package io.grpc.xds.internal.sds;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.protobuf.Any;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.Value;
import io.grpc.CallCredentials;
import io.grpc.ManagedChannel;
import io.grpc.Status;
import io.grpc.inprocess.InProcessChannelBuilder;
import io.grpc.internal.SharedResourceHolder;
import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
import io.grpc.netty.shaded.io.netty.channel.EventLoopGroup;
import io.grpc.netty.shaded.io.netty.channel.epoll.Epoll;
import io.grpc.netty.shaded.io.netty.channel.epoll.EpollDomainSocketChannel;
import io.grpc.netty.shaded.io.netty.channel.epoll.EpollEventLoopGroup;
import io.grpc.netty.shaded.io.netty.channel.unix.DomainSocketAddress;
import io.grpc.netty.shaded.io.netty.util.concurrent.DefaultThreadFactory;
import io.grpc.stub.StreamObserver;
import io.grpc.xds.shaded.io.envoyproxy.envoy.api.v2.DiscoveryRequest;
import io.grpc.xds.shaded.io.envoyproxy.envoy.api.v2.DiscoveryResponse;
import io.grpc.xds.shaded.io.envoyproxy.envoy.api.v2.core.Node;
import io.grpc.xds.shaded.io.envoyproxy.envoy.config.core.v3.ApiConfigSource;
import io.grpc.xds.shaded.io.envoyproxy.envoy.config.core.v3.ConfigSource;
import io.grpc.xds.shaded.io.envoyproxy.envoy.config.core.v3.GrpcService;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.Secret;
import io.grpc.xds.shaded.io.envoyproxy.envoy.service.discovery.v2.SecretDiscoveryServiceGrpc;
import java.util.List;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.concurrent.NotThreadSafe;

/* JADX INFO: Access modifiers changed from: package-private */
@NotThreadSafe
/* loaded from: input_file:io/grpc/xds/internal/sds/SdsClient.class */
public final class SdsClient {
    private static final Logger logger = Logger.getLogger(SdsClient.class.getName());
    private static final String SECRET_TYPE_URL = "type.googleapis.com/envoy.api.v2.auth.Secret";
    private static final EventLoopGroupResource eventLoopGroupResource;
    private SecretWatcher watcher;
    private final SdsSecretConfig sdsSecretConfig;
    private final Node clientNode;
    private final Executor watcherExecutor;
    private final CallCredentials callCredentials;
    private EventLoopGroup eventLoopGroup;
    private ManagedChannel channel;
    private SecretDiscoveryServiceGrpc.SecretDiscoveryServiceStub secretDiscoveryServiceStub;
    private ResponseObserver responseObserver;
    private StreamObserver<DiscoveryRequest> requestObserver;
    private DiscoveryResponse lastResponse;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/xds/internal/sds/SdsClient$ChannelInfo.class */
    public static final class ChannelInfo {

        @VisibleForTesting
        final String targetUri;

        @VisibleForTesting
        final String channelType;

        @VisibleForTesting
        final CallCredentials callCredentials;

        private ChannelInfo(String str, String str2, CallCredentials callCredentials) {
            this.targetUri = str;
            this.channelType = str2;
            this.callCredentials = callCredentials;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/grpc/xds/internal/sds/SdsClient$EventLoopGroupResource.class */
    public static final class EventLoopGroupResource implements SharedResourceHolder.Resource<EventLoopGroup> {
        private final String name;

