package org.onosproject.acl.impl;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
import org.onlab.packet.Ethernet;
import org.onlab.packet.Ip4Address;
import org.onlab.packet.Ip4Prefix;
import org.onlab.packet.IpAddress;
import org.onlab.packet.TpPort;
import org.onosproject.acl.AclRule;
import org.onosproject.acl.AclService;
import org.onosproject.acl.AclStore;
import org.onosproject.acl.RuleId;
import org.onosproject.core.ApplicationId;
import org.onosproject.core.CoreService;
import org.onosproject.core.IdGenerator;
import org.onosproject.mastership.MastershipService;
import org.onosproject.net.DeviceId;
import org.onosproject.net.Host;
import org.onosproject.net.MastershipRole;
import org.onosproject.net.PortNumber;
import org.onosproject.net.flow.DefaultFlowEntry;
import org.onosproject.net.flow.DefaultFlowRule;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.FlowRule;
import org.onosproject.net.flow.FlowRuleService;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flow.TrafficTreatment;
import org.onosproject.net.flow.instructions.Instructions;
import org.onosproject.net.host.HostEvent;
import org.onosproject.net.host.HostListener;
import org.onosproject.net.host.HostService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(immediate = true)
/* loaded from: input_file:WEB-INF/classes/org/onosproject/acl/impl/AclManager.class */
public class AclManager implements AclService {

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected CoreService coreService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected FlowRuleService flowRuleService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected HostService hostService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected MastershipService mastershipService;

    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
    protected AclStore aclStore;
    private ApplicationId appId;
    private IdGenerator idGenerator;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final HostListener hostListener = new InternalHostListener();

    /* loaded from: input_file:WEB-INF/classes/org/onosproject/acl/impl/AclManager$InternalHostListener.class */
    private class InternalHostListener implements HostListener {
        private InternalHostListener() {
        }

        /* JADX WARN: Removed duplicated region for block: B:12:0x007d A[SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:23:0x0023 A[SYNTHETIC] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private void processHostAddedEvent(org.onosproject.net.host.HostEvent r5, org.onosproject.acl.AclRule r6) {
            /*
                r4 = this;
                r0 = r5
                java.lang.Object r0 = r0.subject()
                org.onosproject.net.Host r0 = (org.onosproject.net.Host) r0
                org.onosproject.net.HostLocation r0 = r0.location()
                org.onosproject.net.DeviceId r0 = r0.deviceId()
                r7 = r0
                r0 = r5
                java.lang.Object r0 = r0.subject()
                org.onosproject.net.Host r0 = (org.onosproject.net.Host) r0
                java.util.Set r0 = r0.ipAddresses()
                java.util.Iterator r0 = r0.iterator()
                r8 = r0
            L23:
                r0 = r8
                boolean r0 = r0.hasNext()
                if (r0 == 0) goto Ld8
                r0 = r8
                java.lang.Object r0 = r0.next()
                org.onlab.packet.IpAddress r0 = (org.onlab.packet.IpAddress) r0
                r9 = r0
                r0 = r6
                org.onlab.packet.Ip4Prefix r0 = r0.srcIp()
                if (r0 == 0) goto L56
                r0 = r4
                org.onosproject.acl.impl.AclManager r0 = org.onosproject.acl.impl.AclManager.this
                r1 = r9
                org.onlab.packet.Ip4Address r1 = r1.getIp4Address()
                r2 = r6
                org.onlab.packet.Ip4Prefix r2 = r2.srcIp()
                boolean r0 = org.onosproject.acl.impl.AclManager.access$100(r0, r1, r2)
                if (r0 == 0) goto Ld5
                goto L69
            L56:
                r0 = r4
                org.onosproject.acl.impl.AclManager r0 = org.onosproject.acl.impl.AclManager.this
                r1 = r9
                org.onlab.packet.Ip4Address r1 = r1.getIp4Address()
                r2 = r6
                org.onlab.packet.Ip4Prefix r2 = r2.dstIp()
                boolean r0 = org.onosproject.acl.impl.AclManager.access$100(r0, r1, r2)
                if (r0 == 0) goto Ld5
            L69:
                r0 = r4
                org.onosproject.acl.impl.AclManager r0 = org.onosproject.acl.impl.AclManager.this
                org.onosproject.acl.AclStore r0 = r0.aclStore
                r1 = r6
                org.onosproject.acl.RuleId r1 = r1.id()
                r2 = r7
                boolean r0 = r0.checkIfRuleWorksInDevice(r1, r2)
                if (r0 != 0) goto Ld5
                r0 = r4
                org.onosproject.acl.impl.AclManager r0 = org.onosproject.acl.impl.AclManager.this
                org.onosproject.acl.AclStore r0 = r0.aclStore
                r1 = r6
                org.onosproject.acl.RuleId r1 = r1.id()
                java.util.List r0 = r0.getAllowingRuleByDenyingRule(r1)
                r10 = r0
                r0 = r10
                if (r0 == 0) goto Lcc
                r0 = r10
                java.util.Iterator r0 = r0.iterator()
                r11 = r0
            L9d:
                r0 = r11
                boolean r0 = r0.hasNext()
                if (r0 == 0) goto Lcc
                r0 = r11
                java.lang.Object r0 = r0.next()
                org.onosproject.acl.RuleId r0 = (org.onosproject.acl.RuleId) r0
                r12 = r0
                r0 = r4
                org.onosproject.acl.impl.AclManager r0 = org.onosproject.acl.impl.AclManager.this
                r1 = r4
                org.onosproject.acl.impl.AclManager r1 = org.onosproject.acl.impl.AclManager.this
                org.onosproject.acl.AclStore r1 = r1.aclStore
                r2 = r12
                org.onosproject.acl.AclRule r1 = r1.getAclRule(r2)
                r2 = r7
                org.onosproject.acl.impl.AclManager.access$200(r0, r1, r2)
                goto L9d
            Lcc:
                r0 = r4
                org.onosproject.acl.impl.AclManager r0 = org.onosproject.acl.impl.AclManager.this
                r1 = r6
                r2 = r7
                org.onosproject.acl.impl.AclManager.access$200(r0, r1, r2)
            Ld5:
                goto L23
            Ld8:
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.onosproject.acl.impl.AclManager.InternalHostListener.processHostAddedEvent(org.onosproject.net.host.HostEvent, org.onosproject.acl.AclRule):void");
        }

