package io.dimeformat;

import io.dimeformat.enums.Claim;
import io.dimeformat.enums.IdentityCapability;
import io.dimeformat.enums.KeyCapability;
import io.dimeformat.exceptions.CapabilityException;
import io.dimeformat.exceptions.CryptographyException;
import io.dimeformat.exceptions.IntegrityStateException;
import io.dimeformat.keyring.IntegrityState;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;

/* loaded from: input_file:io/dimeformat/IdentityIssuingRequest.class */
public class IdentityIssuingRequest extends Item {
    public static final String HEADER = "IIR";
    private Key _publicKey;
    private List<IdentityCapability> _capabilities;
    private Map<String, Object> _principles;
    private static final List<Claim> allowedClaims = List.of((Object[]) new Claim[]{Claim.AMB, Claim.AUD, Claim.CTX, Claim.EXP, Claim.IAT, Claim.ISS, Claim.ISU, Claim.KID, Claim.MTD, Claim.PRI, Claim.SUB, Claim.SYS, Claim.UID});
    private static final int MINIMUM_NBR_COMPONENTS = 3;

    @Override // io.dimeformat.Item
    public String getHeader() {
        return HEADER;
    }

    public Key getPublicKey() {
        if (this._publicKey == null) {
            try {
                this._publicKey = new Key(List.of(KeyCapability.SIGN), (String) getClaim(Claim.PUB), Claim.PUB);
            } catch (CryptographyException e) {
                return null;
            }
        }
        return this._publicKey;
    }

    public List<IdentityCapability> getCapabilities() {
        if (this._capabilities == null) {
            this._capabilities = (List) ((List) getClaim(Claim.CAP)).stream().map(IdentityCapability::fromString).collect(Collectors.toList());
        }
        return this._capabilities;
    }

    public Map<String, Object> getPrinciples() {
        Map map;
        if (this._principles == null && (map = (Map) getClaim(Claim.PRI)) != null) {
            this._principles = Collections.unmodifiableMap(map);
        }
        return this._principles;
    }

    public static IdentityIssuingRequest generateIIR(Key key) throws CryptographyException {
        return generateIIR(key, null, null);
    }

    public static IdentityIssuingRequest generateIIR(Key key, IdentityCapability[] identityCapabilityArr) throws CryptographyException {
        return generateIIR(key, identityCapabilityArr, null);
    }

    public static IdentityIssuingRequest generateIIR(Key key, IdentityCapability[] identityCapabilityArr, Map<String, Object> map) throws CryptographyException {
        if (!key.getCapability().contains(KeyCapability.SIGN)) {
            throw new IllegalArgumentException("Key must have SIGN capability set.");
        }
        if (key.getSecret() == null) {
            throw new IllegalArgumentException("Private key must not be null");
        }
        if (key.getPublic() == null) {
            throw new IllegalArgumentException("Public key must not be null");
        }
        IdentityIssuingRequest identityIssuingRequest = new IdentityIssuingRequest();
        identityIssuingRequest.setClaimValue(Claim.UID, UUID.randomUUID());
        identityIssuingRequest.setClaimValue(Claim.IAT, Utility.createTimestamp());
        identityIssuingRequest.setClaimValue(Claim.PUB, key.getPublic());
        if (identityCapabilityArr == null || identityCapabilityArr.length == 0) {
            identityCapabilityArr = new IdentityCapability[]{IdentityCapability.GENERIC};
        }
        identityIssuingRequest.setClaimValue(Claim.CAP, List.of((Object[]) identityCapabilityArr).stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toList()));
        if (map != null && !map.isEmpty()) {
            identityIssuingRequest.setClaimValue(Claim.PRI, map);
        }
        if (key.isLegacy()) {
            identityIssuingRequest.markAsLegacy();
        }
        identityIssuingRequest.sign(key);
        return identityIssuingRequest;
    }

    public boolean wantsCapability(IdentityCapability identityCapability) {
        return getCapabilities().contains(identityCapability);
    }

    public Identity issueIdentity(UUID uuid, long j, Key key, Identity identity, boolean z, IdentityCapability[] identityCapabilityArr, IdentityCapability[] identityCapabilityArr2) throws CapabilityException, CryptographyException, IntegrityStateException {
        return issueIdentity(uuid, j, key, identity, z, identityCapabilityArr, identityCapabilityArr2, null, null);
    }

    public Identity issueIdentity(UUID uuid, long j, Key key, Identity identity, boolean z, IdentityCapability[] identityCapabilityArr, IdentityCapability[] identityCapabilityArr2, String str, String[] strArr) throws CapabilityException, CryptographyException, IntegrityStateException {
        return issueIdentity(uuid, j, key, identity, z, identityCapabilityArr, identityCapabilityArr2, str, strArr, null);
    }

    public Identity issueIdentity(UUID uuid, long j, Key key, Identity identity, boolean z, IdentityCapability[] identityCapabilityArr, IdentityCapability[] identityCapabilityArr2, String str, String[] strArr, String[] strArr2) throws CapabilityException, CryptographyException, IntegrityStateException {
        if (identity == null) {
            throw new IllegalArgumentException("Issuer identity must not be null.");
        }
        return issueNewIdentity((str == null || str.length() <= 0) ? (String) identity.getClaim(Claim.SYS) : str, uuid, j, key, identity, z, identityCapabilityArr, identityCapabilityArr2, strArr, strArr2);
    }

