package io.grpc.xds.internal.sds;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.sun.jna.Callback;
import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.xds.EnvoyServerProtoData;
import io.grpc.xds.internal.sds.SslContextProvider;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate;
import java.io.File;
import java.io.IOException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.util.concurrent.Executor;
import javax.annotation.Nullable;

/* loaded from: input_file:BOOT-INF/lib/grpc-xds-1.31.1.jar:io/grpc/xds/internal/sds/SecretVolumeServerSslContextProvider.class */
final class SecretVolumeServerSslContextProvider extends SslContextProvider {

    @Nullable
    private final String privateKey;

    @Nullable
    private final String privateKeyPassword;

    @Nullable
    private final String certificateChain;

    @Nullable
    private final CertificateValidationContext certContext;

    private SecretVolumeServerSslContextProvider(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable CertificateValidationContext certificateValidationContext, EnvoyServerProtoData.DownstreamTlsContext downstreamTlsContext) {
        super(downstreamTlsContext);
        this.privateKey = str;
        this.privateKeyPassword = str2;
        this.certificateChain = str3;
        this.certContext = certificateValidationContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretVolumeServerSslContextProvider getProvider(EnvoyServerProtoData.DownstreamTlsContext downstreamTlsContext) {
        Preconditions.checkNotNull(downstreamTlsContext, "downstreamTlsContext");
        CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext();
        TlsCertificate tlsCertificate = null;
        if (commonTlsContext.getTlsCertificatesCount() > 0) {
            tlsCertificate = commonTlsContext.getTlsCertificates(0);
        }
        CommonTlsContextUtil.validateTlsCertificate(tlsCertificate, false);
        CertificateValidationContext certificateValidationContext = CommonTlsContextUtil.getCertificateValidationContext(commonTlsContext);
        if (certificateValidationContext != null) {
            certificateValidationContext = CommonTlsContextUtil.validateCertificateContext(certificateValidationContext, true);
        }
        return new SecretVolumeServerSslContextProvider(tlsCertificate.getPrivateKey().getFilename(), tlsCertificate.hasPassword() ? tlsCertificate.getPassword().getInlineString() : null, tlsCertificate.getCertificateChain().getFilename(), certificateValidationContext, downstreamTlsContext);
    }

    @Override // io.grpc.xds.internal.sds.SslContextProvider
    public void addCallback(SslContextProvider.Callback callback, Executor executor) {
        Preconditions.checkNotNull(callback, Callback.METHOD_NAME);
        Preconditions.checkNotNull(executor, "executor");
        performCallback(new SslContextProvider.SslContextGetter() { // from class: io.grpc.xds.internal.sds.SecretVolumeServerSslContextProvider.1
            @Override // io.grpc.xds.internal.sds.SslContextProvider.SslContextGetter
            public SslContext get() throws CertificateException, IOException, CertStoreException {
                return SecretVolumeServerSslContextProvider.this.buildSslContextFromSecrets();
            }
        }, callback, executor);
    }

    @Override // io.grpc.xds.internal.sds.SslContextProvider, io.grpc.xds.internal.sds.Closeable, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }

    @VisibleForTesting
    SslContext buildSslContextFromSecrets() throws IOException, CertificateException, CertStoreException {
        SslContextBuilder forServer = GrpcSslContexts.forServer(new File(this.certificateChain), new File(this.privateKey), this.privateKeyPassword);
        setClientAuthValues(forServer, this.certContext);
        return forServer.build();
    }
}
