package com.amazon.aes.webservices.client.cmd;

import com.amazon.aes.webservices.client.Jec2;
import com.amazon.aes.webservices.client.SecurityGroupDescription;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.OptionBuilder;
import org.apache.commons.cli.Options;

/* loaded from: input_file:com/amazon/aes/webservices/client/cmd/AuthRevBase.class */
public abstract class AuthRevBase extends BaseCmd {
    private static final String SOURCE_OR_DEST_GROUP_USER_ARG = "SOURCE-OR-DEST-GROUP-USER [--source-or-dest-group-user...]";
    private static final String SOURCE_OR_DEST_GROUP_ARG = "SOURCE-OR-DEST-GROUP [--source-or-dest-group...]";
    private static final String ICMP_TYPE_CODE_ARG = "TYPE:CODE";
    private static final String EGRESS_DESC = "Specifies an egress rule.  Otherwise ingress is assumed.";
    private static final String PORT_RANGE_ARG = "PORT-RANGE";
    private static final String PROTOCOL_ARG = "PROTOCOL";
    private static final String[] CIDR_DESC = {"The network source from which traffic is to be authorized in the", "case of an ingress request, or to which traffic is to be authorized", "in the case of an egress request.  Specified as a CIDR subnet range,", "e.g. 205.192.8.45/24. This may be specified more than once to allow ", "traffic from multiple subnets.", "If no subnet and no group are specified, this will default", "to the wildcard CIDR 0.0.0.0/0."};
    private static final String[] SOURCE_SUBNET_DESC = {"Like --cidr, but for ingress requests only.  For backward compatibility."};
    private static final String[] DEST_SUBNET_DESC = {"Like --cidr, but for egress requests only.  For backward compatibility."};
    private static final String[] SOURCE_OR_DEST_GROUP_USER_DESC = {"The owner of the security group specified using -o. If specified only", "once, the same user will be used for all specified groups. However, if", "specified once per -o, each user is mapped to a group in order.", "Anything else is invalid.", "This option is invalid for VPC security groups.  VPC source groups", "must be owned by the authorizing user."};
    private static final String[] SOURCE_OR_DEST_GROUP_DESC = {"Source or destination security group to be authorized, specified as", "an EC2 security group name, e.g. default. This may be specified more", "than once to allow network traffic from multiple security groups."};
    private static final String[] ICMP_TYPE_CODE_DESC = {"icmp type and code. If the icmp protocol is specified, then icmp type", "and code may optionally be specified as type:code, where both type and", "code are integers and compliant with RFC792. Type or code (or both) may", "be specified as -1 which is a wildcard covering all types or codes."};
    private static final String[] PORT_RANGE_DESC = {"Range of ports to open. If the tcp or udp protocol are specified (or", "implied by default), then the range of ports to grant access to may ", "optionally be specified as a single integer, or as a range (min-max).", "Specifying -1 defaults to all ports."};
    private static final String[] PROTOCOL_DESC = {"May be either a protocol name or a protocol number.  Note that non-VPC", "security groups only allow tcp, udp and icmp rules.  For non-VPC groups", "the protocol may be left blank, in which case it will default", "to tcp if a source subnet is specified, to tcp and udp if a source group", "and port range are specified, and to tcp, udp and icmp if only a", "source group is specified.", "For VPC groups the protocol 'all' must be explicitly specified."};

    public AuthRevBase(String str, String str2, String[] strArr) {
        super(str, str2);
        init(getOptions());
        parseOpts(strArr);
    }

