package com.github.nitram509.jmacaroons;

import com.github.nitram509.jmacaroons.CaveatPacket;
import com.github.nitram509.jmacaroons.util.ArrayTools;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes3.dex */
public class MacaroonsVerifier {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private final Macaroon macaroon;
    private String[] predicates = new String[0];
    private List<Macaroon> boundMacaroons = new ArrayList(3);
    private GeneralCaveatVerifier[] generalCaveatVerifiers = new GeneralCaveatVerifier[0];

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class VerificationResult {
        byte[] csig;
        boolean fail;
        String failMessage;

        private VerificationResult(String str) {
            this.csig = null;
            this.failMessage = str;
            this.fail = true;
        }

        private VerificationResult(byte[] bArr) {
            this.fail = false;
            this.failMessage = null;
            this.csig = bArr;
        }
    }

    public MacaroonsVerifier(Macaroon macaroon) {
        this.macaroon = macaroon;
    }

    private Macaroon findBoundMacaroon(String str) {
        for (Macaroon macaroon : this.boundMacaroons) {
            if (str.equals(macaroon.identifier)) {
                return macaroon;
            }
        }
        return null;
    }

    private VerificationResult isValid_verify_raw(Macaroon macaroon, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        VerificationResult macaroon_verify_inner = macaroon_verify_inner(macaroon, bArr);
        if (macaroon_verify_inner.fail) {
            return macaroon_verify_inner;
        }
        macaroon_verify_inner.fail = !CryptoTools.safeEquals(macaroon_verify_inner.csig, getMacaroon().signatureBytes);
        return macaroon_verify_inner.fail ? new VerificationResult("Verification failed. Signature doesn't match. Maybe the key was wrong OR some caveats aren't satisfied.") : macaroon_verify_inner;
    }

    private VerificationResult macaroon_verify_inner(Macaroon macaroon, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException {
        byte[] macaroon_hmac = CryptoTools.macaroon_hmac(bArr, macaroon.identifier);
        if (macaroon.caveatPackets != null) {
            CaveatPacket[] caveatPacketArr = macaroon.caveatPackets;
            int i = 0;
            while (i < caveatPacketArr.length) {
                CaveatPacket caveatPacket = caveatPacketArr[i];
                if (caveatPacket != null && caveatPacket.type != CaveatPacket.Type.cl) {
                    if (caveatPacket.type == CaveatPacket.Type.cid) {
                        int i2 = i + 1;
                        if (caveatPacketArr[Math.min(i2, caveatPacketArr.length - 1)].type == CaveatPacket.Type.vid) {
                            CaveatPacket caveatPacket2 = caveatPacketArr[i2];
                            Macaroon findBoundMacaroon = findBoundMacaroon(caveatPacket.getValueAsText());
                            if (findBoundMacaroon == null) {
                                return new VerificationResult("Couldn't verify 3rd party macaroon, because no discharged macaroon was provided to the verifier.");
                            }
                            if (!macaroon_verify_inner_3rd(findBoundMacaroon, caveatPacket2, macaroon_hmac)) {
                                return new VerificationResult("Couldn't verify 3rd party macaroon, identifier= " + findBoundMacaroon.identifier);
                            }
                            macaroon_hmac = CryptoTools.macaroon_hash2(macaroon_hmac, caveatPacket2.rawValue, caveatPacket.rawValue);
                            i = i2;
                        }
                    }
                    if (ArrayTools.containsElement(this.predicates, caveatPacket.getValueAsText()) || verifiesGeneral(caveatPacket.getValueAsText())) {
                        macaroon_hmac = CryptoTools.macaroon_hmac(macaroon_hmac, caveatPacket.rawValue);
                    }
                }
                i++;
            }
        }
        return new VerificationResult(macaroon_hmac);
    }

    private boolean macaroon_verify_inner_3rd(Macaroon macaroon, CaveatPacket caveatPacket, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException {
        if (macaroon == null) {
            return false;
        }
        byte[] bArr2 = new byte[64];
        byte[] bArr3 = new byte[64];
        byte[] bArr4 = caveatPacket.rawValue;
        byte[] bArr5 = new byte[24];
        System.arraycopy(bArr4, 0, bArr5, 0, 24);
        System.arraycopy(bArr4, 24, bArr3, 16, bArr4.length - 24);
        boolean z = CryptoTools.macaroon_secretbox_open(bArr, bArr5, bArr3, bArr2) == 0;
        byte[] bArr6 = new byte[32];
        System.arraycopy(bArr2, 32, bArr6, 0, 32);
        return z && CryptoTools.safeEquals(CryptoTools.macaroon_bind(getMacaroon().signatureBytes, macaroon_verify_inner(macaroon, bArr6).csig), macaroon.signatureBytes);
    }

    private boolean verifiesGeneral(String str) {
        boolean z = false;
        for (GeneralCaveatVerifier generalCaveatVerifier : this.generalCaveatVerifiers) {
            z |= generalCaveatVerifier.verifyCaveat(str);
        }
        return z;
    }

    public void assertIsValid(String str) throws MacaroonValidationException, GeneralSecurityRuntimeException {
        assertIsValid(CryptoTools.string_to_bytes(str));
    }

    public void assertIsValid(byte[] bArr) throws MacaroonValidationException, GeneralSecurityRuntimeException {
        try {
            VerificationResult isValid_verify_raw = isValid_verify_raw(this.macaroon, CryptoTools.generate_derived_key(bArr));
            if (isValid_verify_raw.fail) {
                throw new MacaroonValidationException(isValid_verify_raw.failMessage != null ? isValid_verify_raw.failMessage : "This macaroon isn't valid.", this.macaroon);
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new GeneralSecurityRuntimeException(e);
        }
    }

    public Macaroon getMacaroon() {
        return this.macaroon;
    }

    public boolean isValid(String str) throws GeneralSecurityRuntimeException {
        return isValid(CryptoTools.string_to_bytes(str));
    }

    public boolean isValid(byte[] bArr) throws GeneralSecurityRuntimeException {
        try {
            return !isValid_verify_raw(this.macaroon, CryptoTools.generate_derived_key(bArr)).fail;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new GeneralSecurityRuntimeException(e);
        }
    }

    public MacaroonsVerifier satisfy3rdParty(Macaroon macaroon) {
        if (macaroon != null) {
            this.boundMacaroons.add(macaroon);
        }
        return this;
    }

    public MacaroonsVerifier satisfyExact(String str) {
        if (str != null) {
            this.predicates = ArrayTools.appendToArray(this.predicates, str);
        }
        return this;
    }

    public MacaroonsVerifier satisfyGeneral(GeneralCaveatVerifier generalCaveatVerifier) {
        if (generalCaveatVerifier != null) {
            this.generalCaveatVerifiers = ArrayTools.appendToArray(this.generalCaveatVerifiers, generalCaveatVerifier);
        }
        return this;
    }
}
