package org.jclouds.azurecompute.arm.compute.extensions;

import com.google.common.base.Function;
import com.google.common.base.Objects;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.base.Supplier;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Multimap;
import com.google.common.collect.Ordering;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import org.jclouds.azurecompute.arm.AzureComputeApi;
import org.jclouds.azurecompute.arm.compute.config.AzurePredicatesModule;
import org.jclouds.azurecompute.arm.compute.domain.ResourceGroupAndName;
import org.jclouds.azurecompute.arm.domain.IdReference;
import org.jclouds.azurecompute.arm.domain.NetworkInterfaceCard;
import org.jclouds.azurecompute.arm.domain.NetworkProfile;
import org.jclouds.azurecompute.arm.domain.NetworkSecurityGroup;
import org.jclouds.azurecompute.arm.domain.NetworkSecurityGroupProperties;
import org.jclouds.azurecompute.arm.domain.NetworkSecurityRule;
import org.jclouds.azurecompute.arm.domain.NetworkSecurityRuleProperties;
import org.jclouds.azurecompute.arm.domain.ResourceGroup;
import org.jclouds.azurecompute.arm.domain.VirtualMachine;
import org.jclouds.azurecompute.arm.features.NetworkSecurityRuleApi;
import org.jclouds.compute.domain.SecurityGroup;
import org.jclouds.compute.domain.SecurityGroupBuilder;
import org.jclouds.compute.extensions.SecurityGroupExtension;
import org.jclouds.compute.reference.ComputeServiceConstants;
import org.jclouds.domain.Location;
import org.jclouds.googlecomputeengine.compute.strategy.CreateNodesWithGroupEncodedIntoNameThenAddToSet;
import org.jclouds.location.Region;
import org.jclouds.logging.Logger;
import org.jclouds.net.domain.IpPermission;
import org.jclouds.net.domain.IpProtocol;

/* loaded from: input_file:azurecompute-arm-2.2.1.jar:org/jclouds/azurecompute/arm/compute/extensions/AzureComputeSecurityGroupExtension.class */
public class AzureComputeSecurityGroupExtension implements SecurityGroupExtension {

    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger = Logger.NULL;
    private final AzureComputeApi api;
    private final Function<NetworkSecurityGroup, SecurityGroup> securityGroupConverter;
    private final AzurePredicatesModule.SecurityGroupAvailablePredicateFactory securityGroupAvailable;
    private final AzurePredicatesModule.SecurityGroupRuleAvailablePredicateFactory securityGroupRuleAvailable;
    private final Predicate<URI> resourceDeleted;
    private final LoadingCache<String, ResourceGroup> defaultResourceGroup;
    private final Supplier<Set<String>> regionIds;

    @Inject
    AzureComputeSecurityGroupExtension(AzureComputeApi azureComputeApi, Function<NetworkSecurityGroup, SecurityGroup> function, AzurePredicatesModule.SecurityGroupAvailablePredicateFactory securityGroupAvailablePredicateFactory, AzurePredicatesModule.SecurityGroupRuleAvailablePredicateFactory securityGroupRuleAvailablePredicateFactory, @Named("jclouds.azurecompute.arm.timeout.resourcedeleted") Predicate<URI> predicate, LoadingCache<String, ResourceGroup> loadingCache, @Region Supplier<Set<String>> supplier) {
        this.api = azureComputeApi;
        this.securityGroupConverter = function;
        this.securityGroupAvailable = securityGroupAvailablePredicateFactory;
        this.securityGroupRuleAvailable = securityGroupRuleAvailablePredicateFactory;
        this.resourceDeleted = predicate;
        this.defaultResourceGroup = loadingCache;
        this.regionIds = supplier;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public Set<SecurityGroup> listSecurityGroupsInLocation(Location location) {
        return securityGroupsInLocations(ImmutableSet.of(location.getId()));
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public Set<SecurityGroup> listSecurityGroups() {
        return securityGroupsInLocations(this.regionIds.get());
    }