        EventLoopGroupResource(String str) {
            this.name = str;
        }

        /* renamed from: create, reason: merged with bridge method [inline-methods] */
        public EventLoopGroup m52create() {
            return new EpollEventLoopGroup(1, new DefaultThreadFactory(this.name, true));
        }

        public void close(EventLoopGroup eventLoopGroup) {
            try {
                eventLoopGroup.shutdownGracefully(0L, 0L, TimeUnit.SECONDS).sync();
            } catch (InterruptedException e) {
                SdsClient.logger.log(Level.SEVERE, "from EventLoopGroup.shutdownGracefully", (Throwable) e);
                Thread.currentThread().interrupt();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/xds/internal/sds/SdsClient$Factory.class */
    public static class Factory {
        Factory() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static SdsClient createSdsClient(SdsSecretConfig sdsSecretConfig, Node node, Executor executor, Executor executor2) {
            NettyChannelBuilder forTarget;
            ChannelInfo extractChannelInfo = extractChannelInfo(sdsSecretConfig.getSdsConfig());
            String str = extractChannelInfo.targetUri;
            String str2 = extractChannelInfo.channelType;
            if (str2 != null && str2.startsWith("inproc")) {
                return new SdsClient(sdsSecretConfig, node, executor, InProcessChannelBuilder.forName(str).executor(executor2).build(), null, extractChannelInfo.callCredentials);
            }
            EventLoopGroup eventLoopGroup = null;
            if (str.startsWith("unix:")) {
                Preconditions.checkState(Epoll.isAvailable(), "Epoll is not available");
                eventLoopGroup = (EventLoopGroup) SharedResourceHolder.get(SdsClient.eventLoopGroupResource);
                forTarget = NettyChannelBuilder.forAddress(new DomainSocketAddress(str.substring(5))).eventLoopGroup(eventLoopGroup).channelType(EpollDomainSocketChannel.class);
            } else {
                forTarget = NettyChannelBuilder.forTarget(str);
            }
            NettyChannelBuilder usePlaintext = forTarget.usePlaintext();
            if (executor2 != null) {
                usePlaintext = (NettyChannelBuilder) usePlaintext.executor(executor2);
            }
            return new SdsClient(sdsSecretConfig, node, executor, usePlaintext.build(), eventLoopGroup, extractChannelInfo.callCredentials);
        }

        @VisibleForTesting
        static ChannelInfo extractChannelInfo(ConfigSource configSource) {
            Preconditions.checkNotNull(configSource, "configSource");
            Preconditions.checkArgument(configSource.hasApiConfigSource(), "only configSource with ApiConfigSource supported");
            ApiConfigSource apiConfigSource = configSource.getApiConfigSource();
            Preconditions.checkArgument(ApiConfigSource.ApiType.GRPC.equals(apiConfigSource.getApiType()), "only GRPC ApiConfigSource type supported");
            Preconditions.checkArgument(apiConfigSource.getGrpcServicesCount() == 1, "expecting exactly 1 GrpcService in ApiConfigSource");
            GrpcService grpcServices = apiConfigSource.getGrpcServices(0);
            Preconditions.checkArgument(grpcServices.hasGoogleGrpc() && !grpcServices.hasEnvoyGrpc(), "only GoogleGrpc expected in GrpcService");
            GrpcService.GoogleGrpc googleGrpc = grpcServices.getGoogleGrpc();
            CallCredentials verifiedCredentials = getVerifiedCredentials(googleGrpc);
            String targetUri = googleGrpc.getTargetUri();
            String str = null;
            if (googleGrpc.hasConfig()) {
                str = ((Value) googleGrpc.getConfig().getFieldsMap().get("channelType")).getStringValue();
            }
            Preconditions.checkArgument(!Strings.isNullOrEmpty(targetUri), "targetUri in GoogleGrpc is empty!");
            return new ChannelInfo(targetUri, str, verifiedCredentials);
        }

