey rendererEndpointKey, PeerEndpointKey peerEndpointKey) {
        ArrayList arrayList = new ArrayList();
        UnmodifiableIterator it = rendererResolvedPolicy.getRuleGroup().getRules().iterator();
        while (it.hasNext()) {
            ResolvedRule resolvedRule = (ResolvedRule) it.next();
            Optional<GbpAceBuilder> resolveAceClassifersAndAction = resolveAceClassifersAndAction(resolvedRule, direction, resolveAceName(resolvedRule.getName(), rendererEndpointKey, peerEndpointKey));
            if (resolveAceClassifersAndAction.isPresent()) {
                arrayList.add(resolveAceClassifersAndAction.get());
            }
        }
        return arrayList;
    }

    public static Optional<GbpAceBuilder> resolveAceClassifersAndAction(ResolvedRule resolvedRule, HasDirection.Direction direction, String str) {
        Map<String, ParameterValue> resolveClassifParamsForDir = resolveClassifParamsForDir(direction, resolvedRule.getClassifier());
        if (resolveClassifParamsForDir.isEmpty()) {
            return Optional.absent();
        }
        Classifier resolveImplementedClassifForDir = resolveImplementedClassifForDir(direction, resolvedRule.getClassifier());
        GbpAceBuilder gbpAceBuilder = new GbpAceBuilder(str);
        boolean z = resolveImplementedClassifForDir != null && resolveImplementedClassifForDir.updateMatch(gbpAceBuilder, resolveClassifParamsForDir);
        Optional<Actions> resolveActions = resolveActions(resolvedRule.getAction());
        if (resolveActions.isPresent() && z) {
            gbpAceBuilder.setAction((Actions) resolveActions.get());
            return Optional.of(gbpAceBuilder);
        }
        LOG.error("Failed to process rule {}. Resolved parameters {}, resolved classifier. Actions resolved: {}{}.", new Object[]{resolvedRule.getName().getValue(), resolveClassifParamsForDir, resolveImplementedClassifForDir, Boolean.valueOf(resolveActions.isPresent())});
        return Optional.absent();
    }

    private static Classifier resolveImplementedClassifForDir(@Nonnull HasDirection.Direction direction, @Nonnull List<org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.Classifier> list) {
        Classifier classifier = null;
        for (org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.Classifier classifier2 : list) {
            if (direction.equals(classifier2.getDirection()) || direction.equals(HasDirection.Direction.Bidirectional)) {
                Classifier classifier3 = SubjectFeatures.getClassifier(classifier2.getClassifierDefinitionId());
                if (classifier == null) {
                    classifier = classifier3;
                }
                if (classifier3.getParent() != null && classifier3.getParent().equals(classifier)) {
                    classifier = classifier3;
                }
            }
        }
        return classifier;
    }

    private static Map<String, ParameterValue> resolveClassifParamsForDir(HasDirection.Direction direction, List<org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.Classifier> list) {
        HashMap hashMap = new HashMap();
        list.stream().filter(classifier -> {
            return direction.equals(classifier.getDirection()) || direction.equals(HasDirection.Direction.Bidirectional);
        }).forEach(classifier2 -> {
            classifier2.getParameterValue().stream().filter(parameterValue -> {
                return hashMap.get(parameterValue.getName().getValue()) == null;
            }).filter(parameterValue2 -> {
                return (parameterValue2.getIntValue() == null && parameterValue2.getStringValue() == null && parameterValue2.getRangeValue() == null) ? false : true;
            }).forEach(parameterValue3 -> {
            });
        });
        return hashMap;
    }

    private static Optional<Actions> resolveActions(List<Action> list) {
        Iterator<Action> it = list.iterator();
        while (it.hasNext()) {
            if (AllowActionDefinition.ID.equals(it.next().getActionDefinitionId())) {
                return Optional.of(new ActionsBuilder().setPacketHandling(new PermitBuilder().setPermit(true).build()).build());
            }
        }
        return Optional.absent();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GbpAceBuilder allowExternalNetworksForEp(@Nonnull RendererEndpointKey rendererEndpointKey, ACE_DIRECTION ace_direction) {
        try {
            InetAddress byName = InetAddress.getByName(substringBeforeSlash(rendererEndpointKey.getAddress()));
            if (byName instanceof Inet4Address) {
                return ACE_DIRECTION.INGRESS.equals(ace_direction) ? new GbpAceBuilder(PERMIT_EXTERNAL_INGRESS).setIpAddresses(new Ipv4Prefix(rendererEndpointKey.getAddress()), (Ipv4Prefix) null).setPermit() : new GbpAceBuilder(PERMIT_EXTERNAL_EGRESS).setIpAddresses((Ipv4Prefix) null, new Ipv4Prefix(rendererEndpointKey.getAddress())).setPermit();
            }
            if (!(byName instanceof Inet6Address)) {
                return null;
            }
            if (ACE_DIRECTION.INGRESS.equals(ace_direction)) {
                new GbpAceBuilder(PERMIT_EXTERNAL_INGRESS).setIpAddresses(new Ipv6Prefix(rendererEndpointKey.getAddress()), (Ipv6Prefix) null).setPermit();
                return null;
            }
            new GbpAceBuilder(PERMIT_EXTERNAL_EGRESS).setIpAddresses((Ipv6Prefix) null, new Ipv6Prefix(rendererEndpointKey.getAddress())).setPermit();
            return null;
        } catch (UnknownHostException e) {
            LOG.error("Failed to parse IP address {}", e);
            return null;
        }
    }

