package net.nuage.vsp.acs.client.api.impl;

import com.google.common.base.Joiner;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Random;
import java.util.TreeSet;
import java.util.function.Consumer;
import java.util.stream.Stream;
import net.nuage.vsp.acs.client.api.NuageVspAclClient;
import net.nuage.vsp.acs.client.api.model.Protocol;
import net.nuage.vsp.acs.client.api.model.VspAclRule;
import net.nuage.vsp.acs.client.api.model.VspNetwork;
import net.nuage.vsp.acs.client.api.model.VspStaticNat;
import net.nuage.vsp.acs.client.api.model.VspStaticRoute;
import net.nuage.vsp.acs.client.common.NuageVspApiVersion;
import net.nuage.vsp.acs.client.common.NuageVspConstants;
import net.nuage.vsp.acs.client.common.model.Acl;
import net.nuage.vsp.acs.client.common.model.AclRulesDetails;
import net.nuage.vsp.acs.client.common.model.NetworkDetails;
import net.nuage.vsp.acs.client.common.model.NuageVspAttribute;
import net.nuage.vsp.acs.client.common.model.NuageVspEntity;
import net.nuage.vsp.acs.client.common.model.NuageVspFilter;
import net.nuage.vsp.acs.client.common.model.NuageVspObject;
import net.nuage.vsp.acs.client.common.utils.Logger;
import net.nuage.vsp.acs.client.common.utils.NetUtils;
import net.nuage.vsp.acs.client.common.utils.UuidUtils;
import net.nuage.vsp.acs.client.exception.NuageVspApiException;
import net.nuage.vsp.acs.client.exception.NuageVspException;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:net/nuage/vsp/acs/client/api/impl/NuageVspAclClientImpl.class */
public abstract class NuageVspAclClientImpl implements NuageVspAclClient {
    private static final Logger s_logger = new Logger(NuageVspAclClientImpl.class);
    private static final Random RANDOM = new Random();
    protected final NuageVspRestApi api;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: net.nuage.vsp.acs.client.api.impl.NuageVspAclClientImpl$1, reason: invalid class name */
    /* loaded from: input_file:net/nuage/vsp/acs/client/api/impl/NuageVspAclClientImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$nuage$vsp$acs$client$common$model$Acl$AclTemplatePriorityType;
        static final /* synthetic */ int[] $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity;

        static {
            try {
                $SwitchMap$net$nuage$vsp$acs$client$api$model$VspAclRule$ACLType[VspAclRule.ACLType.NetworkACL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity = new int[NuageVspEntity.values().length];
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[NuageVspEntity.INGRESS_ACLTEMPLATES.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[NuageVspEntity.EGRESS_ACLTEMPLATES.ordinal()] = 2;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES.ordinal()] = 3;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$net$nuage$vsp$acs$client$common$model$Acl$AclTemplatePriorityType = new int[Acl.AclTemplatePriorityType.values().length];
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$Acl$AclTemplatePriorityType[Acl.AclTemplatePriorityType.TOP.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$net$nuage$vsp$acs$client$common$model$Acl$AclTemplatePriorityType[Acl.AclTemplatePriorityType.BOTTOM.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public NuageVspAclClientImpl(NuageVspRestApi nuageVspRestApi) {
        this.api = nuageVspRestApi;
    }

    public NuageVspObject getOnlyACLTemplateAssociatedToDomain(String str, NuageVspEntity nuageVspEntity, String str2, NuageVspEntity nuageVspEntity2) throws NuageVspException {
        return (NuageVspObject) Iterables.getOnlyElement(getACLTemplatesAssociatedToDomain(str, nuageVspEntity, str2, nuageVspEntity2, Acl.AclTemplatePriorityType.NONE, true));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public NuageVspObject findACLTemplate(NuageVspEntity nuageVspEntity, String str, NuageVspEntity nuageVspEntity2, Acl.AclTemplatePriorityType aclTemplatePriorityType, Integer num) throws NuageVspApiException {
        List<NuageVspObject> resources;
        switch (AnonymousClass1.$SwitchMap$net$nuage$vsp$acs$client$common$model$Acl$AclTemplatePriorityType[aclTemplatePriorityType.ordinal()]) {
            case 1:
            case NuageVspConstants.DefaultAcl.UDP_ALLOW_ACL_PRIORITY /* 2 */:
                resources = this.api.getResources(nuageVspEntity, str, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_PRIORITY_TYPE, aclTemplatePriorityType);
                break;
            default:
                resources = this.api.getResources(nuageVspEntity, str, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_PRIORITY, num);
                break;
        }
        if (CollectionUtils.isNotEmpty(resources)) {
            return (NuageVspObject) Iterables.getOnlyElement(resources);
        }
        return null;
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public NuageVspObject findOrCreateACLTemplate(String str, NuageVspEntity nuageVspEntity, String str2, NuageVspEntity nuageVspEntity2, Acl.AclTemplatePriorityType aclTemplatePriorityType, Integer num) throws NuageVspApiException {
        NuageVspObject findACLTemplate = findACLTemplate(nuageVspEntity, str2, nuageVspEntity2, aclTemplatePriorityType, num);
        if (findACLTemplate != null) {
            return findACLTemplate;
        }
        NuageVspObject createNuageVspObject = this.api.createNuageVspObject(nuageVspEntity2);
        createNuageVspObject.setExternalId(str);
        createNuageVspObject.set(NuageVspAttribute.NAME, buildAclTemplateName(nuageVspEntity2, aclTemplatePriorityType, num));
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ACTIVE, true);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_PRIORITY_TYPE, aclTemplatePriorityType);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_PRIORITY, num);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ALLOW_IP, false);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ALLOW_NON_IP, false);
        try {
            NuageVspObject createResource = this.api.createResource(nuageVspEntity, str2, createNuageVspObject);
            s_logger.debug("Created Default ACLTemplate for network %s in VSP . Response from VSP is %s.", str, createResource);
            return createResource;
        } catch (NuageVspException e) {
            throw new NuageVspApiException("Failed to create ACL Template", e);
        }
    }

