package net.handle.hdllib.trust;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import net.handle.hdllib.HandleValue;
import net.handle.hdllib.Util;
import net.handle.hdllib.ValueReference;

/* loaded from: input_file:net/handle/hdllib/trust/ChainVerifier.class */
public class ChainVerifier {
    private static final String TRUST_ROOT_HANDLE = "0.0/0.0";
    private final HandleVerifier handleVerifier = new HandleVerifier();
    private final List<PublicKey> rootKeys;
    private AbstractRequiredSignerStore requiredSigners;

    public ChainVerifier(List<PublicKey> list) {
        this.rootKeys = list;
    }

    public ChainVerifier(List<PublicKey> list, AbstractRequiredSignerStore abstractRequiredSignerStore) {
        this.rootKeys = list;
        this.requiredSigners = abstractRequiredSignerStore;
    }

    public ChainVerificationReport verifyValues(String str, List<HandleValue> list, List<IssuedSignature> list2) {
        ChainVerificationReport chainVerificationReport = new ChainVerificationReport();
        chainVerificationReport.valuesReport = this.handleVerifier.verifyValues(str, list, list2.get(0).jws, list2.get(0).issuerPublicKey);
        setChainReportValues(chainVerificationReport, str, list2);
        return chainVerificationReport;
    }

    public ChainVerificationReport verifyChain(List<IssuedSignature> list) {
        ChainVerificationReport chainVerificationReport = new ChainVerificationReport();
        setChainReportValues(chainVerificationReport, null, list);
        return chainVerificationReport;
    }

    private void setChainReportValues(ChainVerificationReport chainVerificationReport, String str, List<IssuedSignature> list) {
        List<JsonWebSignature> requiredSignersAuthorizedOver;
        List<IssuedSignatureVerificationReport> checkIssuedSignatures = checkIssuedSignatures(str, list);
        chainVerificationReport.issuedSignatureVerificationReports = checkIssuedSignatures;
        if (this.requiredSigners != null && str != null && (requiredSignersAuthorizedOver = this.requiredSigners.getRequiredSignersAuthorizedOver(str)) != null && !requiredSignersAuthorizedOver.isEmpty()) {
            chainVerificationReport.chainNeedsRequiredSigner = true;
            chainVerificationReport.chainGoodUpToRequiredSigner = areIssuedSignaturesTrustAndAuthorizedUpToRequiredSigner(requiredSignersAuthorizedOver, list, checkIssuedSignatures);
        }
        HandleClaimsSet handleClaimsSet = this.handleVerifier.getHandleClaimsSet(list.get(list.size() - 1).jws);
        if (handleClaimsSet != null && isRoot(handleClaimsSet.sub, handleClaimsSet.publicKey)) {
            chainVerificationReport.rootIsTrusted = true;
        }
    }

    private boolean areIssuedSignaturesTrustAndAuthorizedUpToRequiredSigner(List<JsonWebSignature> list, List<IssuedSignature> list2, List<IssuedSignatureVerificationReport> list3) {
        for (int i = 0; i < list2.size(); i++) {
            IssuedSignature issuedSignature = list2.get(i);
            IssuedSignatureVerificationReport issuedSignatureVerificationReport = list3.get(i);
            HandleClaimsSet handleClaimsSet = this.handleVerifier.getHandleClaimsSet(issuedSignature.jws);
            Iterator<JsonWebSignature> it = list.iterator();
            while (it.hasNext()) {
                HandleClaimsSet handleClaimsSet2 = this.handleVerifier.getHandleClaimsSet(it.next());
                if (Util.equalsPrefixCI(handleClaimsSet2.sub, handleClaimsSet.iss) && handleClaimsSet2.publicKey.equals(issuedSignature.issuerPublicKey)) {
                    return true;
                }
            }
            if (!issuedSignatureVerificationReport.canTrustAndAuthorized()) {
                return false;
            }
        }
        return false;
    }

    private List<IssuedSignatureVerificationReport> checkIssuedSignatures(String str, List<IssuedSignature> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<IssuedSignature> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(this.handleVerifier.verifyIssuedSignature(str, it.next()));
        }
        return arrayList;
    }

    private boolean isRoot(String str, PublicKey publicKey) {
        if (this.rootKeys == null) {
            System.err.println("Error missing root keys.");
        }
        return Util.equalsPrefixCI(TRUST_ROOT_HANDLE, ValueReference.fromString(str).getHandleAsString()) && this.rootKeys.contains(publicKey);
    }
}
