package com.yahoo.vespa.config.server.rpc.security;

import com.google.inject.Inject;
import com.yahoo.cloud.config.ConfigserverConfig;
import com.yahoo.config.provision.security.NodeIdentifier;
import com.yahoo.container.di.componentgraph.Provider;
import com.yahoo.security.tls.TransportSecurityUtils;
import com.yahoo.vespa.config.server.host.HostRegistries;
import com.yahoo.vespa.config.server.rpc.RequestHandlerProvider;
import com.yahoo.vespa.config.server.rpc.security.MultiTenantRpcAuthorizer;
import com.yahoo.vespa.flags.FlagSource;
import com.yahoo.vespa.flags.Flags;

/* loaded from: input_file:com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.class */
public class DefaultRpcAuthorizerProvider implements Provider<RpcAuthorizer> {
    private final RpcAuthorizer rpcAuthorizer;

    @Inject
    public DefaultRpcAuthorizerProvider(ConfigserverConfig configserverConfig, NodeIdentifier nodeIdentifier, HostRegistries hostRegistries, RequestHandlerProvider requestHandlerProvider, FlagSource flagSource) {
        String value = Flags.CONFIGSERVER_RPC_AUTHORIZER.bindTo(flagSource).value();
        this.rpcAuthorizer = TransportSecurityUtils.isTransportSecurityEnabled() && configserverConfig.multitenant() && configserverConfig.hostedVespa() && !value.equals("disable") ? new MultiTenantRpcAuthorizer(nodeIdentifier, hostRegistries, requestHandlerProvider, toMultiTenantRpcAuthorizerMode(value), getThreadPoolSize(configserverConfig)) : new NoopRpcAuthorizer();
    }

    private static MultiTenantRpcAuthorizer.Mode toMultiTenantRpcAuthorizerMode(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1604583454:
                if (str.equals("enforce")) {
                    z = true;
                    break;
                }
                break;
            case 1967392917:
                if (str.equals("log-only")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return MultiTenantRpcAuthorizer.Mode.LOG_ONLY;
            case true:
                return MultiTenantRpcAuthorizer.Mode.ENFORCE;
            default:
                throw new IllegalArgumentException("Invalid authorizer mode: " + str);
        }
    }

    private static int getThreadPoolSize(ConfigserverConfig configserverConfig) {
        if (configserverConfig.numRpcThreads() != 0) {
            return configserverConfig.numRpcThreads();
        }
        return 8;
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public RpcAuthorizer m50get() {
        return this.rpcAuthorizer;
    }

    public void deconstruct() {
    }
}
