package io.grpc.xds.internal.security;

import com.google.common.collect.r;
import ff.t;
import io.grpc.Internal;
import io.grpc.Status;
import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.xds.EnvoyServerProtoData;
import io.grpc.xds.internal.security.SslContextProvider;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

@Internal
/* loaded from: classes4.dex */
public abstract class DynamicSslContextProvider extends SslContextProvider {
    protected final List<SslContextProvider.Callback> pendingCallbacks;
    protected SslContext sslContext;
    protected final CertificateValidationContext staticCertificateValidationContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public DynamicSslContextProvider(EnvoyServerProtoData.BaseTlsContext baseTlsContext, CertificateValidationContext certificateValidationContext) {
        super(baseTlsContext);
        this.pendingCallbacks = new ArrayList();
        this.staticCertificateValidationContext = certificateValidationContext;
    }

    private List<SslContextProvider.Callback> clonePendingCallbacksAndClear() {
        r u10;
        synchronized (this.pendingCallbacks) {
            u10 = r.u(this.pendingCallbacks);
            this.pendingCallbacks.clear();
        }
        return u10;
    }

    private final void makePendingCallbacks(SslContext sslContext, List<SslContextProvider.Callback> list) {
        Iterator<SslContextProvider.Callback> it = list.iterator();
        while (it.hasNext()) {
            callPerformCallback(it.next(), sslContext);
        }
    }

    @Override // io.grpc.xds.internal.security.SslContextProvider
    public final void addCallback(SslContextProvider.Callback callback) {
        SslContext sslContext;
        t.r(callback, "callback");
        synchronized (this.pendingCallbacks) {
            sslContext = this.sslContext;
            if (sslContext == null) {
                this.pendingCallbacks.add(callback);
                sslContext = null;
            }
        }
        if (sslContext != null) {
            callPerformCallback(callback, sslContext);
        }
    }

    protected final void callPerformCallback(SslContextProvider.Callback callback, final SslContext sslContext) {
        performCallback(new SslContextProvider.SslContextGetter() { // from class: io.grpc.xds.internal.security.DynamicSslContextProvider.1
            @Override // io.grpc.xds.internal.security.SslContextProvider.SslContextGetter
            public SslContext get() {
                return sslContext;
            }
        }, callback);
    }

    protected abstract CertificateValidationContext generateCertificateValidationContext();

    public SslContext getSslContext() {
        return this.sslContext;
    }

    protected abstract SslContextBuilder getSslContextBuilder(CertificateValidationContext certificateValidationContext);

    public final void onError(Status status) {
        Iterator<SslContextProvider.Callback> it = clonePendingCallbacksAndClear().iterator();
        while (it.hasNext()) {
            it.next().onException(status.asException());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void updateSslContext() {
        SslContext build;
        List<SslContextProvider.Callback> clonePendingCallbacksAndClear;
        try {
            SslContextBuilder sslContextBuilder = getSslContextBuilder(generateCertificateValidationContext());
            CommonTlsContext commonTlsContext = getCommonTlsContext();
            if (commonTlsContext != null && commonTlsContext.getAlpnProtocolsCount() > 0) {
                sslContextBuilder.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, (Iterable<String>) commonTlsContext.getAlpnProtocolsList()));
            }
            synchronized (this.pendingCallbacks) {
                build = sslContextBuilder.build();
                this.sslContext = build;
                clonePendingCallbacksAndClear = clonePendingCallbacksAndClear();
            }
            makePendingCallbacks(build, clonePendingCallbacksAndClear);
        } catch (Exception e10) {
            onError(Status.fromThrowable(e10));
            throw new RuntimeException(e10);
        }
    }
}
