package org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.internal.sds;

import com.sun.jna.Callback;
import java.io.IOException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.pulsar.functions.runtime.shaded.com.google.common.base.Preconditions;
import org.apache.pulsar.functions.runtime.shaded.com.google.common.collect.ImmutableList;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.Status;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.EnvoyServerProtoData;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.internal.sds.SslContextProvider;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import org.apache.pulsar.functions.runtime.shaded.javax.annotation.Nullable;

/* loaded from: input_file:org/apache/pulsar/functions/runtime/shaded/io/grpc/xds/internal/sds/DynamicSslContextProvider.class */
public abstract class DynamicSslContextProvider extends SslContextProvider {
    protected final List<SslContextProvider.Callback> pendingCallbacks;

    @Nullable
    protected final CertificateValidationContext staticCertificateValidationContext;

    @Nullable
    protected SslContext sslContext;

    /* JADX INFO: Access modifiers changed from: protected */
    public DynamicSslContextProvider(EnvoyServerProtoData.BaseTlsContext baseTlsContext, CertificateValidationContext certificateValidationContext) {
        super(baseTlsContext);
        this.pendingCallbacks = new ArrayList();
        this.staticCertificateValidationContext = certificateValidationContext;
    }

    @Nullable
    public SslContext getSslContext() {
        return this.sslContext;
    }

    protected abstract CertificateValidationContext generateCertificateValidationContext();

    protected abstract SslContextBuilder getSslContextBuilder(CertificateValidationContext certificateValidationContext) throws CertificateException, IOException, CertStoreException;

    /* JADX INFO: Access modifiers changed from: protected */
    public final void updateSslContext() {
        SslContext sslContext;
        List<SslContextProvider.Callback> clonePendingCallbacksAndClear;
        try {
            SslContextBuilder sslContextBuilder = getSslContextBuilder(generateCertificateValidationContext());
            CommonTlsContext commonTlsContext = getCommonTlsContext();
            if (commonTlsContext != null && commonTlsContext.getAlpnProtocolsCount() > 0) {
                sslContextBuilder.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, (Iterable<String>) commonTlsContext.getAlpnProtocolsList()));
            }
            synchronized (this.pendingCallbacks) {
                this.sslContext = sslContextBuilder.build();
                sslContext = this.sslContext;
                clonePendingCallbacksAndClear = clonePendingCallbacksAndClear();
            }
            makePendingCallbacks(sslContext, clonePendingCallbacksAndClear);
        } catch (Exception e) {
            onError(Status.fromThrowable(e));
            throw new RuntimeException(e);
        }
    }

    protected final void callPerformCallback(SslContextProvider.Callback callback, final SslContext sslContext) {
        performCallback(new SslContextProvider.SslContextGetter() { // from class: org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.internal.sds.DynamicSslContextProvider.1
            @Override // org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.internal.sds.SslContextProvider.SslContextGetter
            public SslContext get() {
                return sslContext;
            }
        }, callback);
    }

    @Override // org.apache.pulsar.functions.runtime.shaded.io.grpc.xds.internal.sds.SslContextProvider
    public final void addCallback(SslContextProvider.Callback callback) {
        Preconditions.checkNotNull(callback, Callback.METHOD_NAME);
        SslContext sslContext = null;
        synchronized (this.pendingCallbacks) {
            if (this.sslContext != null) {
                sslContext = this.sslContext;
            } else {
                this.pendingCallbacks.add(callback);
            }
        }
        if (sslContext != null) {
            callPerformCallback(callback, sslContext);
        }
    }

    private final void makePendingCallbacks(SslContext sslContext, List<SslContextProvider.Callback> list) {
        Iterator<SslContextProvider.Callback> it = list.iterator();
        while (it.hasNext()) {
            callPerformCallback(it.next(), sslContext);
        }
    }

    public final void onError(Status status) {
        Iterator<SslContextProvider.Callback> it = clonePendingCallbacksAndClear().iterator();
        while (it.hasNext()) {
            it.next().onException(status.asException());
        }
    }

    private List<SslContextProvider.Callback> clonePendingCallbacksAndClear() {
        ImmutableList copyOf;
        synchronized (this.pendingCallbacks) {
            copyOf = ImmutableList.copyOf((Collection) this.pendingCallbacks);
            this.pendingCallbacks.clear();
        }
        return copyOf;
    }
}
