package com.clevercloud.biscuit.token.format;

import biscuit.format.schema.Schema;
import com.clevercloud.biscuit.error.Error;
import com.clevercloud.biscuit.token.Block;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import io.vavr.API;
import io.vavr.control.Either;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/clevercloud/biscuit/token/format/SealedBiscuit.class */
public class SealedBiscuit {
    public byte[] authority;
    public List<byte[]> blocks;
    public byte[] signature;

    /* JADX WARN: Multi-variable type inference failed */
    public static Either<Error, SealedBiscuit> from_bytes(byte[] bArr, byte[] bArr2) {
        try {
            Schema.SealedBiscuit parseFrom = Schema.SealedBiscuit.parseFrom(bArr);
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr2, "HmacSHA256"));
            byte[] byteArray = parseFrom.getAuthority().toByteArray();
            mac.update(byteArray);
            ArrayList arrayList = new ArrayList();
            Iterator<ByteString> it = parseFrom.getBlocksList().iterator();
            while (it.hasNext()) {
                byte[] byteArray2 = it.next().toByteArray();
                arrayList.add(byteArray2);
                mac.update(byteArray2);
            }
            byte[] doFinal = mac.doFinal();
            byte[] byteArray3 = parseFrom.getSignature().toByteArray();
            if (doFinal.length != byteArray3.length) {
                Error error = new Error();
                error.getClass();
                Error.FormatError formatError = new Error.FormatError();
                formatError.getClass();
                Error.FormatError.Signature signature = new Error.FormatError.Signature();
                signature.getClass();
                return API.Left(new Error.FormatError.Signature.InvalidFormat());
            }
            Object[] objArr = false;
            for (int i = 0; i < doFinal.length; i++) {
                objArr = (objArr == true ? 1 : 0) | (doFinal[i] ^ byteArray3[i]) ? 1 : 0;
            }
            if (objArr != true) {
                return API.Right(new SealedBiscuit(byteArray, arrayList, byteArray3));
            }
            Error error2 = new Error();
            error2.getClass();
            Error.FormatError formatError2 = new Error.FormatError();
            formatError2.getClass();
            return API.Left(new Error.FormatError.SealedSignature());
        } catch (InvalidProtocolBufferException | InvalidKeyException | NoSuchAlgorithmException e) {
            Error error3 = new Error();
            error3.getClass();
            Error.FormatError formatError3 = new Error.FormatError();
            formatError3.getClass();
            return API.Left(new Error.FormatError.DeserializationError(e.toString()));
        }
    }

    public Either<Error.FormatError, byte[]> serialize() {
        Schema.SealedBiscuit.Builder signature = Schema.SealedBiscuit.newBuilder().setSignature(ByteString.copyFrom(this.signature));
        signature.setAuthority(ByteString.copyFrom(this.authority));
        for (int i = 0; i < this.blocks.size(); i++) {
            signature.addBlocks(ByteString.copyFrom(this.blocks.get(i)));
        }
        Schema.SealedBiscuit build = signature.build();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            build.writeTo(byteArrayOutputStream);
            return API.Right(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            Error error = new Error();
            error.getClass();
            Error.FormatError formatError = new Error.FormatError();
            formatError.getClass();
            return API.Left(new Error.FormatError.SerializationError(e.toString()));
        }
    }

    SealedBiscuit(byte[] bArr, List<byte[]> list, byte[] bArr2) {
        this.authority = bArr;
        this.blocks = list;
        this.signature = bArr2;
    }

    public static Either<Error.FormatError, SealedBiscuit> make(Block block, List<Block> list, byte[] bArr) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            Schema.Block serialize = block.serialize();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            serialize.writeTo(byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            mac.update(byteArray);
            ArrayList arrayList = new ArrayList();
            Iterator<Block> it = list.iterator();
            while (it.hasNext()) {
                Schema.Block serialize2 = it.next().serialize();
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                serialize2.writeTo(byteArrayOutputStream2);
                mac.update(byteArrayOutputStream2.toByteArray());
                arrayList.add(byteArrayOutputStream2.toByteArray());
            }
            return API.Right(new SealedBiscuit(byteArray, arrayList, mac.doFinal()));
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException e) {
            Error error = new Error();
            error.getClass();
            Error.FormatError formatError = new Error.FormatError();
            formatError.getClass();
            return API.Left(new Error.FormatError.SerializationError(e.toString()));
        }
    }
}