    protected String buildAclTemplateName(NuageVspEntity nuageVspEntity, Acl.AclTemplatePriorityType aclTemplatePriorityType, Integer num) {
        StringBuilder sb = new StringBuilder();
        switch (AnonymousClass1.$SwitchMap$net$nuage$vsp$acs$client$common$model$NuageVspEntity[nuageVspEntity.ordinal()]) {
            case 1:
                sb.append("Ingress");
                break;
            case NuageVspConstants.DefaultAcl.UDP_ALLOW_ACL_PRIORITY /* 2 */:
                sb.append("Egress");
                break;
            case 3:
                sb.append("Egress Domain FIP");
                break;
        }
        sb.append(" ACL");
        switch (AnonymousClass1.$SwitchMap$net$nuage$vsp$acs$client$common$model$Acl$AclTemplatePriorityType[aclTemplatePriorityType.ordinal()]) {
            case 1:
                sb.append(" Top");
                break;
            case NuageVspConstants.DefaultAcl.UDP_ALLOW_ACL_PRIORITY /* 2 */:
                sb.append(" Bottom");
                break;
        }
        return sb.toString();
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public List<NuageVspObject> getACLTemplatesAssociatedToDomain(String str, NuageVspEntity nuageVspEntity, String str2, NuageVspEntity nuageVspEntity2, Acl.AclTemplatePriorityType aclTemplatePriorityType, boolean z) throws NuageVspException {
        return aclTemplatePriorityType != null ? this.api.getResources(nuageVspEntity, str2, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_PRIORITY_TYPE, aclTemplatePriorityType) : this.api.getResources(nuageVspEntity, str2, nuageVspEntity2);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public List<NuageVspObject> getACLEntriesAssociatedToLocation(String str, NuageVspEntity nuageVspEntity, String str2) throws NuageVspApiException {
        NuageVspEntity nuageVspEntity2 = null;
        if (nuageVspEntity == NuageVspEntity.INGRESS_ACLTEMPLATES) {
            nuageVspEntity2 = NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES;
        } else if (nuageVspEntity == NuageVspEntity.EGRESS_ACLTEMPLATES) {
            nuageVspEntity2 = NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES;
        } else if (nuageVspEntity == NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES) {
            nuageVspEntity2 = NuageVspEntity.EGRESS_DOMAIN_FIP_ACLTEMPLATES_ENTRIES;
        }
        if (nuageVspEntity2 == null) {
            return Collections.emptyList();
        }
        return str != null ? this.api.getResources(nuageVspEntity, str2, nuageVspEntity2, NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str) : this.api.getResources(nuageVspEntity, str2, nuageVspEntity2);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Map<String, NuageVspObject> getACLEntriesAssociatedToLocationByExternalId(AclRulesDetails aclRulesDetails, String str, NuageVspEntity nuageVspEntity, String str2) throws NuageVspApiException {
        return groupByExternalId(aclRulesDetails.isNetworkAcl() ? getACLEntriesAssociatedToLocation(str, nuageVspEntity, str2) : getACLEntriesAssociatedToLocation(null, nuageVspEntity, str2));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void createDefaultRules(VspNetwork vspNetwork, NuageVspEntity nuageVspEntity, String str) throws NuageVspApiException {
        NuageVspEntity nuageVspEntity2;
        String str2;
        if (nuageVspEntity == NuageVspEntity.DOMAIN_TEMPLATE || nuageVspEntity == NuageVspEntity.L2DOMAIN_TEMPLATE) {
            nuageVspEntity2 = nuageVspEntity;
            str2 = str;
        } else {
            if (nuageVspEntity != NuageVspEntity.DOMAIN && nuageVspEntity != NuageVspEntity.L2DOMAIN) {
                return;
            }
            try {
                str2 = (String) this.api.getResource(nuageVspEntity, str).get(NuageVspAttribute.TEMPLATE_ID);
                nuageVspEntity2 = nuageVspEntity == NuageVspEntity.DOMAIN ? NuageVspEntity.DOMAIN_TEMPLATE : NuageVspEntity.L2DOMAIN_TEMPLATE;
            } catch (NuageVspException e) {
                throw NuageVspRestApi.handleException("Failed to create Default Ingress Rules ", e, new Object[0]);
            }
        }
        createDefaultIngressAcls(vspNetwork, nuageVspEntity2, str2);
        createDefaultEgressAcls(vspNetwork, nuageVspEntity2, str2);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public Pair<NuageVspObject, NuageVspObject> findOrCreateAclTemplates(NetworkDetails networkDetails, Integer num) throws NuageVspApiException {
        String domainUuid = networkDetails.getDomainUuid();
        NuageVspEntity domainType = networkDetails.getDomainType();
        String domainId = networkDetails.getDomainId();
        return Pair.of(findOrCreateACLTemplate(domainUuid, domainType, domainId, NuageVspEntity.INGRESS_ACLTEMPLATES, Acl.AclTemplatePriorityType.NONE, num), findOrCreateACLTemplate(domainUuid, domainType, domainId, NuageVspEntity.EGRESS_ACLTEMPLATES, Acl.AclTemplatePriorityType.NONE, num));
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void saveAclRule(String str, VspNetwork vspNetwork, AclRulesDetails aclRulesDetails, NuageVspAclClient.AclProgress aclProgress, VspAclRule vspAclRule) throws NuageVspApiException {
        NuageVspObject ingressAclTemplate;
        NuageVspEntity nuageVspEntity;
        NuageVspObject egressAclTemplate;
        NuageVspEntity nuageVspEntity2;
        boolean isNetworkAcl = aclRulesDetails.isNetworkAcl();
        String aclNetworkLocationId = aclRulesDetails.getAclNetworkLocationId();
        NuageVspFilter eq = NuageVspFilter.where(NuageVspAttribute.EXTERNAL_ID).eq(vspAclRule.getUuid()).and(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID).eq(aclNetworkLocationId);
        if (vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Ingress)) {
            ingressAclTemplate = aclRulesDetails.getEgressAclTemplate();
            nuageVspEntity = NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES;
            egressAclTemplate = aclRulesDetails.getIngressAclTemplate();
            nuageVspEntity2 = NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES;
        } else {
            ingressAclTemplate = aclRulesDetails.getIngressAclTemplate();
            nuageVspEntity = NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES;
            egressAclTemplate = aclRulesDetails.getEgressAclTemplate();
            nuageVspEntity2 = NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES;
        }
        if (vspAclRule.isAddedNetworkAclRule()) {
            this.api.getResources(egressAclTemplate, nuageVspEntity2, eq).stream().findFirst().ifPresent(nuageVspObject -> {
                s_logger.debug("ACS %s rule %s is getting added to network %s but an VSP Ingress rule is with same UUID %s already exists in VSP. This means the existing CS Egress rule type has been modified to CS Ingress. So, delete this rule from VSP and create a new Egress rule", vspAclRule.getTrafficType(), vspAclRule, vspNetwork.getName(), vspAclRule.getUuid());
                this.api.deleteQuietly(nuageVspObject);
            });
        }
        String destinationIp = vspAclRule.getStaticNat() != null ? vspAclRule.getStaticNat().getDestinationIp() : null;
        Optional<NuageVspObject> findFirst = this.api.getResources(ingressAclTemplate, nuageVspEntity, eq).stream().findFirst();
        if (findFirst.isPresent()) {
            if (isNetworkAcl) {
                NuageVspObject nuageVspObject2 = findFirst.get();
                String id = nuageVspObject2.getId();
                int intValue = ((Integer) nuageVspObject2.get(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY)).intValue();
                if (vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Ingress)) {
                    updateEgressACLEntryInVsp(str, id, nuageVspObject2, vspAclRule, aclNetworkLocationId, vspNetwork.getId(), intValue);
                    return;
                } else {
                    updateIngressACLEntryInVsp(str, id, nuageVspObject2, vspAclRule, aclNetworkLocationId, vspNetwork.getId(), intValue);
                    return;
                }
            }
            return;
        }
        if (!vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Ingress)) {
            createIngressACLEntryInVsp(isNetworkAcl, str, ingressAclTemplate, vspAclRule, aclNetworkLocationId, vspNetwork.getId(), aclProgress.successfullyAddedIngressACls);
            s_logger.debug("ACS Egress rule %s is getting added to network %s and it does not exists in VSP. So, ACL rule is created on the L3 Subnet/L2 Domain with network locationId %s on which the ACL rule is added.", vspAclRule, vspNetwork.getName(), aclNetworkLocationId);
            return;
        }
        createEgressACLEntryInVsp(str, ingressAclTemplate, vspAclRule, aclNetworkLocationId, vspNetwork.getId(), aclProgress.successfullyAddedEgressACls);
        if (destinationIp != null) {
            s_logger.debug("ACS Ingress rule %s is getting added to network %s and it does not exists in VSP. The source IP is %s. Enterprise macro with same source IP network will be either created if its not present in VSP. Then a rule will be created using the macro.", vspAclRule, vspNetwork.getName(), destinationIp);
        } else {
            s_logger.debug("ACS Ingress rule %s is getting added to network %s and it does not exists in VSP. So, ACL rule is created on the L3 Subnet/L2 Domain with network locationId %s on which the ACL rule is added.", vspAclRule, vspNetwork.getName(), aclNetworkLocationId);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void createOrDeleteDefaultIngressSubnetBlockAcl(VspNetwork vspNetwork, AclRulesDetails aclRulesDetails) throws NuageVspException {
        String name = vspNetwork.getName();
        String subnetExternalId = vspNetwork.getSubnetExternalId();
        try {
            int id = (int) (10800000 + vspNetwork.getId());
            List<NuageVspObject> resources = this.api.getResources(NuageVspEntity.INGRESS_ACLTEMPLATES, aclRulesDetails.getIngressAclTemplateId(), NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, Integer.valueOf(id));
            if (aclRulesDetails.isNeedsBlockRule()) {
                if (resources.isEmpty()) {
                    try {
                        ensureDefaultIngressAclEntry(null, aclRulesDetails.getIngressAclTemplate(), false, Protocol.ANY, Acl.AclAction.DROP, id, NuageVspConstants.DefaultAcl.SUBNET_BLOCK_ACL, Acl.AclEntryLocationType.SUBNET, aclRulesDetails.getAclNetworkLocationId(), Acl.AclEntryNetworkType.ANY, name, subnetExternalId);
                        s_logger.debug("Default ACL to block subnets traffic is added with priority " + id, new Object[0]);
                    } catch (NuageVspApiException e) {
                        if (e.getHttpErrorCode() == 409 && e.getNuageErrorCode() == NuageVspConstants.ErrorCode.DUPLICATE_ACL_PRIORITY) {
                            s_logger.debug("Looks like the ACL Entry with priority " + id + " already exists. So, it is not re-created", new Object[0]);
                        }
                    }
                }
            } else if (!resources.isEmpty()) {
                s_logger.debug("There are no Egress ACLs added to the network " + name + ". So, delete default subnet block ACL", new Object[0]);
                this.api.deleteQuietly(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, (String) resources.iterator().next().get(NuageVspAttribute.ID));
            }
        } catch (NuageVspException e2) {
            Object[] objArr = new Object[2];
            objArr[0] = aclRulesDetails.isNeedsBlockRule() ? "create" : "delete";
            objArr[1] = name;
            throw NuageVspRestApi.handleException("Failed to %s default Subnet ACL to block traffic for network %s", e2, objArr);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void removeAclRule(VspNetwork vspNetwork, AclRulesDetails aclRulesDetails, VspAclRule vspAclRule) throws NuageVspException {
        NuageVspEntity nuageVspEntity;
        NuageVspObject egressAclTemplate;
        NuageVspFilter eq = NuageVspFilter.where(NuageVspAttribute.EXTERNAL_ID).eq(vspAclRule.getUuid());
        if (aclRulesDetails.isNetworkAcl()) {
            eq = eq.and(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID).eq(aclRulesDetails.getAclNetworkLocationId());
        }
        String name = vspNetwork.getName();
        if (vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Egress)) {
            nuageVspEntity = NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES;
            egressAclTemplate = aclRulesDetails.getIngressAclTemplate();
        } else {
            if (!vspAclRule.getTrafficType().equals(VspAclRule.ACLTrafficType.Ingress)) {
                throw new IllegalStateException();
            }
            nuageVspEntity = NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES;
            egressAclTemplate = aclRulesDetails.getEgressAclTemplate();
        }
        List<NuageVspObject> resources = this.api.getResources(egressAclTemplate, nuageVspEntity, eq);
        if (!CollectionUtils.isNotEmpty(resources)) {
            s_logger.debug("ACS ACL rule " + vspAclRule + " associated to network " + name + " is in Revoke state. But, this ACL does not exist in VSP. So, it is ignored", new Object[0]);
            return;
        }
        for (NuageVspObject nuageVspObject : resources) {
            s_logger.debug("ACS ACL rule " + vspAclRule + " associated to network " + name + " is in Revoke state. This ACL " + nuageVspObject.getId() + " exists in VSP and it is deleted", new Object[0]);
            this.api.deleteQuietly(nuageVspObject);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void resetAllAclRulesInTheNetwork(VspNetwork vspNetwork, NetworkDetails networkDetails, AclRulesDetails aclRulesDetails) throws NuageVspException {
        createDefaultRules(vspNetwork, networkDetails.getDomainType(), networkDetails.getDomainId());
        cleanStaleAclsFromVsp(aclRulesDetails);
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void applyFIPAccessControl(NuageVspEntity nuageVspEntity, String str, String str2, String str3, boolean z) throws NuageVspApiException {
        try {
            Optional<NuageVspObject> entityByExternalId = this.api.getEntityByExternalId(nuageVspEntity, str, NuageVspEntity.FLOATING_IP, str2 + ":" + str3);
            if (entityByExternalId.isPresent()) {
                NuageVspObject nuageVspObject = entityByExternalId.get();
                nuageVspObject.set(NuageVspAttribute.FLOATING_IP_ACCESS_CONTROL, Boolean.valueOf(z));
                this.api.updateResource(nuageVspObject);
            }
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to apply FIP Access control", e, new Object[0]);
        }
    }

