package org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.xds.internal.security.certprovider;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.google.common.annotations.VisibleForTesting;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.google.common.base.Preconditions;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.Status;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.xds.internal.security.Closeable;

/* loaded from: input_file:org/apache/flink/shaded/net/snowflake/client/jdbc/internal/grpc/xds/internal/security/certprovider/CertificateProvider.class */
public abstract class CertificateProvider implements Closeable {
    private final DistributorWatcher watcher;
    private final boolean notifyCertUpdates;

    @VisibleForTesting
    /* loaded from: input_file:org/apache/flink/shaded/net/snowflake/client/jdbc/internal/grpc/xds/internal/security/certprovider/CertificateProvider$DistributorWatcher.class */
    public static final class DistributorWatcher implements Watcher {
        private PrivateKey privateKey;
        private List<X509Certificate> certChain;
        private List<X509Certificate> trustedRoots;

        @VisibleForTesting
        final Set<Watcher> downstreamWatchers = new HashSet();

        /* JADX INFO: Access modifiers changed from: package-private */
        public synchronized void addWatcher(Watcher watcher) {
            this.downstreamWatchers.add(watcher);
            if (this.privateKey != null && this.certChain != null) {
                sendLastCertificateUpdate(watcher);
            }
            if (this.trustedRoots != null) {
                sendLastTrustedRootsUpdate(watcher);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public synchronized void removeWatcher(Watcher watcher) {
            this.downstreamWatchers.remove(watcher);
        }

        @VisibleForTesting
        public Set<Watcher> getDownstreamWatchers() {
            return Collections.unmodifiableSet(this.downstreamWatchers);
        }

        private void sendLastCertificateUpdate(Watcher watcher) {
            watcher.updateCertificate(this.privateKey, this.certChain);
        }

        private void sendLastTrustedRootsUpdate(Watcher watcher) {
            watcher.updateTrustedRoots(this.trustedRoots);
        }

        @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher
        public synchronized void updateCertificate(PrivateKey privateKey, List<X509Certificate> list) {
            Preconditions.checkNotNull(privateKey, "key");
            Preconditions.checkNotNull(list, "certChain");
            this.privateKey = privateKey;
            this.certChain = list;
            Iterator<Watcher> it = this.downstreamWatchers.iterator();
            while (it.hasNext()) {
                sendLastCertificateUpdate(it.next());
            }
        }

        @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher
        public synchronized void updateTrustedRoots(List<X509Certificate> list) {
            Preconditions.checkNotNull(list, "trustedRoots");
            this.trustedRoots = list;
            Iterator<Watcher> it = this.downstreamWatchers.iterator();
            while (it.hasNext()) {
                sendLastTrustedRootsUpdate(it.next());
            }
        }

        @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.xds.internal.security.certprovider.CertificateProvider.Watcher
        public synchronized void onError(Status status) {
            Iterator<Watcher> it = this.downstreamWatchers.iterator();
            while (it.hasNext()) {
                it.next().onError(status);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Certificate getLastIdentityCert() {
            if (this.certChain == null || this.certChain.isEmpty()) {
                return null;
            }
            return this.certChain.get(0);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void close() {
            this.downstreamWatchers.clear();
            clearValues();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void clearValues() {
            this.privateKey = null;
            this.certChain = null;
            this.trustedRoots = null;
        }
    }

    /* loaded from: input_file:org/apache/flink/shaded/net/snowflake/client/jdbc/internal/grpc/xds/internal/security/certprovider/CertificateProvider$Watcher.class */
    public interface Watcher {
        void updateCertificate(PrivateKey privateKey, List<X509Certificate> list);

        void updateTrustedRoots(List<X509Certificate> list);

        void onError(Status status);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateProvider(DistributorWatcher distributorWatcher, boolean z) {
        this.watcher = distributorWatcher;
        this.notifyCertUpdates = z;
    }

    @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.grpc.xds.internal.security.Closeable, java.io.Closeable, java.lang.AutoCloseable
    public abstract void close();

    public abstract void start();

    public DistributorWatcher getWatcher() {
        return this.watcher;
    }

    public boolean isNotifyCertUpdates() {
        return this.notifyCertUpdates;
    }
}
