package org.jclouds.aws.ec2.compute.loaders;

import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.cache.CacheLoader;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.util.Map;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.jclouds.aws.ec2.AWSEC2Api;
import org.jclouds.aws.ec2.features.AWSSecurityGroupApi;
import org.jclouds.compute.reference.ComputeServiceConstants;
import org.jclouds.compute.util.ComputeServiceUtils;
import org.jclouds.ec2.compute.domain.RegionAndName;
import org.jclouds.ec2.compute.domain.RegionNameAndIngressRules;
import org.jclouds.ec2.domain.SecurityGroup;
import org.jclouds.logging.Logger;
import org.jclouds.net.domain.IpPermission;
import org.jclouds.net.domain.IpProtocol;

/* JADX WARN: Classes with same name are omitted:
  input_file:aws-ec2-1.8.1.jar:org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.class
 */
@Singleton
/* loaded from: input_file:org/jclouds/aws/ec2/compute/loaders/AWSEC2CreateSecurityGroupIfNeeded.class */
public class AWSEC2CreateSecurityGroupIfNeeded extends CacheLoader<RegionAndName, String> {

    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger;
    protected final AWSSecurityGroupApi securityApi;
    protected final Predicate<RegionAndName> securityGroupEventualConsistencyDelay;
    protected final Function<String, String> groupNameToId;

    @Inject
    public AWSEC2CreateSecurityGroupIfNeeded(AWSEC2Api aWSEC2Api, @Named("SECGROUP_NAME_TO_ID") Function<String, String> function, @Named("SECURITY") Predicate<RegionAndName> predicate) {
        this((AWSSecurityGroupApi) ((AWSEC2Api) Preconditions.checkNotNull(aWSEC2Api, "ec2Api")).getSecurityGroupApi().get(), function, predicate);
    }

    public AWSEC2CreateSecurityGroupIfNeeded(AWSSecurityGroupApi aWSSecurityGroupApi, @Named("SECGROUP_NAME_TO_ID") Function<String, String> function, @Named("SECURITY") Predicate<RegionAndName> predicate) {
        this.logger = Logger.NULL;
        this.securityApi = (AWSSecurityGroupApi) Preconditions.checkNotNull(aWSSecurityGroupApi, "securityApi");
        this.groupNameToId = (Function) Preconditions.checkNotNull(function, "groupNameToId");
        this.securityGroupEventualConsistencyDelay = (Predicate) Preconditions.checkNotNull(predicate, "securityGroupEventualConsistencyDelay");
    }

    public String load(RegionAndName regionAndName) {
        createSecurityGroupInRegion(regionAndName.getRegion(), regionAndName.getName(), ((RegionNameAndIngressRules) RegionNameAndIngressRules.class.cast(regionAndName)).getPorts());
        return regionAndName.getName();
    }

    private void createSecurityGroupInRegion(String str, String str2, int... iArr) {
        Preconditions.checkNotNull(str, "region");
        Preconditions.checkNotNull(str2, "name");
        this.logger.debug(">> creating securityGroup region(%s) name(%s)", str, str2);
        try {
            this.securityApi.createSecurityGroupInRegion(str, str2, str2);
            if (!this.securityGroupEventualConsistencyDelay.apply(new RegionAndName(str, str2))) {
                throw new RuntimeException(String.format("security group %s/%s is not available after creating", str, str2));
            }
            this.logger.debug("<< created securityGroup(%s)", str2);
            ImmutableSet.Builder builder = ImmutableSet.builder();
            String str3 = str2.startsWith("sg-") ? str2 : (String) this.groupNameToId.apply(new RegionAndName(str, str2).slashEncode());
            if (iArr.length > 0) {
                for (Map.Entry<Integer, Integer> entry : ComputeServiceUtils.getPortRangesFromList(iArr).entrySet()) {
                    builder.add(IpPermission.builder().fromPort(entry.getKey().intValue()).toPort(entry.getValue().intValue()).ipProtocol(IpProtocol.TCP).cidrBlock("0.0.0.0/0").build());
                }
                String ownerId = ((SecurityGroup) Iterables.get(this.securityApi.describeSecurityGroupsInRegion(str, str2), 0)).getOwnerId();
                builder.add(IpPermission.builder().fromPort(0).toPort(65535).ipProtocol(IpProtocol.TCP).tenantIdGroupNamePair(ownerId, str3).build());
                builder.add(IpPermission.builder().fromPort(0).toPort(65535).ipProtocol(IpProtocol.UDP).tenantIdGroupNamePair(ownerId, str3).build());
            }
            ImmutableSet build = builder.build();
            if (build.size() > 0) {
                this.logger.debug(">> authorizing securityGroup region(%s) name(%s) IpPermissions(%s)", str, str2, build);
                this.securityApi.authorizeSecurityGroupIngressInRegion(str, str3, (Iterable<IpPermission>) build);
                this.logger.debug("<< authorized securityGroup(%s)", str2);
            }
        } catch (IllegalStateException e) {
            this.logger.debug("<< reused securityGroup(%s)", str2);
        }
    }
}
