package io.grpc.xds;

import com.google.auth.oauth2.ComputeEngineCredentials;
import com.google.auth.oauth2.IdTokenCredentials;
import io.grpc.CallCredentials;
import io.grpc.CallOptions;
import io.grpc.Channel;
import io.grpc.ClientCall;
import io.grpc.ClientInterceptor;
import io.grpc.CompositeCallCredentials;
import io.grpc.LoadBalancer;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.Status;
import io.grpc.auth.MoreCallCredentials;
import io.grpc.xds.Filter;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.ScheduledExecutorService;
import java.util.function.Function;
import javax.annotation.Nullable;
import org.apache.iceberg.gcp.shaded.com.google.common.primitives.UnsignedLongs;
import org.apache.iceberg.gcp.shaded.com.google.protobuf.Any;
import org.apache.iceberg.gcp.shaded.com.google.protobuf.InvalidProtocolBufferException;
import org.apache.iceberg.gcp.shaded.com.google.protobuf.Message;

/* loaded from: input_file:io/grpc/xds/GcpAuthenticationFilter.class */
final class GcpAuthenticationFilter implements Filter, Filter.ClientInterceptorBuilder {
    static final String TYPE_URL = "type.googleapis.com/envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig";

    /* loaded from: input_file:io/grpc/xds/GcpAuthenticationFilter$FailingClientCall.class */
    private static final class FailingClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
        private final Status error;

        public FailingClientCall(Status status) {
            this.error = status;
        }

        @Override // io.grpc.ClientCall
        public void start(ClientCall.Listener<RespT> listener, Metadata metadata) {
            listener.onClose(this.error, new Metadata());
        }

        @Override // io.grpc.ClientCall
        public void request(int i) {
        }

        @Override // io.grpc.ClientCall
        public void cancel(String str, Throwable th) {
        }

        @Override // io.grpc.ClientCall
        public void halfClose() {
        }

        @Override // io.grpc.ClientCall
        public void sendMessage(ReqT reqt) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/xds/GcpAuthenticationFilter$GcpAuthenticationConfig.class */
    public static final class GcpAuthenticationConfig implements Filter.FilterConfig {
        private final int cacheSize;

        public GcpAuthenticationConfig(int i) {
            this.cacheSize = i;
        }

        public int getCacheSize() {
            return this.cacheSize;
        }

        @Override // io.grpc.xds.Filter.FilterConfig
        public String typeUrl() {
            return GcpAuthenticationFilter.TYPE_URL;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/grpc/xds/GcpAuthenticationFilter$LruCache.class */
    public static final class LruCache<K, V> {
        private final Map<K, V> cache;

        LruCache(final int i) {
            this.cache = new LinkedHashMap<K, V>(i, 0.75f, true) { // from class: io.grpc.xds.GcpAuthenticationFilter.LruCache.1
                @Override // java.util.LinkedHashMap
                protected boolean removeEldestEntry(Map.Entry<K, V> entry) {
                    return size() > i;
                }
            };
        }

        V getOrInsert(K k, Function<K, V> function) {
            return this.cache.computeIfAbsent(k, function);
        }
    }

    GcpAuthenticationFilter() {
    }

    @Override // io.grpc.xds.Filter
    public String[] typeUrls() {
        return new String[]{TYPE_URL};
    }

    @Override // io.grpc.xds.Filter
    public ConfigOrError<? extends Filter.FilterConfig> parseFilterConfig(Message message) {
        if (!(message instanceof Any)) {
            return ConfigOrError.fromError("Invalid config type: " + message.getClass());
        }
        try {
            GcpAuthnFilterConfig gcpAuthnFilterConfig = (GcpAuthnFilterConfig) ((Any) message).unpack(GcpAuthnFilterConfig.class);
            long j = 10;
            if (gcpAuthnFilterConfig.hasCacheConfig()) {
                long value = gcpAuthnFilterConfig.getCacheConfig().getCacheSize().getValue();
                if (value == 0) {
                    return ConfigOrError.fromError("cache_config.cache_size must be greater than zero");
                }
                j = UnsignedLongs.min(value, 2147483646);
            }
            return ConfigOrError.fromConfig(new GcpAuthenticationConfig((int) j));
        } catch (InvalidProtocolBufferException e) {
            return ConfigOrError.fromError("Invalid proto: " + e);
        }
    }

    @Override // io.grpc.xds.Filter
    public ConfigOrError<? extends Filter.FilterConfig> parseFilterConfigOverride(Message message) {
        return parseFilterConfig(message);
    }

    @Override // io.grpc.xds.Filter.ClientInterceptorBuilder
    @Nullable
    public ClientInterceptor buildClientInterceptor(Filter.FilterConfig filterConfig, @Nullable Filter.FilterConfig filterConfig2, LoadBalancer.PickSubchannelArgs pickSubchannelArgs, ScheduledExecutorService scheduledExecutorService) {
        final ComputeEngineCredentials create = ComputeEngineCredentials.create();
        final LruCache lruCache = new LruCache(((GcpAuthenticationConfig) filterConfig).getCacheSize());
        return new ClientInterceptor() { // from class: io.grpc.xds.GcpAuthenticationFilter.1
            @Override // io.grpc.ClientInterceptor
            public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(MethodDescriptor<ReqT, RespT> methodDescriptor, CallOptions callOptions, Channel channel) {
                try {
                    CallCredentials credentials = callOptions.getCredentials();
                    CallCredentials callCredentials = GcpAuthenticationFilter.this.getCallCredentials(lruCache, "TEST_AUDIENCE", create);
                    return channel.newCall(methodDescriptor, credentials != null ? callOptions.withCallCredentials(new CompositeCallCredentials(credentials, callCredentials)) : callOptions.withCallCredentials(callCredentials));
                } catch (Exception e) {
                    return new FailingClientCall(Status.UNAUTHENTICATED.withDescription("Failed to attach CallCredentials.").withCause(e));
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CallCredentials getCallCredentials(LruCache<String, CallCredentials> lruCache, String str, ComputeEngineCredentials computeEngineCredentials) {
        CallCredentials orInsert;
        synchronized (lruCache) {
            orInsert = lruCache.getOrInsert(str, str2 -> {
                return MoreCallCredentials.from(IdTokenCredentials.newBuilder().setIdTokenProvider(computeEngineCredentials).setTargetAudience(str).build());
            });
        }
        return orInsert;
    }
}