    @Override // net.nuage.vsp.acs.client.api.NuageVspAclClient
    public void applyStaticRoutes(NetworkDetails networkDetails, Collection<VspStaticRoute> collection) throws NuageVspApiException {
        try {
            NuageVspObject orElseThrow = this.api.getEntityByExternalId(NuageVspEntity.ENTERPRISE, networkDetails.getEnterpriseId(), networkDetails.getDomainType(), networkDetails.getDomainUuid()).orElseThrow(() -> {
                return new NuageVspApiException("Domain not found on VSD");
            });
            for (VspStaticRoute vspStaticRoute : collection) {
                Pair<String, String> cidrToSubnetNetmask = NetUtils.cidrToSubnetNetmask(vspStaticRoute.getCidr());
                EnumMap newEnumMap = Maps.newEnumMap(NuageVspAttribute.class);
                newEnumMap.put((EnumMap) NuageVspAttribute.STATIC_ROUTE_ADDRESS, (NuageVspAttribute) cidrToSubnetNetmask.getLeft());
                newEnumMap.put((EnumMap) NuageVspAttribute.STATIC_ROUTE_NETMASK, (NuageVspAttribute) cidrToSubnetNetmask.getRight());
                Optional<NuageVspObject> entityByExternalId = this.api.getEntityByExternalId(NuageVspEntity.DOMAIN, orElseThrow.getId(), NuageVspEntity.STATIC_ROUTE, vspStaticRoute.getUuid());
                if (vspStaticRoute.isRevoke() && entityByExternalId.isPresent()) {
                    this.api.deleteResource(entityByExternalId.get());
                }
                if (entityByExternalId.isPresent()) {
                    NuageVspObject nuageVspObject = entityByExternalId.get();
                    if (vspStaticRoute.isRevoke()) {
                        this.api.deleteResource(nuageVspObject);
                    } else if (!vspStaticRoute.getNextHop().equals(nuageVspObject.get(NuageVspAttribute.STATIC_ROUTE_NEXTHOP))) {
                        fillStaticRoute(vspStaticRoute, cidrToSubnetNetmask, nuageVspObject);
                        this.api.updateResource(nuageVspObject);
                    }
                } else if (!vspStaticRoute.isRevoke()) {
                    NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.STATIC_ROUTE);
                    fillStaticRoute(vspStaticRoute, cidrToSubnetNetmask, createNuageVspObject);
                    this.api.createResource(orElseThrow, createNuageVspObject, new NuageVspConstants.ErrorCode[0]);
                }
            }
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to apply static routes", e, new Object[0]);
        }
    }

