package net.handle.hdllib.trust;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import net.handle.hdllib.Common;
import net.handle.hdllib.Encoder;
import net.handle.hdllib.HandleException;
import net.handle.hdllib.HandleRecord;
import net.handle.hdllib.HandleResolver;
import net.handle.hdllib.HandleStorage;
import net.handle.hdllib.HandleValue;
import net.handle.hdllib.Util;
import net.handle.hdllib.ValueReference;

/* loaded from: input_file:net/handle/hdllib/trust/ChainBuilder.class */
public class ChainBuilder {
    private static final int MAX_CHAIN_LENGTH = 50;
    private Map<String, HandleRecord> handleMap;
    private HandleResolver resolver;
    private HandleStorage storage;
    private final JsonWebSignatureFactory signatureFactory = JsonWebSignatureFactory.getInstance();
    private final HandleVerifier handleVerifier = new HandleVerifier();

    public ChainBuilder(Map<String, HandleRecord> map, HandleResolver handleResolver) {
        this.handleMap = map;
        fixHandleMapCase();
        this.resolver = handleResolver;
    }

    public ChainBuilder(HandleResolver handleResolver) {
        this.resolver = handleResolver;
    }

    public ChainBuilder(HandleStorage handleStorage) {
        this.storage = handleStorage;
    }

    public ChainBuilder(HandleStorage handleStorage, HandleResolver handleResolver) {
        this.storage = handleStorage;
        this.resolver = handleResolver;
    }

    private void fixHandleMapCase() {
        HashMap hashMap = null;
        for (Map.Entry<String, HandleRecord> entry : this.handleMap.entrySet()) {
            String key = entry.getKey();
            String upperCasePrefix = Util.upperCasePrefix(key);
            if (!key.equals(upperCasePrefix)) {
                if (hashMap == null) {
                    hashMap = new HashMap();
                }
                hashMap.put(upperCasePrefix, entry.getValue());
            }
        }
        if (hashMap != null) {
            this.handleMap.putAll(hashMap);
        }
    }

    public List<IssuedSignature> buildChain(JsonWebSignature jsonWebSignature) throws TrustException {
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        List<String> list = null;
        while (true) {
            List<String> list2 = list;
            HandleClaimsSet handleClaimsSet = this.handleVerifier.getHandleClaimsSet(jsonWebSignature);
            if (handleClaimsSet == null) {
                throw new TrustException("signature payload not valid");
            }
            if (handleClaimsSet.isSelfIssued()) {
                arrayList.add(new IssuedSignature(jsonWebSignature, handleClaimsSet.publicKey, handleClaimsSet.perms));
                return arrayList;
            }
            if (arrayList.size() >= 50) {
                throw new TrustException("chain too long");
            }
            boolean z = false;
            if (list2 == null || list2.isEmpty()) {
                list2 = handleClaimsSet.chain;
                if (list2 == null || list2.isEmpty()) {
                    z = true;
                    list2 = Collections.singletonList(ValueReference.fromString(handleClaimsSet.iss).getHandleAsString());
                }
            }
            String str = list2.get(0);
            if (hashSet.contains(str)) {
                throw new TrustException("cycle in chain");
            }
            hashSet.add(str);
            try {
                String lookup = lookup(str, handleClaimsSet.iss);
                if (lookup == null) {
                    if (z) {
                        throw new TrustException("no chain and unable to resolve issuer " + str);
                    }
                    throw new TrustException("unable to resolve chain " + str);
                }
                try {
                    JsonWebSignature deserialize = this.signatureFactory.deserialize(lookup);
                    HandleClaimsSet handleClaimsSet2 = this.handleVerifier.getHandleClaimsSet(deserialize);
                    if (handleClaimsSet2 == null) {
                        throw new TrustException("signature payload not valid");
                    }
                    if (!Util.equalsPrefixCI(handleClaimsSet2.sub, handleClaimsSet.iss)) {
                        throw new TrustException("chain is broken");
                    }
                    arrayList.add(new IssuedSignature(jsonWebSignature, handleClaimsSet2.publicKey, handleClaimsSet2.perms));
                    jsonWebSignature = deserialize;
                    list = list2.subList(1, list2.size());
                } catch (TrustException e) {
                    if (z) {
                        throw new TrustException("no chain and not a signature at issuer " + str);
                    }
                    throw new TrustException("not a signature at chain " + str);
                }
            } catch (HandleException e2) {
                throw new TrustException("handle resolution exception", e2);
            }
        }
    }