    private static String substringBeforeSlash(String str) {
        return (!str.contains("/") || str.split("/").length <= 0) ? str : str.split("/")[0];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<GbpAceBuilder> denyDomainSubnets(@Nonnull PolicyContext policyContext, @Nonnull ACE_DIRECTION ace_direction) {
        ArrayList arrayList = new ArrayList();
        Iterator it = policyContext.getPolicy().getConfiguration().getRendererForwarding().getRendererForwardingByTenant().iterator();
        while (it.hasNext()) {
            ((RendererForwardingByTenant) it.next()).getRendererNetworkDomain().stream().filter(rendererNetworkDomain -> {
                return Subnet.class.equals(rendererNetworkDomain.getNetworkDomainType());
            }).forEach(rendererNetworkDomain2 -> {
                SubnetAugmentRenderer augmentation = rendererNetworkDomain2.getAugmentation(SubnetAugmentRenderer.class);
                augmentation.getSubnet();
                if (ace_direction.equals(ACE_DIRECTION.INGRESS) && augmentation.getSubnet().isIsTenant().booleanValue()) {
                    arrayList.add(denyIngressTrafficForPrefix(augmentation.getSubnet()));
                } else if (augmentation.getSubnet().isIsTenant().booleanValue()) {
                    arrayList.add(denyEgressTrafficForPrefix(augmentation.getSubnet()));
                }
            });
        }
        return arrayList;
    }

    private static GbpAceBuilder denyEgressTrafficForPrefix(org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev170511.has.subnet.Subnet subnet) {
        IpPrefix ipPrefix = subnet.getIpPrefix();
        if (ipPrefix.getIpv4Prefix() != null) {
            return new GbpAceBuilder("deny_egress_ipv4_" + String.valueOf(ipPrefix.getValue())).setIpAddresses(ipPrefix.getIpv4Prefix(), (Ipv4Prefix) null).setDeny();
        }
        if (ipPrefix.getIpv6Prefix() != null) {
            return new GbpAceBuilder("deny_egress_ipv6_" + String.valueOf(ipPrefix.getValue())).setIpAddresses(ipPrefix.getIpv6Prefix(), (Ipv6Prefix) null).setDeny();
        }
        throw new IllegalStateException("Unknown prefix type " + subnet.getIpPrefix());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setSourceL3Address(GbpAceBuilder gbpAceBuilder, String str) throws UnknownHostException {
        if (isIpv6Address(str)) {
            gbpAceBuilder.setIpAddresses(new Ipv6Prefix(str), (Ipv6Prefix) null);
        } else {
            gbpAceBuilder.setIpAddresses(new Ipv4Prefix(str), (Ipv4Prefix) null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setDestinationL3Address(GbpAceBuilder gbpAceBuilder, String str) throws UnknownHostException {
        if (isIpv6Address(str)) {
            gbpAceBuilder.setIpAddresses((Ipv6Prefix) null, new Ipv6Prefix(str));
        } else {
            gbpAceBuilder.setIpAddresses((Ipv4Prefix) null, new Ipv4Prefix(str));
        }
    }

    public static boolean isIpv4Address(String str) throws UnknownHostException {
        return InetAddress.getByName(substringBeforeSlash(str)) instanceof Inet4Address;
    }

    public static boolean isIpv6Address(String str) throws UnknownHostException {
        return InetAddress.getByName(substringBeforeSlash(str)) instanceof Inet6Address;
    }

    static GbpAceBuilder denyIngressTrafficForPrefix(org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev170511.has.subnet.Subnet subnet) {
        IpPrefix ipPrefix = subnet.getIpPrefix();
        if (ipPrefix.getIpv4Prefix() != null) {
            return new GbpAceBuilder("deny_ingress_ipv4_" + String.valueOf(ipPrefix.getValue())).setIpAddresses((Ipv4Prefix) null, ipPrefix.getIpv4Prefix()).setDeny();
        }
        if (ipPrefix.getIpv6Prefix() != null) {
            return new GbpAceBuilder("deny_ingress_ipv6_" + String.valueOf(ipPrefix.getValue())).setIpAddresses((Ipv6Prefix) null, ipPrefix.getIpv6Prefix()).setDeny();
        }
        throw new IllegalStateException("Unknown prefix type " + subnet.getIpPrefix());
    }
}
