package io.spiffe.workloadapi;

import io.grpc.ClientInterceptor;
import io.grpc.Context;
import io.grpc.stub.StreamObserver;
import io.spiffe.bundle.jwtbundle.JwtBundleSet;
import io.spiffe.exception.JwtBundleException;
import io.spiffe.exception.JwtSvidException;
import io.spiffe.exception.SocketEndpointAddressException;
import io.spiffe.exception.X509ContextException;
import io.spiffe.spiffeid.SpiffeId;
import io.spiffe.svid.jwtsvid.JwtSvid;
import io.spiffe.workloadapi.grpc.SpiffeWorkloadAPIGrpc;
import io.spiffe.workloadapi.grpc.Workload;
import io.spiffe.workloadapi.internal.GrpcManagedChannelFactory;
import io.spiffe.workloadapi.internal.ManagedChannelWrapper;
import io.spiffe.workloadapi.internal.SecurityHeaderInterceptor;
import io.spiffe.workloadapi.retry.ExponentialBackoffPolicy;
import io.spiffe.workloadapi.retry.RetryHandler;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.logging.Level;
import java.util.logging.Logger;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:io/spiffe/workloadapi/DefaultWorkloadApiClient.class */
public final class DefaultWorkloadApiClient implements WorkloadApiClient {

    @Generated
    private static final Logger log = Logger.getLogger(DefaultWorkloadApiClient.class.getName());
    private final SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIStub workloadApiAsyncStub;
    private final SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIBlockingStub workloadApiBlockingStub;
    private final ManagedChannelWrapper managedChannel;
    private final List<Context.CancellableContext> cancellableContexts;
    private final ExponentialBackoffPolicy exponentialBackoffPolicy;
    private final ScheduledExecutorService retryExecutor;
    private final ExecutorService executorService;
    private volatile boolean closed;

    /* loaded from: input_file:io/spiffe/workloadapi/DefaultWorkloadApiClient$ClientOptions.class */
    public static class ClientOptions {
        private String spiffeSocketPath;
        private ExponentialBackoffPolicy exponentialBackoffPolicy;
        private ExecutorService executorService;

        @Generated
        /* loaded from: input_file:io/spiffe/workloadapi/DefaultWorkloadApiClient$ClientOptions$ClientOptionsBuilder.class */
        public static class ClientOptionsBuilder {

            @Generated
            private String spiffeSocketPath;

            @Generated
            private ExponentialBackoffPolicy exponentialBackoffPolicy;

            @Generated
            private ExecutorService executorService;

            @Generated
            ClientOptionsBuilder() {
            }

            @Generated
            public ClientOptionsBuilder spiffeSocketPath(String str) {
                this.spiffeSocketPath = str;
                return this;
            }

            @Generated
            public ClientOptionsBuilder exponentialBackoffPolicy(ExponentialBackoffPolicy exponentialBackoffPolicy) {
                this.exponentialBackoffPolicy = exponentialBackoffPolicy;
                return this;
            }

            @Generated
            public ClientOptionsBuilder executorService(ExecutorService executorService) {
                this.executorService = executorService;
                return this;
            }

            @Generated
            public ClientOptions build() {
                return new ClientOptions(this.spiffeSocketPath, this.exponentialBackoffPolicy, this.executorService);
            }

            @Generated
            public String toString() {
                return "DefaultWorkloadApiClient.ClientOptions.ClientOptionsBuilder(spiffeSocketPath=" + this.spiffeSocketPath + ", exponentialBackoffPolicy=" + this.exponentialBackoffPolicy + ", executorService=" + this.executorService + ")";
            }
        }

        public ClientOptions(String str, ExponentialBackoffPolicy exponentialBackoffPolicy, ExecutorService executorService) {
            this.spiffeSocketPath = str;
            this.exponentialBackoffPolicy = exponentialBackoffPolicy;
            this.executorService = executorService;
        }

        @Generated
        public static ClientOptionsBuilder builder() {
            return new ClientOptionsBuilder();
        }

        @Generated
        public String getSpiffeSocketPath() {
            return this.spiffeSocketPath;
        }

        @Generated
        public ExponentialBackoffPolicy getExponentialBackoffPolicy() {
            return this.exponentialBackoffPolicy;
        }