    private void fillStaticRoute(VspStaticRoute vspStaticRoute, Pair<String, String> pair, NuageVspObject nuageVspObject) {
        nuageVspObject.set(NuageVspAttribute.STATIC_ROUTE_ADDRESS, pair.getLeft());
        nuageVspObject.set(NuageVspAttribute.STATIC_ROUTE_NETMASK, pair.getRight());
        nuageVspObject.set(NuageVspAttribute.STATIC_ROUTE_NEXTHOP, vspStaticRoute.getNextHop());
        nuageVspObject.setExternalId(vspStaticRoute.getUuid());
    }

    private List<String> cleanStaleAclsFromVsp(AclRulesDetails aclRulesDetails) throws NuageVspException {
        LinkedList linkedList = new LinkedList();
        NuageVspRestApi nuageVspRestApi = this.api;
        nuageVspRestApi.getClass();
        Consumer consumer = nuageVspRestApi::deleteQuietly;
        Consumer<? super NuageVspObject> andThen = consumer.andThen(nuageVspObject -> {
            linkedList.add(nuageVspObject.getId());
        });
        String aclNetworkLocationId = aclRulesDetails.getAclNetworkLocationId();
        if (aclRulesDetails.hasIngressRules()) {
            Stream<NuageVspObject> stream = getACLEntriesAssociatedToLocationByExternalId(aclRulesDetails, aclNetworkLocationId, NuageVspEntity.EGRESS_ACLTEMPLATES, aclRulesDetails.getEgressAclTemplateId()).values().stream();
            aclRulesDetails.getClass();
            stream.filter(aclRulesDetails::isMissingIngressRule).forEach(andThen);
        }
        if (aclRulesDetails.hasEgressRules()) {
            Stream<NuageVspObject> stream2 = getACLEntriesAssociatedToLocationByExternalId(aclRulesDetails, aclNetworkLocationId, NuageVspEntity.INGRESS_ACLTEMPLATES, aclRulesDetails.getIngressAclTemplateId()).values().stream();
            aclRulesDetails.getClass();
            stream2.filter(aclRulesDetails::isMissingEgressRule).forEach(andThen);
        }
        return linkedList;
    }

