package net.nuage.vsp.acs.client.api.impl;

import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import net.nuage.vsp.acs.client.api.NuageVspAclClient;
import net.nuage.vsp.acs.client.api.model.Protocol;
import net.nuage.vsp.acs.client.api.model.VspAclRule;
import net.nuage.vsp.acs.client.api.model.VspHost;
import net.nuage.vsp.acs.client.api.model.VspNetwork;
import net.nuage.vsp.acs.client.api.model.VspStaticRoute;
import net.nuage.vsp.acs.client.common.NuageVspConstants;
import net.nuage.vsp.acs.client.common.model.AclRulesDetails;
import net.nuage.vsp.acs.client.common.model.NuageVspAttribute;
import net.nuage.vsp.acs.client.common.model.NuageVspEntity;
import net.nuage.vsp.acs.client.common.model.NuageVspObject;
import net.nuage.vsp.acs.client.common.utils.Logger;
import net.nuage.vsp.acs.client.common.utils.NetUtils;
import net.nuage.vsp.acs.client.common.utils.UuidUtils;
import net.nuage.vsp.acs.client.exception.NuageVspApiException;
import net.nuage.vsp.acs.client.exception.NuageVspException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:net/nuage/vsp/acs/client/api/impl/NuageVspAclClientImpl.class */
public class NuageVspAclClientImpl extends NuageVspRestApi implements NuageVspAclClient {
    private static final Logger s_logger = new Logger(NuageVspAclClientImpl.class);
    public static final Random RANDOM = new Random();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: net.nuage.vsp.acs.client.api.impl.NuageVspAclClientImpl$1, reason: invalid class name */
    /* loaded from: input_file:net/nuage/vsp/acs/client/api/impl/NuageVspAclClientImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType;
        static final /* synthetic */ int[] $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity;

        static {
            try {
                $SwitchMap$net$nuage$vsp$acs$client$api$model$VspAclRule$ACLType[VspAclRule.ACLType.NetworkACL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity = new int[NuageVspEntity.values().length];
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[NuageVspEntity.INGRESS_ACLTEMPLATES.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[NuageVspEntity.EGRESS_ACLTEMPLATES.ordinal()] = 2;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES.ordinal()] = 3;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType = new int[NuageVspAclClient.AclTemplatePriorityType.values().length];
            try {
                $SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType[NuageVspAclClient.AclTemplatePriorityType.TOP.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType[NuageVspAclClient.AclTemplatePriorityType.BOTTOM.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType[NuageVspAclClient.AclTemplatePriorityType.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public NuageVspAclClientImpl(VspHost vspHost) {
        super(vspHost);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public NuageVspObject getOnlyACLTemplateAssociatedToDomain(String str, NuageVspEntity nuageVspEntity, String str2, NuageVspEntity nuageVspEntity2) throws NuageVspException {
        return (NuageVspObject) Iterables.getOnlyElement(getACLTemplatesAssociatedToDomain(str, nuageVspEntity, str2, nuageVspEntity2, NuageVspAclClient.AclTemplatePriorityType.NONE, true));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public String getACLTemplateId(NuageVspEntity nuageVspEntity, String str, NuageVspEntity nuageVspEntity2, NuageVspAclClient.AclTemplatePriorityType aclTemplatePriorityType, Integer num) throws NuageVspApiException {
        String resources;
        switch (AnonymousClass1.$SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType[aclTemplatePriorityType.ordinal()]) {
            case 1:
            case NuageVspConstants.DefaultAcl.UDP_ALLOW_ACL_PRIORITY /* 2 */:
                resources = getResources(nuageVspEntity, str, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_PRIORITY_TYPE, aclTemplatePriorityType.name());
                break;
            default:
                resources = getResources(nuageVspEntity, str, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_PRIORITY, num);
                break;
        }
        if (StringUtils.isNotBlank(resources)) {
            return getOnlyJsonEntity(nuageVspEntity2, resources).getId();
        }
        return null;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public String getOrCreateACLTemplate(String str, NuageVspEntity nuageVspEntity, String str2, NuageVspEntity nuageVspEntity2, NuageVspAclClient.AclTemplatePriorityType aclTemplatePriorityType, Integer num, boolean z) throws NuageVspApiException {
        String aCLTemplateId = getACLTemplateId(nuageVspEntity, str2, nuageVspEntity2, aclTemplatePriorityType, num);
        if (StringUtils.isNotBlank(aCLTemplateId)) {
            return aCLTemplateId;
        }
        NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), nuageVspEntity2);
        nuageVspObject.set(NuageVspAttribute.EXTERNAL_ID, str);
        StringBuilder sb = new StringBuilder();
        switch (AnonymousClass1.$SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[nuageVspEntity2.ordinal()]) {
            case 1:
                sb.append("Ingress");
                break;
            case NuageVspConstants.DefaultAcl.UDP_ALLOW_ACL_PRIORITY /* 2 */:
                sb.append("Egress");
                break;
            case NuageVspConstants.DefaultAcl.ICMP_ALLOW_ACL_PRIORITY /* 3 */:
                sb.append("Egress Domain FIP");
                break;
        }
        if (z) {
            sb.append(" LB");
        }
        sb.append(" ACL");
        switch (AnonymousClass1.$SwitchMap$net$nuage$vsp$acs$client$api$NuageVspAclClient$AclTemplatePriorityType[aclTemplatePriorityType.ordinal()]) {
            case 1:
                sb.append(" Top");
                break;
            case NuageVspConstants.DefaultAcl.UDP_ALLOW_ACL_PRIORITY /* 2 */:
                sb.append(" Bottom");
                break;
        }
        nuageVspObject.set(NuageVspAttribute.NAME, sb.toString());
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ACTIVE, true);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_PRIORITY_TYPE, aclTemplatePriorityType.name());
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_PRIORITY, num);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ALLOW_IP, false);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ALLOW_NON_IP, false);