    private Set<SecurityGroup> securityGroupsInLocations(final Set<String> set) {
        return ImmutableSet.copyOf(Iterables.filter(ImmutableSet.copyOf(Iterables.transform(Iterables.filter(this.api.getNetworkSecurityGroupApi(null).listAll(), Predicates.notNull()), this.securityGroupConverter)), new Predicate<SecurityGroup>() { // from class: org.jclouds.azurecompute.arm.compute.extensions.AzureComputeSecurityGroupExtension.1
            @Override // com.google.common.base.Predicate
            public boolean apply(SecurityGroup securityGroup) {
                return securityGroup.getLocation() != null && set.contains(securityGroup.getLocation().getId());
            }
        }));
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public Set<SecurityGroup> listSecurityGroupsForNode(String str) {
        this.logger.debug(">> getting security groups for node %s...", str);
        ResourceGroupAndName fromSlashEncoded = ResourceGroupAndName.fromSlashEncoded(str);
        VirtualMachine virtualMachine = this.api.getVirtualMachineApi(fromSlashEncoded.resourceGroup()).get(fromSlashEncoded.name());
        if (virtualMachine == null) {
            throw new IllegalArgumentException("Node " + str + " was not found");
        }
        List<NetworkProfile.NetworkInterface> networkInterfaces = virtualMachine.properties().networkProfile().networkInterfaces();
        ArrayList arrayList = new ArrayList();
        for (NetworkProfile.NetworkInterface networkInterface : networkInterfaces) {
            NetworkInterfaceCard networkInterfaceCard = this.api.getNetworkInterfaceCardApi(IdReference.extractResourceGroup(networkInterface.id())).get(IdReference.extractName(networkInterface.id()));
            if (networkInterfaceCard != null && networkInterfaceCard.properties().networkSecurityGroup() != null) {
                arrayList.add(this.api.getNetworkSecurityGroupApi(networkInterfaceCard.properties().networkSecurityGroup().resourceGroup()).get(networkInterfaceCard.properties().networkSecurityGroup().name()));
            }
        }
        return ImmutableSet.copyOf(Iterables.transform(Iterables.filter(arrayList, Predicates.notNull()), this.securityGroupConverter));
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup getSecurityGroupById(String str) {
        this.logger.debug(">> getting security group %s...", str);
        ResourceGroupAndName fromSlashEncoded = ResourceGroupAndName.fromSlashEncoded(str);
        NetworkSecurityGroup networkSecurityGroup = this.api.getNetworkSecurityGroupApi(fromSlashEncoded.resourceGroup()).get(fromSlashEncoded.name());
        if (networkSecurityGroup == null) {
            return null;
        }
        return this.securityGroupConverter.apply2(networkSecurityGroup);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup createSecurityGroup(String str, Location location) {
        ResourceGroup unchecked = this.defaultResourceGroup.getUnchecked(location.getId());
        this.logger.debug(">> creating security group %s in %s...", str, location);
        SecurityGroupBuilder securityGroupBuilder = new SecurityGroupBuilder();
        securityGroupBuilder.name2(str);
        securityGroupBuilder.location2(location);
        NetworkSecurityGroup createOrUpdate = this.api.getNetworkSecurityGroupApi(unchecked.name()).createOrUpdate(str, location.getId(), null, NetworkSecurityGroupProperties.builder().build());
        Preconditions.checkState(this.securityGroupAvailable.create(unchecked.name()).apply(str), "Security group was not created in the configured timeout");
        return this.securityGroupConverter.apply2(createOrUpdate);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean removeSecurityGroup(String str) {
        this.logger.debug(">> deleting security group %s...", str);
        ResourceGroupAndName fromSlashEncoded = ResourceGroupAndName.fromSlashEncoded(str);
        URI delete = this.api.getNetworkSecurityGroupApi(fromSlashEncoded.resourceGroup()).delete(fromSlashEncoded.name());
        if (delete != null) {
            return this.resourceDeleted.apply(delete);
        }
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup addIpPermission(IpPermission ipPermission, SecurityGroup securityGroup) {
        return addIpPermission(ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs(), ipPermission.getCidrBlocks(), ipPermission.getGroupIds(), securityGroup);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup removeIpPermission(IpPermission ipPermission, SecurityGroup securityGroup) {
        return removeIpPermission(ipPermission.getIpProtocol(), ipPermission.getFromPort(), ipPermission.getToPort(), ipPermission.getTenantIdGroupNamePairs(), ipPermission.getCidrBlocks(), ipPermission.getGroupIds(), securityGroup);
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup addIpPermission(IpProtocol ipProtocol, int i, int i2, Multimap<String, String> multimap, Iterable<String> iterable, Iterable<String> iterable2, SecurityGroup securityGroup) {
        String str = i + "-" + i2;
        String str2 = "ingress-" + ipProtocol.name().toLowerCase() + "-" + str;
        this.logger.debug(">> adding ip permission [%s] to %s...", str2, securityGroup.getName());
        ResourceGroupAndName fromSlashEncoded = ResourceGroupAndName.fromSlashEncoded(securityGroup.getId());
        NetworkSecurityGroup networkSecurityGroup = this.api.getNetworkSecurityGroupApi(fromSlashEncoded.resourceGroup()).get(fromSlashEncoded.name());