    private void createDefaultIngressAcls(VspNetwork vspNetwork, NuageVspEntity nuageVspEntity, String str) throws NuageVspApiException {
        String left = vspNetwork.getVpcOrSubnetInfo().getLeft();
        String name = vspNetwork.getName();
        try {
            NuageVspObject findOrCreateACLTemplate = findOrCreateACLTemplate(left, nuageVspEntity, str, NuageVspEntity.INGRESS_ACLTEMPLATES, Acl.AclTemplatePriorityType.TOP, 0);
            NuageVspObject findOrCreateACLTemplate2 = findOrCreateACLTemplate(left, nuageVspEntity, str, NuageVspEntity.INGRESS_ACLTEMPLATES, Acl.AclTemplatePriorityType.BOTTOM, 0);
            Map<Integer, NuageVspObject> defaultAclEntries = getDefaultAclEntries(findOrCreateACLTemplate);
            Map<Integer, NuageVspObject> defaultAclEntries2 = getDefaultAclEntries(findOrCreateACLTemplate2);
            if (vspNetwork.isShared()) {
                ensureDefaultIngressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, false, Protocol.ANY, Acl.AclAction.FORWARD, NuageVspConstants.DefaultAcl.ALLOW_ALL_ACL_PRIORITY, NuageVspConstants.DefaultAcl.INGRESS_ALLOW_ALL_ACL, Acl.AclEntryLocationType.ANY, null, Acl.AclEntryNetworkType.ANY, name, left);
                return;
            }
            ensureDefaultIngressAclEntry(defaultAclEntries, findOrCreateACLTemplate, false, Protocol.ANY, Acl.AclAction.FORWARD, 0, NuageVspConstants.DefaultAcl.SUBNET_ALLOW_ACL, Acl.AclEntryLocationType.ANY, null, Acl.AclEntryNetworkType.ENDPOINT_SUBNET, name, left);
            if (vspNetwork.isVpc() || vspNetwork.isEgressDefaultPolicy()) {
                ensureDefaultIngressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, true, Protocol.TCP, Acl.AclAction.FORWARD, 1, NuageVspConstants.DefaultAcl.INGRESS_ALLOW_TCP_ACL, Acl.AclEntryLocationType.ANY, null, Acl.AclEntryNetworkType.ANY, name, left);
                ensureDefaultIngressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, true, Protocol.UDP, Acl.AclAction.FORWARD, 2, NuageVspConstants.DefaultAcl.INGRESS_ALLOW_UDP_ACL, Acl.AclEntryLocationType.ANY, null, Acl.AclEntryNetworkType.ANY, name, left);
                ensureDefaultIngressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, false, Protocol.ICMP, Acl.AclAction.FORWARD, 3, NuageVspConstants.DefaultAcl.INGRESS_ALLOW_ICMP_ACL, Acl.AclEntryLocationType.ANY, null, Acl.AclEntryNetworkType.ANY, name, left);
            } else {
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 1);
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 2);
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 3);
            }
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to create default Ingress ACL for network %s", e, left);
        }
    }

    private void createDefaultEgressAcls(VspNetwork vspNetwork, NuageVspEntity nuageVspEntity, String str) throws NuageVspApiException {
        boolean isVpc = vspNetwork.isVpc();
        String left = vspNetwork.getVpcOrSubnetInfo().getLeft();
        boolean isEgressDefaultPolicy = vspNetwork.isEgressDefaultPolicy();
        String name = vspNetwork.getName();
        try {
            NuageVspObject findOrCreateACLTemplate = findOrCreateACLTemplate(left, nuageVspEntity, str, NuageVspEntity.EGRESS_ACLTEMPLATES, Acl.AclTemplatePriorityType.TOP, 0);
            NuageVspObject findOrCreateACLTemplate2 = findOrCreateACLTemplate(left, nuageVspEntity, str, NuageVspEntity.EGRESS_ACLTEMPLATES, Acl.AclTemplatePriorityType.BOTTOM, 0);
            Map<Integer, NuageVspObject> defaultAclEntries = getDefaultAclEntries(findOrCreateACLTemplate);
            Map<Integer, NuageVspObject> defaultAclEntries2 = getDefaultAclEntries(findOrCreateACLTemplate2);
            if (vspNetwork.isShared()) {
                ensureDefaultEgressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, false, Protocol.ANY, Acl.AclAction.FORWARD, NuageVspConstants.DefaultAcl.ALLOW_ALL_ACL_PRIORITY, NuageVspConstants.DefaultAcl.INGRESS_ALLOW_ALL_ACL, Acl.AclEntryNetworkType.ANY, name);
                return;
            }
            ensureDefaultEgressAclEntry(defaultAclEntries, findOrCreateACLTemplate, false, Protocol.ANY, Acl.AclAction.FORWARD, 0, NuageVspConstants.DefaultAcl.SUBNET_ALLOW_ACL, Acl.AclEntryNetworkType.ENDPOINT_SUBNET, name);
            if (isVpc) {
                ensureDefaultEgressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, false, Protocol.ANY, Acl.AclAction.DROP, 0, NuageVspConstants.DefaultAcl.DOMAIN_BLOCK_ACL, Acl.AclEntryNetworkType.ENDPOINT_DOMAIN, name);
            }
            if (isEgressDefaultPolicy) {
                ensureDefaultEgressAclEntry(defaultAclEntries2, findOrCreateACLTemplate2, false, Protocol.ICMP, Acl.AclAction.FORWARD, 3, NuageVspConstants.DefaultAcl.INGRESS_ALLOW_ICMP_ACL, Acl.AclEntryNetworkType.ANY, name);
            } else {
                deleteDefaultAclEntry(defaultAclEntries2, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, 3);
            }
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to create default Egress ACL for network %s", e, left);
        }
    }

    private void deleteDefaultAclEntry(Map<Integer, NuageVspObject> map, NuageVspEntity nuageVspEntity, int i) {
        if (map.containsKey(Integer.valueOf(i))) {
            this.api.deleteQuietly(nuageVspEntity, (String) map.get(Integer.valueOf(i)).get(NuageVspAttribute.ID));
        }
    }

