package io.grpc.xds.internal.security.certprovider;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.grpc.Internal;
import io.grpc.xds.Bootstrapper;
import io.grpc.xds.EnvoyServerProtoData;
import io.grpc.xds.internal.security.SslContextProvider;
import io.grpc.xds.shaded.io.envoyproxy.envoy.config.core.v3.Node;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
import java.util.Map;
import javax.annotation.Nullable;

@Internal
/* loaded from: input_file:lib/grpc-xds-1.50.2.jar:io/grpc/xds/internal/security/certprovider/CertProviderServerSslContextProviderFactory.class */
public final class CertProviderServerSslContextProviderFactory {
    private static final CertProviderServerSslContextProviderFactory DEFAULT_INSTANCE = new CertProviderServerSslContextProviderFactory(CertificateProviderStore.getInstance());
    private final CertificateProviderStore certificateProviderStore;

    @VisibleForTesting
    public CertProviderServerSslContextProviderFactory(CertificateProviderStore certificateProviderStore) {
        this.certificateProviderStore = certificateProviderStore;
    }

    public static CertProviderServerSslContextProviderFactory getInstance() {
        return DEFAULT_INSTANCE;
    }

    public SslContextProvider getProvider(EnvoyServerProtoData.DownstreamTlsContext downstreamTlsContext, Node node, @Nullable Map<String, Bootstrapper.CertificateProviderInfo> map) {
        Preconditions.checkNotNull(downstreamTlsContext, "downstreamTlsContext");
        CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext();
        CertificateValidationContext staticValidationContext = CertProviderSslContextProvider.getStaticValidationContext(commonTlsContext);
        return new CertProviderServerSslContextProvider(node, map, CertProviderSslContextProvider.getCertProviderInstance(commonTlsContext), CertProviderSslContextProvider.getRootCertProviderInstance(commonTlsContext), staticValidationContext, downstreamTlsContext, this.certificateProviderStore);
    }
}
