package io.grpc.xds.internal.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.grpc.Attributes;
import io.grpc.internal.ObjectPool;
import io.grpc.netty.shaded.io.grpc.netty.GrpcHttp2ConnectionHandler;
import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiationEvent;
import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator;
import io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiators;
import io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiationEvent;
import io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator;
import io.grpc.netty.shaded.io.netty.channel.ChannelHandler;
import io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter;
import io.grpc.netty.shaded.io.netty.channel.ChannelHandlerContext;
import io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.util.AsciiString;
import io.grpc.xds.InternalXdsAttributes;
import io.grpc.xds.internal.security.SslContextProvider;
import java.security.cert.CertStoreException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Executor;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import org.apache.http.HttpHost;

@VisibleForTesting
/* loaded from: classes5.dex */
public final class SecurityProtocolNegotiators {

    /* renamed from: a, reason: collision with root package name */
    public static final Logger f11872a = Logger.getLogger(SecurityProtocolNegotiators.class.getName());
    public static final AsciiString b = AsciiString.J(HttpHost.DEFAULT_SCHEME_NAME);
    public static final Attributes.Key<SslContextProviderSupplier> c = Attributes.Key.a("io.grpc.xds.internal.sds.server.sslContextProviderSupplier");

    /* loaded from: classes5.dex */
    public static class BufferReadsHandler extends ChannelInboundHandlerAdapter {
        public final List<Object> b;
        public boolean c;

        public BufferReadsHandler() {
            this.b = new ArrayList();
        }

        @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
        public void E(ChannelHandlerContext channelHandlerContext, Object obj) {
            this.b.add(obj);
        }

        @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandler, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
        public void d(ChannelHandlerContext channelHandlerContext, Throwable th) {
            SecurityProtocolNegotiators.f11872a.log(Level.SEVERE, "exceptionCaught", th);
            channelHandlerContext.B(th);
        }

        @Override // io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandler
        public void i0(ChannelHandlerContext channelHandlerContext) throws Exception {
            Iterator<Object> it = this.b.iterator();
            while (it.hasNext()) {
                super.E(channelHandlerContext, it.next());
            }
            if (this.c) {
                super.p0(channelHandlerContext);
            }
        }

        @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
        public void p0(ChannelHandlerContext channelHandlerContext) {
            this.c = true;
        }
    }

    /* loaded from: classes5.dex */
    public static final class ClientFactory implements InternalProtocolNegotiator.ClientFactory {

        /* renamed from: a, reason: collision with root package name */
        public final InternalProtocolNegotiator.ClientFactory f11873a;

        @Override // io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator.ClientFactory, io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator.ClientFactory
        public InternalProtocolNegotiator.ProtocolNegotiator a() {
            return new ClientSdsProtocolNegotiator(this.f11873a.a());
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator.ClientFactory
        public int b() {
            return 443;
        }
    }

    @VisibleForTesting
    /* loaded from: classes5.dex */
    public static final class ClientSdsHandler extends InternalProtocolNegotiators.ProtocolNegotiationHandler {
        public final GrpcHttp2ConnectionHandler f;
        public final SslContextProviderSupplier g;

        public ClientSdsHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler, SslContextProviderSupplier sslContextProviderSupplier) {
            super(new ChannelHandlerAdapter() { // from class: io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsHandler.1
                @Override // io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandler
                public void e0(ChannelHandlerContext channelHandlerContext) throws Exception {
                    channelHandlerContext.q().n3(this);
                }
            }, grpcHttp2ConnectionHandler.t2());
            Preconditions.u(grpcHttp2ConnectionHandler, "grpcHandler");
            this.f = grpcHttp2ConnectionHandler;
            this.g = sslContextProviderSupplier;
        }

        @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandler, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
        public void d(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
            SecurityProtocolNegotiators.f11872a.log(Level.SEVERE, "exceptionCaught", th);
            channelHandlerContext.B(th);
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        public void t0(final ChannelHandlerContext channelHandlerContext) {
            final BufferReadsHandler bufferReadsHandler = new BufferReadsHandler();
            channelHandlerContext.q().N2(channelHandlerContext.name(), null, bufferReadsHandler);
            this.g.j(new SslContextProvider.Callback(channelHandlerContext.w0()) { // from class: io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsHandler.2
                @Override // io.grpc.xds.internal.security.SslContextProvider.Callback
                public void c(Throwable th) {
                    channelHandlerContext.B(th);
                }

