package org.eclipse.kura.linux.net.iptables;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.core.linux.util.LinuxProcessUtil;
import org.eclipse.kura.core.util.ProcessUtil;
import org.eclipse.kura.core.util.SafeProcess;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/linux/net/iptables/IptablesConfig.class */
public class IptablesConfig {
    public static final String FIREWALL_CONFIG_FILE_NAME = "/etc/sysconfig/iptables";
    public static final String FIREWALL_TMP_CONFIG_FILE_NAME = "/tmp/iptables";
    private static final String ALLOW_ALL_TRAFFIC_TO_LOOPBACK = "-A INPUT -i lo -j ACCEPT";
    private static final String ALLOW_ONLY_INCOMING_TO_OUTGOING = "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT";
    private final LinkedHashSet<LocalRule> m_localRules;
    private final LinkedHashSet<PortForwardRule> m_portForwardRules;
    private final LinkedHashSet<NATRule> m_autoNatRules;
    private final LinkedHashSet<NATRule> m_natRules;
    private boolean m_allowIcmp;
    private static final Logger s_logger = LoggerFactory.getLogger(IptablesConfig.class);
    private static final String[] ALLOW_ICMP = {"-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT", "-A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT"};
    private static final String[] DO_NOT_ALLOW_ICMP = {"-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j DROP", "-A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j DROP"};

    public IptablesConfig() {
        this.m_localRules = new LinkedHashSet<>();
        this.m_portForwardRules = new LinkedHashSet<>();
        this.m_autoNatRules = new LinkedHashSet<>();
        this.m_natRules = new LinkedHashSet<>();
    }

    public IptablesConfig(LinkedHashSet<LocalRule> linkedHashSet, LinkedHashSet<PortForwardRule> linkedHashSet2, LinkedHashSet<NATRule> linkedHashSet3, LinkedHashSet<NATRule> linkedHashSet4, boolean z) {
        this.m_localRules = linkedHashSet;
        this.m_portForwardRules = linkedHashSet2;
        this.m_autoNatRules = linkedHashSet3;
        this.m_natRules = linkedHashSet4;
        this.m_allowIcmp = z;
    }

    public static void clearAllChains() throws KuraException {
        FileOutputStream fileOutputStream = null;
        PrintWriter printWriter = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(FIREWALL_TMP_CONFIG_FILE_NAME);
                printWriter = new PrintWriter(fileOutputStream);
                printWriter.println("*nat");
                printWriter.println("COMMIT");
                printWriter.println("*filter");
                printWriter.println("COMMIT");
                if (printWriter != null) {
                    printWriter.flush();
                    printWriter.close();
                }
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        s_logger.error("clear() :: failed to close FileOutputStream - {}", e);
                    }
                }
                if (new File(FIREWALL_TMP_CONFIG_FILE_NAME).exists()) {
                    restore(FIREWALL_TMP_CONFIG_FILE_NAME);
                }
            } catch (Exception e2) {
                s_logger.error("clear() :: failed to clear all chains - {}", e2);
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e2, new Object[0]);
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.flush();
                printWriter.close();
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e3) {
                    s_logger.error("clear() :: failed to close FileOutputStream - {}", e3);
                }
            }
            throw th;
        }
    }

    public static void applyBlockPolicy() throws KuraException {
        FileOutputStream fileOutputStream = null;
        PrintWriter printWriter = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(FIREWALL_TMP_CONFIG_FILE_NAME);
                printWriter = new PrintWriter(fileOutputStream);
                printWriter.println("*nat");
                printWriter.println("COMMIT");
                printWriter.println("*filter");
                printWriter.println(ALLOW_ALL_TRAFFIC_TO_LOOPBACK);
                printWriter.println(ALLOW_ONLY_INCOMING_TO_OUTGOING);
                printWriter.println("COMMIT");
                if (printWriter != null) {
                    printWriter.flush();
                    printWriter.close();
                }
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        s_logger.error("clear() :: failed to close FileOutputStream - {}", e);
                    }
                }
                if (new File(FIREWALL_TMP_CONFIG_FILE_NAME).exists()) {
                    restore(FIREWALL_TMP_CONFIG_FILE_NAME);
                }
            } catch (Exception e2) {
                s_logger.error("clear() :: failed to clear all chains - {}", e2);
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e2, new Object[0]);
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.flush();
                printWriter.close();
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e3) {
                    s_logger.error("clear() :: failed to close FileOutputStream - {}", e3);
                }
            }
            throw th;
        }
    }