        @Generated
        public ExecutorService getExecutorService() {
            return this.executorService;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ClientOptions)) {
                return false;
            }
            ClientOptions clientOptions = (ClientOptions) obj;
            if (!clientOptions.canEqual(this)) {
                return false;
            }
            String spiffeSocketPath = getSpiffeSocketPath();
            String spiffeSocketPath2 = clientOptions.getSpiffeSocketPath();
            if (spiffeSocketPath == null) {
                if (spiffeSocketPath2 != null) {
                    return false;
                }
            } else if (!spiffeSocketPath.equals(spiffeSocketPath2)) {
                return false;
            }
            ExponentialBackoffPolicy exponentialBackoffPolicy = getExponentialBackoffPolicy();
            ExponentialBackoffPolicy exponentialBackoffPolicy2 = clientOptions.getExponentialBackoffPolicy();
            if (exponentialBackoffPolicy == null) {
                if (exponentialBackoffPolicy2 != null) {
                    return false;
                }
            } else if (!exponentialBackoffPolicy.equals(exponentialBackoffPolicy2)) {
                return false;
            }
            ExecutorService executorService = getExecutorService();
            ExecutorService executorService2 = clientOptions.getExecutorService();
            return executorService == null ? executorService2 == null : executorService.equals(executorService2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof ClientOptions;
        }

        @Generated
        public int hashCode() {
            String spiffeSocketPath = getSpiffeSocketPath();
            int hashCode = (1 * 59) + (spiffeSocketPath == null ? 43 : spiffeSocketPath.hashCode());
            ExponentialBackoffPolicy exponentialBackoffPolicy = getExponentialBackoffPolicy();
            int hashCode2 = (hashCode * 59) + (exponentialBackoffPolicy == null ? 43 : exponentialBackoffPolicy.hashCode());
            ExecutorService executorService = getExecutorService();
            return (hashCode2 * 59) + (executorService == null ? 43 : executorService.hashCode());
        }

        @Generated
        public String toString() {
            return "DefaultWorkloadApiClient.ClientOptions(spiffeSocketPath=" + getSpiffeSocketPath() + ", exponentialBackoffPolicy=" + getExponentialBackoffPolicy() + ", executorService=" + getExecutorService() + ")";
        }
    }

    private DefaultWorkloadApiClient(SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIStub spiffeWorkloadAPIStub, SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIBlockingStub spiffeWorkloadAPIBlockingStub, ManagedChannelWrapper managedChannelWrapper, ExponentialBackoffPolicy exponentialBackoffPolicy, ScheduledExecutorService scheduledExecutorService, ExecutorService executorService) {
        this.workloadApiAsyncStub = spiffeWorkloadAPIStub;
        this.workloadApiBlockingStub = spiffeWorkloadAPIBlockingStub;
        this.managedChannel = managedChannelWrapper;
        this.cancellableContexts = Collections.synchronizedList(new ArrayList());
        this.exponentialBackoffPolicy = exponentialBackoffPolicy;
        this.retryExecutor = scheduledExecutorService;
        this.executorService = executorService;
    }

    DefaultWorkloadApiClient(SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIStub spiffeWorkloadAPIStub, SpiffeWorkloadAPIGrpc.SpiffeWorkloadAPIBlockingStub spiffeWorkloadAPIBlockingStub, ManagedChannelWrapper managedChannelWrapper, ExponentialBackoffPolicy exponentialBackoffPolicy) {
        this.workloadApiAsyncStub = spiffeWorkloadAPIStub;
        this.workloadApiBlockingStub = spiffeWorkloadAPIBlockingStub;
        this.exponentialBackoffPolicy = exponentialBackoffPolicy;
        this.executorService = Executors.newCachedThreadPool();
        this.retryExecutor = Executors.newSingleThreadScheduledExecutor();
        this.cancellableContexts = Collections.synchronizedList(new ArrayList());
        this.managedChannel = managedChannelWrapper;
    }

    public static WorkloadApiClient newClient() throws SocketEndpointAddressException {
        return newClient(ClientOptions.builder().build());
    }

