package shadow.io.grpc.xds.internal.security.certprovider;

import java.io.IOException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import shadow.com.google.common.base.Preconditions;
import shadow.io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
import shadow.io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import shadow.io.grpc.xds.Bootstrapper;
import shadow.io.grpc.xds.EnvoyServerProtoData;
import shadow.io.grpc.xds.internal.security.trust.XdsTrustManagerFactory;
import shadow.io.grpc.xds.shaded.io.envoyproxy.envoy.config.core.v3.Node;
import shadow.io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import shadow.io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import shadow.javax.annotation.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:shadow/io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProvider.class */
public final class CertProviderServerSslContextProvider extends CertProviderSslContextProvider {
    /* JADX INFO: Access modifiers changed from: package-private */
    public CertProviderServerSslContextProvider(Node node, @Nullable Map<String, Bootstrapper.CertificateProviderInfo> map, CommonTlsContext.CertificateProviderInstance certificateProviderInstance, CommonTlsContext.CertificateProviderInstance certificateProviderInstance2, CertificateValidationContext certificateValidationContext, EnvoyServerProtoData.DownstreamTlsContext downstreamTlsContext, CertificateProviderStore certificateProviderStore) {
        super(node, map, (CommonTlsContext.CertificateProviderInstance) Preconditions.checkNotNull(certificateProviderInstance, "Server SSL requires certInstance"), certificateProviderInstance2, certificateValidationContext, downstreamTlsContext, certificateProviderStore);
    }

    @Override // shadow.io.grpc.xds.internal.security.DynamicSslContextProvider
    protected final SslContextBuilder getSslContextBuilder(CertificateValidationContext certificateValidationContext) throws CertStoreException, CertificateException, IOException {
        SslContextBuilder forServer = SslContextBuilder.forServer(this.savedKey, this.savedCertChain);
        setClientAuthValues(forServer, isMtls() ? new XdsTrustManagerFactory((X509Certificate[]) this.savedTrustedRoots.toArray(new X509Certificate[0]), certificateValidationContext) : null);
        return GrpcSslContexts.configure(forServer);
    }
}