                @Override // io.grpc.xds.internal.security.SslContextProvider.Callback
                public void d(SslContext sslContext) {
                    SecurityProtocolNegotiators.f11872a.log(Level.FINEST, "ClientSdsHandler.updateSslContext authority={0}, ctx.name={1}", new Object[]{ClientSdsHandler.this.f.q2(), channelHandlerContext.name()});
                    channelHandlerContext.q().s2(channelHandlerContext.name(), null, InternalProtocolNegotiators.d(sslContext).a(ClientSdsHandler.this.f));
                    ClientSdsHandler.this.R(channelHandlerContext);
                    channelHandlerContext.q().n3(bufferReadsHandler);
                }
            });
        }
    }

    @VisibleForTesting
    /* loaded from: classes5.dex */
    public static final class ClientSdsProtocolNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {

        /* renamed from: a, reason: collision with root package name */
        @Nullable
        public final InternalProtocolNegotiator.ProtocolNegotiator f11874a;

        public ClientSdsProtocolNegotiator(@Nullable InternalProtocolNegotiator.ProtocolNegotiator protocolNegotiator) {
            this.f11874a = protocolNegotiator;
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator
        public AsciiString E() {
            return SecurityProtocolNegotiators.b;
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator, io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator
        public ChannelHandler a(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            SslContextProviderSupplier sslContextProviderSupplier = (SslContextProviderSupplier) grpcHttp2ConnectionHandler.s2().b(InternalXdsAttributes.f11707a);
            if (sslContextProviderSupplier != null) {
                return new ClientSdsHandler(grpcHttp2ConnectionHandler, sslContextProviderSupplier);
            }
            Preconditions.u(this.f11874a, "No TLS config and no fallbackProtocolNegotiator!");
            return this.f11874a.a(grpcHttp2ConnectionHandler);
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator
        public void close() {
        }
    }

    @VisibleForTesting
    /* loaded from: classes5.dex */
    public static final class HandlerPickerHandler extends ChannelInboundHandlerAdapter {
        public final GrpcHttp2ConnectionHandler b;

        @Nullable
        public final InternalProtocolNegotiator.ProtocolNegotiator c;

        public HandlerPickerHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler, @Nullable InternalProtocolNegotiator.ProtocolNegotiator protocolNegotiator) {
            this.b = (GrpcHttp2ConnectionHandler) Preconditions.u(grpcHttp2ConnectionHandler, "grpcHandler");
            this.c = protocolNegotiator;
        }

        @Override // io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelInboundHandler
        public void n0(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (!(obj instanceof ProtocolNegotiationEvent)) {
                super.n0(channelHandlerContext, obj);
                return;
            }
            ProtocolNegotiationEvent protocolNegotiationEvent = (ProtocolNegotiationEvent) obj;
            SslContextProviderSupplier sslContextProviderSupplier = (SslContextProviderSupplier) InternalProtocolNegotiationEvent.a(protocolNegotiationEvent).b(SecurityProtocolNegotiators.c);
            if (sslContextProviderSupplier != null) {
                channelHandlerContext.q().Q3(this, null, new ServerSdsHandler(this.b, sslContextProviderSupplier));
                channelHandlerContext.z(protocolNegotiationEvent);
                return;
            }
            Logger logger = SecurityProtocolNegotiators.f11872a;
            Level level = Level.FINE;
            logger.log(level, "No sslContextProviderSupplier found in filterChainMatch for connection from {0} to {1}", new Object[]{channelHandlerContext.a().k(), channelHandlerContext.a().v()});
            if (this.c == null) {
                channelHandlerContext.B(new CertStoreException("No certificate source found!"));
                return;
            }
            SecurityProtocolNegotiators.f11872a.log(level, "Using fallback credentials for connection from {0} to {1}", new Object[]{channelHandlerContext.a().k(), channelHandlerContext.a().v()});
            channelHandlerContext.q().Q3(this, null, this.c.a(this.b));
            channelHandlerContext.z(protocolNegotiationEvent);
        }
    }

