package io.grpc.xds.internal.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.grpc.Internal;
import io.grpc.netty.shaded.io.netty.handler.ssl.ClientAuth;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.xds.EnvoyServerProtoData;
import io.grpc.xds.internal.security.trust.XdsTrustManagerFactory;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import java.io.IOException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.util.concurrent.Executor;

@Internal
/* loaded from: classes5.dex */
public abstract class SslContextProvider implements Closeable {

    /* renamed from: a, reason: collision with root package name */
    public final EnvoyServerProtoData.BaseTlsContext f11878a;

    @VisibleForTesting
    /* loaded from: classes5.dex */
    public static abstract class Callback {

        /* renamed from: a, reason: collision with root package name */
        public final Executor f11880a;

        public Callback(Executor executor) {
            this.f11880a = executor;
        }

        @VisibleForTesting
        public Executor b() {
            return this.f11880a;
        }

        @VisibleForTesting
        public abstract void c(Throwable th);

        @VisibleForTesting
        public abstract void d(SslContext sslContext);
    }

    /* loaded from: classes5.dex */
    public interface SslContextGetter {
        SslContext get() throws Exception;
    }

    public SslContextProvider(EnvoyServerProtoData.BaseTlsContext baseTlsContext) {
        this.f11878a = (EnvoyServerProtoData.BaseTlsContext) Preconditions.u(baseTlsContext, "tlsContext");
    }

    public abstract void g(Callback callback);

    public CommonTlsContext h() {
        return this.f11878a.a();
    }

    public EnvoyServerProtoData.DownstreamTlsContext i() {
        Preconditions.B(this.f11878a instanceof EnvoyServerProtoData.DownstreamTlsContext, "expected DownstreamTlsContext");
        return (EnvoyServerProtoData.DownstreamTlsContext) this.f11878a;
    }

    public EnvoyServerProtoData.UpstreamTlsContext j() {
        Preconditions.B(this.f11878a instanceof EnvoyServerProtoData.UpstreamTlsContext, "expected UpstreamTlsContext");
        return (EnvoyServerProtoData.UpstreamTlsContext) this.f11878a;
    }

    public final void l(final SslContextGetter sslContextGetter, final Callback callback) {
        Preconditions.u(sslContextGetter, "sslContextGetter");
        Preconditions.u(callback, "callback");
        callback.f11880a.execute(new Runnable() { // from class: io.grpc.xds.internal.security.SslContextProvider.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    callback.d(sslContextGetter.get());
                } catch (Throwable th) {
                    callback.c(th);
                }
            }
        });
    }

    public void m(SslContextBuilder sslContextBuilder, XdsTrustManagerFactory xdsTrustManagerFactory) throws CertificateException, IOException, CertStoreException {
        EnvoyServerProtoData.DownstreamTlsContext i = i();
        if (xdsTrustManagerFactory == null) {
            sslContextBuilder.d(ClientAuth.NONE);
        } else {
            sslContextBuilder.r(xdsTrustManagerFactory);
            sslContextBuilder.d(i.c() ? ClientAuth.REQUIRE : ClientAuth.OPTIONAL);
        }
    }
}
