package com.clevercloud.biscuit.token;

import com.clevercloud.biscuit.crypto.KeyPair;
import com.clevercloud.biscuit.crypto.PublicKey;
import com.clevercloud.biscuit.datalog.Check;
import com.clevercloud.biscuit.datalog.Fact;
import com.clevercloud.biscuit.datalog.Predicate;
import com.clevercloud.biscuit.datalog.Rule;
import com.clevercloud.biscuit.datalog.SymbolTable;
import com.clevercloud.biscuit.datalog.Term;
import com.clevercloud.biscuit.datalog.World;
import com.clevercloud.biscuit.error.Error;
import com.clevercloud.biscuit.error.FailedCheck;
import com.clevercloud.biscuit.error.LogicError;
import com.clevercloud.biscuit.token.format.SerializedBiscuit;
import com.clevercloud.biscuit.token.format.SignedBlock;
import io.vavr.API;
import io.vavr.control.Either;
import io.vavr.control.Option;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/clevercloud/biscuit/token/Biscuit.class */
public class Biscuit {
    final Block authority;
    final List<Block> blocks;
    final SymbolTable symbols;
    final Option<SerializedBiscuit> container;
    final List<byte[]> revocation_ids;

    public static com.clevercloud.biscuit.token.builder.Biscuit builder(KeyPair keyPair) {
        return new com.clevercloud.biscuit.token.builder.Biscuit(new SecureRandom(), keyPair, default_symbol_table());
    }

    public static com.clevercloud.biscuit.token.builder.Biscuit builder(SecureRandom secureRandom, KeyPair keyPair) {
        return new com.clevercloud.biscuit.token.builder.Biscuit(secureRandom, keyPair, default_symbol_table());
    }

    public static com.clevercloud.biscuit.token.builder.Biscuit builder(SecureRandom secureRandom, KeyPair keyPair, SymbolTable symbolTable) {
        return new com.clevercloud.biscuit.token.builder.Biscuit(secureRandom, keyPair, symbolTable);
    }

    public static Biscuit make(SecureRandom secureRandom, KeyPair keyPair, SymbolTable symbolTable, Block block) throws Error.SymbolTableOverlap, Error.FormatError {
        if (!Collections.disjoint(symbolTable.symbols, block.symbols.symbols)) {
            throw new Error.SymbolTableOverlap();
        }
        symbolTable.symbols.addAll(block.symbols.symbols);
        ArrayList arrayList = new ArrayList();
        Either<Error.FormatError, SerializedBiscuit> make = SerializedBiscuit.make(keyPair, block, new KeyPair(secureRandom));
        if (make.isLeft()) {
            throw ((Error.FormatError) make.getLeft());
        }
        SerializedBiscuit serializedBiscuit = (SerializedBiscuit) make.get();
        return new Biscuit(block, arrayList, symbolTable, Option.some(serializedBiscuit), serializedBiscuit.revocation_identifiers());
    }

    Biscuit(Block block, List<Block> list, SymbolTable symbolTable, Option<SerializedBiscuit> option, List<byte[]> list2) {
        this.authority = block;
        this.blocks = list;
        this.symbols = symbolTable;
        this.container = option;
        this.revocation_ids = list2;
    }

    @Deprecated
    public static Biscuit from_b64(String str, PublicKey publicKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        return from_bytes(Base64.getUrlDecoder().decode(str), publicKey);
    }

    public static Biscuit from_b64url(String str, PublicKey publicKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        return from_bytes(Base64.getUrlDecoder().decode(str), publicKey);
    }

    public static Biscuit from_bytes(byte[] bArr, PublicKey publicKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        return from_bytes_with_symbols(bArr, publicKey, default_symbol_table());
    }

    public static Biscuit from_bytes_with_symbols(byte[] bArr, PublicKey publicKey, SymbolTable symbolTable) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        return from_serialize_biscuit(SerializedBiscuit.from_bytes(bArr, publicKey), symbolTable);
    }

    static Biscuit from_serialize_biscuit(SerializedBiscuit serializedBiscuit, SymbolTable symbolTable) throws Error {
        Either<Error.FormatError, Block> from_bytes = Block.from_bytes(serializedBiscuit.authority.block);
        if (from_bytes.isLeft()) {
            throw ((Error) from_bytes.getLeft());
        }
        Block block = (Block) from_bytes.get();
        ArrayList arrayList = new ArrayList();
        Iterator<SignedBlock> it = serializedBiscuit.blocks.iterator();
        while (it.hasNext()) {
            Either<Error.FormatError, Block> from_bytes2 = Block.from_bytes(it.next().block);
            if (from_bytes2.isLeft()) {
                throw ((Error) from_bytes2.getLeft());
            }
            arrayList.add((Block) from_bytes2.get());
        }
        Iterator<String> it2 = block.symbols.symbols.iterator();
        while (it2.hasNext()) {
            symbolTable.add(it2.next());
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            Iterator<String> it4 = ((Block) it3.next()).symbols.symbols.iterator();
            while (it4.hasNext()) {
                symbolTable.add(it4.next());
            }
        }
        return new Biscuit(block, arrayList, symbolTable, Option.some(serializedBiscuit), serializedBiscuit.revocation_identifiers());
    }

