package dev.cerbos.sdk;

import io.grpc.Channel;
import io.grpc.ManagedChannel;
import io.grpc.ManagedChannelBuilder;
import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.InputStream;
import java.time.Duration;
import javax.net.ssl.SSLException;

/* loaded from: input_file:dev/cerbos/sdk/CerbosClientBuilder.class */
public class CerbosClientBuilder {
    private final String target;
    private boolean plaintext;
    private boolean insecure;
    private String authority;
    private InputStream caCertificate;
    private InputStream tlsCertificate;
    private InputStream tlsKey;
    private String playgroundInstance;
    private long timeoutMillis = 1000;

    /* loaded from: input_file:dev/cerbos/sdk/CerbosClientBuilder$InvalidClientConfigurationException.class */
    public static class InvalidClientConfigurationException extends Exception {
        public InvalidClientConfigurationException(String str) {
            super(str);
        }

        public InvalidClientConfigurationException(String str, Throwable th) {
            super(str, th);
        }

        public InvalidClientConfigurationException(Throwable th) {
            super(th);
        }
    }

    public CerbosClientBuilder(String str) {
        this.target = str;
    }

    public CerbosClientBuilder withPlaintext() {
        this.plaintext = true;
        return this;
    }

    public CerbosClientBuilder withInsecure() {
        this.insecure = true;
        return this;
    }

    public CerbosClientBuilder withAuthority(String str) {
        this.authority = str;
        return this;
    }

    public CerbosClientBuilder withCaCertificate(InputStream inputStream) {
        this.caCertificate = inputStream;
        return this;
    }

    public CerbosClientBuilder withTlsCertificate(InputStream inputStream) {
        this.tlsCertificate = inputStream;
        return this;
    }

    public CerbosClientBuilder withTlsKey(InputStream inputStream) {
        this.tlsKey = inputStream;
        return this;
    }

    public CerbosClientBuilder withTimeout(Duration duration) {
        this.timeoutMillis = duration.toMillis();
        return this;
    }

    public CerbosClientBuilder withPlaygroundInstance(String str) {
        this.playgroundInstance = str;
        return this;
    }

    private ManagedChannel buildChannel() throws InvalidClientConfigurationException {
        ManagedChannelBuilder sslContext;
        if (isEmptyString(this.target)) {
            throw new InvalidClientConfigurationException("Invalid target [" + this.target + "]");
        }
        if (this.plaintext) {
            sslContext = ManagedChannelBuilder.forTarget(this.target).usePlaintext();
        } else {
            SslContextBuilder forClient = GrpcSslContexts.forClient();
            if (this.insecure) {
                forClient.trustManager(InsecureTrustManagerFactory.INSTANCE);
            }
            if (this.caCertificate != null) {
                try {
                    forClient.trustManager(this.caCertificate);
                } catch (Exception e) {
                    throw new InvalidClientConfigurationException("Failed to set CA trust root", e);
                }
            }
            if (this.tlsCertificate != null && this.tlsKey != null) {
                try {
                    forClient.keyManager(this.tlsCertificate, this.tlsKey);
                } catch (Exception e2) {
                    throw new InvalidClientConfigurationException("Failed to set TLS credentials", e2);
                }
            }
            try {
                sslContext = NettyChannelBuilder.forTarget(this.target).sslContext(forClient.build());
            } catch (SSLException e3) {
                throw new InvalidClientConfigurationException("Failed to build SSL context", e3);
            }
        }
        if (!isEmptyString(this.authority)) {
            sslContext.overrideAuthority(this.authority);
        }
        return sslContext.build();
    }

    public CerbosBlockingClient buildBlockingClient() throws InvalidClientConfigurationException {
        PlaygroundInstanceCredentials playgroundInstanceCredentials = null;
        if (!isEmptyString(this.playgroundInstance)) {
            playgroundInstanceCredentials = new PlaygroundInstanceCredentials(this.playgroundInstance);
        }
        return new CerbosBlockingClient((Channel) buildChannel(), this.timeoutMillis, playgroundInstanceCredentials);
    }

    private static boolean isEmptyString(String str) {
        return str == null || str.strip().isEmpty();
    }
}