        try {
            String createResource = createResource(nuageVspEntity, str2, nuageVspEntity2, (Object) nuageVspObject, false);
            s_logger.debug("Created Default ACLTemplate for network %s in VSP . Response from VSP is %s.", str, createResource);
            return getEntityId(nuageVspEntity2, createResource);
        } catch (NuageVspException e) {
            throw new NuageVspApiException("Failed to create ACL Template", e);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public List<NuageVspObject> getACLTemplatesAssociatedToDomain(String str, NuageVspEntity nuageVspEntity, String str2, NuageVspEntity nuageVspEntity2, NuageVspAclClient.AclTemplatePriorityType aclTemplatePriorityType, boolean z) throws NuageVspException {
        String resources = aclTemplatePriorityType != null ? getResources(nuageVspEntity, str2, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_PRIORITY_TYPE, aclTemplatePriorityType.name()) : getResources(nuageVspEntity, str2, nuageVspEntity2);
        if (StringUtils.isNotBlank(resources)) {
            return parseJsonString(nuageVspEntity2, resources);
        }
        if (z) {
            throw new NuageVspApiException(nuageVspEntity2 + " ACL corresponding to network " + str + " does not exist in VSP. There is a data sync issue. Please a check VSP or create a new network");
        }
        return null;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public List<NuageVspObject> getACLEntriesAssociatedToLocation(String str, NuageVspEntity nuageVspEntity, String str2) throws NuageVspApiException {
        NuageVspEntity nuageVspEntity2 = null;
        if (nuageVspEntity == NuageVspEntity.INGRESS_ACLTEMPLATES) {
            nuageVspEntity2 = NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES;
        } else if (nuageVspEntity == NuageVspEntity.EGRESS_ACLTEMPLATES) {
            nuageVspEntity2 = NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES;
        } else if (nuageVspEntity == NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES) {
            nuageVspEntity2 = NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES_ENTRIES;
        }
        if (nuageVspEntity2 == null) {
            return Collections.emptyList();
        }
        String resources = str != null ? getResources(nuageVspEntity, str2, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str) : getResources(nuageVspEntity, str2, nuageVspEntity2, String.format("%s != '%s'", NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE.getAttributeName(), NuageVspConstants.AclEntryLocationType.SUBNET));
        return StringUtils.isNotBlank(resources) ? parseJsonString(nuageVspEntity2, resources) : Collections.emptyList();
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Map<String, NuageVspObject> getACLEntriesAssociatedToLocationByExternalId(String str, NuageVspEntity nuageVspEntity, String str2) throws NuageVspApiException {
        return groupByExternalId(getACLEntriesAssociatedToLocation(str, nuageVspEntity, str2));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void createDefaultIngressAndEgressAcls(boolean z, String str, boolean z2, NuageVspEntity nuageVspEntity, String str2, String str3) throws NuageVspApiException {
        NuageVspEntity nuageVspEntity2;
        String str4;
        if (nuageVspEntity == NuageVspEntity.DOMAIN_TEMPLATE || nuageVspEntity == NuageVspEntity.L2DOMAIN_TEMPLATE) {
            nuageVspEntity2 = nuageVspEntity;
            str4 = str2;
        } else {
            if (nuageVspEntity != NuageVspEntity.DOMAIN && nuageVspEntity != NuageVspEntity.L2DOMAIN) {
                return;
            }
            try {
                str4 = (String) ((NuageVspObject) Iterables.getOnlyElement(parseJsonString(nuageVspEntity, getResource(nuageVspEntity, str2)))).get(NuageVspAttribute.DOMAIN_TEMPLATE_ID);
                nuageVspEntity2 = nuageVspEntity == NuageVspEntity.DOMAIN ? NuageVspEntity.DOMAIN_TEMPLATE : NuageVspEntity.L2DOMAIN_TEMPLATE;
            } catch (NuageVspException e) {
                throw handleException("Failed to create Default Ingress Rules ", e, new Object[0]);
            }
        }
        createDefaultIngressAcls(z, z2, str, nuageVspEntity2, str4, str3);
        createDefaultEgressAcls(z, z2, str, nuageVspEntity2, str4, str3);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void createAclTemplates(String str, NuageVspEntity nuageVspEntity, String str2, Integer num) throws NuageVspApiException {
        getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.INGRESS_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.NONE, num, false);
        getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.EGRESS_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.NONE, num, false);
    }

    private void createDefaultIngressAcls(boolean z, boolean z2, String str, NuageVspEntity nuageVspEntity, String str2, String str3) throws NuageVspApiException {
        try {
            String orCreateACLTemplate = getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.INGRESS_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.TOP, 0, false);
            String orCreateACLTemplate2 = getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.INGRESS_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.BOTTOM, 0, false);
            Map<Integer, NuageVspObject> defaultAclEntries = getDefaultAclEntries(NuageVspEntity.INGRESS_ACLTEMPLATES, orCreateACLTemplate);
            Map<Integer, NuageVspObject> defaultAclEntries2 = getDefaultAclEntries(NuageVspEntity.INGRESS_ACLTEMPLATES, orCreateACLTemplate2);
            ensureDefaultIngressAclEntry(defaultAclEntries, orCreateACLTemplate, false, Protocol.ANY, "FORWARD", 0, "Default Intra-Subnet Allow ACL", NuageVspConstants.AclEntryLocationType.ANY, null, NuageVspConstants.AclEntryNetworkType.ENDPOINT_SUBNET, str3, str);
            if (z || z2) {
                ensureDefaultIngressAclEntry(defaultAclEntries2, orCreateACLTemplate2, true, Protocol.TCP, "FORWARD", 1, "Default Allow TCP", NuageVspConstants.AclEntryLocationType.ANY, null, NuageVspConstants.AclEntryNetworkType.ANY, str3, str);
                ensureDefaultIngressAclEntry(defaultAclEntries2, orCreateACLTemplate2, true, Protocol.UDP, "FORWARD", 2, "Default Allow UDP", NuageVspConstants.AclEntryLocationType.ANY, null, NuageVspConstants.AclEntryNetworkType.ANY, str3, str);