        public void event(HostEvent hostEvent) {
            if (hostEvent.type() == HostEvent.Type.HOST_ADDED) {
                if (AclManager.this.mastershipService.getLocalRole(((Host) hostEvent.subject()).location().deviceId()) == MastershipRole.MASTER) {
                    for (AclRule aclRule : AclManager.this.aclStore.getAclRules()) {
                        if (aclRule.action() != AclRule.Action.ALLOW) {
                            processHostAddedEvent(hostEvent, aclRule);
                        }
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkIpInCidr(Ip4Address ip4Address, Ip4Prefix ip4Prefix) {
        int prefixLength = 32 - ip4Prefix.prefixLength();
        return ((ip4Prefix.address().toInt() >> prefixLength) << prefixLength) == ((ip4Address.toInt() >> prefixLength) << prefixLength);
    }

    @Activate
    public void activate() {
        this.appId = this.coreService.registerApplication("org.onosproject.acl");
        this.hostService.addListener(this.hostListener);
        this.idGenerator = this.coreService.getIdGenerator("acl-ids");
        AclRule.bindIdGenerator(this.idGenerator);
        this.log.info("Started");
    }

    @Deactivate
    public void deactivate() {
        this.hostService.removeListener(this.hostListener);
        this.flowRuleService.removeFlowRulesById(this.appId);
        this.aclStore.clearAcl();
        this.log.info("Stopped");
    }

    @Override // org.onosproject.acl.AclService
    public List<AclRule> getAclRules() {
        return this.aclStore.getAclRules();
    }

    private boolean matchCheck(AclRule aclRule) {
        for (AclRule aclRule2 : this.aclStore.getAclRules()) {
            if (aclRule.checkMatch(aclRule2)) {
                return true;
            }
            if (aclRule2.action() == AclRule.Action.ALLOW && aclRule.action() == AclRule.Action.DENY && aclRule2.checkMatch(aclRule)) {
                this.aclStore.addDenyToAllowMapping(aclRule.id(), aclRule2.id());
            }
        }
        return false;
    }

    @Override // org.onosproject.acl.AclService
    public boolean addAclRule(AclRule aclRule) {
        if (matchCheck(aclRule)) {
            return false;
        }
        this.aclStore.addAclRule(aclRule);
        this.log.info("ACL rule(id:{}) is added.", aclRule.id());
        if (aclRule.action() == AclRule.Action.ALLOW) {
            return true;
        }
        enforceRuleAdding(aclRule);
        return true;
    }

    private Set<DeviceId> getDeviceIdSet(Ip4Prefix ip4Prefix) {
        HashSet hashSet = new HashSet();
        Iterable<Host> hosts = this.hostService.getHosts();
        if (ip4Prefix.prefixLength() != 32) {
            for (Host host : hosts) {
                Iterator it = host.ipAddresses().iterator();
                while (it.hasNext()) {
                    if (checkIpInCidr(((IpAddress) it.next()).getIp4Address(), ip4Prefix)) {
                        hashSet.add(host.location().deviceId());
                    }
                }
            }
        } else {
            for (Host host2 : hosts) {
                Iterator it2 = host2.ipAddresses().iterator();
                while (it2.hasNext()) {
                    if (checkIpInCidr(((IpAddress) it2.next()).getIp4Address(), ip4Prefix)) {
                        hashSet.add(host2.location().deviceId());
                        return hashSet;
                    }
                }
            }
        }
        return hashSet;
    }

