package com.clevercloud.biscuit.token.format;

import biscuit.format.schema.Schema;
import cafe.cryptography.curve25519.CompressedRistretto;
import cafe.cryptography.curve25519.InvalidEncodingException;
import cafe.cryptography.curve25519.RistrettoElement;
import com.clevercloud.biscuit.crypto.KeyPair;
import com.clevercloud.biscuit.crypto.PublicKey;
import com.clevercloud.biscuit.crypto.TokenSignature;
import com.clevercloud.biscuit.error.Error;
import com.clevercloud.biscuit.token.Block;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import io.vavr.API;
import io.vavr.control.Either;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/clevercloud/biscuit/token/format/SerializedBiscuit.class */
public class SerializedBiscuit {
    public byte[] authority;
    public List<byte[]> blocks;
    public List<RistrettoElement> keys;
    public TokenSignature signature;

    public static Either<Error, SerializedBiscuit> from_bytes(byte[] bArr) {
        try {
            Schema.Biscuit parseFrom = Schema.Biscuit.parseFrom(bArr);
            ArrayList arrayList = new ArrayList();
            Iterator<ByteString> it = parseFrom.getKeysList().iterator();
            while (it.hasNext()) {
                arrayList.add(new CompressedRistretto(it.next().toByteArray()).decompress());
            }
            byte[] byteArray = parseFrom.getAuthority().toByteArray();
            ArrayList arrayList2 = new ArrayList();
            Iterator<ByteString> it2 = parseFrom.getBlocksList().iterator();
            while (it2.hasNext()) {
                arrayList2.add(it2.next().toByteArray());
            }
            Either<Error, TokenSignature> deserialize = TokenSignature.deserialize(parseFrom.getSignature());
            if (deserialize.isLeft()) {
                return API.Left((Error) deserialize.getLeft());
            }
            SerializedBiscuit serializedBiscuit = new SerializedBiscuit(byteArray, arrayList2, arrayList, (TokenSignature) deserialize.get());
            Either<Error, Void> verify = serializedBiscuit.verify();
            return verify.isLeft() ? API.Left((Error) verify.getLeft()) : API.Right(serializedBiscuit);
        } catch (InvalidEncodingException e) {
            return API.Left(new Error.FormatError.DeserializationError(e.toString()));
        } catch (InvalidProtocolBufferException e2) {
            return API.Left(new Error.FormatError.DeserializationError(e2.toString()));
        }
    }

    public Either<Error, byte[]> serialize() {
        Schema.Biscuit.Builder signature = Schema.Biscuit.newBuilder().setSignature(this.signature.serialize());
        for (int i = 0; i < this.keys.size(); i++) {
            signature.addKeys(ByteString.copyFrom(this.keys.get(i).compress().toByteArray()));
        }
        signature.setAuthority(ByteString.copyFrom(this.authority));
        for (int i2 = 0; i2 < this.blocks.size(); i2++) {
            signature.addBlocks(ByteString.copyFrom(this.blocks.get(i2)));
        }
        Schema.Biscuit m41build = signature.m41build();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            m41build.writeTo(byteArrayOutputStream);
            return API.Right(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            return API.Left(new Error.FormatError.SerializationError(e.toString()));
        }
    }

    public static Either<Error.FormatError, SerializedBiscuit> make(SecureRandom secureRandom, KeyPair keyPair, Block block) {
        Schema.Block serialize = block.serialize();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            serialize.writeTo(byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            TokenSignature tokenSignature = new TokenSignature(secureRandom, keyPair, byteArray);
            ArrayList arrayList = new ArrayList();
            arrayList.add(keyPair.public_key);
            return API.Right(new SerializedBiscuit(byteArray, new ArrayList(), arrayList, tokenSignature));
        } catch (IOException e) {
            return API.Left(new Error.FormatError.SerializationError(e.toString()));
        }
    }

    public Either<Error.FormatError, SerializedBiscuit> append(SecureRandom secureRandom, KeyPair keyPair, Block block) {
        Schema.Block serialize = block.serialize();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            serialize.writeTo(byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            TokenSignature sign = this.signature.sign(secureRandom, keyPair, byteArray);
            ArrayList arrayList = new ArrayList();
            Iterator<RistrettoElement> it = this.keys.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
            arrayList.add(keyPair.public_key);
            ArrayList arrayList2 = new ArrayList();
            Iterator<byte[]> it2 = this.blocks.iterator();
            while (it2.hasNext()) {
                arrayList2.add(it2.next());
            }
            arrayList2.add(byteArray);
            return API.Right(new SerializedBiscuit(this.authority, arrayList2, arrayList, sign));
        } catch (IOException e) {
            return API.Left(new Error.FormatError.SerializationError(e.toString()));
        }
    }

    public Either<Error, Void> verify() {
        if (this.keys.isEmpty()) {
            return API.Left(new Error.FormatError.EmptyKeys());
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.authority);
        Iterator<byte[]> it = this.blocks.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return this.signature.verify(this.keys, arrayList);
    }

    public Either<Error, Void> check_root_key(PublicKey publicKey) {
        return this.keys.isEmpty() ? API.Left(new Error.FormatError.EmptyKeys()) : this.keys.get(0).ctEquals(publicKey.key) != 1 ? API.Left(new Error.FormatError.UnknownPublicKey()) : API.Right((Object) null);
    }

    SerializedBiscuit(byte[] bArr, List<byte[]> list, List<RistrettoElement> list2, TokenSignature tokenSignature) {
        this.authority = bArr;
        this.blocks = list;
        this.keys = list2;
        this.signature = tokenSignature;
    }
}