                ensureDefaultIngressAclEntry(defaultAclEntries2, orCreateACLTemplate2, false, Protocol.ICMP, "FORWARD", 3, "Default Allow ICMP", NuageVspConstants.AclEntryLocationType.ANY, null, NuageVspConstants.AclEntryNetworkType.ANY, str3, str);
            } else {
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 1);
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 2);
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 3);
            }
        } catch (NuageVspException e) {
            throw new NuageVspApiException("Failed to create default Ingress ACL for network " + str + ".", e);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public boolean createDefaultFIPEgressAcls(String str, NuageVspEntity nuageVspEntity, String str2, String str3) throws NuageVspException {
        String orCreateACLTemplate = getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.TOP, 0, false);
        Map<Integer, NuageVspObject> defaultAclEntries = getDefaultAclEntries(NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES, orCreateACLTemplate);
        int i = 1;
        boolean z = false;
        Iterator<Integer> it = NuageVspConstants.DefaultAcl.FIP_ACL_BLOCKED_PORTS.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            z |= ensureDefaultFipAclEntry(defaultAclEntries, orCreateACLTemplate, i2, it.next().intValue(), str3);
        }
        return z;
    }

    private void createDefaultEgressAcls(boolean z, boolean z2, String str, NuageVspEntity nuageVspEntity, String str2, String str3) throws NuageVspApiException {
        try {
            String orCreateACLTemplate = getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.EGRESS_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.TOP, 0, false);
            String orCreateACLTemplate2 = getOrCreateACLTemplate(str, nuageVspEntity, str2, NuageVspEntity.EGRESS_ACLTEMPLATES, NuageVspAclClient.AclTemplatePriorityType.BOTTOM, 0, false);
            Map<Integer, NuageVspObject> defaultAclEntries = getDefaultAclEntries(NuageVspEntity.EGRESS_ACLTEMPLATES, orCreateACLTemplate);
            Map<Integer, NuageVspObject> defaultAclEntries2 = getDefaultAclEntries(NuageVspEntity.EGRESS_ACLTEMPLATES, orCreateACLTemplate2);
            ensureDefaultEgressAclEntry(defaultAclEntries, orCreateACLTemplate, false, Protocol.ANY, "FORWARD", 0, "Default Intra-Subnet Allow ACL", NuageVspConstants.AclEntryNetworkType.ENDPOINT_SUBNET, str3);
            if (z) {
                createDefaultFIPEgressAcls(str, nuageVspEntity, str2, str3);
            }
            if (z) {
                ensureDefaultEgressAclEntry(defaultAclEntries2, orCreateACLTemplate2, false, Protocol.ANY, "DROP", 0, "Default Intra-Domain Deny ACL", NuageVspConstants.AclEntryNetworkType.ENDPOINT_DOMAIN, str3);
            }
            if (z2) {
                ensureDefaultEgressAclEntry(defaultAclEntries2, orCreateACLTemplate2, false, Protocol.ICMP, "FORWARD", 3, "Default Allow ICMP", NuageVspConstants.AclEntryNetworkType.ANY, str3);
            } else {
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 3);
            }
        } catch (NuageVspException e) {
            throw new NuageVspApiException("Failed to create default Egress ACL for network " + str + ".", e);
        }
    }

    private void deleteDefaultAclEntry(Map<Integer, NuageVspObject> map, NuageVspEntity nuageVspEntity, int i) {
        if (map.containsKey(Integer.valueOf(i))) {
            cleanUpVspStaleObjects(nuageVspEntity, (String) map.get(Integer.valueOf(i)).get(NuageVspAttribute.ID));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean ensureDefaultFipAclEntry(Map<Integer, NuageVspObject> map, String str, int i, int i2, String str2) throws NuageVspException {
        if (map.containsKey(Integer.valueOf(i))) {
            return false;
        }
        NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES_ENTRIES);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, "0x0800");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, "DROP");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, NuageVspConstants.AclEntryLocationType.ANY);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, NuageVspConstants.AclEntryNetworkType.ANY);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, Protocol.TCP.getProtocolNumber());
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, String.valueOf(i2));
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_REFLEXIVE, false);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DESCRIPTION, NuageVspConstants.DefaultAcl.FIP_ACL_BLOCK + i2);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, Integer.valueOf(i));
        String createResource = createResource(NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES, str, NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES_ENTRIES, (Object) nuageVspObject, false);
        map.put(Integer.valueOf(i), Iterables.getOnlyElement(parseJsonString(NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES_ENTRIES, createResource)));
        s_logger.debug("Created Default egressACLTemplateEntry for network " + str2 + " in VSP . Response from VSP is " + createResource, new Object[0]);
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void ensureDefaultEgressAclEntry(Map<Integer, NuageVspObject> map, String str, boolean z, Protocol protocol, String str2, int i, String str3, NuageVspConstants.AclEntryNetworkType aclEntryNetworkType, String str4) throws NuageVspException {
        if (map.containsKey(Integer.valueOf(i))) {
            return;
        }
        NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, "0x0800");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, str2);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, NuageVspConstants.ANY);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, aclEntryNetworkType);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, protocol.getProtocolNumber());
        if (protocol.hasPort()) {
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, NuageVspConstants.STAR);
        }
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_REFLEXIVE, Boolean.valueOf(z));
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DESCRIPTION, str3);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, Integer.valueOf(i));
        String createResource = createResource(NuageVspEntity.EGRESS_ACLTEMPLATES, str, NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, (Object) nuageVspObject, false);
