package org.apache.whirr.service;

import com.google.common.base.Predicate;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.whirr.Cluster;
import org.apache.whirr.ClusterSpec;
import org.apache.whirr.service.jclouds.FirewallSettings;
import org.jclouds.compute.ComputeServiceContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/whirr/service/FirewallManager.class */
public class FirewallManager {
    private static final Logger LOG = LoggerFactory.getLogger(FirewallManager.class);
    private ComputeServiceContext computeServiceContext;
    private ClusterSpec clusterSpec;
    private Cluster cluster;

    /* loaded from: input_file:org/apache/whirr/service/FirewallManager$Rule.class */
    public static class Rule {
        private String source;
        private Set<Cluster.Instance> destinations;
        private Predicate<Cluster.Instance> destinationPredicate;
        private int[] ports;

        public static Rule create() {
            return new Rule();
        }

        private Rule() {
        }

        public Rule source(String str) {
            this.source = str;
            return this;
        }

        public Rule destination(Cluster.Instance instance) {
            this.destinations = Collections.singleton(instance);
            return this;
        }

        public Rule destination(Set<Cluster.Instance> set) {
            this.destinations = set;
            return this;
        }

        public Rule destination(Predicate<Cluster.Instance> predicate) {
            this.destinationPredicate = predicate;
            return this;
        }

        public Rule port(int i) {
            this.ports = new int[]{i};
            return this;
        }

        public Rule ports(int... iArr) {
            this.ports = iArr;
            return this;
        }
    }

    public FirewallManager(ComputeServiceContext computeServiceContext, ClusterSpec clusterSpec, Cluster cluster) {
        this.computeServiceContext = computeServiceContext;
        this.clusterSpec = clusterSpec;
        this.cluster = cluster;
    }

    public void addRules(Rule... ruleArr) throws IOException {
        for (Rule rule : ruleArr) {
            addRule(rule);
        }
    }

    public void addRules(Set<Rule> set) throws IOException {
        Iterator<Rule> it = set.iterator();
        while (it.hasNext()) {
            addRule(it.next());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void addRule(Rule rule) throws IOException {
        List newArrayList;
        HashSet newHashSet = Sets.newHashSet();
        if (rule.destinations != null) {
            newHashSet.addAll(rule.destinations);
        }
        if (rule.destinationPredicate != null) {
            newHashSet.addAll(this.cluster.getInstancesMatching(rule.destinationPredicate));
        }
        if (rule.source == null) {
            newArrayList = this.clusterSpec.getClientCidrs();
            if (newArrayList == null || newArrayList.isEmpty()) {
                newArrayList = Lists.newArrayList(new String[]{FirewallSettings.getOriginatingIp()});
            }
        } else {
            newArrayList = Lists.newArrayList(new String[]{rule.source + "/32"});
        }
        LOG.info("Authorizing firewall ingress to {} on ports {} for {}", new Object[]{newHashSet, rule.ports, newArrayList});
        FirewallSettings.authorizeIngress(this.computeServiceContext, newHashSet, this.clusterSpec, (List<String>) newArrayList, rule.ports);
    }
}
