package com.clevercloud.biscuit.token;

import com.clevercloud.biscuit.crypto.KeyPair;
import com.clevercloud.biscuit.crypto.PublicKey;
import com.clevercloud.biscuit.datalog.Check;
import com.clevercloud.biscuit.datalog.Fact;
import com.clevercloud.biscuit.datalog.ID;
import com.clevercloud.biscuit.datalog.Predicate;
import com.clevercloud.biscuit.datalog.Rule;
import com.clevercloud.biscuit.datalog.SymbolTable;
import com.clevercloud.biscuit.datalog.World;
import com.clevercloud.biscuit.error.Error;
import com.clevercloud.biscuit.error.FailedCheck;
import com.clevercloud.biscuit.error.LogicError;
import com.clevercloud.biscuit.token.format.SealedBiscuit;
import com.clevercloud.biscuit.token.format.SerializedBiscuit;
import io.vavr.API;
import io.vavr.control.Either;
import io.vavr.control.Option;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;

/* loaded from: input_file:com/clevercloud/biscuit/token/Biscuit.class */
public class Biscuit {
    final Block authority;
    final List<Block> blocks;
    final SymbolTable symbols;
    final Option<SerializedBiscuit> container;
    final List<byte[]> revocation_ids;

    public static com.clevercloud.biscuit.token.builder.Biscuit builder(SecureRandom secureRandom, KeyPair keyPair) {
        return new com.clevercloud.biscuit.token.builder.Biscuit(secureRandom, keyPair, default_symbol_table());
    }

    public static com.clevercloud.biscuit.token.builder.Biscuit builder(SecureRandom secureRandom, KeyPair keyPair, SymbolTable symbolTable) {
        return new com.clevercloud.biscuit.token.builder.Biscuit(secureRandom, keyPair, symbolTable);
    }

    public static Either<Error, Biscuit> make(SecureRandom secureRandom, KeyPair keyPair, SymbolTable symbolTable, Block block) {
        if (!Collections.disjoint(symbolTable.symbols, block.symbols.symbols)) {
            return API.Left(new Error.SymbolTableOverlap());
        }
        if (block.index != 0) {
            return API.Left(new Error.InvalidAuthorityIndex(block.index));
        }
        symbolTable.symbols.addAll(block.symbols.symbols);
        ArrayList arrayList = new ArrayList();
        Either<Error.FormatError, SerializedBiscuit> make = SerializedBiscuit.make(secureRandom, keyPair, block);
        if (make.isLeft()) {
            return API.Left((Error.FormatError) make.getLeft());
        }
        SerializedBiscuit serializedBiscuit = (SerializedBiscuit) make.get();
        return API.Right(new Biscuit(block, arrayList, symbolTable, Option.some(serializedBiscuit), serializedBiscuit.revocation_identifiers()));
    }

    Biscuit(Block block, List<Block> list, SymbolTable symbolTable, Option<SerializedBiscuit> option, List<byte[]> list2) {
        this.authority = block;
        this.blocks = list;
        this.symbols = symbolTable;
        this.container = option;
        this.revocation_ids = list2;
    }

    public static Either<Error, Biscuit> from_b64(String str) {
        return from_bytes(Base64.getUrlDecoder().decode(str));
    }

    public static Either<Error, Biscuit> from_bytes(byte[] bArr) {
        return from_bytes_with_symbols(bArr, default_symbol_table());
    }