        map.put(Integer.valueOf(i), Iterables.getOnlyElement(parseJsonString(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, createResource)));
        s_logger.debug("Created Default egressACLTemplateEntry for network " + str4 + " in VSP . Response from VSP is " + createResource, new Object[0]);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void ensureDefaultIngressAclEntry(Map<Integer, NuageVspObject> map, String str, boolean z, Protocol protocol, String str2, int i, String str3, NuageVspConstants.AclEntryLocationType aclEntryLocationType, String str4, NuageVspConstants.AclEntryNetworkType aclEntryNetworkType, String str5, String str6) throws NuageVspException {
        if (map == 0 || !map.containsKey(Integer.valueOf(i))) {
            NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, "0x0800");
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, str2);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, aclEntryLocationType);
            if (str4 != null) {
                nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str4);
            }
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, aclEntryNetworkType);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, protocol.getProtocolNumber());
            if (protocol.hasPort()) {
                nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
                nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, NuageVspConstants.STAR);
            }
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_REFLEXIVE, Boolean.valueOf(z));
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DESCRIPTION, str3);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, Integer.valueOf(i));
            nuageVspObject.set(NuageVspAttribute.EXTERNAL_ID, "(" + str6 + ")");
            String createResource = createResource(NuageVspEntity.INGRESS_ACLTEMPLATES, str, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, (Object) nuageVspObject, false);
            map.put(Integer.valueOf(i), Iterables.getOnlyElement(parseJsonString(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, createResource)));
            s_logger.debug("Created Default IngressACLTemplateEntry for network " + str5 + " in VSP . Response from VSP is " + createResource, new Object[0]);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public String createAclEntry(NuageVspEntity nuageVspEntity, NuageVspEntity nuageVspEntity2, String str, VspAclRule vspAclRule, String str2, long j, String str3, String str4, String str5) throws NuageVspException {
        return createAclEntry(nuageVspEntity, nuageVspEntity2, str5, nuageVspEntity.equals(NuageVspEntity.EGRESS_ACLTEMPLATES) ? buildEgressAclEntryByCidr(str, vspAclRule, str2, str3, j, str4, false, -1) : buildIngressAclEntryByCidr(str, vspAclRule, str3, j, str4, false, -1));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public String createAclEntry(NuageVspEntity nuageVspEntity, NuageVspEntity nuageVspEntity2, String str, NuageVspObject nuageVspObject) throws NuageVspException {
        String createResource = createResource(nuageVspEntity, str, nuageVspEntity2, (Object) nuageVspObject, false, (List<Integer>) Lists.newArrayList(new Integer[]{2591}));
        s_logger.debug("Created " + nuageVspEntity2 + " ACL Entry in VSP. Response from VSP is " + createResource, new Object[0]);
        return getEntityId(nuageVspEntity2, createResource);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public boolean createOrModifyACLitems(String str, VspNetwork vspNetwork, AclRulesDetails aclRulesDetails, NuageVspAclClient.AclProgress aclProgress, VspAclRule vspAclRule) throws NuageVspApiException {
        boolean isNetworkAcl = aclRulesDetails.isNetworkAcl();
        String aclNetworkLocationId = aclRulesDetails.getAclNetworkLocationId();
        String ingressAclTemplateId = aclRulesDetails.getIngressAclTemplateId();
        String egressAclTemplateId = aclRulesDetails.getEgressAclTemplateId();
        String str2 = NuageVspAttribute.EXTERNAL_ID.getAttributeName() + " BEGINSWITH '" + vspAclRule.getUuid() + "' and " + NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID.getAttributeName() + " == '" + aclNetworkLocationId + "'";
        boolean z = false;
        if (vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Ingress)) {
            if (isNetworkAcl && vspAclRule.getState().equals(VspAclRule.ACLState.Add)) {
                String resources = getResources(NuageVspEntity.INGRESS_ACLTEMPLATES, ingressAclTemplateId, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES);
                if (StringUtils.isNotBlank(resources)) {
                    String entityId = getEntityId(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, resources);
                    s_logger.debug("ACS Ingress %s is getting added to network %s but an VSP Ingress rule is with same UUID %s already exists in VSP. This means the existing CS Egress rule type has been modified to CS Ingress. So, delete this rule from VSP and create a new Egress rule", vspAclRule, vspNetwork.getName(), vspAclRule.getUuid());
                    cleanUpVspStaleObjects(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, entityId);
                }
            }
            String sourceIpAddress = vspAclRule.getSourceIpAddress();
            String resources2 = getResources(NuageVspEntity.EGRESS_ACLTEMPLATES, egressAclTemplateId, NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, str2);
            if (StringUtils.isBlank(resources2)) {
                createEgressACLEntryInVsp(isNetworkAcl, str, egressAclTemplateId, vspAclRule, sourceIpAddress, aclNetworkLocationId, vspNetwork.getId(), aclProgress.successfullyAddedEgressACls);
                if (sourceIpAddress != null) {
                    s_logger.debug("ACS Ingress rule %s is getting added to network %s and it does not exists in VSP. The source IP is %s. Enterprise macro with same source IP network will be either created if its not present in VSP. Then a rule will be created using the macro.", vspAclRule, vspNetwork.getName(), sourceIpAddress);
                } else {
                    s_logger.debug("ACS Ingress rule %s is getting added to network %s and it does not exists in VSP. The source IP is %s. So, ACL rule is created on the L3 Subnet/L2 Domain with network locationId %s on which the ACL rule is added.", vspAclRule, vspNetwork.getName(), sourceIpAddress, aclNetworkLocationId);