    private void ensureDefaultEgressAclEntry(Map<Integer, NuageVspObject> map, NuageVspObject nuageVspObject, boolean z, Protocol protocol, Acl.AclAction aclAction, int i, String str, Acl.AclEntryNetworkType aclEntryNetworkType, String str2) throws NuageVspException {
        if (map.containsKey(Integer.valueOf(i))) {
            return;
        }
        NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, Acl.AclEtherType.IPv4);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, aclAction);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, Acl.AclEntryLocationType.ANY);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, aclEntryNetworkType);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, protocol.getProtocolNumber());
        if (protocol.hasPort()) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, NuageVspConstants.STAR);
        }
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_STATEFUL, Boolean.valueOf(z));
        createNuageVspObject.set(NuageVspAttribute.DESCRIPTION, str);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, Integer.valueOf(i));
        NuageVspObject createResource = this.api.createResource(nuageVspObject, createNuageVspObject, new NuageVspConstants.ErrorCode[0]);
        map.put(Integer.valueOf(i), createResource);
        s_logger.debug("Created Default egressACLTemplateEntry for network " + str2 + " in VSP . Response from VSP is " + createResource, new Object[0]);
    }

    private void ensureDefaultIngressAclEntry(Map<Integer, NuageVspObject> map, NuageVspObject nuageVspObject, boolean z, Protocol protocol, Acl.AclAction aclAction, int i, String str, Acl.AclEntryLocationType aclEntryLocationType, String str2, Acl.AclEntryNetworkType aclEntryNetworkType, String str3, String str4) throws NuageVspException {
        if (map == null || !map.containsKey(Integer.valueOf(i))) {
            NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, Acl.AclEtherType.IPv4);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, aclAction);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, aclEntryLocationType);
            if (str2 != null) {
                createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str2);
            }
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, aclEntryNetworkType);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, protocol.getProtocolNumber());
            if (protocol.hasPort()) {
                createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
                createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, NuageVspConstants.STAR);
            }
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_STATEFUL, Boolean.valueOf(z));
            createNuageVspObject.set(NuageVspAttribute.DESCRIPTION, str);
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, Integer.valueOf(i));
            createNuageVspObject.setExternalId("(" + str4 + ")");
            NuageVspObject createResource = this.api.createResource(nuageVspObject, createNuageVspObject, new NuageVspConstants.ErrorCode[0]);
            if (map != null) {
                map.put(Integer.valueOf(i), createResource);
            }
            s_logger.debug("Created Default IngressACLTemplateEntry for network " + str3 + " in VSP . Response from VSP is " + createResource, new Object[0]);
        }
    }

    private String createAclEntry(NuageVspObject nuageVspObject, NuageVspEntity nuageVspEntity, String str, VspAclRule vspAclRule, long j, String str2) throws NuageVspException {
        boolean equals = nuageVspObject.getEntityType().equals(NuageVspEntity.EGRESS_ACLTEMPLATES);
        Pair<Acl.AclEntryNetworkType, String> aclEntryNetworkForCidr = getAclEntryNetworkForCidr(str, vspAclRule.getSourceCidrList());
        return createAclEntry(nuageVspObject, nuageVspEntity, equals ? buildEgressAclEntry(vspAclRule, str2, j, aclEntryNetworkForCidr, false, -1) : buildIngressAclEntry(vspAclRule, str2, j, aclEntryNetworkForCidr, false, -1));
    }

    private String createAclEntry(NuageVspObject nuageVspObject, NuageVspEntity nuageVspEntity, NuageVspObject nuageVspObject2) throws NuageVspException {
        NuageVspObject createResource = this.api.createResource(nuageVspObject, nuageVspObject2, NuageVspConstants.ErrorCode.DUPLICATE_ACL_PRIORITY);
        s_logger.debug("Created " + nuageVspEntity + " ACL Entry in VSP. Response from VSP is " + createResource, new Object[0]);
        return createResource.getId();
    }

    private void createEgressACLEntryInVsp(String str, NuageVspObject nuageVspObject, VspAclRule vspAclRule, String str2, long j, List<String> list) throws NuageVspApiException {
        try {
            list.add(createAclEntry(nuageVspObject, NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES, str, vspAclRule, j, str2));
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to create Egress ACL Entry for rule %s in VSP enterprise %s)", e, vspAclRule, str);
        }
    }

    private void createIngressACLEntryInVsp(boolean z, String str, NuageVspObject nuageVspObject, VspAclRule vspAclRule, String str2, long j, List<String> list) throws NuageVspApiException {
        getAclEntryNetworkForCidr(str, vspAclRule.getSourceCidrList());
        try {
            list.add(createAclEntry(nuageVspObject, NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES, str, vspAclRule, j, str2));
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to create Ingress ACL Entry for rule %s with CIDR %s in VSP enterprise %s. ", e, vspAclRule, vspAclRule.getSourceCidrList(), str);
        }
    }

    private boolean isModified(NuageVspObject nuageVspObject, NuageVspObject nuageVspObject2) {
        return !nuageVspObject.entriesEqualTo(nuageVspObject2);
    }

    private void updateIngressACLEntryInVsp(String str, String str2, NuageVspObject nuageVspObject, VspAclRule vspAclRule, String str3, long j, int i) throws NuageVspApiException {
        getAclEntryNetworkForCidr(str, vspAclRule.getSourceCidrList());
        try {
            NuageVspObject buildIngressAclEntryByCidr = buildIngressAclEntryByCidr(str, vspAclRule, str3, j, vspAclRule.getSourceCidrList(), true, i);
            if (isModified(buildIngressAclEntryByCidr, nuageVspObject)) {
                buildIngressAclEntryByCidr.setId(nuageVspObject.getId());
                s_logger.debug("Updated Ingress ACL Entry for rule " + vspAclRule + " with CIDR " + vspAclRule.getSourceCidrList() + " in VSP. Response from VSP is " + this.api.updateResource(buildIngressAclEntryByCidr), new Object[0]);
            }
        } catch (NuageVspException e) {
            if (!e.isNoChangeInEntityException()) {
                throw NuageVspRestApi.handleException("Failed to Modify Ingress ACL Entry for rule %s with CIDR %s in VSP enterprise %s. ", e, vspAclRule, vspAclRule.getSourceCidrList(), str);
            }
        }
    }