    public static Either<Error, Biscuit> from_bytes_with_symbols(byte[] bArr, SymbolTable symbolTable) {
        Either<Error, SerializedBiscuit> from_bytes = SerializedBiscuit.from_bytes(bArr);
        if (from_bytes.isLeft()) {
            return API.Left((Error) from_bytes.getLeft());
        }
        SerializedBiscuit serializedBiscuit = (SerializedBiscuit) from_bytes.get();
        Either<Error.FormatError, Block> from_bytes2 = Block.from_bytes(serializedBiscuit.authority);
        if (from_bytes2.isLeft()) {
            return API.Left((Error) from_bytes2.getLeft());
        }
        Block block = (Block) from_bytes2.get();
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = serializedBiscuit.blocks.iterator();
        while (it.hasNext()) {
            Either<Error.FormatError, Block> from_bytes3 = Block.from_bytes(it.next());
            if (from_bytes3.isLeft()) {
                return API.Left((Error) from_bytes3.getLeft());
            }
            arrayList.add((Block) from_bytes3.get());
        }
        Iterator<String> it2 = block.symbols.symbols.iterator();
        while (it2.hasNext()) {
            symbolTable.add(it2.next());
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            Iterator<String> it4 = ((Block) it3.next()).symbols.symbols.iterator();
            while (it4.hasNext()) {
                symbolTable.add(it4.next());
            }
        }
        return API.Right(new Biscuit(block, arrayList, symbolTable, Option.some(serializedBiscuit), serializedBiscuit.revocation_identifiers()));
    }

    public Either<Error, Verifier> verify(PublicKey publicKey) {
        return Verifier.make(this, Option.some(publicKey));
    }

    public Either<Error, Verifier> verify_sealed() {
        return Verifier.make(this, Option.none());
    }

    public Either<Error, byte[]> serialize() {
        return this.container.isEmpty() ? API.Left(new Error.FormatError.SerializationError("no internal container")) : ((SerializedBiscuit) this.container.get()).serialize();
    }

    public Either<Error, String> serialize_b64() {
        Either<Error, byte[]> serialize = serialize();
        Base64.Encoder urlEncoder = Base64.getUrlEncoder();
        Objects.requireNonNull(urlEncoder);
        return serialize.map(urlEncoder::encodeToString);
    }

    public static Either<Error, Biscuit> from_sealed(byte[] bArr, byte[] bArr2) {
        SymbolTable default_symbol_table = default_symbol_table();
        Either<Error, SealedBiscuit> from_bytes = SealedBiscuit.from_bytes(bArr, bArr2);
        if (from_bytes.isLeft()) {
            return API.Left((Error) from_bytes.getLeft());
        }
        SealedBiscuit sealedBiscuit = (SealedBiscuit) from_bytes.get();
        Either<Error.FormatError, Block> from_bytes2 = Block.from_bytes(sealedBiscuit.authority);
        if (from_bytes2.isLeft()) {
            return API.Left((Error) from_bytes2.getLeft());
        }
        Block block = (Block) from_bytes2.get();
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = sealedBiscuit.blocks.iterator();
        while (it.hasNext()) {
            Either<Error.FormatError, Block> from_bytes3 = Block.from_bytes(it.next());
            if (from_bytes3.isLeft()) {
                return API.Left((Error) from_bytes3.getLeft());
            }
            arrayList.add((Block) from_bytes3.get());
        }
        Iterator<String> it2 = block.symbols.symbols.iterator();
        while (it2.hasNext()) {
            default_symbol_table.add(it2.next());
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            Iterator<String> it4 = ((Block) it3.next()).symbols.symbols.iterator();
            while (it4.hasNext()) {
                default_symbol_table.add(it4.next());
            }
        }
        return API.Right(new Biscuit(block, arrayList, default_symbol_table, Option.none(), sealedBiscuit.revocation_identifiers()));
    }

    public Either<Error.FormatError, byte[]> seal(byte[] bArr) {
        Either<Error.FormatError, SealedBiscuit> make = SealedBiscuit.make(this.authority, this.blocks, bArr);
        return make.isLeft() ? API.Left((Error.FormatError) make.getLeft()) : ((SealedBiscuit) make.get()).serialize();
    }