                }
            } else if (isNetworkAcl) {
                NuageVspObject firstJsonEntity = getFirstJsonEntity(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, resources2);
                updateEgressACLEntryInVsp(str, firstJsonEntity.getId(), firstJsonEntity, vspAclRule, sourceIpAddress, aclNetworkLocationId, vspNetwork.getId(), ((Integer) firstJsonEntity.get(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY)).intValue());
            }
        } else if (vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Egress)) {
            if (isNetworkAcl && vspAclRule.getState().equals(VspAclRule.ACLState.Add)) {
                String resources3 = getResources(NuageVspEntity.EGRESS_ACLTEMPLATES, egressAclTemplateId, NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, str2);
                if (StringUtils.isNotBlank(resources3)) {
                    cleanUpVspStaleObjects(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, getEntityId(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, resources3));
                    s_logger.debug("ACS Egress rule " + vspAclRule + " associated to network " + vspNetwork.getName() + " is getting added but an VSP Egress rule is with same UUID " + vspAclRule.getUuid() + " already exists in VSP. This means the existing CS Inress rule type has been modified to CS Egress. So, this rule needs is deleted from VSP and a new Ingress rule is created", new Object[0]);
                }
            }
            String resources4 = getResources(NuageVspEntity.INGRESS_ACLTEMPLATES, ingressAclTemplateId, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, str2);
            if (StringUtils.isBlank(resources4)) {
                createIngressACLEntryInVsp(isNetworkAcl, str, ingressAclTemplateId, vspAclRule, aclNetworkLocationId, vspNetwork.getId(), aclProgress.successfullyAddedIngressACls);
                s_logger.debug("ACS Egress rule " + vspAclRule + " associated to network " + vspNetwork.getName() + " is getting added and does not exists in VSP.So, ACL rule is created on the L3 Subnet/L2 Domain with network locationId " + aclNetworkLocationId + " on which the ACL rule is added.", new Object[0]);
            } else if (isNetworkAcl) {
                NuageVspObject firstJsonEntity2 = getFirstJsonEntity(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, resources4);
                updateIngressACLEntryInVsp(str, firstJsonEntity2.getId(), firstJsonEntity2, vspAclRule, aclNetworkLocationId, vspNetwork.getId(), ((Integer) firstJsonEntity2.get(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY)).intValue());
            }
            z = isNetworkAcl && vspAclRule.getAction().equals(VspAclRule.ACLAction.Allow);
        }
        return z;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void createOrDeleteDefaultIngressSubnetBlockAcl(String str, Long l, String str2, String str3, String str4, int i) throws NuageVspException {
        try {
            int longValue = (int) (10800000 + l.longValue());
            String resources = getResources(NuageVspEntity.INGRESS_ACLTEMPLATES, str4, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, String.valueOf(longValue));
            if (i > 0) {
                if (StringUtils.isBlank(resources)) {
                    try {
                        ensureDefaultIngressAclEntry(null, str4, false, Protocol.ANY, "DROP", longValue, "Default Subnet ACL to block traffic as there is an ACL list associated with it", NuageVspConstants.AclEntryLocationType.SUBNET, str2, NuageVspConstants.AclEntryNetworkType.ANY, str, str3);
                        s_logger.debug("Default ACL to block subnets traffic is added with priority " + longValue, new Object[0]);
                    } catch (NuageVspApiException e) {
                        if (e.getHttpErrorCode() == 409 && e.getNuageErrorCode() == 2591) {
                            s_logger.debug("Looks like the ACL Entry with priority " + longValue + " already exists. So, it is not re-created", new Object[0]);
                        }
                    }
                }
            } else if (!StringUtils.isBlank(resources)) {
                List<NuageVspObject> parseJsonString = parseJsonString(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, resources);
                s_logger.debug("There are no Egress ACLs added to the network " + str + ". So, delete default subnet block ACL", new Object[0]);
                cleanUpVspStaleObjects(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, (String) parseJsonString.iterator().next().get(NuageVspAttribute.ID));
            }
        } catch (NuageVspException e2) {
            throw new NuageVspException("Failed to create default Subnet ACL to block traffic for network " + str + ". Json response from VSP REST API is " + e2.getMessage());
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Map<VspAclRule, List<String>> createEgressACLEntryInVsp(boolean z, String str, String str2, VspAclRule vspAclRule, String str3, String str4, long j, List<String> list) throws NuageVspApiException {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = vspAclRule.getSourceCidrList().iterator();
        while (it.hasNext()) {
            try {
                list.add(createAclEntry(NuageVspEntity.EGRESS_ACLTEMPLATES, NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, str, vspAclRule, str3, j, str4, it.next(), str2));
            } catch (NuageVspException e) {
                arrayList.add("Failed to create Egress ACL Entry for rule " + vspAclRule + " in VSP enterprise " + str + ". " + e.getMessage());
            }
        }
        if (arrayList.size() > 0) {
            hashMap.put(vspAclRule, arrayList);
        }
        return hashMap;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void updateEgressACLEntryInVsp(String str, String str2, NuageVspObject nuageVspObject, VspAclRule vspAclRule, String str3, String str4, long j, int i) throws NuageVspApiException {
        for (String str5 : vspAclRule.getSourceCidrList()) {
            try {
                NuageVspObject buildEgressAclEntryByCidr = buildEgressAclEntryByCidr(str, vspAclRule, str3, str4, j, str5, true, i);
                if (isModified(buildEgressAclEntryByCidr, nuageVspObject)) {
                    s_logger.debug("Updated Ingress ACL Entry for rule %s with CIDR %s in VSP. Response from VSP is %s", vspAclRule, str5, updateResource(buildEgressAclEntryByCidr, false));
