package io.grpc.xds.internal.security.certprovider;

import io.grpc.xds.Bootstrapper;
import io.grpc.xds.EnvoyServerProtoData;
import io.grpc.xds.internal.security.CommonTlsContextUtil;
import io.grpc.xds.internal.security.DynamicSslContextProvider;
import io.grpc.xds.internal.security.certprovider.CertificateProvider;
import io.grpc.xds.internal.security.certprovider.CertificateProviderStore;
import io.grpc.xds.shaded.io.envoyproxy.envoy.config.core.v3.Node;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public abstract class CertProviderSslContextProvider extends DynamicSslContextProvider implements CertificateProvider.Watcher {

    @Nullable
    public final CertificateProviderStore.Handle e;

    @Nullable
    public final CertificateProviderStore.Handle f;

    @Nullable
    public final CommonTlsContext.CertificateProviderInstance g;

    @Nullable
    public final CommonTlsContext.CertificateProviderInstance h;

    @Nullable
    public PrivateKey i;

    @Nullable
    public List<X509Certificate> j;

    @Nullable
    public List<X509Certificate> k;

    public CertProviderSslContextProvider(Node node, @Nullable Map<String, Bootstrapper.CertificateProviderInfo> map, CommonTlsContext.CertificateProviderInstance certificateProviderInstance, CommonTlsContext.CertificateProviderInstance certificateProviderInstance2, CertificateValidationContext certificateValidationContext, EnvoyServerProtoData.BaseTlsContext baseTlsContext, CertificateProviderStore certificateProviderStore) {
        super(baseTlsContext, certificateValidationContext);
        String str;
        this.g = certificateProviderInstance;
        this.h = certificateProviderInstance2;
        if (certificateProviderInstance == null || !certificateProviderInstance.isInitialized()) {
            this.e = null;
            str = null;
        } else {
            str = certificateProviderInstance.t0();
            Bootstrapper.CertificateProviderInfo u = u(map, str);
            this.e = u == null ? null : certificateProviderStore.c(certificateProviderInstance.p0(), u.c(), u.a(), this, true);
        }
        if (certificateProviderInstance2 == null || !certificateProviderInstance2.isInitialized() || certificateProviderInstance2.t0().equals(str)) {
            this.f = null;
        } else {
            Bootstrapper.CertificateProviderInfo u2 = u(map, certificateProviderInstance2.t0());
            this.f = u2 != null ? certificateProviderStore.c(certificateProviderInstance2.p0(), u2.c(), u2.a(), this, true) : null;
        }
    }

    public static Bootstrapper.CertificateProviderInfo u(@Nullable Map<String, Bootstrapper.CertificateProviderInfo> map, String str) {
        if (map != null) {
            return map.get(str);
        }
        return null;
    }

    @Nullable
    public static CommonTlsContext.CertificateProviderInstance w(CommonTlsContext commonTlsContext) {
        if (commonTlsContext.f1()) {
            return CommonTlsContextUtil.a(commonTlsContext.N0());
        }
        if (commonTlsContext.e1()) {
            return commonTlsContext.M0();
        }
        return null;
    }

    @Nullable
    public static CommonTlsContext.CertificateProviderInstance x(CommonTlsContext commonTlsContext) {
        CertificateValidationContext y = y(commonTlsContext);
        if (y != null && y.f1()) {
            return CommonTlsContextUtil.a(y.I0());
        }
        if (!commonTlsContext.a1()) {
            if (commonTlsContext.l1()) {
                return commonTlsContext.X0();
            }
            return null;
        }
        CommonTlsContext.CombinedCertificateValidationContext E0 = commonTlsContext.E0();
        if (E0.z0()) {
            return E0.u0();
        }
        return null;
    }

    @Nullable
    public static CertificateValidationContext y(CommonTlsContext commonTlsContext) {
        if (commonTlsContext.i1()) {
            return commonTlsContext.V0();
        }
        if (!commonTlsContext.a1()) {
            return null;
        }
        CommonTlsContext.CombinedCertificateValidationContext E0 = commonTlsContext.E0();
        if (E0.x0()) {
            return E0.r0();
        }
        return null;
    }

    public final boolean B() {
        return (this.g == null || this.h == null) ? false : true;
    }

    public final boolean C() {
        return this.g != null && this.h == null;
    }

    public final void D() {
        if (B()) {
            if (this.i == null || this.k == null) {
                return;
            }
            s();
            t();
            return;
        }
        if (z()) {
            if (this.k != null) {
                s();
                t();
                return;
            }
            return;
        }
        if (!C() || this.i == null) {
            return;
        }
        s();
        t();
    }

    @Override // io.grpc.xds.internal.security.Closeable, java.io.Closeable, java.lang.AutoCloseable
    public final void close() {
        CertificateProviderStore.Handle handle = this.e;
        if (handle != null) {
            handle.close();
        }
        CertificateProviderStore.Handle handle2 = this.f;
        if (handle2 != null) {
            handle2.close();
        }
    }

    @Override // io.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher
    public final void e(List<X509Certificate> list) {
        this.k = list;
        D();
    }

    @Override // io.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher
    public final void f(PrivateKey privateKey, List<X509Certificate> list) {
        this.i = privateKey;
        this.j = list;
        D();
    }

    @Override // io.grpc.xds.internal.security.DynamicSslContextProvider
    public final CertificateValidationContext p() {
        return this.c;
    }

    public final void t() {
        this.i = null;
        this.k = null;
        this.j = null;
    }

    public final boolean z() {
        return this.h != null && this.g == null;
    }
}