    public boolean is_sealed() {
        return this.container.isEmpty();
    }

    public Either<Error, Void> check_root_key(PublicKey publicKey) {
        return this.container.isEmpty() ? API.Left(new Error.Sealed()) : ((SerializedBiscuit) this.container.get()).check_root_key(publicKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Either<Error, World> generate_world() {
        World world = new World();
        long longValue = ((Long) this.symbols.get("authority").get()).longValue();
        long longValue2 = ((Long) this.symbols.get("ambient").get()).longValue();
        Iterator<Fact> it = this.authority.facts.iterator();
        while (it.hasNext()) {
            world.add_fact(it.next());
        }
        Iterator<Rule> it2 = this.authority.rules.iterator();
        while (it2.hasNext()) {
            world.add_privileged_rule(it2.next());
        }
        for (int i = 0; i < this.blocks.size(); i++) {
            Block block = this.blocks.get(i);
            if (block.index != i + 1) {
                return API.Left(new Error.InvalidBlockIndex(1 + this.blocks.size(), this.blocks.get(i).index));
            }
            for (Fact fact : block.facts) {
                if (fact.predicate().ids().get(0).equals(new ID.Symbol(longValue)) || fact.predicate().ids().get(0).equals(new ID.Symbol(longValue2))) {
                    return API.Left(new Error.FailedLogic(new LogicError.InvalidBlockFact(i, this.symbols.print_fact(fact))));
                }
                world.add_fact(fact);
            }
            Iterator<Rule> it3 = block.rules.iterator();
            while (it3.hasNext()) {
                world.add_rule(it3.next());
            }
        }
        List<byte[]> revocation_identifiers = revocation_identifiers();
        long longValue3 = ((Long) this.symbols.get("revocation_id").get()).longValue();
        for (int i2 = 0; i2 < revocation_identifiers.size(); i2++) {
            world.add_fact(new Fact(new Predicate(longValue3, Arrays.asList(new ID.Integer(i2), new ID.Bytes(revocation_identifiers.get(i2))))));
        }
        return API.Right(world);
    }

    Either<Error, HashMap<String, Set<Fact>>> check(SymbolTable symbolTable, List<Fact> list, List<Rule> list2, List<Check> list3, HashMap<String, Rule> hashMap) {
        Either<Error, World> generate_world = generate_world();
        if (generate_world.isLeft()) {
            return API.Left((Error) generate_world.getLeft());
        }
        World world = (World) generate_world.get();
        Iterator<Fact> it = list.iterator();
        while (it.hasNext()) {
            world.add_fact(it.next());
        }
        Iterator<Rule> it2 = list2.iterator();
        while (it2.hasNext()) {
            world.add_privileged_rule(it2.next());
        }
        HashSet hashSet = new HashSet();
        hashSet.add((Long) symbolTable.get("authority").get());
        hashSet.add((Long) symbolTable.get("ambient").get());
        world.run(hashSet);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.authority.checks.size(); i++) {
            boolean z = false;
            Check check = this.authority.checks.get(i);
            int i2 = 0;
            while (true) {
                if (i2 >= check.queries().size()) {
                    break;
                }
                if (!world.query_rule(check.queries().get(i2)).isEmpty()) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (!z) {
                arrayList.add(new FailedCheck.FailedBlock(0L, i, symbolTable.print_check(this.authority.checks.get(i))));
            }
        }
        for (int i3 = 0; i3 < list3.size(); i3++) {
            boolean z2 = false;
            Check check2 = list3.get(i3);
            int i4 = 0;
            while (true) {
                if (i4 >= check2.queries().size()) {
                    break;
                }
                if (!world.query_rule(check2.queries().get(i4)).isEmpty()) {
                    z2 = true;
                    break;
                }
                i4++;
            }
            if (!z2) {
                arrayList.add(new FailedCheck.FailedVerifier(i3, symbolTable.print_check(list3.get(i3))));
            }
        }
        for (int i5 = 0; i5 < this.blocks.size(); i5++) {
            Block block = this.blocks.get(i5);
            for (int i6 = 0; i6 < block.checks.size(); i6++) {
                boolean z3 = false;
                Check check3 = block.checks.get(i6);
                int i7 = 0;
                while (true) {
                    if (i7 >= check3.queries().size()) {
                        break;
                    }
                    if (!world.query_rule(check3.queries().get(i7)).isEmpty()) {
                        z3 = true;
                        break;
                    }
                    i7++;
                }
                if (!z3) {
                    arrayList.add(new FailedCheck.FailedBlock(block.index, i6, symbolTable.print_check(block.checks.get(i6))));
                }
            }
        }
        HashMap hashMap2 = new HashMap();
        for (String str : hashMap.keySet()) {
            hashMap2.put(str, world.query_rule(hashMap.get(str)));
        }
        return arrayList.isEmpty() ? API.Right(hashMap2) : API.Left(new Error.FailedLogic(new LogicError.FailedChecks(arrayList)));
    }