    private Options getOptions() {
        Options options = new Options();
        OptionBuilder.withLongOpt(BaseCmd.PROTOCOL);
        OptionBuilder.hasArgs();
        OptionBuilder.withArgName("PROTOCOL");
        OptionBuilder.withDescription(joinDescription(PROTOCOL_DESC));
        options.addOption(OptionBuilder.create("P"));
        OptionBuilder.withLongOpt(BaseCmd.PORT_RANGE);
        OptionBuilder.hasArgs();
        OptionBuilder.withArgName(PORT_RANGE_ARG);
        OptionBuilder.withDescription(joinDescription(PORT_RANGE_DESC));
        options.addOption(OptionBuilder.create("p"));
        OptionBuilder.withLongOpt(BaseCmd.CIDR);
        OptionBuilder.hasArgs();
        OptionBuilder.withArgName(BaseCmd.CIDR_ARG);
        OptionBuilder.withDescription(joinDescription(CIDR_DESC));
        options.addOption(OptionBuilder.create("s"));
        OptionBuilder.withLongOpt(BaseCmd.SOURCE_OR_DEST_GROUP);
        OptionBuilder.hasArgs();
        OptionBuilder.withArgName(SOURCE_OR_DEST_GROUP_ARG);
        OptionBuilder.withDescription(joinDescription(SOURCE_OR_DEST_GROUP_DESC));
        options.addOption(OptionBuilder.create("o"));
        OptionBuilder.withLongOpt(BaseCmd.SOURCE_OR_DEST_GROUP_USER);
        OptionBuilder.hasArgs();
        OptionBuilder.withArgName(SOURCE_OR_DEST_GROUP_USER_ARG);
        OptionBuilder.withDescription(joinDescription(SOURCE_OR_DEST_GROUP_USER_DESC));
        options.addOption(OptionBuilder.create("u"));
        OptionBuilder.withLongOpt(BaseCmd.ICMP_TYPE_CODE);
        OptionBuilder.hasArgs();
        OptionBuilder.withArgName(ICMP_TYPE_CODE_ARG);
        OptionBuilder.withDescription(joinDescription(ICMP_TYPE_CODE_DESC));
        options.addOption(OptionBuilder.create("t"));
        options.addOption(new Option((String) null, BaseCmd.EGRESS, false, joinDescription(EGRESS_DESC)));
        options.addOption(new Option((String) null, BaseCmd.SOURCE_SUBNET, true, joinDescription(SOURCE_SUBNET_DESC)));
        options.addOption(new Option((String) null, BaseCmd.DEST_SUBNET, true, joinDescription(DEST_SUBNET_DESC)));
        return options;
    }