    private void updateEgressACLEntryInVsp(String str, String str2, NuageVspObject nuageVspObject, VspAclRule vspAclRule, String str3, long j, int i) throws NuageVspApiException {
        try {
            NuageVspObject buildEgressAclEntryByCidr = buildEgressAclEntryByCidr(str, vspAclRule, str3, j, true, i);
            if (isModified(buildEgressAclEntryByCidr, nuageVspObject)) {
                buildEgressAclEntryByCidr.setId(nuageVspObject.getId());
                s_logger.debug("Updated Ingress ACL Entry for rule %s with CIDR %s in VSP. Response from VSP is %s", vspAclRule, vspAclRule.getSourceCidrList(), this.api.updateResource(buildEgressAclEntryByCidr));
            }
        } catch (NuageVspException e) {
            if (!e.isNoChangeInEntityException()) {
                throw NuageVspRestApi.handleException("Failed to Modify Egress ACL Entry for rule %s with CIDR %s in VSP enterprise %s. ", e, vspAclRule, vspAclRule.getSourceCidrList(), str);
            }
        }
    }

    private NuageVspObject buildEgressAclEntryByCidr(String str, VspAclRule vspAclRule, String str2, long j, boolean z, int i) throws NuageVspApiException {
        Pair<Acl.AclEntryNetworkType, String> pair = null;
        if (vspAclRule.getType().equals(VspAclRule.ACLType.NetworkACL)) {
            pair = getAclEntryNetworkForCidr(str, vspAclRule.getSourceCidrList());
        }
        return buildEgressAclEntry(vspAclRule, str2, j, pair, z, i);
    }

    private NuageVspObject buildIngressAclEntryByCidr(String str, VspAclRule vspAclRule, String str2, long j, List<String> list, boolean z, int i) throws NuageVspApiException {
        Pair<Acl.AclEntryNetworkType, String> pair = null;
        if (vspAclRule.getType().equals(VspAclRule.ACLType.NetworkACL)) {
            pair = getAclEntryNetworkForCidr(str, list);
        }
        return buildIngressAclEntry(vspAclRule, str2, j, pair, z, i);
    }

    private NuageVspObject buildIngressAclEntryBySubnet(VspAclRule vspAclRule, String str, long j, String str2, boolean z, int i) throws NuageVspApiException {
        return buildIngressAclEntry(vspAclRule, str, j, Pair.of(Acl.AclEntryNetworkType.SUBNET, str2), z, i);
    }

    private NuageVspObject buildEgressAclEntry(VspAclRule vspAclRule, String str, long j, Pair<Acl.AclEntryNetworkType, String> pair, boolean z, int i) throws NuageVspApiException {
        NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.EGRESS_ACLTEMPLATES_ENTRIES);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, Acl.AclEtherType.IPv4);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, vspAclRule.getAction().equals(VspAclRule.ACLAction.Allow) ? Acl.AclAction.FORWARD : Acl.AclAction.DROP);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, vspAclRule.getProtocol().getProtocolNumber());
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        createNuageVspObject.setExternalId(vspAclRule.getUuid());
        VspAclRule updatePriorityForAcl = updatePriorityForAcl(vspAclRule, j, z, i);
        if (updatePriorityForAcl.getPriority().intValue() < 0 || updatePriorityForAcl.getPriority().intValue() >= 10000000) {
            String str2 = "Rule number " + updatePriorityForAcl.getPriority() + " can not be greater than " + NuageVspConstants.MAX_ACL_PRIORITY + " as it is used as rule numbers for predefined rules in VSP";
            s_logger.error(str2, new Object[0]);
            throw new NuageVspApiException(str2);
        }
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, updatePriorityForAcl.getPriority());
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, Acl.AclEntryLocationType.SUBNET);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str);
        VspStaticNat staticNat = updatePriorityForAcl.getStaticNat();
        if (staticNat != null) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ADDR_OVERRIDE, staticNat.getDestinationIp());
        }
        if (pair != null) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, pair.getLeft());
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_ID, pair.getRight());
        }
        if (updatePriorityForAcl.getProtocol().hasPort()) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, updatePriorityForAcl.getPortRange());
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
        }
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_STATEFUL, Boolean.valueOf(updatePriorityForAcl.isStateful()));
        return createNuageVspObject;
    }

    private NuageVspObject buildIngressAclEntry(VspAclRule vspAclRule, String str, long j, Pair<Acl.AclEntryNetworkType, String> pair, boolean z, int i) throws NuageVspApiException {
        NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.INGRESS_ACLTEMPLATES_ENTRIES);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ETHER_TYPE, Acl.AclEtherType.IPv4);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ACTION, vspAclRule.getAction().equals(VspAclRule.ACLAction.Allow) ? Acl.AclAction.FORWARD : Acl.AclAction.DROP);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PROTOCOL, vspAclRule.getProtocol().getProtocolNumber());
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DSCP, NuageVspConstants.STAR);
        createNuageVspObject.setExternalId(vspAclRule.getUuid());
        VspAclRule updatePriorityForAcl = updatePriorityForAcl(vspAclRule, j, z, i);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY, updatePriorityForAcl.getPriority());
        if (updatePriorityForAcl.getType().equals(VspAclRule.ACLType.Firewall)) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_ADDR_OVERRIDE, Joiner.on(",").join(updatePriorityForAcl.getSourceCidrList()));
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, Acl.AclEntryNetworkType.ANY);
        } else if (pair != null) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_TYPE, pair.getLeft());
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_NETWORK_ID, pair.getRight());
        }
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_TYPE, Acl.AclEntryLocationType.SUBNET);
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_LOCATION_ID, str);
        if (updatePriorityForAcl.getProtocol().hasPort()) {
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_DEST_PORT, updatePriorityForAcl.getPortRange());
            createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_SOURCE_PORT, NuageVspConstants.STAR);
        }
        createNuageVspObject.set(NuageVspAttribute.ACLTEMPLATES_ENTRY_STATEFUL, Boolean.valueOf(updatePriorityForAcl.isStateful()));
        return createNuageVspObject;
    }