    public static WorkloadApiClient newClient(@NonNull ClientOptions clientOptions) throws SocketEndpointAddressException {
        if (clientOptions == null) {
            throw new NullPointerException("options is marked non-null but is null");
        }
        String defaultAddress = StringUtils.isNotBlank(clientOptions.spiffeSocketPath) ? clientOptions.spiffeSocketPath : Address.getDefaultAddress();
        if (clientOptions.exponentialBackoffPolicy == null) {
            clientOptions.exponentialBackoffPolicy = ExponentialBackoffPolicy.DEFAULT;
        }
        if (clientOptions.executorService == null) {
            clientOptions.executorService = Executors.newCachedThreadPool();
        }
        ManagedChannelWrapper newChannel = GrpcManagedChannelFactory.newChannel(Address.parseAddress(defaultAddress), clientOptions.executorService);
        SecurityHeaderInterceptor securityHeaderInterceptor = new SecurityHeaderInterceptor();
        return new DefaultWorkloadApiClient(SpiffeWorkloadAPIGrpc.newStub(newChannel.getChannel()).withExecutor(clientOptions.executorService).withInterceptors(new ClientInterceptor[]{securityHeaderInterceptor}), SpiffeWorkloadAPIGrpc.newBlockingStub(newChannel.getChannel()).withExecutor(clientOptions.executorService).withInterceptors(new ClientInterceptor[]{securityHeaderInterceptor}), newChannel, clientOptions.exponentialBackoffPolicy, Executors.newSingleThreadScheduledExecutor(), clientOptions.executorService);
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public X509Context fetchX509Context() throws X509ContextException {
        try {
            Context.CancellableContext withCancellation = Context.current().withCancellation();
            try {
                X509Context x509Context = (X509Context) withCancellation.call(this::callFetchX509Context);
                if (withCancellation != null) {
                    withCancellation.close();
                }
                return x509Context;
            } finally {
            }
        } catch (Exception e) {
            throw new X509ContextException("Error fetching X509Context", e);
        }
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public void watchX509Context(@NonNull Watcher<X509Context> watcher) {
        if (watcher == null) {
            throw new NullPointerException("watcher is marked non-null but is null");
        }
        RetryHandler retryHandler = new RetryHandler(this.exponentialBackoffPolicy, this.retryExecutor);
        Context.CancellableContext withCancellation = Context.current().withCancellation();
        StreamObserver<Workload.X509SVIDResponse> x509ContextStreamObserver = StreamObservers.getX509ContextStreamObserver(watcher, retryHandler, withCancellation, this.workloadApiAsyncStub);
        withCancellation.run(() -> {
            this.workloadApiAsyncStub.fetchX509SVID(newX509SvidRequest(), x509ContextStreamObserver);
        });
        this.cancellableContexts.add(withCancellation);
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public JwtSvid fetchJwtSvid(@NonNull String str, String... strArr) throws JwtSvidException {
        if (str == null) {
            throw new NullPointerException("audience is marked non-null but is null");
        }
        Set<String> createAudienceSet = createAudienceSet(str, strArr);
        try {
            Context.CancellableContext withCancellation = Context.current().withCancellation();
            try {
                JwtSvid jwtSvid = (JwtSvid) withCancellation.call(() -> {
                    return callFetchJwtSvid(createAudienceSet);
                });
                if (withCancellation != null) {
                    withCancellation.close();
                }
                return jwtSvid;
            } finally {
            }
        } catch (Exception e) {
            throw new JwtSvidException("Error fetching JWT SVID", e);
        }
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public JwtSvid fetchJwtSvid(@NonNull SpiffeId spiffeId, @NonNull String str, String... strArr) throws JwtSvidException {
        if (spiffeId == null) {
            throw new NullPointerException("subject is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("audience is marked non-null but is null");
        }
        Set<String> createAudienceSet = createAudienceSet(str, strArr);
        try {
            Context.CancellableContext withCancellation = Context.current().withCancellation();
            try {
                JwtSvid jwtSvid = (JwtSvid) withCancellation.call(() -> {
                    return callFetchJwtSvid(spiffeId, createAudienceSet);
                });
                if (withCancellation != null) {
                    withCancellation.close();
                }
                return jwtSvid;
            } finally {
            }
        } catch (Exception e) {
            throw new JwtSvidException("Error fetching JWT SVID", e);
        }
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public JwtBundleSet fetchJwtBundles() throws JwtBundleException {
        try {
            Context.CancellableContext withCancellation = Context.current().withCancellation();
            try {
                JwtBundleSet jwtBundleSet = (JwtBundleSet) withCancellation.call(this::callFetchBundles);
                if (withCancellation != null) {
                    withCancellation.close();
                }
                return jwtBundleSet;
            } finally {
            }
        } catch (Exception e) {
            throw new JwtBundleException("Error fetching JWT Bundles", e);
        }
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public JwtSvid validateJwtSvid(@NonNull String str, @NonNull String str2) throws JwtSvidException {
        if (str == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("audience is marked non-null but is null");
        }
        Workload.ValidateJWTSVIDRequest createJwtSvidRequest = createJwtSvidRequest(str, str2);
        try {
            Context.CancellableContext withCancellation = Context.current().withCancellation();
            try {
                Workload.ValidateJWTSVIDResponse validateJWTSVIDResponse = (Workload.ValidateJWTSVIDResponse) withCancellation.call(() -> {
                    return this.workloadApiBlockingStub.validateJWTSVID(createJwtSvidRequest);
                });
                if (withCancellation != null) {
                    withCancellation.close();
                }
                if (validateJWTSVIDResponse == null || StringUtils.isBlank(validateJWTSVIDResponse.getSpiffeId())) {
                    throw new JwtSvidException("Error validating JWT SVID. Empty response from Workload API");
                }
                return JwtSvid.parseInsecure(str, Collections.singleton(str2));
            } finally {
            }
        } catch (Exception e) {
            throw new JwtSvidException("Error validating JWT SVID", e);
        }
    }