                }
            } catch (NuageVspException e) {
                if (!e.isNoChangeInEntityException()) {
                    throw handleException("Failed to Modify Egress ACL Entry for rule %s with CIDR %s in VSP enterprise %s. ", e, vspAclRule, str5, str);
                }
            }
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void createIngressACLEntryInVsp(boolean z, String str, String str2, VspAclRule vspAclRule, String str3, long j, List<String> list) throws NuageVspApiException {
        for (String str4 : vspAclRule.getSourceCidrList()) {
            try {
                list.add(createAclEntry(NuageVspEntity.INGRESS_ACLTEMPLATES, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, str, vspAclRule, null, j, str3, str4, str2));
            } catch (NuageVspException e) {
                throw handleException("Failed to create Ingress ACL Entry for rule %s with CIDR %s in VSP enterprise %s. ", e, vspAclRule, str4, str);
            }
        }
    }

    private boolean isModified(NuageVspObject nuageVspObject, NuageVspObject nuageVspObject2) {
        return !nuageVspObject.entriesEqualTo(nuageVspObject2);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void updateIngressACLEntryInVsp(String str, String str2, NuageVspObject nuageVspObject, VspAclRule vspAclRule, String str3, long j, int i) throws NuageVspApiException {
        for (String str4 : vspAclRule.getSourceCidrList()) {
            try {
                NuageVspObject buildIngressAclEntryByCidr = buildIngressAclEntryByCidr(str, vspAclRule, str3, j, str4, true, i);
                if (isModified(buildIngressAclEntryByCidr, nuageVspObject)) {
                    s_logger.debug("Updated Ingress ACL Entry for rule " + vspAclRule + " with CIDR " + str4 + " in VSP. Response from VSP is " + updateResource(buildIngressAclEntryByCidr, false), new Object[0]);
                }
            } catch (NuageVspException e) {
                if (!e.isNoChangeInEntityException()) {
                    throw handleException("Failed to Modify Ingress ACL Entry for rule %s with CIDR %s in VSP enterprise %s. ", e, vspAclRule, str4, str);
                }
            }
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public List<String> cleanStaleAclsFromVsp(List<VspAclRule> list, Map<String, NuageVspObject> map, Map<String, NuageVspObject> map2, Boolean bool) {
        ArrayList arrayList = new ArrayList();
        Set<String> ruleUuids = getRuleUuids(list);
        if (bool == null || bool == Boolean.TRUE) {
            for (Map.Entry<String, NuageVspObject> entry : map2.entrySet()) {
                if (!ruleUuids.contains("Ingress_" + entry.getKey())) {
                    String str = (String) entry.getValue().get(NuageVspAttribute.ID);
                    cleanUpVspStaleObjects(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, str);
                    arrayList.add(str);
                }
            }
        }
        if (bool == null || bool == Boolean.FALSE) {
            for (Map.Entry<String, NuageVspObject> entry2 : map.entrySet()) {
                if (!ruleUuids.contains("Egress_" + entry2.getKey())) {
                    String str2 = (String) entry2.getValue().get(NuageVspAttribute.ID);
                    cleanUpVspStaleObjects(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, str2);
                    arrayList.add(str2);
                }
            }
        }
        return arrayList;
    }

    private static Set<String> getRuleUuids(List<VspAclRule> list) {
        HashSet hashSet = new HashSet();
        if (list != null) {
            for (VspAclRule vspAclRule : list) {
                hashSet.add(String.format("%s_%s", vspAclRule.getTrafficType(), vspAclRule.getUuid()));
            }
        }
        return hashSet;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Pair<NuageVspConstants.AclEntryNetworkType, String> getAclEntryNetworkForCidr(String str, String str2, String str3) throws NuageVspApiException {
        if (str2.endsWith("/0")) {
            return Pair.of(NuageVspConstants.AclEntryNetworkType.ANY, (Object) null);
        }
        return Pair.of(NuageVspConstants.AclEntryNetworkType.ENTERPRISE_NETWORK, getOrCreatePublicMacroInEnterprise(str, str2, str3));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public NuageVspObject buildAclEntryBySubnet(String str, VspAclRule vspAclRule, String str2, String str3, long j, String str4, boolean z, int i) throws NuageVspApiException {
        return vspAclRule.getTrafficType() == VspAclRule.ACLTrafficType.Ingress ? buildIngressAclEntryBySubnet(str, vspAclRule, str3, j, str4, z, i) : buildEgressAclEntryBySubnet(str, vspAclRule, str2, str3, j, str4, z, i);
    }

    private NuageVspObject buildEgressAclEntryByCidr(String str, VspAclRule vspAclRule, String str2, String str3, long j, String str4, boolean z, int i) throws NuageVspApiException {
        NuageVspObject buildEgressAclEntry = buildEgressAclEntry(str, vspAclRule, str2, str3, j, z, i);
        String orCreatePublicMacroInEnterprise = getOrCreatePublicMacroInEnterprise(str, str4, vspAclRule.getUuid());
        buildEgressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, NuageVspConstants.AclEntryNetworkType.ENTERPRISE_NETWORK);
        buildEgressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_ID, orCreatePublicMacroInEnterprise);
        return buildEgressAclEntry;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public NuageVspObject buildEgressAclEntryBySubnet(String str, VspAclRule vspAclRule, String str2, String str3, long j, String str4, boolean z, int i) throws NuageVspApiException {
        NuageVspObject buildEgressAclEntry = buildEgressAclEntry(str, vspAclRule, str2, str3, j, z, i);
        buildEgressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, NuageVspConstants.AclEntryNetworkType.SUBNET);
        buildEgressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_ID, str4);
        return buildEgressAclEntry;
    }

    private NuageVspObject buildEgressAclEntry(String str, VspAclRule vspAclRule, String str2, String str3, long j, boolean z, int i) throws NuageVspApiException {
        NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, "0x0800");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, vspAclRule.getAction().equals(VspAclRule.ACLAction.Allow) ? "FORWARD" : "DROP");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, vspAclRule.getProtocol().getProtocolNumber());
