package com.yahoo.vespa.hosted.node.admin.configserver.noderepository;

import com.google.common.net.InetAddresses;
import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.InetAddress;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl.class */
public class Acl {
    public static final Acl EMPTY = new Acl(Set.of(), Set.of(), Set.of(), Set.of());
    private final Set<Node> trustedNodes;
    private final Set<Integer> trustedPorts;
    private final Set<Integer> trustedUdpPorts;
    private final Set<String> trustedNetworks;

    /* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Builder.class */
    public static class Builder {
        private final Set<Node> trustedNodes = new HashSet();
        private final Set<Integer> trustedPorts = new HashSet();
        private final Set<Integer> trustedUdpPorts = new HashSet();
        private final Set<String> trustedNetworks = new HashSet();

        public Builder() {
        }

        public Builder(Acl acl) {
            this.trustedNodes.addAll(acl.trustedNodes);
            this.trustedPorts.addAll(acl.trustedPorts);
            this.trustedNetworks.addAll(acl.trustedNetworks);
        }

        public Builder withTrustedNode(Node node) {
            this.trustedNodes.add(node);
            return this;
        }

        public Builder withTrustedNode(String str, String str2) {
            return withTrustedNode(str, str2, Set.of());
        }

        public Builder withTrustedNode(String str, String str2, Set<Integer> set) {
            return withTrustedNode(new Node(str, str2, set));
        }

        public Builder withTrustedNode(String str, InetAddress inetAddress, Set<Integer> set) {
            return withTrustedNode(new Node(str, inetAddress, set));
        }

        public Builder withTrustedPorts(Integer... numArr) {
            this.trustedPorts.addAll(List.of((Object[]) numArr));
            return this;
        }

        public Builder withTrustedUdpPorts(Integer... numArr) {
            this.trustedUdpPorts.addAll(List.of((Object[]) numArr));
            return this;
        }

        public Builder withTrustedNetworks(Set<String> set) {
            this.trustedNetworks.addAll(set);
            return this;
        }

        public Acl build() {
            return new Acl(this.trustedPorts, this.trustedUdpPorts, this.trustedNodes, this.trustedNetworks);
        }
    }

    /* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node.class */
    public static final class Node extends Record {
        private final String hostname;
        private final InetAddress inetAddress;
        private final Set<Integer> ports;

        public Node(String str, String str2, Set<Integer> set) {
            this(str, InetAddresses.forString(str2), set);
        }

        public Node(String str, InetAddress inetAddress, Set<Integer> set) {
            this.hostname = str;
            this.inetAddress = inetAddress;
            this.ports = set;
        }

        public String inetAddressString() {
            return InetAddresses.toAddrString(this.inetAddress);
        }

        @Override // java.lang.Record
        public String toString() {
            return "Node{hostname='" + this.hostname + "', inetAddress=" + this.inetAddress + ", ports=" + this.ports + "}";
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Node.class), Node.class, "hostname;inetAddress;ports", "FIELD:Lcom/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node;->hostname:Ljava/lang/String;", "FIELD:Lcom/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node;->inetAddress:Ljava/net/InetAddress;", "FIELD:Lcom/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node;->ports:Ljava/util/Set;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Node.class, Object.class), Node.class, "hostname;inetAddress;ports", "FIELD:Lcom/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node;->hostname:Ljava/lang/String;", "FIELD:Lcom/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node;->inetAddress:Ljava/net/InetAddress;", "FIELD:Lcom/yahoo/vespa/hosted/node/admin/configserver/noderepository/Acl$Node;->ports:Ljava/util/Set;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String hostname() {
            return this.hostname;
        }

        public InetAddress inetAddress() {
            return this.inetAddress;
        }

        public Set<Integer> ports() {
            return this.ports;
        }
    }

    public Acl(Set<Integer> set, Set<Integer> set2, Set<Node> set3, Set<String> set4) {
        this.trustedNodes = copyOfNullable(set3);
        this.trustedPorts = copyOfNullable(set);
        this.trustedUdpPorts = copyOfNullable(set2);
        this.trustedNetworks = copyOfNullable(set4);
    }

