package org.apache.brooklyn.location.jclouds.networking;

import com.google.common.annotations.Beta;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import java.util.Iterator;
import java.util.Set;
import org.apache.brooklyn.location.jclouds.JcloudsLocation;
import org.apache.brooklyn.location.jclouds.JcloudsLocationConfig;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.text.Strings;
import org.jclouds.aws.ec2.AWSEC2Api;
import org.jclouds.aws.ec2.features.AWSSecurityGroupApi;
import org.jclouds.aws.ec2.options.CreateSecurityGroupOptions;
import org.jclouds.aws.util.AWSUtils;
import org.jclouds.compute.domain.SecurityGroup;
import org.jclouds.compute.extensions.SecurityGroupExtension;
import org.jclouds.domain.Location;
import org.jclouds.net.domain.IpPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Beta
/* loaded from: input_file:org/apache/brooklyn/location/jclouds/networking/SecurityGroupTool.class */
public class SecurityGroupTool {
    private static final Logger log = LoggerFactory.getLogger(SecurityGroupTool.class);
    protected final JcloudsLocation location;
    protected final SecurityGroupDefinition sgDef;

    public SecurityGroupTool(JcloudsLocation jcloudsLocation, SecurityGroupDefinition securityGroupDefinition) {
        this.location = (JcloudsLocation) Preconditions.checkNotNull(jcloudsLocation);
        this.sgDef = (SecurityGroupDefinition) Preconditions.checkNotNull(securityGroupDefinition);
    }

    public String getName() {
        return this.sgDef.getName();
    }

    public void apply() {
        Optional securityGroupExtension = this.location.getComputeService().getSecurityGroupExtension();
        if (!securityGroupExtension.isPresent()) {
            throw new IllegalStateException("Advanced networking not supported in this location (" + this.location + ")");
        }
        SecurityGroupExtension securityGroupExtension2 = (SecurityGroupExtension) securityGroupExtension.get();
        SecurityGroup findSecurityGroupWithName = findSecurityGroupWithName(securityGroupExtension2, getName());
        if (findSecurityGroupWithName == null) {
            try {
                findSecurityGroupWithName = securityGroupExtension2.createSecurityGroup(getName(), (Location) null);
            } catch (Exception e) {
                Exceptions.propagateIfFatal(e);
                findSecurityGroupWithName = findSecurityGroupWithName(securityGroupExtension2, getName());
                if (findSecurityGroupWithName == null) {
                    throw Exceptions.propagate(e);
                }
                log.debug("Looks like parallel thread created security group " + getName() + "; ignoring error in our thread (" + e + ") as we now have an SG");
            }
        }
        if (findSecurityGroupWithName == null) {
            throw new IllegalStateException("Unable to find or create security group ID for " + getName());
        }
        addPermissions(securityGroupExtension2, findSecurityGroupWithName);
    }

    protected SecurityGroup findSecurityGroupWithName(SecurityGroupExtension securityGroupExtension, String str) {
        Set<SecurityGroup> listSecurityGroups = securityGroupExtension.listSecurityGroups();
        String removeFromStart = str.startsWith(SecurityGroupEditor.JCLOUDS_PREFIX) ? Strings.removeFromStart(str, SecurityGroupEditor.JCLOUDS_PREFIX) : SecurityGroupEditor.JCLOUDS_PREFIX + str;
        for (SecurityGroup securityGroup : listSecurityGroups) {
            if (!str.equals(securityGroup.getName()) && !removeFromStart.equals(securityGroup.getName())) {
            }
            return securityGroup;
        }
        return null;
    }

    protected void addPermissions(SecurityGroupExtension securityGroupExtension, SecurityGroup securityGroup) {
        Object api = this.location.getComputeService().getContext().unwrap().getApi();
        if (api instanceof AWSEC2Api) {
            ((AWSSecurityGroupApi) ((AWSEC2Api) api).getSecurityGroupApi().get()).authorizeSecurityGroupIngressInRegion(AWSUtils.getRegionFromLocationOrNull(securityGroup.getLocation()), securityGroup.getProviderId(), this.sgDef.getPermissions());
        } else {
            Iterator<IpPermission> it = this.sgDef.getPermissions().iterator();
            while (it.hasNext()) {
                securityGroupExtension.addIpPermission(it.next(), securityGroup);
            }
        }
    }

    protected void applyOldEc2(AWSEC2Api aWSEC2Api) {
        String str = (String) this.location.getConfig(JcloudsLocationConfig.CLOUD_REGION_ID);
        if (str == null) {
            log.warn("No region set for " + this.location + "; assuming EC2");
            str = "us-east-1";
        }
        Set describeSecurityGroupsInRegion = ((AWSSecurityGroupApi) aWSEC2Api.getSecurityGroupApi().get()).describeSecurityGroupsInRegion(str, new String[]{getName()});
        String str2 = null;
        if (describeSecurityGroupsInRegion.isEmpty()) {
            try {
                str2 = ((AWSSecurityGroupApi) aWSEC2Api.getSecurityGroupApi().get()).createSecurityGroupInRegionAndReturnId(str, getName(), "Brooklyn-managed security group " + getName(), new CreateSecurityGroupOptions[0]);
            } catch (Exception e) {
                Exceptions.propagateIfFatal(e);
                describeSecurityGroupsInRegion = ((AWSSecurityGroupApi) aWSEC2Api.getSecurityGroupApi().get()).describeSecurityGroupsInRegion(str, new String[]{getName()});
                if (describeSecurityGroupsInRegion.isEmpty()) {
                    throw Exceptions.propagate(e);
                }
                log.debug("Looks like parallel thread created security group " + getName() + "; ignoring error in our thread (" + e + ") as we now have an SG");
            }
        }
        if (!describeSecurityGroupsInRegion.isEmpty()) {
            if (describeSecurityGroupsInRegion.size() > 1) {
                log.warn("Multiple security groups matching '" + getName() + "' (using the first): " + describeSecurityGroupsInRegion);
            }
            str2 = ((org.jclouds.ec2.domain.SecurityGroup) describeSecurityGroupsInRegion.iterator().next()).getId();
        }
        if (str2 == null) {
            throw new IllegalStateException("Unable to find or create security group ID for " + getName());
        }
        ((AWSSecurityGroupApi) aWSEC2Api.getSecurityGroupApi().get()).authorizeSecurityGroupIngressInRegion(str, str2, this.sgDef.getPermissions());
    }
}