    public Identity selfIssueIdentity(UUID uuid, long j, Key key, String str) throws CryptographyException {
        return selfIssueIdentity(uuid, j, key, str, null, null);
    }

    public Identity selfIssueIdentity(UUID uuid, long j, Key key, String str, String[] strArr) throws CryptographyException {
        return selfIssueIdentity(uuid, j, key, str, strArr, null);
    }

    public Identity selfIssueIdentity(UUID uuid, long j, Key key, String str, String[] strArr, String[] strArr2) throws CryptographyException {
        if (str != null) {
            try {
                if (str.length() != 0) {
                    return issueNewIdentity(str, uuid, j, key, null, false, null, null, strArr, strArr2);
                }
            } catch (CapabilityException | IntegrityStateException e) {
                return null;
            }
        }
        throw new IllegalArgumentException("System name must not be null or empty.");
    }

    @Override // io.dimeformat.Item
    public void convertToLegacy() {
        if (isLegacy()) {
            return;
        }
        super.convertToLegacy();
        Key.convertKeyToLegacy(this, KeyCapability.SIGN, Claim.PUB);
    }

    @Override // io.dimeformat.Item
    protected boolean allowedToSetClaimDirectly(Claim claim) {
        return allowedClaims.contains(claim);
    }

    @Override // io.dimeformat.Item
    protected void customDecoding(List<String> list) {
        this.isSigned = true;
    }

    @Override // io.dimeformat.Item
    protected int getMinNbrOfComponents() {
        return MINIMUM_NBR_COMPONENTS;
    }

    private Identity issueNewIdentity(String str, UUID uuid, long j, Key key, Identity identity, boolean z, IdentityCapability[] identityCapabilityArr, IdentityCapability[] identityCapabilityArr2, String[] strArr, String[] strArr2) throws IntegrityStateException, CapabilityException, CryptographyException {
        IntegrityState verify = verify(getPublicKey());
        if (!verify.isValid()) {
            throw new IntegrityStateException(verify, "Unable to verify Identity issuing request.");
        }
        boolean z2 = identity == null || getPublicKey().getPublic().equals(key.getPublic());
        strip();
        completeCapabilities(identityCapabilityArr, identityCapabilityArr2, z2);
        if (!z2 && !identity.hasCapability(IdentityCapability.ISSUE)) {
            throw new CapabilityException("Issuing identity missing ISSUE capability.");
        }
        Instant createTimestamp = Utility.createTimestamp();
        Identity identity2 = new Identity(str, uuid, getPublicKey(), createTimestamp, createTimestamp.plusSeconds(j), identity != null ? (UUID) identity.getClaim(Claim.SUB) : uuid, (List) getClaim(Claim.CAP), getPrinciples(), strArr != null ? List.of((Object[]) strArr) : null, strArr2 != null ? List.of((Object[]) strArr2) : null);
        if (identity != null) {
            if (!z || Dime.keyRing.containsItem(identity)) {
                IntegrityState verifyDates = identity.verifyDates();
                if (!verifyDates.isValid()) {
                    throw new IntegrityStateException(verifyDates, "Unable to verify valid dates of issuer identity.");
                }
            } else {
                IntegrityState verify2 = identity.verify();
                if (!verify2.isValid()) {
                    throw new IntegrityStateException(verify2, "Unable to verify issuer identity.");
                }
                identity2.setTrustChain(identity);
            }
        }
        if (isLegacy()) {
            identity2.markAsLegacy();
        }
        identity2.sign(key);
        return identity2;
    }

    private void completeCapabilities(IdentityCapability[] identityCapabilityArr, IdentityCapability[] identityCapabilityArr2, boolean z) throws CapabilityException {
        ArrayList arrayList = (ArrayList) getClaim(Claim.CAP);
        ArrayList arrayList2 = arrayList != null ? (ArrayList) arrayList.stream().map(IdentityCapability::fromString).collect(Collectors.toList()) : new ArrayList();
        if (z) {
            if (!wantsCapability(IdentityCapability.SELF)) {
                arrayList2.add(IdentityCapability.SELF);
            }
        } else {
            if ((identityCapabilityArr == null || identityCapabilityArr.length == 0) && (identityCapabilityArr2 == null || identityCapabilityArr2.length == 0)) {
                throw new IllegalArgumentException("Allowed capabilities and/or required capabilities must be defined to issue identity.");
            }
            if (identityCapabilityArr2 != null && identityCapabilityArr2.length > 0) {
                ArrayList arrayList3 = new ArrayList(Arrays.asList(identityCapabilityArr2));
                arrayList3.removeAll(arrayList2);
                if (!arrayList3.isEmpty()) {
                    arrayList2.addAll(arrayList3);
                }
            }
            if (identityCapabilityArr != null && identityCapabilityArr.length > 0) {
                ArrayList arrayList4 = new ArrayList(arrayList2);
                arrayList4.removeAll(Arrays.asList(identityCapabilityArr));
                if (!arrayList4.isEmpty()) {
                    throw new CapabilityException("Identity issuing request contains one or more disallowed capabilities.");
                }
            }
        }
        setClaimValue(Claim.CAP, arrayList2.stream().map(identityCapability -> {
            return identityCapability.toString().toLowerCase();
        }).collect(Collectors.toList()));
    }
}
