package com.yahoo.vespa.hosted.node.admin.configserver.noderepository;

import com.google.common.collect.ImmutableList;
import com.google.common.net.InetAddresses;
import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion;
import java.net.InetAddress;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.class */
public class Acl {
    private final List<InetAddress> trustedNodes;
    private final List<Integer> trustedPorts;

    public Acl(List<Integer> list, List<InetAddress> list2) {
        this.trustedNodes = list2 != null ? ImmutableList.copyOf(list2) : Collections.emptyList();
        this.trustedPorts = list != null ? ImmutableList.copyOf(list) : Collections.emptyList();
    }

    public List<String> toRules(IPVersion iPVersion) {
        LinkedList linkedList = new LinkedList();
        linkedList.add("-P INPUT ACCEPT");
        linkedList.add("-P FORWARD ACCEPT");
        linkedList.add("-P OUTPUT ACCEPT");
        linkedList.add("-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT");
        linkedList.add("-A INPUT -i lo -j ACCEPT");
        linkedList.add("-A INPUT -p " + iPVersion.icmpProtocol() + " -j ACCEPT");
        String str = (String) this.trustedPorts.stream().map(num -> {
            return Integer.toString(num.intValue());
        }).sorted().collect(Collectors.joining(","));
        if (!str.isEmpty()) {
            linkedList.add("-A INPUT -p tcp -m multiport --dports " + str + " -j ACCEPT");
        }
        Stream<InetAddress> stream = this.trustedNodes.stream();
        iPVersion.getClass();
        Stream sorted = stream.filter(iPVersion::match).map(inetAddress -> {
            return "-A INPUT -s " + InetAddresses.toAddrString(inetAddress) + iPVersion.singleHostCidr() + " -j ACCEPT";
        }).sorted();
        linkedList.getClass();
        sorted.forEach((v1) -> {
            r1.add(v1);
        });
        linkedList.add("-A INPUT -j REJECT --reject-with " + iPVersion.icmpPortUnreachable());
        return Collections.unmodifiableList(linkedList);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        Acl acl = (Acl) obj;
        return Objects.equals(this.trustedPorts, acl.trustedPorts) && Objects.equals(this.trustedNodes, acl.trustedNodes);
    }

    public int hashCode() {
        return Objects.hash(this.trustedPorts, this.trustedNodes);
    }
}