    @Override // com.amazon.aes.webservices.client.cmd.BaseCmd
    protected String getOptionString() {
        return "GROUP [SPECIFIC OPTIONS]";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityGroupDescription initGroup(Jec2 jec2) throws Exception {
        String optionValue;
        SecurityGroupDescription.IpPermission addPermission;
        int parseInt;
        assertNonOptionSet(BaseCmd.GROUP_ARG);
        String str = getNonOptions()[0];
        warnIfTooManyNonOptions();
        String str2 = null;
        String str3 = null;
        boolean z = false;
        String[] optionValues = getOptionValues(BaseCmd.SOURCE_OR_DEST_GROUP_USER);
        String[] optionValues2 = getOptionValues(BaseCmd.SOURCE_OR_DEST_GROUP);
        if (isOptionSet(BaseCmd.SOURCE_SUBNET) && isOptionSet(BaseCmd.CIDR)) {
            throw new InvalidArgumentCombination("Specify equivalently --source-subnet or --cidr, but not both.");
        }
        if (isOptionSet(BaseCmd.DEST_SUBNET) && isOptionSet(BaseCmd.CIDR)) {
            throw new InvalidArgumentCombination("Specify equivalently --dest-subnet or --cidr, but not both.");
        }
        if (isOptionSet(BaseCmd.SOURCE_SUBNET) && isOptionSet(BaseCmd.EGRESS)) {
            throw new InvalidArgumentCombination("Specify --source-subnet for ingress requests only.");
        }
        if (isOptionSet(BaseCmd.DEST_SUBNET) && !isOptionSet(BaseCmd.EGRESS)) {
            throw new InvalidArgumentCombination("Specify --dest-subnet for egress requests only.");
        }
        String[] strArr = new String[0];
        if (isOptionSet(BaseCmd.CIDR)) {
            strArr = getOptionValues(BaseCmd.CIDR);
        } else if (isOptionSet(BaseCmd.SOURCE_SUBNET)) {
            strArr = getOptionValues(BaseCmd.SOURCE_SUBNET);
        } else if (isOptionSet(BaseCmd.DEST_SUBNET)) {
            strArr = getOptionValues(BaseCmd.DEST_SUBNET);
        }
        if (optionValues.length + optionValues2.length + strArr.length == 0) {
            strArr = new String[]{"0.0.0.0/0"};
        }
        boolean z2 = strArr.length > 0;
        boolean z3 = optionValues.length + optionValues2.length > 0;
        if (z2 && z3) {
            throw new InvalidArgumentCombination("Specify either source groups or source CIDRs, not both.");
        }
        int[] iArr = {0, 65535};
        int[] iArr2 = {-1, -1};
        if (isSecurityGroupId(str)) {
            str3 = str;
            z = isVpcSecurityGroupId(jec2, str3);
        } else {
            str2 = str;
        }
        SecurityGroupDescription securityGroupDescription = new SecurityGroupDescription(str2, "", "", str3);
        boolean z4 = isOptionSet(BaseCmd.EGRESS);
        if (z2 && !isOptionSet(BaseCmd.PROTOCOL) && !z) {
            optionValue = "tcp";
        } else if (!z3 || isOptionSet(BaseCmd.PROTOCOL) || z) {
            assertOptionSet(BaseCmd.PROTOCOL);
            optionValue = getOptionValue(BaseCmd.PROTOCOL);
            if (optionValue != null) {
                optionValue = optionValue.toLowerCase();
            }
        } else {
            optionValue = "all-protocols";
        }
        try {
            parseInt = Integer.parseInt(optionValue);
        } catch (NumberFormatException e) {
        }
        if (parseInt < -1 || parseInt > 255) {
            throw new InvalidArgument(BaseCmd.PROTOCOL, optionValue);
        }
        if (isOptionSet(BaseCmd.ICMP_TYPE_CODE)) {
            iArr2 = parseIcmp(getOptionValue(BaseCmd.ICMP_TYPE_CODE));
        }
        if (isOptionSet(BaseCmd.PORT_RANGE)) {
            if ("-1".equals(getOptionValue(BaseCmd.PORT_RANGE))) {
                int[] iArr3 = {0, 65535};
            }
            iArr = parseRange(getOptionValue(BaseCmd.PORT_RANGE));
        }
        if (optionValue.equals("all-protocols") || optionValue.equals(BaseCmd.ALL) || optionValue.equals("-1")) {
            if (z) {
                assertOptionNotSet(BaseCmd.PORT_RANGE);
                assertOptionNotSet(BaseCmd.ICMP_TYPE_CODE);
            }
            if (z) {
                SecurityGroupDescription.IpPermission addPermission2 = securityGroupDescription.addPermission("-1", (Integer) null, (Integer) null, Boolean.valueOf(z4));
                if (z2) {
                    for (String str4 : strArr) {
                        addPermission2.addIpRange(str4);
                        addPermission2.egress = Boolean.valueOf(z4);
                    }
                } else if (z3) {
                    addSourceGroupsForMeOnly(addPermission2, str3, optionValues2);
                }
            } else {
                if (z3) {
                    assertOptionNotSet(BaseCmd.PORT_RANGE);
                    assertOptionNotSet(BaseCmd.ICMP_TYPE_CODE);
                    assertOptionNotSet(BaseCmd.PROTOCOL);
                    iArr = new int[]{0, 65535};
                    iArr2 = new int[]{-1, -1};
                } else {
                    assertOptionSet(BaseCmd.PORT_RANGE);
                    assertOptionSet(BaseCmd.ICMP_TYPE_CODE);
                }
                SecurityGroupDescription.IpPermission addPermission3 = securityGroupDescription.addPermission("tcp", Integer.valueOf(iArr[0]), Integer.valueOf(iArr[1]));
                SecurityGroupDescription.IpPermission addPermission4 = securityGroupDescription.addPermission("udp", Integer.valueOf(iArr[0]), Integer.valueOf(iArr[1]));
                SecurityGroupDescription.IpPermission addPermission5 = securityGroupDescription.addPermission("icmp", Integer.valueOf(iArr2[0]), Integer.valueOf(iArr2[1]));
                if (z2) {
                    for (int i = 0; i < strArr.length; i++) {
                        addPermission3.addIpRange(strArr[i]);
                        addPermission4.addIpRange(strArr[i]);
                        addPermission5.addIpRange(strArr[i]);
                    }
                } else if (z3) {
                    addSourceGroups(addPermission3, optionValues, optionValues2);
                    addSourceGroups(addPermission4, optionValues, optionValues2);
                    addSourceGroups(addPermission5, optionValues, optionValues2);
                }
            }
        } else {
            if ("icmp".equals(optionValue) || "1".equals(optionValue)) {
                assertOptionSet(BaseCmd.ICMP_TYPE_CODE);
                assertOptionNotSet(BaseCmd.PORT_RANGE);
                int[] iArr4 = iArr2;
                addPermission = securityGroupDescription.addPermission(optionValue, Integer.valueOf(iArr4[0]), Integer.valueOf(iArr4[1]), Boolean.valueOf(z4));
            } else if ("tcp".equals(optionValue) || "udp".equals(optionValue) || "6".equals(optionValue) || "17".equals(optionValue)) {
                assertOptionSet(BaseCmd.PORT_RANGE);
                assertOptionNotSet(BaseCmd.ICMP_TYPE_CODE);
                addPermission = securityGroupDescription.addPermission(optionValue, Integer.valueOf(iArr[0]), Integer.valueOf(iArr[1]), Boolean.valueOf(z4));
            } else {
                assertOptionNotSet(BaseCmd.PORT_RANGE);
                assertOptionNotSet(BaseCmd.ICMP_TYPE_CODE);
                if (!z) {
                    throw new InvalidArgumentCombination("Non-VPC security groups support tcp, udp and icmp protocols only.  Refer to a VPC security group by ID only.");
                }
                addPermission = securityGroupDescription.addPermission(optionValue, (Integer) null, (Integer) null, Boolean.valueOf(z4));
            }
            if (z2) {
                for (String str5 : strArr) {
                    addPermission.addIpRange(str5);
                }
            } else if (z3) {
                if (optionValues == null || optionValues.length == 0) {
                    addSourceGroupsForMeOnly(addPermission, str3, optionValues2);
                } else {
                    addSourceGroups(addPermission, optionValues, optionValues2);
                }
            }
        }
        return securityGroupDescription;
    }

