package org.jclouds.cloudstack.functions;

import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Supplier;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.jclouds.cloudstack.CloudStackApi;
import org.jclouds.cloudstack.domain.SecurityGroup;
import org.jclouds.cloudstack.domain.Zone;
import org.jclouds.cloudstack.domain.ZoneSecurityGroupNamePortsCidrs;
import org.jclouds.cloudstack.options.AccountInDomainOptions;
import org.jclouds.cloudstack.predicates.SecurityGroupPredicates;
import org.jclouds.cloudstack.predicates.ZonePredicates;
import org.jclouds.compute.reference.ComputeServiceConstants;
import org.jclouds.googlecomputeengine.compute.strategy.CreateNodesWithGroupEncodedIntoNameThenAddToSet;
import org.jclouds.logging.Logger;

@Singleton
/* loaded from: input_file:org/jclouds/cloudstack/functions/CreateSecurityGroupIfNeeded.class */
public class CreateSecurityGroupIfNeeded implements Function<ZoneSecurityGroupNamePortsCidrs, SecurityGroup> {

    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger = Logger.NULL;
    protected final CloudStackApi client;
    protected final Supplier<LoadingCache<String, Zone>> zoneIdToZone;
    protected final Predicate<String> jobComplete;

    @Inject
    public CreateSecurityGroupIfNeeded(CloudStackApi cloudStackApi, Predicate<String> predicate, Supplier<LoadingCache<String, Zone>> supplier) {
        this.client = (CloudStackApi) Preconditions.checkNotNull(cloudStackApi, "client");
        this.jobComplete = (Predicate) Preconditions.checkNotNull(predicate, "jobComplete");
        this.zoneIdToZone = supplier;
    }

    @Override // com.google.common.base.Function
    /* renamed from: apply, reason: avoid collision after fix types in other method */
    public SecurityGroup apply2(ZoneSecurityGroupNamePortsCidrs zoneSecurityGroupNamePortsCidrs) {
        Preconditions.checkNotNull(zoneSecurityGroupNamePortsCidrs, "input");
        String zone = zoneSecurityGroupNamePortsCidrs.getZone();
        Preconditions.checkArgument(ZonePredicates.supportsSecurityGroups().apply(this.zoneIdToZone.get().getUnchecked(zone)), "Security groups are required, but the zone %s does not support security groups", zone);
        this.logger.debug(">> creating securityGroup %s", zoneSecurityGroupNamePortsCidrs);
        try {
            SecurityGroup createSecurityGroup = this.client.getSecurityGroupApi().createSecurityGroup(zoneSecurityGroupNamePortsCidrs.getName());
            this.logger.debug("<< created securityGroup(%s)", createSecurityGroup);
            ImmutableSet copyOf = !zoneSecurityGroupNamePortsCidrs.getCidrs().isEmpty() ? ImmutableSet.copyOf((Collection) zoneSecurityGroupNamePortsCidrs.getCidrs()) : ImmutableSet.of(CreateNodesWithGroupEncodedIntoNameThenAddToSet.EXTERIOR_RANGE);
            Iterator<Integer> it = zoneSecurityGroupNamePortsCidrs.getPorts().iterator();
            while (it.hasNext()) {
                authorizeGroupToItselfAndToTCPPortAndCidr(this.client, createSecurityGroup, it.next().intValue(), copyOf);
            }
            return createSecurityGroup;
        } catch (IllegalStateException e) {
            this.logger.trace("<< trying to find securityGroup(%s): %s", zoneSecurityGroupNamePortsCidrs, e.getMessage());
            SecurityGroup securityGroupByName = this.client.getSecurityGroupApi().getSecurityGroupByName(zoneSecurityGroupNamePortsCidrs.getName());
            this.logger.debug("<< reused securityGroup(%s)", securityGroupByName.getId());
            return securityGroupByName;
        }
    }

    private void authorizeGroupToItselfAndToTCPPortAndCidr(CloudStackApi cloudStackApi, SecurityGroup securityGroup, int i, Set<String> set) {
        for (String str : set) {
            this.logger.debug(">> authorizing securityGroup(%s) permission to %s on port %d", securityGroup, str, Integer.valueOf(i));
            if (!SecurityGroupPredicates.portInRangeForCidr(i, str).apply(securityGroup)) {
                this.jobComplete.apply(cloudStackApi.getSecurityGroupApi().authorizeIngressPortsToCIDRs(securityGroup.getId(), "TCP", i, i, ImmutableSet.of(str), new AccountInDomainOptions[0]));
                this.logger.debug("<< authorized securityGroup(%s) permission to %s on port %d", securityGroup, str, Integer.valueOf(i));
            }
        }
    }
}