    public com.clevercloud.biscuit.token.builder.Block create_block() {
        return new com.clevercloud.biscuit.token.builder.Block(1 + this.blocks.size(), new SymbolTable(this.symbols));
    }

    public Either<Error, Biscuit> attenuate(SecureRandom secureRandom, KeyPair keyPair, Block block) {
        Either<Error, Biscuit> copy = copy();
        if (copy.isLeft()) {
            return API.Left((Error) copy.getLeft());
        }
        Biscuit biscuit2 = (Biscuit) copy.get();
        if (!Collections.disjoint(biscuit2.symbols.symbols, block.symbols.symbols)) {
            return API.Left(new Error.SymbolTableOverlap());
        }
        if (block.index != 1 + this.blocks.size()) {
            return API.Left(new Error.InvalidBlockIndex(1 + biscuit2.blocks.size(), block.index));
        }
        Either<Error.FormatError, SerializedBiscuit> append = ((SerializedBiscuit) biscuit2.container.get()).append(secureRandom, keyPair, block);
        if (append.isLeft()) {
            return API.Left((Error.FormatError) append.getLeft());
        }
        SerializedBiscuit serializedBiscuit = (SerializedBiscuit) append.get();
        SymbolTable symbolTable = new SymbolTable(biscuit2.symbols);
        Iterator<String> it = block.symbols.symbols.iterator();
        while (it.hasNext()) {
            symbolTable.add(it.next());
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Block> it2 = biscuit2.blocks.iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next());
        }
        arrayList.add(block);
        return API.Right(new Biscuit(biscuit2.authority, arrayList, symbolTable, Option.some(serializedBiscuit), serializedBiscuit.revocation_identifiers()));
    }

    public List<List<Check>> checks() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ArrayList(this.authority.checks));
        Iterator<Block> it = this.blocks.iterator();
        while (it.hasNext()) {
            arrayList.add(new ArrayList(it.next().checks));
        }
        return arrayList;
    }

    public List<byte[]> revocation_identifiers() {
        return this.revocation_ids;
    }

    public List<Option<String>> context() {
        ArrayList arrayList = new ArrayList();
        if (this.authority.context.isEmpty()) {
            arrayList.add(Option.none());
        } else {
            arrayList.add(Option.some(this.authority.context));
        }
        for (Block block : this.blocks) {
            if (block.context.isEmpty()) {
                arrayList.add(Option.none());
            } else {
                arrayList.add(Option.some(block.context));
            }
        }
        return arrayList;
    }

    public String print() {
        StringBuilder sb = new StringBuilder();
        sb.append("Biscuit {\n\tsymbols: ");
        sb.append(this.symbols.symbols);
        sb.append("\n\tauthority: ");
        sb.append(this.authority.print(this.symbols));
        sb.append("\n\tblocks: [\n");
        for (Block block : this.blocks) {
            sb.append("\t\t");
            sb.append(block.print(this.symbols));
            sb.append("\n");
        }
        sb.append("\t]\n}");
        return sb.toString();
    }

    public static SymbolTable default_symbol_table() {
        SymbolTable symbolTable = new SymbolTable();
        symbolTable.insert("authority");
        symbolTable.insert("ambient");
        symbolTable.insert("resource");
        symbolTable.insert("operation");
        symbolTable.insert("right");
        symbolTable.insert("current_time");
        symbolTable.insert("revocation_id");
        return symbolTable;
    }

    public Either<Error, Biscuit> copy() {
        return serialize().map(Biscuit::from_bytes).flatMap(either -> {
            return Either.narrow(either);
        });
    }
}