    private String lookup(String str, String str2) throws HandleException {
        JsonWebSignature latestHsCertAboutSubject;
        HandleRecord handleRecord;
        ValueReference fromString = ValueReference.fromString(str);
        if (fromString.index > 0) {
            HandleValue handleValue = null;
            if (this.handleMap != null) {
                handleValue = handleMapLookup(fromString);
            }
            if (handleValue == null && this.storage != null) {
                handleValue = storageLookup(fromString);
            }
            if (handleValue == null && this.resolver != null) {
                handleValue = this.resolver.resolveValueReference(fromString);
            }
            if (handleValue == null) {
                return null;
            }
            return handleValue.getDataAsString();
        }
        List<HandleValue> list = null;
        if (this.handleMap != null && (handleRecord = this.handleMap.get(Util.upperCasePrefix(fromString.getHandleAsString()))) != null) {
            list = handleRecord.getValues();
        }
        if (list == null && this.storage != null) {
            list = storageLookup(fromString.handle);
        }
        if (list == null && this.resolver != null) {
            list = Arrays.asList(this.resolver.resolveHandle(fromString.handle));
        }
        if (list == null || (latestHsCertAboutSubject = getLatestHsCertAboutSubject(str2, list)) == null) {
            return null;
        }
        return latestHsCertAboutSubject.serialize();
    }

    private HandleValue storageLookup(ValueReference valueReference) throws HandleException {
        byte[][] rawHandleValues = this.storage.getRawHandleValues(Util.upperCasePrefix(valueReference.handle), new int[]{valueReference.index}, (byte[][]) null);
        if (rawHandleValues == null || rawHandleValues.length == 0) {
            return null;
        }
        return Encoder.decodeHandleValues(rawHandleValues)[0];
    }

    private List<HandleValue> storageLookup(byte[] bArr) throws HandleException {
        byte[][] rawHandleValues = this.storage.getRawHandleValues(Util.upperCasePrefix(bArr), null, (byte[][]) null);
        if (rawHandleValues == null || rawHandleValues.length == 0) {
            return null;
        }
        return Arrays.asList(Encoder.decodeHandleValues(rawHandleValues));
    }

    private HandleValue handleMapLookup(ValueReference valueReference) {
        HandleRecord handleRecord = this.handleMap.get(Util.upperCasePrefix(valueReference.getHandleAsString()));
        if (handleRecord == null) {
            return null;
        }
        return handleRecord.getValueAtIndex(valueReference.index);
    }

    JsonWebSignature getLatestHsCertAboutSubject(String str, List<HandleValue> list) throws TrustException {
        JsonWebSignature jsonWebSignature = null;
        HandleClaimsSet handleClaimsSet = null;
        for (HandleValue handleValue : list) {
            if (handleValue.hasType(Common.HS_CERT_TYPE)) {
                JsonWebSignature deserialize = this.signatureFactory.deserialize(handleValue.getDataAsString());
                HandleClaimsSet handleClaimsSet2 = this.handleVerifier.getHandleClaimsSet(deserialize);
                if (str.equals(handleClaimsSet2.sub)) {
                    if (jsonWebSignature == null) {
                        jsonWebSignature = deserialize;
                        handleClaimsSet = handleClaimsSet2;
                    } else if (issuedLater(handleClaimsSet2, handleClaimsSet)) {
                        jsonWebSignature = deserialize;
                        handleClaimsSet = handleClaimsSet2;
                    }
                }
            }
        }
        return jsonWebSignature;
    }

    private static boolean issuedLater(HandleClaimsSet handleClaimsSet, HandleClaimsSet handleClaimsSet2) {
        if (handleClaimsSet.iat == null) {
            return false;
        }
        return handleClaimsSet2.iat == null || handleClaimsSet.iat.longValue() > handleClaimsSet2.iat.longValue();
    }
}