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        nuageVspObject.set(NuageVspAttribute.EXTERNAL_ID, vspAclRule.getUuid());
        VspAclRule updatePriorityForAcl = updatePriorityForAcl(vspAclRule, j, z, i);
        if (updatePriorityForAcl.getPriority().intValue() < 0 || updatePriorityForAcl.getPriority().intValue() >= 10000000) {
            String str4 = "Rule number " + updatePriorityForAcl.getPriority() + " can not be greater than " + NuageVspConstants.MAX_ACL_PRIORITY + " as it is used as rule numbers for predefined rules in VSP";
            s_logger.error(str4, new Object[0]);
            throw new NuageVspApiException(str4);
        }
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, updatePriorityForAcl.getPriority());
        if (str2 != null) {
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ADDR_OVERRIDE, str2);
        }
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, NuageVspConstants.AclEntryLocationType.SUBNET);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str3);
        if (updatePriorityForAcl.getProtocol().hasPort()) {
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, updatePriorityForAcl.getPortRange());
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
        }
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_REFLEXIVE, Boolean.valueOf(updatePriorityForAcl.isReflexive()));
        return nuageVspObject;
    }

    private NuageVspObject buildIngressAclEntryByCidr(String str, VspAclRule vspAclRule, String str2, long j, String str3, boolean z, int i) throws NuageVspApiException {
        NuageVspObject buildIngressAclEntry = buildIngressAclEntry(str, vspAclRule, str2, j, str3, z, i);
        if (vspAclRule.getType().equals(VspAclRule.ACLType.NetworkACL)) {
            String orCreatePublicMacroInEnterprise = getOrCreatePublicMacroInEnterprise(str, str3, vspAclRule.getUuid());
            buildIngressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, NuageVspConstants.AclEntryNetworkType.ENTERPRISE_NETWORK);
            buildIngressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_ID, orCreatePublicMacroInEnterprise);
        }
        return buildIngressAclEntry;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public NuageVspObject buildIngressAclEntryBySubnet(String str, VspAclRule vspAclRule, String str2, long j, String str3, boolean z, int i) throws NuageVspApiException {
        NuageVspObject buildIngressAclEntry = buildIngressAclEntry(str, vspAclRule, str2, j, null, z, i);
        if (vspAclRule.getType().equals(VspAclRule.ACLType.NetworkACL)) {
            buildIngressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, NuageVspConstants.AclEntryNetworkType.SUBNET);
            buildIngressAclEntry.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_ID, str3);
        }
        return buildIngressAclEntry;
    }

    private NuageVspObject buildIngressAclEntry(String str, VspAclRule vspAclRule, String str2, long j, String str3, boolean z, int i) throws NuageVspApiException {
        NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, "0x0800");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, vspAclRule.getAction().equals(VspAclRule.ACLAction.Allow) ? "FORWARD" : "DROP");
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, vspAclRule.getProtocol().getProtocolNumber());
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        nuageVspObject.set(NuageVspAttribute.EXTERNAL_ID, vspAclRule.getUuid());
        VspAclRule updatePriorityForAcl = updatePriorityForAcl(vspAclRule, j, z, i);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, updatePriorityForAcl.getPriority());
        if (updatePriorityForAcl.getType().equals(VspAclRule.ACLType.Firewall)) {
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ADDR_OVERRIDE, str3);
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, NuageVspConstants.ANY);
        }
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, NuageVspConstants.AclEntryLocationType.SUBNET);
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str2);
        if (updatePriorityForAcl.getProtocol().hasPort()) {
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, updatePriorityForAcl.getPortRange());
            nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
        }
        nuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_REFLEXIVE, Boolean.valueOf(updatePriorityForAcl.isReflexive()));
        return nuageVspObject;
    }

    private VspAclRule updatePriorityForAcl(VspAclRule vspAclRule, long j, boolean z, int i) throws NuageVspApiException {
        int randomPriority;
        switch (vspAclRule.getType()) {
            case NetworkACL:
                if (vspAclRule.getPriority().intValue() <= 9999) {
                    randomPriority = Integer.valueOf(String.valueOf(j) + String.valueOf(vspAclRule.getPriority())).intValue();
                    break;
                } else {
                    s_logger.error("Rule number can not be greater than 9999 as it is used to generate a unique rule per tier in VSP", new Object[0]);
                    throw new NuageVspApiException("Rule number can not be greater than 9999 as it is used to generate a unique rule per tier in VSP");
                }
            default:
                if (!z) {
                    randomPriority = getRandomPriority();
                    break;
                } else {
                    randomPriority = i;
                    break;
                }
        }
        return new VspAclRule.Builder().fromObject(vspAclRule).priority(Integer.valueOf(randomPriority)).build();
    }

    private int getRandomPriority() {
        return (((int) (RANDOM.nextDouble() * 99999.0d)) % 1000000) + 1;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public String getOrCreatePublicMacroInEnterprise(String str, String str2, String str3) throws NuageVspApiException {
        try {
            Pair<String, String> cidrToSubnetNetmask = NetUtils.cidrToSubnetNetmask(str2);
            String resources = getResources(NuageVspEntity.ENTERPRISE, str, NuageVspEntity.ENTERPRISE_NTWK_MACRO, NuageVspAttribute.ENTERPRISE_NTWK_MACRO_ADDRESS.getAttributeName() + " == '" + ((String) cidrToSubnetNetmask.getLeft()) + "' and " + NuageVspAttribute.ENTERPRISE_NTWK_MACRO_NETMASK.getAttributeName() + " == '" + ((String) cidrToSubnetNetmask.getRight()) + "'");