    public static void save() throws KuraException {
        BufferedReader bufferedReader = null;
        PrintWriter printWriter = null;
        try {
            try {
                SafeProcess exec = ProcessUtil.exec("iptables-save");
                int waitFor = exec.waitFor();
                if (waitFor != 0) {
                    s_logger.error("save() :: failed - {}", LinuxProcessUtil.getInputStreamAsString(exec.getErrorStream()));
                    throw new KuraException(KuraErrorCode.INTERNAL_ERROR, new Object[]{"Failed to execute the iptable-save command"});
                }
                BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(exec.getInputStream()));
                PrintWriter printWriter2 = new PrintWriter(FIREWALL_CONFIG_FILE_NAME);
                while (true) {
                    String readLine = bufferedReader2.readLine();
                    if (readLine == null) {
                        break;
                    } else {
                        printWriter2.println(readLine);
                    }
                }
                s_logger.debug("iptablesSave() :: completed!, status={}", Integer.valueOf(waitFor));
                if (printWriter2 != null) {
                    printWriter2.flush();
                    printWriter2.close();
                }
                if (bufferedReader2 != null) {
                    try {
                        bufferedReader2.close();
                    } catch (IOException e) {
                        s_logger.error("iptablesSave() :: failed to close BufferedReader - {}", e);
                    }
                }
                if (exec != null) {
                    ProcessUtil.destroy(exec);
                }
            } catch (Exception e2) {
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e2, new Object[0]);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                printWriter.flush();
                printWriter.close();
            }
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e3) {
                    s_logger.error("iptablesSave() :: failed to close BufferedReader - {}", e3);
                }
            }
            if (0 != 0) {
                ProcessUtil.destroy((SafeProcess) null);
            }
            throw th;
        }
    }

    public static void restore(String str) throws KuraException {
        SafeProcess safeProcess = null;
        try {
            try {
                safeProcess = ProcessUtil.exec("iptables-restore " + str);
                if (safeProcess.waitFor() != 0) {
                    s_logger.error("restore() :: failed - {}", LinuxProcessUtil.getInputStreamAsString(safeProcess.getErrorStream()));
                    throw new KuraException(KuraErrorCode.INTERNAL_ERROR, new Object[]{"Failed to execute the iptable-restore command"});
                }
                if (safeProcess != null) {
                    ProcessUtil.destroy(safeProcess);
                }
                File file = new File(str);
                if (file.exists()) {
                    file.delete();
                }
            } catch (Exception e) {
                s_logger.error("restore() :: exception={}", e);
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
            }
        } catch (Throwable th) {
            if (safeProcess != null) {
                ProcessUtil.destroy(safeProcess);
            }
            File file2 = new File(str);
            if (file2.exists()) {
                file2.delete();
            }
            throw th;
        }
    }

