package io.grpc.binder.internal;

import com.google.common.util.concurrent.C;
import com.google.common.util.concurrent.r;
import com.google.common.util.concurrent.t;
import com.google.common.util.concurrent.v;
import com.google.common.util.concurrent.w;
import io.grpc.Attributes;
import io.grpc.Internal;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.SecurityLevel;
import io.grpc.ServerBuilder;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import io.grpc.internal.GrpcAttributes;
import j$.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CancellationException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;

/* loaded from: classes3.dex */
public final class BinderTransportSecurity {
    private static final Attributes.Key<TransportAuthorizationState> TRANSPORT_AUTHORIZATION_STATE = Attributes.Key.create("internal:transport-authorization-state");

    /* loaded from: classes3.dex */
    public static final class ServerAuthInterceptor implements ServerInterceptor {
        private ServerAuthInterceptor() {
        }

        private <ReqT, RespT> ServerCall.Listener<ReqT> newServerCallListenerForPendingAuthResult(C c8, Executor executor, final ServerCall<ReqT, RespT> serverCall, final Metadata metadata, final ServerCallHandler<ReqT, RespT> serverCallHandler) {
            final PendingAuthListener pendingAuthListener = new PendingAuthListener();
            c8.addListener(new w(0, c8, new v() { // from class: io.grpc.binder.internal.BinderTransportSecurity.ServerAuthInterceptor.2
                @Override // com.google.common.util.concurrent.v
                public void onFailure(Throwable th) {
                    serverCall.close(Status.INTERNAL.withCause(th).withDescription("Authorization future failed"), new Metadata());
                }

                @Override // com.google.common.util.concurrent.v
                public void onSuccess(Status status) {
                    if (status.isOk()) {
                        pendingAuthListener.startCall(serverCall, metadata, serverCallHandler);
                    } else {
                        serverCall.close(status, new Metadata());
                    }
                }
            }), executor);
            return pendingAuthListener;
        }

        @Override // io.grpc.ServerInterceptor
        public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
            Status withDescription;
            TransportAuthorizationState transportAuthorizationState = (TransportAuthorizationState) serverCall.getAttributes().get(BinderTransportSecurity.TRANSPORT_AUTHORIZATION_STATE);
            C checkAuthorization = transportAuthorizationState.checkAuthorization(serverCall.getMethodDescriptor());
            if (!checkAuthorization.isDone()) {
                return newServerCallListenerForPendingAuthResult(checkAuthorization, transportAuthorizationState.executor, serverCall, metadata, serverCallHandler);
            }
            try {
                withDescription = (Status) r.e(checkAuthorization);
            } catch (CancellationException | ExecutionException e) {
                Status withCause = Status.INTERNAL.withCause(e);
                String message = e.getMessage();
                withDescription = message != null ? withCause.withDescription(message) : withCause;
            }
            if (withDescription.isOk()) {
                return serverCallHandler.startCall(serverCall, metadata);
            }
            serverCall.close(withDescription, new Metadata());
            return new ServerCall.Listener<ReqT>() { // from class: io.grpc.binder.internal.BinderTransportSecurity.ServerAuthInterceptor.1
            };
        }
    }

    /* loaded from: classes3.dex */
    public interface ServerPolicyChecker {
        C checkAuthorizationForServiceAsync(int i7, String str);
    }

    /* loaded from: classes3.dex */
    public static final class TransportAuthorizationState {
        private final Executor executor;
        private final ServerPolicyChecker serverPolicyChecker;
        private final ConcurrentHashMap<String, C> serviceAuthorization = new ConcurrentHashMap<>(8);
        private final int uid;

        public TransportAuthorizationState(int i7, ServerPolicyChecker serverPolicyChecker, Executor executor) {
            this.uid = i7;
            this.serverPolicyChecker = serverPolicyChecker;
            this.executor = executor;
        }

        public C checkAuthorization(MethodDescriptor<?, ?> methodDescriptor) {
            C c8;
            final String serviceName = methodDescriptor.getServiceName();
            boolean isSampledToLocalTracing = methodDescriptor.isSampledToLocalTracing();
            if (isSampledToLocalTracing && (c8 = this.serviceAuthorization.get(serviceName)) != null) {
                return c8;
            }
            final C checkAuthorizationForServiceAsync = this.serverPolicyChecker.checkAuthorizationForServiceAsync(this.uid, serviceName);
            if (isSampledToLocalTracing) {
                this.serviceAuthorization.putIfAbsent(serviceName, checkAuthorizationForServiceAsync);
                checkAuthorizationForServiceAsync.addListener(new w(0, checkAuthorizationForServiceAsync, new v() { // from class: io.grpc.binder.internal.BinderTransportSecurity.TransportAuthorizationState.1
                    @Override // com.google.common.util.concurrent.v
                    public void onFailure(Throwable th) {
                        TransportAuthorizationState.this.serviceAuthorization.remove(serviceName, checkAuthorizationForServiceAsync);
                    }

                    @Override // com.google.common.util.concurrent.v
                    public void onSuccess(Status status) {
                    }
                }), t.INSTANCE);
            }
            return checkAuthorizationForServiceAsync;
        }
    }

    private BinderTransportSecurity() {
    }

    @Internal
    public static void attachAuthAttrs(Attributes.Builder builder, int i7, ServerPolicyChecker serverPolicyChecker, Executor executor) {
        builder.set(TRANSPORT_AUTHORIZATION_STATE, new TransportAuthorizationState(i7, serverPolicyChecker, executor)).set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY);
    }

    @Internal
    public static void installAuthInterceptor(ServerBuilder<?> serverBuilder) {
        serverBuilder.intercept(new ServerAuthInterceptor());
    }
}