    @Override // io.spiffe.workloadapi.WorkloadApiClient
    public void watchJwtBundles(@NonNull Watcher<JwtBundleSet> watcher) {
        if (watcher == null) {
            throw new NullPointerException("watcher is marked non-null but is null");
        }
        RetryHandler retryHandler = new RetryHandler(this.exponentialBackoffPolicy, this.retryExecutor);
        Context.CancellableContext withCancellation = Context.current().withCancellation();
        StreamObserver<Workload.JWTBundlesResponse> jwtBundleStreamObserver = StreamObservers.getJwtBundleStreamObserver(watcher, retryHandler, withCancellation, this.workloadApiAsyncStub);
        withCancellation.run(() -> {
            this.workloadApiAsyncStub.fetchJWTBundles(newJwtBundlesRequest(), jwtBundleStreamObserver);
        });
        this.cancellableContexts.add(withCancellation);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        log.log(Level.FINE, "Closing WorkloadAPI client");
        synchronized (this) {
            if (!this.closed) {
                Iterator<Context.CancellableContext> it = this.cancellableContexts.iterator();
                while (it.hasNext()) {
                    it.next().close();
                }
                if (this.managedChannel != null) {
                    this.managedChannel.close();
                }
                this.retryExecutor.shutdown();
                this.executorService.shutdown();
                this.closed = true;
            }
        }
        log.log(Level.INFO, "WorkloadAPI client is closed");
    }

    private X509Context callFetchX509Context() throws X509ContextException {
        return GrpcConversionUtils.toX509Context(this.workloadApiBlockingStub.fetchX509SVID(newX509SvidRequest()));
    }

    private JwtSvid callFetchJwtSvid(SpiffeId spiffeId, Set<String> set) throws JwtSvidException {
        return processJwtSvidResponse(this.workloadApiBlockingStub.fetchJWTSVID(Workload.JWTSVIDRequest.newBuilder().setSpiffeId(spiffeId.toString()).addAllAudience(set).m204build()), set);
    }

    private JwtSvid callFetchJwtSvid(Set<String> set) throws JwtSvidException {
        return processJwtSvidResponse(this.workloadApiBlockingStub.fetchJWTSVID(Workload.JWTSVIDRequest.newBuilder().addAllAudience(set).m204build()), set);
    }

    private JwtSvid processJwtSvidResponse(Workload.JWTSVIDResponse jWTSVIDResponse, Set<String> set) throws JwtSvidException {
        if (jWTSVIDResponse.getSvidsList() == null || jWTSVIDResponse.getSvidsList().size() == 0) {
            throw new JwtSvidException("JWT SVID response from the Workload API is empty");
        }
        return JwtSvid.parseInsecure(jWTSVIDResponse.getSvids(0).getSvid(), set);
    }

    private JwtBundleSet callFetchBundles() throws JwtBundleException {
        return GrpcConversionUtils.toBundleSet(this.workloadApiBlockingStub.fetchJWTBundles(Workload.JWTBundlesRequest.newBuilder().m61build()));
    }

    private Set<String> createAudienceSet(String str, String[] strArr) {
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        Collections.addAll(hashSet, strArr);
        return hashSet;
    }

    private Workload.X509SVIDRequest newX509SvidRequest() {
        return Workload.X509SVIDRequest.newBuilder().m439build();
    }

    private Workload.JWTBundlesRequest newJwtBundlesRequest() {
        return Workload.JWTBundlesRequest.newBuilder().m61build();
    }

    private Workload.ValidateJWTSVIDRequest createJwtSvidRequest(String str, String str2) {
        return Workload.ValidateJWTSVIDRequest.newBuilder().setSvid(str).setAudience(str2).m298build();
    }
}
