package org.kafkacrypto.msgs;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.kafkacrypto.Utils;
import org.kafkacrypto.exceptions.KafkaCryptoInternalError;
import org.kafkacrypto.jasodium;
import org.msgpack.core.MessagePacker;
import org.msgpack.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kafkacrypto/msgs/SignedChain.class */
public class SignedChain implements Msgpacker<SignedChain> {
    static final Logger _logger = LoggerFactory.getLogger("kafkacrypto-java.signedchain");
    public ArrayList<byte[]> chain;

    public SignedChain() {
        this.chain = new ArrayList<>();
    }

    public SignedChain(SignedChain signedChain) {
        this.chain = (ArrayList) signedChain.chain.clone();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.kafkacrypto.msgs.Msgpacker
    public SignedChain unpackb(List<Value> list) throws IOException {
        this.chain = new ArrayList<>();
        for (int i = 0; i < list.size(); i++) {
            this.chain.add(list.get(i).asRawValue().asByteArray());
        }
        return this;
    }

    @Override // org.kafkacrypto.msgs.Msgpacker
    public void packb(MessagePacker messagePacker) throws IOException {
        messagePacker.packArrayHeader(this.chain.size());
        for (int i = 0; i < this.chain.size(); i++) {
            msgpack.packb_recurse(messagePacker, this.chain.get(i));
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("[");
        for (int i = 0; i < this.chain.size(); i++) {
            if (i > 0) {
                sb.append(", ");
            }
            sb.append(Utils.bytesToHex(this.chain.get(i)));
        }
        sb.append("]");
        return sb.toString();
    }

    public void append(byte[] bArr) {
        this.chain.add(bArr);
    }

    public ChainCert process_chain(String str, String str2, List<ChainCert> list, List<ChainCert> list2) {
        return process_chain(this.chain, str, str2, list, list2);
    }

    public static ChainCert process_chain(List<byte[]> list, String str, String str2, List<ChainCert> list2, List<ChainCert> list3) {
        if (list2.size() < 1) {
            throw new KafkaCryptoInternalError("No roots of trust specified!");
        }
        if (list.size() < 1) {
            throw new KafkaCryptoInternalError("Signed chain has no entries!");
        }
        Iterator<ChainCert> it = list2.iterator();
        while (it.hasNext()) {
            ChainCert next = it.next();
            boolean z = false;
            try {
                Iterator<byte[]> it2 = list.iterator();
                while (it2.hasNext()) {
                    ChainCert unpackb = new ChainCert().unpackb(jasodium.crypto_sign_open(it2.next(), next.pk));
                    if (ChainCert.key_in_list(next, list3) != null) {
                        z = true;
                    } else if (ChainCert.key_in_list(next, list2) != null) {
                        z = false;
                        next = ChainCert.intersect_certs(next, ChainCert.key_in_list(next, list2), true);
                    }
                    next = ChainCert.intersect_certs(next, unpackb, false);
                }
                if (ChainCert.key_in_list(next, list2) != null) {
                    z = false;
                }
                if (z) {
                    throw new KafkaCryptoInternalError("Chain has denylisted key.");
                }
                if (!next.validate_time()) {
                    throw new KafkaCryptoInternalError("Chain is expired!");
                }
                if (str != null && !next.validate_poison("topics", str)) {
                    throw new KafkaCryptoInternalError("Chain does not match required topic.");
                }
                if (str2 != null && !next.validate_poison("usages", str2)) {
                    throw new KafkaCryptoInternalError("Chain does not match required usage.");
                }
                if (next.validate_poison("pathlen", Integer.toString(0))) {
                    return next;
                }
                throw new KafkaCryptoInternalError("Chain exceeds allowed pathlen.");
            } catch (IOException e) {
                _logger.info("Issues encountered with chain", e);
            } catch (KafkaCryptoInternalError e2) {
                _logger.info("Issues encountered with chain", e2);
            }
        }
        throw new KafkaCryptoInternalError("No valid chain path found.");
    }

    @Override // org.kafkacrypto.msgs.Msgpacker
    public /* bridge */ /* synthetic */ SignedChain unpackb(List list) throws IOException {
        return unpackb((List<Value>) list);
    }
}
