package io.grpc.binder.internal;

import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.MoreExecutors;
import io.grpc.Attributes;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.SecurityLevel;
import io.grpc.ServerBuilder;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import io.grpc.internal.GrpcAttributes;
import j$.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CancellationException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import javax.annotation.CheckReturnValue;

/* loaded from: classes4.dex */
public final class BinderTransportSecurity {
    private static final Attributes.Key<TransportAuthorizationState> TRANSPORT_AUTHORIZATION_STATE = Attributes.Key.create("internal:transport-authorization-state");

    /* loaded from: classes4.dex */
    private static final class ServerAuthInterceptor implements ServerInterceptor {
        private final Executor executor;

        ServerAuthInterceptor(Executor executor) {
            this.executor = executor;
        }

        private <ReqT, RespT> ServerCall.Listener<ReqT> newServerCallListenerForPendingAuthResult(ListenableFuture<Status> listenableFuture, final ServerCall<ReqT, RespT> serverCall, final Metadata metadata, final ServerCallHandler<ReqT, RespT> serverCallHandler) {
            final PendingAuthListener pendingAuthListener = new PendingAuthListener();
            Futures.addCallback(listenableFuture, new FutureCallback<Status>(this) { // from class: io.grpc.binder.internal.BinderTransportSecurity.ServerAuthInterceptor.2
                @Override // com.google.common.util.concurrent.FutureCallback
                public void onFailure(Throwable th) {
                    serverCall.close(Status.INTERNAL.withCause(th).withDescription("Authorization future failed"), new Metadata());
                }

                @Override // com.google.common.util.concurrent.FutureCallback
                public void onSuccess(Status status) {
                    if (status.isOk()) {
                        pendingAuthListener.startCall(serverCall, metadata, serverCallHandler);
                    } else {
                        serverCall.close(status, new Metadata());
                    }
                }
            }, this.executor);
            return pendingAuthListener;
        }

        @Override // io.grpc.ServerInterceptor
        public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
            Status withDescription;
            ListenableFuture<Status> checkAuthorization = ((TransportAuthorizationState) serverCall.getAttributes().get(BinderTransportSecurity.TRANSPORT_AUTHORIZATION_STATE)).checkAuthorization(serverCall.getMethodDescriptor());
            if (!checkAuthorization.isDone()) {
                return newServerCallListenerForPendingAuthResult(checkAuthorization, serverCall, metadata, serverCallHandler);
            }
            try {
                withDescription = (Status) Futures.getDone(checkAuthorization);
            } catch (CancellationException | ExecutionException e) {
                Status withCause = Status.INTERNAL.withCause(e);
                String message = e.getMessage();
                withDescription = message != null ? withCause.withDescription(message) : withCause;
            }
            if (withDescription.isOk()) {
                return serverCallHandler.startCall(serverCall, metadata);
            }
            serverCall.close(withDescription, new Metadata());
            return new ServerCall.Listener<ReqT>(this) { // from class: io.grpc.binder.internal.BinderTransportSecurity.ServerAuthInterceptor.1
            };
        }
    }

    /* loaded from: classes4.dex */
    public interface ServerPolicyChecker {
        ListenableFuture<Status> checkAuthorizationForServiceAsync(int i, String str);
    }

    /* loaded from: classes4.dex */
    public interface ShutdownListener {
        void onServerShutdown();
    }

    /* loaded from: classes4.dex */
    private static final class TransportAuthorizationState {
        private final ServerPolicyChecker serverPolicyChecker;
        private final ConcurrentHashMap<String, ListenableFuture<Status>> serviceAuthorization = new ConcurrentHashMap<>(8);
        private final int uid;

        TransportAuthorizationState(int i, ServerPolicyChecker serverPolicyChecker) {
            this.uid = i;
            this.serverPolicyChecker = serverPolicyChecker;
        }

        @CheckReturnValue
        ListenableFuture<Status> checkAuthorization(MethodDescriptor<?, ?> methodDescriptor) {
            ListenableFuture<Status> listenableFuture;
            final String serviceName = methodDescriptor.getServiceName();
            boolean isSampledToLocalTracing = methodDescriptor.isSampledToLocalTracing();
            if (isSampledToLocalTracing && (listenableFuture = this.serviceAuthorization.get(serviceName)) != null) {
                return listenableFuture;
            }
            final ListenableFuture<Status> checkAuthorizationForServiceAsync = this.serverPolicyChecker.checkAuthorizationForServiceAsync(this.uid, serviceName);
            if (isSampledToLocalTracing) {
                this.serviceAuthorization.putIfAbsent(serviceName, checkAuthorizationForServiceAsync);
                Futures.addCallback(checkAuthorizationForServiceAsync, new FutureCallback<Status>(this) { // from class: io.grpc.binder.internal.BinderTransportSecurity.TransportAuthorizationState.1
                    final /* synthetic */ TransportAuthorizationState this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // com.google.common.util.concurrent.FutureCallback
                    public void onFailure(Throwable th) {
                        this.this$0.serviceAuthorization.remove(serviceName, checkAuthorizationForServiceAsync);
                    }

                    @Override // com.google.common.util.concurrent.FutureCallback
                    public void onSuccess(Status status) {
                    }
                }, MoreExecutors.directExecutor());
            }
            return checkAuthorizationForServiceAsync;
        }
    }

    private BinderTransportSecurity() {
    }

    public static void attachAuthAttrs(Attributes.Builder builder, int i, ServerPolicyChecker serverPolicyChecker) {
        builder.set(TRANSPORT_AUTHORIZATION_STATE, new TransportAuthorizationState(i, serverPolicyChecker)).set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY);
    }

    public static void installAuthInterceptor(ServerBuilder<?> serverBuilder, Executor executor) {
        serverBuilder.intercept(new ServerAuthInterceptor(executor));
    }
}