        private static CallCredentials getVerifiedCredentials(GrpcService.GoogleGrpc googleGrpc) {
            String credentialsFactoryName = googleGrpc.getCredentialsFactoryName();
            if (credentialsFactoryName.isEmpty()) {
                Preconditions.checkArgument(!googleGrpc.hasChannelCredentials() && googleGrpc.getCallCredentialsCount() == 0, "No credentials supported in GoogleGrpc");
                SdsClient.logger.warning("No CallCredentials specified.");
                return null;
            }
            Preconditions.checkArgument(credentialsFactoryName.equals(FileBasedPluginCredential.PLUGIN_NAME), "factory name should be %s", FileBasedPluginCredential.PLUGIN_NAME);
            if (googleGrpc.hasChannelCredentials()) {
                Preconditions.checkArgument(googleGrpc.getChannelCredentials().hasLocalCredentials(), "only GoogleLocalCredentials supported");
            }
            if (googleGrpc.getCallCredentialsCount() <= 0) {
                SdsClient.logger.warning("No CallCredentials specified.");
                return null;
            }
            Preconditions.checkArgument(googleGrpc.getCallCredentialsCount() == 1, "Exactly one CallCredential expected in GoogleGrpc");
            GrpcService.GoogleGrpc.CallCredentials callCredentials = googleGrpc.getCallCredentials(0);
            Preconditions.checkArgument(callCredentials.hasFromPlugin(), "only plugin credential supported");
            return new FileBasedPluginCredential(callCredentials.getFromPlugin());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/grpc/xds/internal/sds/SdsClient$ResponseObserver.class */
    public final class ResponseObserver implements StreamObserver<DiscoveryResponse> {
        ResponseObserver() {
        }

        public void onNext(DiscoveryResponse discoveryResponse) {
            SdsClient.logger.log(Level.FINEST, "response={0}", discoveryResponse);
            SdsClient.this.processDiscoveryResponse(discoveryResponse);
        }

        public void onError(Throwable th) {
            SdsClient.this.sendErrorToWatcher(th);
        }

        public void onCompleted() {
            SdsClient.logger.warning("Stream unexpectedly completed.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/xds/internal/sds/SdsClient$SecretWatcher.class */
    public interface SecretWatcher {
        void onSecretChanged(Secret secret);

        void onError(Status status);
    }

    private SdsClient(SdsSecretConfig sdsSecretConfig, Node node, Executor executor, ManagedChannel managedChannel, EventLoopGroup eventLoopGroup, CallCredentials callCredentials) {
        Preconditions.checkNotNull(sdsSecretConfig, "sdsSecretConfig");
        Preconditions.checkNotNull(node, "node");
        this.sdsSecretConfig = sdsSecretConfig;
        this.clientNode = node;
        this.watcherExecutor = executor;
        this.eventLoopGroup = eventLoopGroup;
        Preconditions.checkNotNull(managedChannel, "channel");
        this.channel = managedChannel;
        this.callCredentials = callCredentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void start() {
        if (this.requestObserver == null) {
            this.secretDiscoveryServiceStub = SecretDiscoveryServiceGrpc.newStub(this.channel);
            if (this.callCredentials != null) {
                this.secretDiscoveryServiceStub = this.secretDiscoveryServiceStub.withCallCredentials(this.callCredentials);
            }
            this.responseObserver = new ResponseObserver();
            this.requestObserver = this.secretDiscoveryServiceStub.streamSecrets(this.responseObserver);
            logger.log(Level.FINEST, "Stream created for {0}", this.sdsSecretConfig);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void shutdown() {
        if (this.requestObserver != null) {
            this.requestObserver.onCompleted();
            this.requestObserver = null;
            this.channel.shutdownNow();
            if (this.eventLoopGroup != null) {
                this.eventLoopGroup = (EventLoopGroup) SharedResourceHolder.release(eventLoopGroupResource, this.eventLoopGroup);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processDiscoveryResponse(final DiscoveryResponse discoveryResponse) {
        this.watcherExecutor.execute(new Runnable() { // from class: io.grpc.xds.internal.sds.SdsClient.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    SdsClient.this.processSecretsFromDiscoveryResponse(discoveryResponse);
                    SdsClient.this.lastResponse = discoveryResponse;
                    SdsClient.this.sendDiscoveryRequestOnStream();
                } catch (Throwable th) {
                    SdsClient.this.sendNack(th);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendNack(Throwable th) {
        String str = "";
        String str2 = "";
        if (this.lastResponse != null) {
            str = this.lastResponse.getNonce();
            str2 = this.lastResponse.getVersionInfo();
        }
        Status fromThrowable = Status.fromThrowable(th);
        DiscoveryRequest m2781build = DiscoveryRequest.newBuilder().setTypeUrl(SECRET_TYPE_URL).setResponseNonce(str).setVersionInfo(str2).addResourceNames(this.sdsSecretConfig.getName()).setErrorDetail(com.google.rpc.Status.newBuilder().setCode(fromThrowable.getCode().value()).setMessage(fromThrowable.getDescription() != null ? fromThrowable.getDescription() : "Secret not updated").build()).setNode(this.clientNode).m2781build();
        logger.log(Level.FINEST, "Sending NACK req={0}", m2781build);
        this.requestObserver.onNext(m2781build);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendErrorToWatcher(final Throwable th) {
        final SecretWatcher secretWatcher = this.watcher;
        if (secretWatcher != null) {
            this.watcherExecutor.execute(new Runnable() { // from class: io.grpc.xds.internal.sds.SdsClient.2
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        secretWatcher.onError(Status.fromThrowable(th));
                    } catch (Throwable th2) {
                        SdsClient.logger.log(Level.SEVERE, "exception from onError", th2);
                    }
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processSecretsFromDiscoveryResponse(DiscoveryResponse discoveryResponse) throws InvalidProtocolBufferException {
        List<Any> resourcesList = discoveryResponse.getResourcesList();
        Preconditions.checkState(resourcesList.size() == 1, "exactly one resource expected");
        Any any = resourcesList.get(0);
        String typeUrl = any.getTypeUrl();
        Preconditions.checkState(SECRET_TYPE_URL.equals(typeUrl), "wrong value for typeUrl %s", typeUrl);
        processSecret(Secret.parseFrom(any.getValue()));
    }