    /* loaded from: classes5.dex */
    public static final class ServerFactory implements InternalProtocolNegotiator.ServerFactory {

        /* renamed from: a, reason: collision with root package name */
        public final InternalProtocolNegotiator.ServerFactory f11875a;

        @Override // io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator.ServerFactory, io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator.ServerFactory
        public InternalProtocolNegotiator.ProtocolNegotiator a(ObjectPool<? extends Executor> objectPool) {
            return new ServerSdsProtocolNegotiator(this.f11875a.a(objectPool));
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator.ServerFactory, io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator.ServerFactory
        public /* bridge */ /* synthetic */ ProtocolNegotiator a(ObjectPool objectPool) {
            return a((ObjectPool<? extends Executor>) objectPool);
        }
    }

    @VisibleForTesting
    /* loaded from: classes5.dex */
    public static final class ServerSdsHandler extends InternalProtocolNegotiators.ProtocolNegotiationHandler {
        public final GrpcHttp2ConnectionHandler f;
        public final SslContextProviderSupplier g;

        public ServerSdsHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler, SslContextProviderSupplier sslContextProviderSupplier) {
            super(new ChannelHandlerAdapter() { // from class: io.grpc.xds.internal.security.SecurityProtocolNegotiators.ServerSdsHandler.1
                @Override // io.grpc.netty.shaded.io.netty.channel.ChannelHandlerAdapter, io.grpc.netty.shaded.io.netty.channel.ChannelHandler
                public void e0(ChannelHandlerContext channelHandlerContext) throws Exception {
                    channelHandlerContext.q().n3(this);
                }
            }, grpcHttp2ConnectionHandler.t2());
            Preconditions.u(grpcHttp2ConnectionHandler, "grpcHandler");
            this.f = grpcHttp2ConnectionHandler;
            this.g = sslContextProviderSupplier;
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        public void t0(final ChannelHandlerContext channelHandlerContext) {
            final BufferReadsHandler bufferReadsHandler = new BufferReadsHandler();
            channelHandlerContext.q().N2(channelHandlerContext.name(), null, bufferReadsHandler);
            this.g.j(new SslContextProvider.Callback(channelHandlerContext.w0()) { // from class: io.grpc.xds.internal.security.SecurityProtocolNegotiators.ServerSdsHandler.2
                @Override // io.grpc.xds.internal.security.SslContextProvider.Callback
                public void c(Throwable th) {
                    channelHandlerContext.B(th);
                }

                @Override // io.grpc.xds.internal.security.SslContextProvider.Callback
                public void d(SslContext sslContext) {
                    ChannelHandler a2 = InternalProtocolNegotiators.c(sslContext).a(ServerSdsHandler.this.f);
                    if (channelHandlerContext.m0()) {
                        return;
                    }
                    channelHandlerContext.q().s2(channelHandlerContext.name(), null, a2);
                    ServerSdsHandler.this.R(channelHandlerContext);
                    channelHandlerContext.q().n3(bufferReadsHandler);
                }
            });
        }
    }

    /* loaded from: classes5.dex */
    public static final class ServerSdsProtocolNegotiator implements InternalProtocolNegotiator.ProtocolNegotiator {

        /* renamed from: a, reason: collision with root package name */
        @Nullable
        public final InternalProtocolNegotiator.ProtocolNegotiator f11876a;

        @VisibleForTesting
        public ServerSdsProtocolNegotiator(@Nullable InternalProtocolNegotiator.ProtocolNegotiator protocolNegotiator) {
            this.f11876a = protocolNegotiator;
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator
        public AsciiString E() {
            return SecurityProtocolNegotiators.b;
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator, io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator
        public ChannelHandler a(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            return new HandlerPickerHandler(grpcHttp2ConnectionHandler, this.f11876a);
        }

        @Override // io.grpc.netty.shaded.io.grpc.netty.ProtocolNegotiator
        public void close() {
        }
    }
}