    public Acl(Set<Integer> set, Set<Node> set2) {
        this(set, Set.of(), set2, Set.of());
    }

    public List<String> toRules(IPVersion iPVersion) {
        LinkedList linkedList = new LinkedList();
        linkedList.add("-P INPUT ACCEPT");
        linkedList.add("-P FORWARD ACCEPT");
        linkedList.add("-P OUTPUT ACCEPT");
        linkedList.add("-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT");
        linkedList.add("-A INPUT -i lo -j ACCEPT");
        linkedList.add("-A INPUT -p " + iPVersion.icmpProtocol() + " -j ACCEPT");
        if (!this.trustedPorts.isEmpty()) {
            linkedList.add("-A INPUT -p tcp -m multiport --dports " + joinPorts(this.trustedPorts) + " -j ACCEPT");
        }
        if (!this.trustedUdpPorts.isEmpty()) {
            linkedList.add("-A INPUT -p udp -m multiport --dports " + joinPorts(this.trustedUdpPorts) + " -j ACCEPT");
        }
        Stream sorted = getTrustedNodes(iPVersion).stream().map(node -> {
            StringBuilder sb = new StringBuilder();
            sb.append("-A INPUT -s ").append(node.inetAddressString()).append(iPVersion.singleHostCidr());
            if (!node.ports.isEmpty()) {
                sb.append(" -p tcp -m multiport --dports ").append(joinPorts(node.ports()));
            }
            sb.append(" -j ACCEPT");
            return sb.toString();
        }).sorted();
        Objects.requireNonNull(linkedList);
        sorted.forEach((v1) -> {
            r1.add(v1);
        });
        Stream sorted2 = addressesOf(iPVersion, this.trustedNetworks).stream().map(str -> {
            return "-A INPUT -s " + str + " -j ACCEPT";
        }).sorted();
        Objects.requireNonNull(linkedList);
        sorted2.forEach((v1) -> {
            r1.add(v1);
        });
        linkedList.add("-A INPUT -j REJECT --reject-with " + iPVersion.icmpPortUnreachable());
        return Collections.unmodifiableList(linkedList);
    }

    private static String joinPorts(Collection<Integer> collection) {
        return (String) collection.stream().sorted().map((v0) -> {
            return String.valueOf(v0);
        }).collect(Collectors.joining(","));
    }

    public Set<Node> getTrustedNodes() {
        return this.trustedNodes;
    }

    public Set<Node> getTrustedNodes(IPVersion iPVersion) {
        return (Set) this.trustedNodes.stream().filter(node -> {
            return iPVersion.match(node.inetAddress());
        }).collect(Collectors.toSet());
    }

    public Set<Integer> getTrustedPorts() {
        return this.trustedPorts;
    }

    public Set<Integer> getTrustedUdpPorts() {
        return this.trustedUdpPorts;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        Acl acl = (Acl) obj;
        return this.trustedNodes.equals(acl.trustedNodes) && this.trustedPorts.equals(acl.trustedPorts) && this.trustedUdpPorts.equals(acl.trustedUdpPorts) && this.trustedNetworks.equals(acl.trustedNetworks);
    }

    public int hashCode() {
        return Objects.hash(this.trustedNodes, this.trustedPorts, this.trustedUdpPorts, this.trustedNetworks);
    }

    public String toString() {
        return "Acl{trustedNodes=" + this.trustedNodes + ", trustedPorts=" + this.trustedPorts + ", trustedUdpPorts=" + this.trustedUdpPorts + ", trustedNetworks=" + this.trustedNetworks + "}";
    }

    private static Set<String> addressesOf(IPVersion iPVersion, Set<String> set) {
        Stream<String> stream = set.stream();
        Objects.requireNonNull(iPVersion);
        return (Set) stream.filter(iPVersion::match).collect(Collectors.toUnmodifiableSet());
    }

    private static <T> Set<T> copyOfNullable(Set<T> set) {
        return (Set) Optional.ofNullable(set).map((v0) -> {
            return Set.copyOf(v0);
        }).orElseGet(Set::of);
    }
}