    public static int[] parseIcmp(String str) {
        String[] split = str.split(":");
        if (split.length != 2) {
            throw new InvalidArgument("t", str);
        }
        try {
            return new int[]{Integer.parseInt(split[0]), Integer.parseInt(split[1])};
        } catch (NumberFormatException e) {
            throw new InvalidArgument("t", str);
        }
    }

    public static boolean isSecurityGroupId(String str) {
        return str != null && str.startsWith("sg-");
    }

    public static boolean isVpcSecurityGroupId(Jec2 jec2, String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        List list = (List) jec2.describeSecurityGroups(new ArrayList(), arrayList, new ArrayList()).getResponse();
        if (list.size() != 1) {
            throw new InvalidArgument("security group ID", str);
        }
        return ((SecurityGroupDescription) list.listIterator().next()).vpcId != null;
    }

    private void addSourceGroups(SecurityGroupDescription.IpPermission ipPermission, String[] strArr, String[] strArr2) {
        String str;
        for (int i = 0; i < strArr2.length; i++) {
            switch (strArr.length) {
                case 0:
                    throw new MissingArgument(BaseCmd.SOURCE_OR_DEST_GROUP_USER);
                case 1:
                    str = strArr[0];
                    break;
                default:
                    if (strArr2.length > strArr.length) {
                        throw new MissingArgument(BaseCmd.SOURCE_OR_DEST_GROUP);
                    }
                    if (strArr2.length < strArr.length) {
                        throw new MissingArgument(BaseCmd.SOURCE_OR_DEST_GROUP_USER);
                    }
                    str = strArr[i];
                    break;
            }
            if (isSecurityGroupId(strArr2[i])) {
                ipPermission.addUserGroupPair(str, strArr2[i], (String) null);
            } else {
                ipPermission.addUserGroupPair(str, (String) null, strArr2[i]);
            }
        }
    }

    private void addSourceGroupsForMeOnly(SecurityGroupDescription.IpPermission ipPermission, String str, String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (isSecurityGroupId(strArr[i])) {
                ipPermission.addUserGroupPair((String) null, strArr[i], (String) null);
            } else {
                ipPermission.addUserGroupPair((String) null, (String) null, strArr[i]);
            }
        }
    }

    public void printAuthDescription() {
        super.printDescription();
        System.out.println("     Grant selected permissions to a specified group.");
        System.out.println("     The GROUP parameter is name or ID of the group to grant this permission to.");
        System.out.println("     Note that VPC security groups for non-default VPCs must be specified by ID.");
    }

    public void printAuthOptions() {
        super.printOptions(true);
        printOption(BaseCmd.EGRESS);
        printOption(BaseCmd.PROTOCOL);
        printOption(BaseCmd.PORT_RANGE);
        printOption(BaseCmd.ICMP_TYPE_CODE);
        printOption(BaseCmd.SOURCE_OR_DEST_GROUP);
        printOption(BaseCmd.SOURCE_OR_DEST_GROUP_USER);
        printOption(BaseCmd.CIDR);
        printOption(BaseCmd.SOURCE_SUBNET);
        printOption(BaseCmd.DEST_SUBNET);
    }

    public void printRevDescription() {
        super.printDescription();
        System.out.println("     Revoke selected permissions from a specified group.");
        System.out.println("     The GROUP parameter is name or ID of the group to revoke this permission from.");
        System.out.println("     Note that VPC security groups for non-default VPCs must be specified by ID.");
    }

    public void printRevOptions() {
        super.printOptions(true);
        printOption(BaseCmd.EGRESS);
        printOption(BaseCmd.PROTOCOL);
        printOption(BaseCmd.PORT_RANGE);
        printOption(BaseCmd.ICMP_TYPE_CODE);
        printOption(BaseCmd.SOURCE_OR_DEST_GROUP);
        printOption(BaseCmd.SOURCE_OR_DEST_GROUP_USER);
        printOption(BaseCmd.CIDR);
        printOption(BaseCmd.SOURCE_SUBNET);
        printOption(BaseCmd.DEST_SUBNET);
    }
}