    public void save(String str) throws KuraException {
        FileOutputStream fileOutputStream = null;
        PrintWriter printWriter = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(FIREWALL_TMP_CONFIG_FILE_NAME);
                printWriter = new PrintWriter(fileOutputStream);
                printWriter.println("*filter");
                printWriter.println(ALLOW_ALL_TRAFFIC_TO_LOOPBACK);
                printWriter.println(ALLOW_ONLY_INCOMING_TO_OUTGOING);
                if (this.m_allowIcmp) {
                    for (String str2 : ALLOW_ICMP) {
                        printWriter.println(str2);
                    }
                } else {
                    for (String str3 : DO_NOT_ALLOW_ICMP) {
                        printWriter.println(str3);
                    }
                }
                if (this.m_localRules != null && !this.m_localRules.isEmpty()) {
                    Iterator<LocalRule> it = this.m_localRules.iterator();
                    while (it.hasNext()) {
                        printWriter.println(it.next());
                    }
                }
                if (this.m_portForwardRules != null && !this.m_portForwardRules.isEmpty()) {
                    Iterator<PortForwardRule> it2 = this.m_portForwardRules.iterator();
                    while (it2.hasNext()) {
                        List<String> strings = it2.next().getFilterForwardChainRule().toStrings();
                        if (strings != null && !strings.isEmpty()) {
                            Iterator<String> it3 = strings.iterator();
                            while (it3.hasNext()) {
                                printWriter.println(it3.next());
                            }
                        }
                    }
                }
                if (this.m_autoNatRules != null && !this.m_autoNatRules.isEmpty()) {
                    Iterator<NATRule> it4 = this.m_autoNatRules.iterator();
                    while (it4.hasNext()) {
                        List<String> strings2 = it4.next().getFilterForwardChainRule().toStrings();
                        if (strings2 != null && !strings2.isEmpty()) {
                            Iterator<String> it5 = strings2.iterator();
                            while (it5.hasNext()) {
                                printWriter.println(it5.next());
                            }
                        }
                    }
                }
                if (this.m_natRules != null && !this.m_natRules.isEmpty()) {
                    Iterator<NATRule> it6 = this.m_natRules.iterator();
                    while (it6.hasNext()) {
                        List<String> strings3 = it6.next().getFilterForwardChainRule().toStrings();
                        if (strings3 != null && !strings3.isEmpty()) {
                            Iterator<String> it7 = strings3.iterator();
                            while (it7.hasNext()) {
                                printWriter.println(it7.next());
                            }
                        }
                    }
                }
                printWriter.println("COMMIT");
                printWriter.println("*nat");
                if (this.m_portForwardRules != null && !this.m_portForwardRules.isEmpty()) {
                    Iterator<PortForwardRule> it8 = this.m_portForwardRules.iterator();
                    while (it8.hasNext()) {
                        PortForwardRule next = it8.next();
                        printWriter.println(next.getNatPreroutingChainRule());
                        printWriter.println(next.getNatPostroutingChainRule());
                    }
                }
                if (this.m_autoNatRules != null && !this.m_autoNatRules.isEmpty()) {
                    ArrayList arrayList = new ArrayList();
                    Iterator<NATRule> it9 = this.m_autoNatRules.iterator();
                    while (it9.hasNext()) {
                        NATRule next2 = it9.next();
                        boolean z = false;
                        NatPostroutingChainRule natPostroutingChainRule = next2.getNatPostroutingChainRule();
                        Iterator it10 = arrayList.iterator();
                        while (true) {
                            if (it10.hasNext()) {
                                if (((NatPostroutingChainRule) it10.next()).equals(natPostroutingChainRule)) {
                                    z = true;
                                    break;
                                }
                            } else {
                                break;
                            }
                        }
                        if (!z) {
                            printWriter.println(next2.getNatPostroutingChainRule());
                            arrayList.add(natPostroutingChainRule);
                        }
                    }
                }
                if (this.m_natRules != null && !this.m_natRules.isEmpty()) {
                    Iterator<NATRule> it11 = this.m_natRules.iterator();
                    while (it11.hasNext()) {
                        printWriter.println(it11.next().getNatPostroutingChainRule());
                    }
                }
                printWriter.println("COMMIT");
                if (printWriter != null) {
                    printWriter.flush();
                    printWriter.close();
                }
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        s_logger.error("clear() :: failed to close FileOutputStream - {}", e);
                    }
                }
            } catch (Exception e2) {
                s_logger.error("clear() :: failed to clear all chains - {}", e2);
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e2, new Object[0]);
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.flush();
                printWriter.close();
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e3) {
                    s_logger.error("clear() :: failed to close FileOutputStream - {}", e3);
                }
            }
            throw th;
        }
    }