    static Biscuit unsafe_from_bytes(byte[] bArr, SymbolTable symbolTable) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        Either<Error, SerializedBiscuit> unsafe_deserialize = SerializedBiscuit.unsafe_deserialize(bArr);
        if (unsafe_deserialize.isLeft()) {
            throw ((Error) unsafe_deserialize.getLeft());
        }
        return from_serialize_biscuit((SerializedBiscuit) unsafe_deserialize.get(), symbolTable);
    }

    public Authorizer authorizer() throws Error.FailedLogic {
        return Authorizer.make(this);
    }

    public byte[] serialize() throws Error.FormatError.SerializationError {
        if (this.container.isEmpty()) {
            throw new Error.FormatError.SerializationError("no internal container");
        }
        return ((SerializedBiscuit) this.container.get()).serialize();
    }

    @Deprecated
    public String serialize_b64() throws Error.FormatError.SerializationError {
        return Base64.getUrlEncoder().encodeToString(serialize());
    }

    public String serialize_b64url() throws Error.FormatError.SerializationError {
        return Base64.getUrlEncoder().encodeToString(serialize());
    }

    public byte[] seal() throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        if (this.container.isEmpty()) {
            throw new Error.FormatError.SerializationError("no internal container");
        }
        SerializedBiscuit serializedBiscuit = (SerializedBiscuit) this.container.get();
        Either<Error, Void> seal = serializedBiscuit.seal();
        if (seal.isLeft()) {
            throw ((Error) seal.getLeft());
        }
        return serializedBiscuit.serialize();
    }

    public boolean is_sealed() {
        return this.container.isEmpty() || ((SerializedBiscuit) this.container.get()).proof.secretKey.isEmpty();
    }

    Either<Error, World> generate_world() {
        World world = new World();
        Iterator<Fact> it = this.authority.facts.iterator();
        while (it.hasNext()) {
            world.add_fact(it.next());
        }
        Iterator<Rule> it2 = this.authority.rules.iterator();
        while (it2.hasNext()) {
            world.add_rule(it2.next());
        }
        for (int i = 0; i < this.blocks.size(); i++) {
            Block block = this.blocks.get(i);
            Iterator<Fact> it3 = block.facts.iterator();
            while (it3.hasNext()) {
                world.add_fact(it3.next());
            }
            Iterator<Rule> it4 = block.rules.iterator();
            while (it4.hasNext()) {
                world.add_rule(it4.next());
            }
        }
        List<RevocationIdentifier> revocation_identifiers = revocation_identifiers();
        long longValue = ((Long) this.symbols.get("revocation_id").get()).longValue();
        for (int i2 = 0; i2 < revocation_identifiers.size(); i2++) {
            world.add_fact(new Fact(new Predicate(longValue, Arrays.asList(new Term.Integer(i2), new Term.Bytes(revocation_identifiers.get(i2).getBytes())))));
        }
        return API.Right(world);
    }

    HashMap<String, Set<Fact>> check(SymbolTable symbolTable, List<Fact> list, List<Rule> list2, List<Check> list3, HashMap<String, Rule> hashMap) throws Error {
        Either<Error, World> generate_world = generate_world();
        if (generate_world.isLeft()) {
            throw ((Error) generate_world.getLeft());
        }
        World world = (World) generate_world.get();
        Iterator<Fact> it = list.iterator();
        while (it.hasNext()) {
            world.add_fact(it.next());
        }
        Iterator<Rule> it2 = list2.iterator();
        while (it2.hasNext()) {
            world.add_rule(it2.next());
        }
        world.run(symbolTable);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.authority.checks.size(); i++) {
            boolean z = false;
            Check check = this.authority.checks.get(i);
            int i2 = 0;
            while (true) {
                if (i2 >= check.queries().size()) {
                    break;
                }
                if (!world.query_rule(check.queries().get(i2), symbolTable).isEmpty()) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (!z) {
                arrayList.add(new FailedCheck.FailedBlock(0L, i, symbolTable.print_check(this.authority.checks.get(i))));
            }
        }
        for (int i3 = 0; i3 < list3.size(); i3++) {
            boolean z2 = false;
            Check check2 = list3.get(i3);
            int i4 = 0;
            while (true) {
                if (i4 >= check2.queries().size()) {
                    break;
                }
                if (!world.query_rule(check2.queries().get(i4), symbolTable).isEmpty()) {
                    z2 = true;
                    break;
                }
                i4++;
            }
            if (!z2) {
                arrayList.add(new FailedCheck.FailedAuthorizer(i3 + 1, symbolTable.print_check(list3.get(i3))));
            }
        }
        for (int i5 = 0; i5 < this.blocks.size(); i5++) {
            Block block = this.blocks.get(i5);
            for (int i6 = 0; i6 < block.checks.size(); i6++) {
                boolean z3 = false;
                Check check3 = block.checks.get(i6);
                int i7 = 0;
                while (true) {
                    if (i7 >= check3.queries().size()) {
                        break;
                    }
                    if (!world.query_rule(check3.queries().get(i7), symbolTable).isEmpty()) {
                        z3 = true;
                        break;
                    }
                    i7++;
                }
                if (!z3) {
                    arrayList.add(new FailedCheck.FailedBlock(i5 + 1, i6, symbolTable.print_check(block.checks.get(i6))));
                }
            }
        }
        HashMap<String, Set<Fact>> hashMap2 = new HashMap<>();
        for (String str : hashMap.keySet()) {
            hashMap2.put(str, world.query_rule(hashMap.get(str), symbolTable));
        }
        if (arrayList.isEmpty()) {
            return hashMap2;
        }
        throw new Error.FailedLogic(new LogicError.Unauthorized(new LogicError.MatchedPolicy.Allow(0L), arrayList));
    }