    private void enforceRuleAdding(AclRule aclRule) {
        for (DeviceId deviceId : aclRule.srcIp() != null ? getDeviceIdSet(aclRule.srcIp()) : getDeviceIdSet(aclRule.dstIp())) {
            List<RuleId> allowingRuleByDenyingRule = this.aclStore.getAllowingRuleByDenyingRule(aclRule.id());
            if (allowingRuleByDenyingRule != null) {
                Iterator<RuleId> it = allowingRuleByDenyingRule.iterator();
                while (it.hasNext()) {
                    generateAclFlow(this.aclStore.getAclRule(it.next()), deviceId);
                }
            }
            generateAclFlow(aclRule, deviceId);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void generateAclFlow(AclRule aclRule, DeviceId deviceId) {
        if (aclRule == null || this.aclStore.checkIfRuleWorksInDevice(aclRule.id(), deviceId)) {
            return;
        }
        TrafficSelector.Builder builder = DefaultTrafficSelector.builder();
        TrafficTreatment.Builder builder2 = DefaultTrafficTreatment.builder();
        DefaultFlowRule.Builder builder3 = DefaultFlowEntry.builder();
        builder.matchEthType(Ethernet.TYPE_IPV4);
        if (aclRule.srcIp() != null) {
            builder.matchIPSrc(aclRule.srcIp());
            if (aclRule.dstIp() != null) {
                builder.matchIPDst(aclRule.dstIp());
            }
        } else {
            builder.matchIPDst(aclRule.dstIp());
        }
        if (aclRule.ipProto() != 0) {
            builder.matchIPProtocol(Integer.valueOf(aclRule.ipProto()).byteValue());
        }
        if (aclRule.dstTpPort() != 0) {
            switch (aclRule.ipProto()) {
                case 6:
                    builder.matchTcpDst(TpPort.tpPort(aclRule.dstTpPort()));
                    break;
                case 17:
                    builder.matchUdpDst(TpPort.tpPort(aclRule.dstTpPort()));
                    break;
            }
        }
        if (aclRule.action() == AclRule.Action.ALLOW) {
            builder2.add(Instructions.createOutput(PortNumber.CONTROLLER));
        }
        builder3.forDevice(deviceId);
        builder3.withPriority(this.aclStore.getPriorityByDevice(deviceId));
        builder3.withSelector(builder.build());
        builder3.withTreatment(builder2.build());
        builder3.fromApp(this.appId);
        builder3.makePermanent();
        this.flowRuleService.applyFlowRules(new FlowRule[]{builder3.build()});
        this.log.debug("ACL flow rule {} is installed in {}.", builder3.build(), deviceId);
        this.aclStore.addRuleToFlowMapping(aclRule.id(), builder3.build());
        this.aclStore.addRuleToDeviceMapping(aclRule.id(), deviceId);
    }

    @Override // org.onosproject.acl.AclService
    public void removeAclRule(RuleId ruleId) {
        this.aclStore.removeAclRule(ruleId);
        this.log.info("ACL rule(id:{}) is removed.", ruleId);
        enforceRuleRemoving(ruleId);
    }

    private void enforceRuleRemoving(RuleId ruleId) {
        Set<FlowRule> flowByRule = this.aclStore.getFlowByRule(ruleId);
        if (flowByRule != null) {
            for (FlowRule flowRule : flowByRule) {
                this.flowRuleService.removeFlowRules(new FlowRule[]{flowRule});
                this.log.debug("ACL flow rule {} is removed from {}.", flowRule.toString(), flowRule.deviceId().toString());
            }
        }
        this.aclStore.removeRuleToFlowMapping(ruleId);
        this.aclStore.removeRuleToDeviceMapping(ruleId);
        this.aclStore.removeDenyToAllowMapping(ruleId);
    }

    @Override // org.onosproject.acl.AclService
    public void clearAcl() {
        this.aclStore.clearAcl();
        this.flowRuleService.removeFlowRulesById(this.appId);
        this.log.info("ACL is cleared.");
    }

    protected void bindCoreService(CoreService coreService) {
        this.coreService = coreService;
    }

    protected void unbindCoreService(CoreService coreService) {
        if (this.coreService == coreService) {
            this.coreService = null;
        }
    }

    protected void bindFlowRuleService(FlowRuleService flowRuleService) {
        this.flowRuleService = flowRuleService;
    }

    protected void unbindFlowRuleService(FlowRuleService flowRuleService) {
        if (this.flowRuleService == flowRuleService) {
            this.flowRuleService = null;
        }
    }

    protected void bindHostService(HostService hostService) {
        this.hostService = hostService;
    }

    protected void unbindHostService(HostService hostService) {
        if (this.hostService == hostService) {
            this.hostService = null;
        }
    }

    protected void bindMastershipService(MastershipService mastershipService) {
        this.mastershipService = mastershipService;
    }

    protected void unbindMastershipService(MastershipService mastershipService) {
        if (this.mastershipService == mastershipService) {
            this.mastershipService = null;
        }
    }

    protected void bindAclStore(AclStore aclStore) {
        this.aclStore = aclStore;
    }

    protected void unbindAclStore(AclStore aclStore) {
        if (this.aclStore == aclStore) {
            this.aclStore = null;
        }
    }
}
