package com.bigstep.bdl.eks.firewall;

import com.amazonaws.services.cloudformation.AmazonCloudFormation;
import com.amazonaws.services.cloudformation.model.DescribeStackResourceRequest;
import com.amazonaws.services.cloudformation.model.DescribeStackResourceResult;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.model.AmazonEC2Exception;
import com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest;
import com.amazonaws.services.ec2.model.IpPermission;
import com.amazonaws.services.ec2.model.IpRange;
import com.amazonaws.services.ec2.model.RevokeSecurityGroupIngressRequest;
import com.bigstep.bdl.datalakes.common.backends.providers.EKS.configuration.EKSConfiguration;
import com.bigstep.bdl.datalakes.common.backends.providers.EKS.credentials.EKSCredentials;
import com.bigstep.bdl.datalakes.common.model.FirewallRule;
import com.bigstep.bdl.eks.client.EKSClientFactory;
import java.util.ArrayList;
import java.util.Arrays;
import org.apache.tomcat.util.net.Constants;

/* loaded from: input_file:BOOT-INF/lib/bdl-eks-lib-0.1.0.4.jar:com/bigstep/bdl/eks/firewall/FirewallOperations.class */
public class FirewallOperations {
    public static void createFirewallRule(EKSCredentials eKSCredentials, EKSConfiguration eKSConfiguration, FirewallRule firewallRule, String str) throws Exception {
        AmazonCloudFormation cloudFormationClient = EKSClientFactory.getCloudFormationClient(eKSCredentials, eKSConfiguration.getRegion());
        DescribeStackResourceRequest describeStackResourceRequest = new DescribeStackResourceRequest();
        describeStackResourceRequest.setStackName(str);
        describeStackResourceRequest.setLogicalResourceId("NodeSecurityGroup");
        DescribeStackResourceResult describeStackResource = cloudFormationClient.describeStackResource(describeStackResourceRequest);
        AmazonEC2 ec2Client = EKSClientFactory.getEc2Client(eKSCredentials, eKSConfiguration.getRegion());
        IpPermission generateIpPermission = generateIpPermission(firewallRule);
        AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest();
        authorizeSecurityGroupIngressRequest.setGroupId(describeStackResource.getStackResourceDetail().getPhysicalResourceId());
        authorizeSecurityGroupIngressRequest.setIpPermissions(Arrays.asList(generateIpPermission));
        ec2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
    }

    public static void deleteFirewallRule(EKSCredentials eKSCredentials, EKSConfiguration eKSConfiguration, FirewallRule firewallRule, String str) throws Exception {
        AmazonCloudFormation cloudFormationClient = EKSClientFactory.getCloudFormationClient(eKSCredentials, eKSConfiguration.getRegion());
        DescribeStackResourceRequest describeStackResourceRequest = new DescribeStackResourceRequest();
        describeStackResourceRequest.setStackName(str);
        describeStackResourceRequest.setLogicalResourceId("NodeSecurityGroup");
        DescribeStackResourceResult describeStackResource = cloudFormationClient.describeStackResource(describeStackResourceRequest);
        AmazonEC2 ec2Client = EKSClientFactory.getEc2Client(eKSCredentials, eKSConfiguration.getRegion());
        ArrayList arrayList = new ArrayList();
        for (String str2 : firewallRule.getIps().split(",")) {
            arrayList.add(new IpRange().withCidrIp(str2).withDescription(firewallRule.getDescription()));
        }
        IpPermission generateIpPermission = generateIpPermission(firewallRule);
        RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest();
        revokeSecurityGroupIngressRequest.setGroupId(describeStackResource.getStackResourceDetail().getPhysicalResourceId());
        revokeSecurityGroupIngressRequest.setIpPermissions(Arrays.asList(generateIpPermission));
        try {
            ec2Client.revokeSecurityGroupIngress(revokeSecurityGroupIngressRequest);
        } catch (AmazonEC2Exception e) {
            if (!e.getErrorCode().equals("InvalidPermission.NotFound")) {
                throw e;
            }
        }
    }

    private static IpPermission generateIpPermission(FirewallRule firewallRule) {
        ArrayList arrayList = new ArrayList();
        for (String str : firewallRule.getIps().split(",")) {
            arrayList.add(new IpRange().withCidrIp(str).withDescription(firewallRule.getDescription()));
        }
        IpPermission withIpv4Ranges = new IpPermission().withIpv4Ranges(arrayList);
        if (firewallRule.getProtocol().equals(Constants.SSL_PROTO_ALL)) {
            withIpv4Ranges.setIpProtocol("-1");
        } else {
            withIpv4Ranges.setIpProtocol(firewallRule.getProtocol());
            if (firewallRule.getPorts() != null) {
                String[] split = firewallRule.getPorts().split("-");
                if (split.length == 1) {
                    withIpv4Ranges.setFromPort(Integer.valueOf(split[0]));
                    withIpv4Ranges.setToPort(Integer.valueOf(split[0]));
                } else if (split.length == 2) {
                    withIpv4Ranges.setFromPort(Integer.valueOf(split[0]));
                    withIpv4Ranges.setToPort(Integer.valueOf(split[1]));
                }
            } else {
                withIpv4Ranges.setFromPort(0);
                withIpv4Ranges.setToPort(65535);
            }
        }
        return withIpv4Ranges;
    }
}