    public void restore() throws KuraException {
        BufferedReader bufferedReader = null;
        try {
            try {
                ArrayList<NatPreroutingChainRule> arrayList = new ArrayList();
                ArrayList<NatPostroutingChainRule> arrayList2 = new ArrayList();
                ArrayList<FilterForwardChainRule> arrayList3 = new ArrayList();
                bufferedReader = new BufferedReader(new FileReader(FIREWALL_CONFIG_FILE_NAME));
                boolean z = false;
                boolean z2 = false;
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String trim = readLine.trim();
                    if (!trim.equals("") && !trim.startsWith("#") && !trim.startsWith(":")) {
                        if (trim.equals("*nat")) {
                            z = true;
                        } else if (trim.equals("*filter")) {
                            z2 = true;
                        } else if (trim.equals("COMMIT")) {
                            if (z) {
                                z = false;
                            }
                            if (z2) {
                                z2 = false;
                            }
                        } else if (z && trim.startsWith("-A PREROUTING")) {
                            arrayList.add(new NatPreroutingChainRule(trim));
                        } else if (z && trim.startsWith("-A POSTROUTING")) {
                            arrayList2.add(new NatPostroutingChainRule(trim));
                        } else if (z2 && trim.startsWith("-A FORWARD")) {
                            arrayList3.add(new FilterForwardChainRule(trim));
                        } else if (z2 && trim.startsWith("-A INPUT") && !ALLOW_ALL_TRAFFIC_TO_LOOPBACK.equals(trim) && !ALLOW_ONLY_INCOMING_TO_OUTGOING.equals(trim)) {
                            String[] strArr = ALLOW_ICMP;
                            int length = strArr.length;
                            int i = 0;
                            while (true) {
                                if (i >= length) {
                                    String[] strArr2 = DO_NOT_ALLOW_ICMP;
                                    int length2 = strArr2.length;
                                    int i2 = 0;
                                    while (true) {
                                        if (i2 >= length2) {
                                            try {
                                                LocalRule localRule = new LocalRule(trim);
                                                s_logger.debug("parseFirewallConfigurationFile() :: Adding local rule: {}", localRule);
                                                this.m_localRules.add(localRule);
                                                break;
                                            } catch (KuraException e) {
                                                s_logger.error("Failed to parse Local Rule: {} - {}", trim, e);
                                            }
                                        } else {
                                            if (strArr2[i2].equals(trim)) {
                                                this.m_allowIcmp = false;
                                                break;
                                            }
                                            i2++;
                                        }
                                    }
                                } else {
                                    if (strArr[i].equals(trim)) {
                                        this.m_allowIcmp = true;
                                        break;
                                    }
                                    i++;
                                }
                            }
                        }
                    }
                }
                for (NatPreroutingChainRule natPreroutingChainRule : arrayList) {
                    String inputInterface = natPreroutingChainRule.getInputInterface();
                    String str = null;
                    String protocol = natPreroutingChainRule.getProtocol();
                    int externalPort = natPreroutingChainRule.getExternalPort();
                    int internalPort = natPreroutingChainRule.getInternalPort();
                    boolean z3 = false;
                    String str2 = null;
                    if (natPreroutingChainRule.getSrcPortFirst() > 0 && natPreroutingChainRule.getSrcPortFirst() <= natPreroutingChainRule.getSrcPortLast()) {
                        str2 = new StringBuilder().append(natPreroutingChainRule.getSrcPortFirst()).append(':').append(natPreroutingChainRule.getSrcPortLast()).toString();
                    }
                    String permittedMacAddress = natPreroutingChainRule.getPermittedMacAddress();
                    String permittedNetwork = natPreroutingChainRule.getPermittedNetwork();
                    int permittedNetworkMask = natPreroutingChainRule.getPermittedNetworkMask();
                    String dstIpAddress = natPreroutingChainRule.getDstIpAddress();
                    for (NatPostroutingChainRule natPostroutingChainRule : arrayList2) {
                        if (natPreroutingChainRule.getDstIpAddress().equals(natPostroutingChainRule.getDstNetwork())) {
                            str = natPostroutingChainRule.getDstInterface();
                            if (natPostroutingChainRule.isMasquerade()) {