    private void processSecret(Secret secret) {
        Preconditions.checkState(this.sdsSecretConfig.getName().equals(secret.getName()), "expected secret name %s", this.sdsSecretConfig.getName());
        SecretWatcher secretWatcher = this.watcher;
        if (secretWatcher != null) {
            secretWatcher.onSecretChanged(secret);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void watchSecret(SecretWatcher secretWatcher) {
        Preconditions.checkNotNull(secretWatcher, "secretWatcher");
        Preconditions.checkState(this.watcher == null, "watcher already set");
        this.watcher = secretWatcher;
        if (this.lastResponse == null) {
            sendDiscoveryRequestOnStream();
        } else {
            this.watcherExecutor.execute(new Runnable() { // from class: io.grpc.xds.internal.sds.SdsClient.3
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        SdsClient.this.processSecretsFromDiscoveryResponse(SdsClient.this.lastResponse);
                    } catch (Throwable th) {
                        SdsClient.logger.log(Level.SEVERE, "from watcherExecutor.execute", th);
                    }
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void cancelSecretWatch(SecretWatcher secretWatcher) {
        Preconditions.checkNotNull(secretWatcher, "secretWatcher");
        Preconditions.checkArgument(secretWatcher == this.watcher, "Incorrect secretWatcher to cancel");
        this.watcher = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendDiscoveryRequestOnStream() {
        String str = "";
        String str2 = "";
        String str3 = "Sending initial req={0}";
        if (this.lastResponse != null) {
            str = this.lastResponse.getNonce();
            str2 = this.lastResponse.getVersionInfo();
            str3 = "Sending ACK req={0}";
        }
        DiscoveryRequest m2781build = DiscoveryRequest.newBuilder().setTypeUrl(SECRET_TYPE_URL).setResponseNonce(str).setVersionInfo(str2).addResourceNames(this.sdsSecretConfig.getName()).setNode(this.clientNode).m2781build();
        logger.log(Level.FINEST, str3, m2781build);
        this.requestObserver.onNext(m2781build);
    }

    static {
        eventLoopGroupResource = Epoll.isAvailable() ? new EventLoopGroupResource("SdsClient") : null;
    }
}