        if (networkSecurityGroup == null) {
            throw new IllegalArgumentException("Security group " + securityGroup.getName() + " was not found");
        }
        NetworkSecurityRuleApi networkSecurityRuleApi = this.api.getNetworkSecurityRuleApi(fromSlashEncoded.resourceGroup(), networkSecurityGroup.name());
        int ruleStartingPriority = getRuleStartingPriority(networkSecurityGroup);
        for (String str3 : iterable) {
            int i3 = ruleStartingPriority;
            ruleStartingPriority++;
            NetworkSecurityRuleProperties build = NetworkSecurityRuleProperties.builder().protocol(NetworkSecurityRuleProperties.Protocol.fromValue(ipProtocol.name())).sourceAddressPrefix(str3).sourcePortRange("*").destinationAddressPrefix("*").destinationPortRange(str).direction(NetworkSecurityRuleProperties.Direction.Inbound).access(NetworkSecurityRuleProperties.Access.Allow).priority(Integer.valueOf(i3)).build();
            this.logger.debug(">> creating network security rule %s for %s...", str2, str3);
            networkSecurityRuleApi.createOrUpdate(str2, build);
            Preconditions.checkState(this.securityGroupRuleAvailable.create(fromSlashEncoded.resourceGroup(), networkSecurityGroup.name()).apply(str2), "Security group was not updated in the configured timeout");
        }
        return getSecurityGroupById(securityGroup.getId());
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public SecurityGroup removeIpPermission(final IpProtocol ipProtocol, int i, int i2, Multimap<String, String> multimap, final Iterable<String> iterable, Iterable<String> iterable2, SecurityGroup securityGroup) {
        final String str = i + "-" + i2;
        this.logger.debug(">> deleting ip permissions matching [%s] from %s...", "ingress-" + ipProtocol.name().toLowerCase() + "-" + str, securityGroup.getName());
        ResourceGroupAndName fromSlashEncoded = ResourceGroupAndName.fromSlashEncoded(securityGroup.getId());
        NetworkSecurityGroup networkSecurityGroup = this.api.getNetworkSecurityGroupApi(fromSlashEncoded.resourceGroup()).get(fromSlashEncoded.name());
        if (networkSecurityGroup == null) {
            throw new IllegalArgumentException("Security group " + securityGroup.getName() + " was not found");
        }
        NetworkSecurityRuleApi networkSecurityRuleApi = this.api.getNetworkSecurityRuleApi(fromSlashEncoded.resourceGroup(), networkSecurityGroup.name());
        for (NetworkSecurityRule networkSecurityRule : Iterables.filter(networkSecurityRuleApi.list(), new Predicate<NetworkSecurityRule>() { // from class: org.jclouds.azurecompute.arm.compute.extensions.AzureComputeSecurityGroupExtension.2
            @Override // com.google.common.base.Predicate
            public boolean apply(NetworkSecurityRule networkSecurityRule2) {
                NetworkSecurityRuleProperties properties = networkSecurityRule2.properties();
                return Objects.equal(str, properties.destinationPortRange()) && Objects.equal(NetworkSecurityRuleProperties.Protocol.fromValue(ipProtocol.name()), properties.protocol()) && Objects.equal(NetworkSecurityRuleProperties.Direction.Inbound, properties.direction()) && Objects.equal(NetworkSecurityRuleProperties.Access.Allow, properties.access()) && Iterables.any(iterable, Predicates.equalTo(properties.sourceAddressPrefix().replace("*", CreateNodesWithGroupEncodedIntoNameThenAddToSet.EXTERIOR_RANGE)));
            }
        })) {
            this.logger.debug(">> deleting network security rule %s from %s...", networkSecurityRule.name(), securityGroup.getName());
            URI delete = networkSecurityRuleApi.delete(networkSecurityRule.name());
            if (delete != null) {
                Preconditions.checkState(this.resourceDeleted.apply(delete), "Rule %s could not be deleted in the configured timeout", networkSecurityRule.id());
            }
        }
        return getSecurityGroupById(securityGroup.getId());
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsTenantIdGroupNamePairs() {
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsTenantIdGroupIdPairs() {
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsGroupIds() {
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsPortRangesForGroups() {
        return false;
    }

    @Override // org.jclouds.compute.extensions.SecurityGroupExtension
    public boolean supportsExclusionCidrBlocks() {
        return false;
    }

    private int getRuleStartingPriority(NetworkSecurityGroup networkSecurityGroup) {
        List<NetworkSecurityRule> securityRules = networkSecurityGroup.properties().securityRules();
        if (securityRules.isEmpty()) {
            return 100;
        }
        return ((NetworkSecurityRule) rulesByPriority().max(securityRules)).properties().priority().intValue() + 1;
    }

    private static Ordering<NetworkSecurityRule> rulesByPriority() {
        return new Ordering<NetworkSecurityRule>() { // from class: org.jclouds.azurecompute.arm.compute.extensions.AzureComputeSecurityGroupExtension.3
            @Override // com.google.common.collect.Ordering, java.util.Comparator
            public int compare(NetworkSecurityRule networkSecurityRule, NetworkSecurityRule networkSecurityRule2) {
                return networkSecurityRule.properties().priority().intValue() - networkSecurityRule2.properties().priority().intValue();
            }
        };
    }
}
