package net.handle.hdllib.trust;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import net.handle.hdllib.Common;
import net.handle.hdllib.HandleRecord;
import net.handle.hdllib.HandleResolver;
import net.handle.hdllib.HandleSignature;
import net.handle.hdllib.HandleValue;
import net.handle.hdllib.Util;

/* loaded from: input_file:net/handle/hdllib/trust/HandleRecordTrustVerifier.class */
public class HandleRecordTrustVerifier {
    private final ChainBuilder chainBuilder;
    private final ChainVerifier chainVerifier;
    private boolean isThrowing;

    public HandleRecordTrustVerifier(HandleResolver handleResolver) {
        this.chainBuilder = new ChainBuilder(handleResolver);
        this.chainVerifier = new ChainVerifier(handleResolver.getConfiguration().getRootKeys());
    }

    public HandleRecordTrustVerifier(ChainBuilder chainBuilder, ChainVerifier chainVerifier) {
        this.chainBuilder = chainBuilder;
        this.chainVerifier = chainVerifier;
    }

    public void setThrowing(boolean z) {
        this.isThrowing = z;
    }

    public boolean validateHandleRecord(HandleRecord handleRecord) throws TrustException {
        List<HandleValue> values = handleRecord.getValues();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        boolean z = false;
        try {
            List<JsonWebSignature> jsonWebSignaturesFromValues = getJsonWebSignaturesFromValues(handleRecord.getValuesAsArray());
            if (jsonWebSignaturesFromValues.isEmpty()) {
                if (this.isThrowing) {
                    throw new TrustException("No signatures");
                }
                return false;
            }
            Iterator<JsonWebSignature> it = jsonWebSignaturesFromValues.iterator();
            while (it.hasNext()) {
                ChainVerificationReport verifyValues = this.chainVerifier.verifyValues(handleRecord.getHandle(), values, this.chainBuilder.buildChain(it.next()));
                if (!verifyValues.canTrust()) {
                    if (this.isThrowing) {
                        throw new TrustException("Chain not trusted");
                    }
                    return false;
                }
                if (!verifyValues.valuesReport.badDigestValues.isEmpty()) {
                    if (this.isThrowing) {
                        throw new TrustException("Bad digests");
                    }
                    return false;
                }
                if (!verifyValues.valuesReport.missingValues.isEmpty()) {
                    if (this.isThrowing) {
                        throw new TrustException("Missing values");
                    }
                    return false;
                }
                z = verifyValues.chainNeedsRequiredSigner;
                if (verifyValues.canTrustAndAuthorized()) {
                    hashSet.addAll(verifyValues.valuesReport.verifiedValues);
                }
                if (verifyValues.canTrustAndAuthorizedUpToRequiredSigner()) {
                    hashSet2.addAll(verifyValues.valuesReport.verifiedValues);
                }
            }
            if (!isAllValuesThatNeedSignatureInVerifiedSet(handleRecord, hashSet)) {
                if (this.isThrowing) {
                    throw new TrustException("Unsigned values");
                }
                return false;
            }
            if (!z || isAllValuesThatNeedSignatureInVerifiedSet(handleRecord, hashSet2)) {
                return true;
            }
            if (this.isThrowing) {
                throw new TrustException("Failure of required signer");
            }
            return false;
        } catch (TrustException e) {
            if (this.isThrowing) {
                throw e;
            }
            return false;
        }
    }

    private List<JsonWebSignature> getJsonWebSignaturesFromValues(HandleValue[] handleValueArr) throws TrustException {
        HandleValue[] signatureValues = getSignatureValues(handleValueArr);
        ArrayList arrayList = new ArrayList();
        if (signatureValues == null) {
            return arrayList;
        }
        for (HandleValue handleValue : signatureValues) {
            arrayList.add(JsonWebSignatureFactory.getInstance().deserialize(handleValue.getDataAsString()));
        }
        return arrayList;
    }

    private static boolean isAllValuesThatNeedSignatureInVerifiedSet(HandleRecord handleRecord, Set<Integer> set) {
        for (HandleValue handleValue : handleRecord.getValues()) {
            if (!set.contains(Integer.valueOf(handleValue.getIndex())) && valueNeedsSignature(handleRecord.getHandle(), handleValue)) {
                return false;
            }
        }
        return true;
    }

    private static boolean valueNeedsSignature(String str, HandleValue handleValue) {
        if (handleValue.hasType(Common.HS_SIGNATURE_TYPE) || !handleValue.getAnyoneCanRead()) {
            return false;
        }
        if ("0.NA/0.NA".equalsIgnoreCase(str)) {
            return (handleValue.hasType(HandleSignature.SIGNATURE_TYPE) || handleValue.hasType(HandleSignature.METADATA_TYPE)) ? false : true;
        }
        return true;
    }

    private static HandleValue[] getSignatureValues(HandleValue[] handleValueArr) {
        return Util.filterValues(handleValueArr, null, Common.HS_SIGNATURE_TYPE_LIST);
    }
}