            if (!StringUtils.isBlank(resources)) {
                return getEntityId(NuageVspEntity.ENTERPRISE_NTWK_MACRO, resources);
            }
            try {
                String generateUuidFromCidr = UuidUtils.generateUuidFromCidr(str2);
                NuageVspObject nuageVspObject = new NuageVspObject(NuageVspEntity.ENTERPRISE_NTWK_MACRO);
                nuageVspObject.set(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_NAME, "CIDR " + str2.replace('.', ' ').replace("/", " - "));
                nuageVspObject.set(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_ADDRESS, cidrToSubnetNetmask.getLeft());
                nuageVspObject.set(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_NETMASK, cidrToSubnetNetmask.getRight());
                nuageVspObject.set(NuageVspAttribute.EXTERNAL_ID, generateUuidFromCidr);
                String createResource = createResource(NuageVspEntity.ENTERPRISE, str, NuageVspEntity.ENTERPRISE_NTWK_MACRO, (Object) nuageVspObject, true);
                s_logger.debug("Created Enterprise Network Macro in VSP. Response from VSP is " + createResource, new Object[0]);
                return getEntityId(NuageVspEntity.ENTERPRISE_NTWK_MACRO, createResource);
            } catch (Exception e) {
                String str4 = "Failed to create Enterprise network macro " + str2 + " in VSP enterprise " + str + ".  Json response from VSP REST API is  " + e.getMessage();
                s_logger.error(str4, e);
                throw new NuageVspApiException(str4);
            }
        } catch (NuageVspException e2) {
            String str5 = "Failed to read Public network macro " + str2 + " in VSP enterprise " + str + ".  Json response from VSP REST API is  " + e2.getMessage();
            s_logger.error(str5, e2);
            throw new NuageVspApiException(str5);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Map<String, NuageVspObject> groupByExternalId(List<NuageVspObject> list) {
        HashMap hashMap = new HashMap();
        for (NuageVspObject nuageVspObject : list) {
            String str = (String) nuageVspObject.get(NuageVspAttribute.EXTERNAL_ID);
            if (str != null) {
                hashMap.put(str, nuageVspObject);
            }
        }
        return hashMap;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Map<Integer, NuageVspObject> getDefaultAclEntries(NuageVspEntity nuageVspEntity, String str) throws NuageVspException {
        List<NuageVspObject> aCLEntriesAssociatedToLocation = getACLEntriesAssociatedToLocation(null, nuageVspEntity, str);
        HashMap hashMap = new HashMap();
        for (NuageVspObject nuageVspObject : aCLEntriesAssociatedToLocation) {
            hashMap.put((Integer) nuageVspObject.get(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY), nuageVspObject);
        }
        return hashMap;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void applyFIPAccessControl(NuageVspEntity nuageVspEntity, String str, String str2, String str3, boolean z) throws NuageVspApiException {
        try {
            NuageVspObject entityByExternalId = getEntityByExternalId(nuageVspEntity, str, NuageVspEntity.FLOATING_IP, str2 + ":" + str3);
            if (entityByExternalId != null) {
                entityByExternalId.set(NuageVspAttribute.FLOATING_IP_ACCESS_CONTROL, Boolean.valueOf(z));
                updateResource(entityByExternalId);
            }
        } catch (NuageVspException e) {
            throw handleException("Failed to apply FIP Access control", e, new Object[0]);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void applyStaticRoutes(String str, String str2, Collection<VspStaticRoute> collection) throws NuageVspApiException {
        try {
            NuageVspObject entityByExternalId = getEntityByExternalId(NuageVspEntity.ENTERPRISE, str2, NuageVspEntity.DOMAIN, str);
            if (entityByExternalId == null) {
                throw new NuageVspApiException("Domain not found on VSD");
            }
            for (VspStaticRoute vspStaticRoute : collection) {
                Pair<String, String> cidrToSubnetNetmask = NetUtils.cidrToSubnetNetmask(vspStaticRoute.getCidr());
                EnumMap newEnumMap = Maps.newEnumMap(NuageVspAttribute.class);
                newEnumMap.put((EnumMap) NuageVspAttribute.STATIC_ROUTE_ADDRESS, (NuageVspAttribute) cidrToSubnetNetmask.getLeft());
                newEnumMap.put((EnumMap) NuageVspAttribute.STATIC_ROUTE_NETMASK, (NuageVspAttribute) cidrToSubnetNetmask.getRight());
                NuageVspObject entityByExternalId2 = getEntityByExternalId(NuageVspEntity.DOMAIN, entityByExternalId.getId(), NuageVspEntity.STATIC_ROUTE, vspStaticRoute.getUuid());
                if (entityByExternalId2 == null) {
                    if (!vspStaticRoute.isRevoke()) {
                        NuageVspObject nuageVspObject = new NuageVspObject(this.vspHost.getApiVersion(), NuageVspEntity.STATIC_ROUTE);
                        nuageVspObject.set(NuageVspAttribute.STATIC_ROUTE_ADDRESS, cidrToSubnetNetmask.getLeft());
                        nuageVspObject.set(NuageVspAttribute.STATIC_ROUTE_NETMASK, cidrToSubnetNetmask.getRight());
                        nuageVspObject.set(NuageVspAttribute.STATIC_ROUTE_NEXTHOP, vspStaticRoute.getNextHop());
                        nuageVspObject.setExternalId(vspStaticRoute.getUuid());
                        createResource(entityByExternalId, nuageVspObject, false);
                    }
                } else if (vspStaticRoute.isRevoke()) {
                    deleteResource(entityByExternalId2, false);
                } else if (!vspStaticRoute.getNextHop().equals(entityByExternalId2.get(NuageVspAttribute.STATIC_ROUTE_NEXTHOP))) {
                    entityByExternalId2.set(NuageVspAttribute.STATIC_ROUTE_ADDRESS, cidrToSubnetNetmask.getLeft());
                    entityByExternalId2.set(NuageVspAttribute.STATIC_ROUTE_NETMASK, cidrToSubnetNetmask.getRight());
                    entityByExternalId2.set(NuageVspAttribute.STATIC_ROUTE_NEXTHOP, vspStaticRoute.getNextHop());
                    entityByExternalId2.setExternalId(vspStaticRoute.getUuid());
                    updateResource(entityByExternalId2, false);
                }
            }
        } catch (NuageVspException e) {
            throw handleException("Failed to apply FIP Access control", e, new Object[0]);
        }
    }
}