                                z3 = true;
                            }
                        }
                    }
                    if (permittedNetwork == null) {
                        permittedNetwork = "0.0.0.0";
                    }
                    PortForwardRule portForwardRule = new PortForwardRule(inputInterface, str, dstIpAddress, protocol, externalPort, internalPort, z3, permittedNetwork, permittedNetworkMask, permittedMacAddress, str2);
                    s_logger.debug("Adding port forward rule: {}", portForwardRule);
                    this.m_portForwardRules.add(portForwardRule);
                }
                for (NatPostroutingChainRule natPostroutingChainRule2 : arrayList2) {
                    String dstInterface = natPostroutingChainRule2.getDstInterface();
                    boolean isMasquerade = natPostroutingChainRule2.isMasquerade();
                    String protocol2 = natPostroutingChainRule2.getProtocol();
                    if (protocol2 != null) {
                        boolean z4 = false;
                        String srcNetwork = natPostroutingChainRule2.getSrcNetwork();
                        String dstNetwork = natPostroutingChainRule2.getDstNetwork();
                        if (dstNetwork != null) {
                            dstNetwork = dstNetwork + '/' + ((int) natPostroutingChainRule2.getDstMask());
                        } else {
                            z4 = true;
                        }
                        if (srcNetwork != null) {
                            srcNetwork = srcNetwork + '/' + ((int) natPostroutingChainRule2.getSrcMask());
                        }
                        if (!z4) {
                            boolean z5 = false;
                            Iterator it = arrayList.iterator();
                            while (true) {
                                if (it.hasNext()) {
                                    if (((NatPreroutingChainRule) it.next()).getDstIpAddress().equals(natPostroutingChainRule2.getDstNetwork())) {
                                        z5 = true;
                                        break;
                                    }
                                } else {
                                    break;
                                }
                            }
                            if (!z5) {
                                z4 = true;
                            }
                        }
                        if (z4) {
                            for (FilterForwardChainRule filterForwardChainRule : arrayList3) {
                                if (natPostroutingChainRule2.isMatchingForwardChainRule(filterForwardChainRule)) {
                                    String inputInterface2 = filterForwardChainRule.getInputInterface();
                                    s_logger.debug("parseFirewallConfigurationFile() :: Parsed NAT rule with   sourceInterface: " + inputInterface2 + "   destinationInterface: " + dstInterface + "   masquerade: " + isMasquerade + "\tprotocol: " + protocol2 + "\tsource network/host: " + srcNetwork + "\tdestination network/host " + dstNetwork);
                                    NATRule nATRule = new NATRule(inputInterface2, dstInterface, protocol2, srcNetwork, dstNetwork, isMasquerade);
                                    s_logger.debug("parseFirewallConfigurationFile() :: Adding NAT rule {}", nATRule);
                                    this.m_natRules.add(nATRule);
                                }
                            }
                        }
                    } else {
                        for (FilterForwardChainRule filterForwardChainRule2 : arrayList3) {
                            if (natPostroutingChainRule2.isMatchingForwardChainRule(filterForwardChainRule2)) {
                                String inputInterface3 = filterForwardChainRule2.getInputInterface();
                                s_logger.debug("parseFirewallConfigurationFile() :: Parsed auto NAT rule with   sourceInterface: " + inputInterface3 + "   destinationInterface: " + dstInterface + "   masquerade: " + isMasquerade);
                                NATRule nATRule2 = new NATRule(inputInterface3, dstInterface, isMasquerade);
                                s_logger.debug("parseFirewallConfigurationFile() :: Adding auto NAT rule {}", nATRule2);
                                this.m_autoNatRules.add(nATRule2);
                            }
                        }
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                        throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e2, new Object[0]);
                    }
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                        throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e3, new Object[0]);
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e4, new Object[0]);
        }
    }

    public LinkedHashSet<LocalRule> getLocalRules() {
        return this.m_localRules;
    }

    public LinkedHashSet<PortForwardRule> getPortForwardRules() {
        return this.m_portForwardRules;
    }

    public LinkedHashSet<NATRule> getAutoNatRules() {
        return this.m_autoNatRules;
    }

    public LinkedHashSet<NATRule> getNatRules() {
        return this.m_natRules;
    }

    public boolean allowIcmp() {
        return this.m_allowIcmp;
    }
}