    private VspAclRule updatePriorityForAcl(VspAclRule vspAclRule, long j, boolean z, int i) throws NuageVspApiException {
        int randomPriority;
        switch (vspAclRule.getType()) {
            case NetworkACL:
                if (vspAclRule.getPriority().intValue() <= 9999) {
                    randomPriority = Integer.parseInt(String.valueOf(j) + String.valueOf(vspAclRule.getPriority()));
                    break;
                } else {
                    s_logger.error("Rule number can not be greater than 9999 as it is used to generate a unique rule per tier in VSP", new Object[0]);
                    throw new NuageVspApiException("Rule number can not be greater than 9999 as it is used to generate a unique rule per tier in VSP");
                }
            default:
                if (!z) {
                    randomPriority = getRandomPriority();
                    break;
                } else {
                    randomPriority = i;
                    break;
                }
        }
        return new VspAclRule.Builder().fromObject(vspAclRule).priority(Integer.valueOf(randomPriority)).build();
    }

    private int getRandomPriority() {
        return (((int) (RANDOM.nextDouble() * 99999.0d)) % 1000000) + 1;
    }

    private Pair<Acl.AclEntryNetworkType, String> getAclEntryNetworkForCidr(String str, List<String> list) throws NuageVspApiException {
        if (list.stream().anyMatch(str2 -> {
            return str2.endsWith("/0");
        })) {
            return Pair.of(Acl.AclEntryNetworkType.ANY, (Object) null);
        }
        if (list.size() <= 1) {
            return Pair.of(Acl.AclEntryNetworkType.ENTERPRISE_NETWORK, findOrCreateNetworkMacro(str, list.get(0)));
        }
        if (this.api.vspHost.getApiVersion() == NuageVspApiVersion.V3_2) {
            throw new NuageVspApiException("Multiple CIDRs are not supported in VSP 3.2");
        }
        return Pair.of(Acl.AclEntryNetworkType.NETWORK_MACRO_GROUP, findOrCreateNetworkMacroGroup(str, Joiner.on(", ").join(list)));
    }

    public String findOrCreateNetworkMacroGroup(String str, String str2) throws NuageVspApiException {
        try {
            TreeSet treeSet = new TreeSet();
            for (String str3 : str2.split(",\\s*")) {
                treeSet.add(findOrCreateNetworkMacro(str, str3));
            }
            String generateUuidFromCidr = UuidUtils.generateUuidFromCidr(str2, null);
            NuageVspObject findOrCreateChild = this.api.findOrCreateChild(NuageVspEntity.ENTERPRISE, str, NuageVspEntity.ENTERPRISE_NTWK_MACRO_GROUP, generateUuidFromCidr, nuageVspObject -> {
                nuageVspObject.set(NuageVspAttribute.NAME, "CIDR List" + generateUuidFromCidr);
                nuageVspObject.set(NuageVspAttribute.DESCRIPTION, str2);
            }, nuageVspObject2 -> {
                this.api.setRelatedEntities(nuageVspObject2, NuageVspEntity.ENTERPRISE_NTWK_MACRO, treeSet);
            });
            if (!this.api.getEntityByExternalId(NuageVspEntity.ENTERPRISE, str, NuageVspEntity.ENTERPRISE_NTWK_MACRO_GROUP, generateUuidFromCidr).isPresent()) {
                NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.ENTERPRISE_NTWK_MACRO_GROUP);
                createNuageVspObject.set(NuageVspAttribute.NAME, "CIDR List" + generateUuidFromCidr);
                createNuageVspObject.set(NuageVspAttribute.DESCRIPTION, str2);
                createNuageVspObject.setExternalId(generateUuidFromCidr);
                findOrCreateChild = this.api.createResource(NuageVspEntity.ENTERPRISE, str, createNuageVspObject);
                this.api.setRelatedEntities(findOrCreateChild, NuageVspEntity.ENTERPRISE_NTWK_MACRO, treeSet);
            }
            return findOrCreateChild.getId();
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to read Public network macro Group %s in VSP enterprise %s.  Json response from VSP REST API is  %s", e, str2, str, e.getMessage());
        }
    }

    public String findOrCreateNetworkMacro(String str, String str2) throws NuageVspApiException {
        try {
            Pair<String, String> cidrToSubnetNetmask = NetUtils.cidrToSubnetNetmask(str2);
            return this.api.getResources(NuageVspEntity.ENTERPRISE, str, NuageVspEntity.ENTERPRISE_NTWK_MACRO, NuageVspFilter.where().field(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_ADDRESS).eq(cidrToSubnetNetmask.getLeft()).and().field(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_NETMASK).eq(cidrToSubnetNetmask.getRight())).stream().findFirst().orElseGet(() -> {
                String generateUuidFromCidr = UuidUtils.generateUuidFromCidr(str2);
                NuageVspObject createNuageVspObject = this.api.createNuageVspObject(NuageVspEntity.ENTERPRISE_NTWK_MACRO);
                createNuageVspObject.set(NuageVspAttribute.NAME, "CIDR " + str2.replace('.', ' ').replace("/", " - "));
                createNuageVspObject.set(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_ADDRESS, cidrToSubnetNetmask.getLeft());
                createNuageVspObject.set(NuageVspAttribute.ENTERPRISE_NTWK_MACRO_NETMASK, cidrToSubnetNetmask.getRight());
                createNuageVspObject.setExternalId(generateUuidFromCidr);
                return this.api.createResource(NuageVspEntity.ENTERPRISE, str, createNuageVspObject);
            }).getId();
        } catch (NuageVspException e) {
            throw NuageVspRestApi.handleException("Failed to read Public network macro %s in VSP enterprise %s.  Json response from VSP REST API is  %s", e, str2, str, e.getMessage());
        }
    }

    public Map<String, NuageVspObject> groupByExternalId(List<NuageVspObject> list) {
        HashMap hashMap = new HashMap();
        for (NuageVspObject nuageVspObject : list) {
            String externalId = nuageVspObject.getExternalId();
            if (externalId != null) {
                hashMap.put(externalId, nuageVspObject);
            }
        }
        return hashMap;
    }

    public Map<Integer, NuageVspObject> getDefaultAclEntries(NuageVspObject nuageVspObject) throws NuageVspException {
        List<NuageVspObject> aCLEntriesAssociatedToLocation = getACLEntriesAssociatedToLocation(null, nuageVspObject.getEntityType(), nuageVspObject.getId());
        HashMap hashMap = new HashMap();
        for (NuageVspObject nuageVspObject2 : aCLEntriesAssociatedToLocation) {
            hashMap.put((Integer) nuageVspObject2.get(NuageVspAttribute.ACLTEMPLATES_ENTRY_PRIORITY), nuageVspObject2);
        }
        return hashMap;
    }
}