    public com.clevercloud.biscuit.token.builder.Block create_block() {
        return new com.clevercloud.biscuit.token.builder.Block(1 + this.blocks.size(), new SymbolTable(this.symbols));
    }

    public Biscuit attenuate(com.clevercloud.biscuit.token.builder.Block block) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        SecureRandom secureRandom = new SecureRandom();
        return attenuate(secureRandom, new KeyPair(secureRandom), block.build());
    }

    public Biscuit attenuate(SecureRandom secureRandom, KeyPair keyPair, Block block) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        Biscuit copy = copy();
        if (!Collections.disjoint(copy.symbols.symbols, block.symbols.symbols)) {
            throw new Error.SymbolTableOverlap();
        }
        Either<Error.FormatError, SerializedBiscuit> append = ((SerializedBiscuit) copy.container.get()).append(keyPair, block);
        if (append.isLeft()) {
            throw ((Error.FormatError) append.getLeft());
        }
        SerializedBiscuit serializedBiscuit = (SerializedBiscuit) append.get();
        SymbolTable symbolTable = new SymbolTable(copy.symbols);
        Iterator<String> it = block.symbols.symbols.iterator();
        while (it.hasNext()) {
            symbolTable.add(it.next());
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Block> it2 = copy.blocks.iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next());
        }
        arrayList.add(block);
        return new Biscuit(copy.authority, arrayList, symbolTable, Option.some(serializedBiscuit), serializedBiscuit.revocation_identifiers());
    }

    public List<List<Check>> checks() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ArrayList(this.authority.checks));
        Iterator<Block> it = this.blocks.iterator();
        while (it.hasNext()) {
            arrayList.add(new ArrayList(it.next().checks));
        }
        return arrayList;
    }

    public List<RevocationIdentifier> revocation_identifiers() {
        return (List) this.revocation_ids.stream().map(bArr -> {
            return RevocationIdentifier.from_bytes(bArr);
        }).collect(Collectors.toList());
    }

    public List<Option<String>> context() {
        ArrayList arrayList = new ArrayList();
        if (this.authority.context.isEmpty()) {
            arrayList.add(Option.none());
        } else {
            arrayList.add(Option.some(this.authority.context));
        }
        for (Block block : this.blocks) {
            if (block.context.isEmpty()) {
                arrayList.add(Option.none());
            } else {
                arrayList.add(Option.some(block.context));
            }
        }
        return arrayList;
    }

    public String print() {
        StringBuilder sb = new StringBuilder();
        sb.append("Biscuit {\n\tsymbols: ");
        sb.append(this.symbols.symbols);
        sb.append("\n\tauthority: ");
        sb.append(this.authority.print(this.symbols));
        sb.append("\n\tblocks: [\n");
        for (Block block : this.blocks) {
            sb.append("\t\t");
            sb.append(block.print(this.symbols));
            sb.append("\n");
        }
        sb.append("\t]\n}");
        return sb.toString();
    }

    public static SymbolTable default_symbol_table() {
        SymbolTable symbolTable = new SymbolTable();
        symbolTable.insert("authority");
        symbolTable.insert("ambient");
        symbolTable.insert("resource");
        symbolTable.insert("operation");
        symbolTable.insert("right");
        symbolTable.insert("current_time");
        symbolTable.insert("revocation_id");
        return symbolTable;
    }

    protected Object clone() throws CloneNotSupportedException {
        return super.clone();
    }

    public Biscuit copy() throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
        return unsafe_from_bytes(serialize(), this.symbols);
    }
}
