package io.grpc.xds.internal.sds;

import com.google.common.base.Preconditions;
import io.grpc.xds.EnvoyServerProtoData;
import io.grpc.xds.internal.sds.SdsClient;
import io.grpc.xds.shaded.io.envoyproxy.envoy.api.v2.core.Node;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.Secret;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate;
import java.util.concurrent.Executor;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;

/* loaded from: input_file:io/grpc/xds/internal/sds/SdsSslContextProvider.class */
abstract class SdsSslContextProvider extends DynamicSslContextProvider implements SdsClient.SecretWatcher {
    private static final Logger logger = Logger.getLogger(SdsSslContextProvider.class.getName());

    @Nullable
    private final SdsClient certSdsClient;

    @Nullable
    private final SdsClient validationContextSdsClient;

    @Nullable
    private final SdsSecretConfig certSdsConfig;

    @Nullable
    private final SdsSecretConfig validationContextSdsConfig;

    @Nullable
    protected TlsCertificate tlsCertificate;

    @Nullable
    private CertificateValidationContext certificateValidationContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public SdsSslContextProvider(Node node, SdsSecretConfig sdsSecretConfig, SdsSecretConfig sdsSecretConfig2, CertificateValidationContext certificateValidationContext, Executor executor, Executor executor2, EnvoyServerProtoData.BaseTlsContext baseTlsContext) {
        super(baseTlsContext, certificateValidationContext);
        this.certSdsConfig = sdsSecretConfig;
        this.validationContextSdsConfig = sdsSecretConfig2;
        if (sdsSecretConfig == null || !sdsSecretConfig.isInitialized()) {
            this.certSdsClient = null;
        } else {
            this.certSdsClient = SdsClient.Factory.createSdsClient(sdsSecretConfig, node, executor, executor2);
            this.certSdsClient.start();
            this.certSdsClient.watchSecret(this);
        }
        if (sdsSecretConfig2 == null || !sdsSecretConfig2.isInitialized()) {
            this.validationContextSdsClient = null;
            return;
        }
        this.validationContextSdsClient = SdsClient.Factory.createSdsClient(sdsSecretConfig2, node, executor, executor2);
        this.validationContextSdsClient.start();
        this.validationContextSdsClient.watchSecret(this);
    }

    @Override // io.grpc.xds.internal.sds.SdsClient.SecretWatcher
    public final synchronized void onSecretChanged(Secret secret) {
        Preconditions.checkNotNull(secret);
        if (secret.hasTlsCertificate()) {
            Preconditions.checkState(secret.getName().equals(this.certSdsConfig.getName()), "tlsCert names don't match");
            logger.log(Level.FINEST, "onSecretChanged certSdsConfig.name={0}", this.certSdsConfig.getName());
            this.tlsCertificate = secret.getTlsCertificate();
            if (this.certificateValidationContext != null || this.validationContextSdsConfig == null) {
                updateSslContext();
                return;
            }
            return;
        }
        if (!secret.hasValidationContext()) {
            throw new UnsupportedOperationException("Unexpected secret type:" + secret.getTypeCase());
        }
        Preconditions.checkState(secret.getName().equals(this.validationContextSdsConfig.getName()), "validationContext names don't match");
        logger.log(Level.FINEST, "onSecretChanged validationContextSdsConfig.name={0}", this.validationContextSdsConfig.getName());
        this.certificateValidationContext = secret.getValidationContext();
        if (this.tlsCertificate != null || this.certSdsConfig == null) {
            updateSslContext();
        }
    }

    @Override // io.grpc.xds.internal.sds.DynamicSslContextProvider
    protected final CertificateValidationContext generateCertificateValidationContext() {
        return this.staticCertificateValidationContext == null ? this.certificateValidationContext : this.certificateValidationContext == null ? this.staticCertificateValidationContext : this.certificateValidationContext.m23267toBuilder().mergeFrom(this.staticCertificateValidationContext).m23305build();
    }

    @Override // io.grpc.xds.internal.sds.SslContextProvider, io.grpc.xds.internal.sds.Closeable, java.io.Closeable, java.lang.AutoCloseable
    public final void close() {
        if (this.certSdsClient != null) {
            this.certSdsClient.cancelSecretWatch(this);
            this.certSdsClient.shutdown();
        }
        if (this.validationContextSdsClient != null) {
            this.validationContextSdsClient.cancelSecretWatch(this);
            this.validationContextSdsClient.shutdown();
        }
    }
}
