package com.yahoo.vespa.hosted.node.admin.maintenance.acl;

import com.yahoo.vespa.hosted.dockerapi.ContainerName;
import com.yahoo.vespa.hosted.node.admin.docker.DockerOperations;
import com.yahoo.vespa.hosted.node.admin.task.util.file.Editor;
import com.yahoo.vespa.hosted.node.admin.task.util.file.LineEditor;
import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion;
import com.yahoo.vespa.hosted.node.admin.util.PrefixLogger;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Arrays;
import java.util.List;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;

/* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/maintenance/acl/IPTablesEditor.class */
class IPTablesEditor {
    private final PrefixLogger log;
    private final DockerOperations dockerOperations;
    private final ContainerName containerName;
    private final Consumer<String> testInterceptor;

    public IPTablesEditor(DockerOperations dockerOperations, ContainerName containerName) {
        this(dockerOperations, containerName, str -> {
        });
    }

    IPTablesEditor(DockerOperations dockerOperations, ContainerName containerName, Consumer<String> consumer) {
        this.dockerOperations = dockerOperations;
        this.containerName = containerName;
        this.testInterceptor = consumer;
        this.log = PrefixLogger.getNodeAgentLogger(AclMaintainer.class, containerName);
    }

    public static boolean editFlushOnError(DockerOperations dockerOperations, ContainerName containerName, IPVersion iPVersion, String str, LineEditor lineEditor) {
        return new IPTablesEditor(dockerOperations, containerName).edit(str, iPVersion, lineEditor, true);
    }

    public static boolean editLogOnError(DockerOperations dockerOperations, ContainerName containerName, IPVersion iPVersion, String str, LineEditor lineEditor) {
        return new IPTablesEditor(dockerOperations, containerName).edit(str, iPVersion, lineEditor, false);
    }

    public boolean edit(String str, IPVersion iPVersion, LineEditor lineEditor, boolean z) {
        Editor editor = new Editor(iPVersion.iptablesCmd() + "-" + str, listTable(str, iPVersion), restoreTable(str, iPVersion, z), lineEditor);
        PrefixLogger prefixLogger = this.log;
        prefixLogger.getClass();
        return editor.edit(prefixLogger::info);
    }

    private Supplier<List<String>> listTable(String str, IPVersion iPVersion) {
        return () -> {
            return (List) Arrays.stream(this.dockerOperations.executeCommandInNetworkNamespace(this.containerName, iPVersion.iptablesCmd(), "-S", "-t", str).getOutput().split("\n")).map((v0) -> {
                return v0.trim();
            }).collect(Collectors.toList());
        };
    }

    private Consumer<List<String>> restoreTable(String str, IPVersion iPVersion, boolean z) {
        return list -> {
            File file = null;
            try {
                try {
                    String str2 = "*" + str + "\n" + String.join("\n", list) + "\nCOMMIT\n";
                    file = writeTempFile(str, str2);
                    this.dockerOperations.executeCommandInNetworkNamespace(this.containerName, iPVersion.iptablesRestore(), file.getAbsolutePath());
                    this.testInterceptor.accept(str2);
                    if (file != null) {
                        file.delete();
                    }
                } catch (Exception e) {
                    if (z) {
                        this.log.error("Exception occurred while syncing iptable " + str + " for " + this.containerName.asString() + ", attempting rollback", e);
                        try {
                            this.dockerOperations.executeCommandInNetworkNamespace(this.containerName, iPVersion.iptablesCmd(), "-F", "-t", str);
                        } catch (Exception e2) {
                            this.log.error("Rollback of table " + str + " for " + this.containerName.asString() + " failed, giving up", e2);
                        }
                    } else {
                        this.log.warning("Unable to sync iptables for " + str, e);
                    }
                    if (file != null) {
                        file.delete();
                    }
                }
            } catch (Throwable th) {
                if (file != null) {
                    file.delete();
                }
                throw th;
            }
        };
    }

    private File writeTempFile(String str, String str2) {
        try {
            Path createTempFile = Files.createTempFile("iptables-restore", "." + str, new FileAttribute[0]);
            File file = createTempFile.toFile();
            Files.write(createTempFile, str2.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
            file.deleteOnExit();
            return file;
        } catch (IOException e) {
            throw new RuntimeException("Unable to write restore file for iptables.", e);
        }
    }
}
