package com.noknok.android.uaf.framework.service;

import android.app.Activity;
import com.fido.android.framework.tm.Logger;
import com.fido.uaf.ver0100.engine.RestrictGson;
import com.fido.uaf.ver0100.types.MatchCriteria;
import com.google.gson.Gson;
import com.noknok.android.uaf.asm.api.AuthenticatorInfo;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class UafPolicyProcessor {
    public static String TAG = "UafPolicyProcessor";
    private List<Authenticator> eligibleAuths;
    private int iCurrComb;
    private Gson mGson = RestrictGson.getGson();
    private int nCriterion;
    private List<List<MatchCriteria>> policyAccepted;
    private List<MatchCriteria> policyDisallowed;
    private List<List<AcceptedAuthnr>> retAcceptedAuthnrs;
    AuthenticatorManager uafTokenManager;

    /* loaded from: classes.dex */
    public static class AcceptedAuthnr {
        public int index;
        public List<String> keyIDList;

        public AcceptedAuthnr(int i, List<String> list) {
            this.keyIDList = new ArrayList();
            this.index = i;
            this.keyIDList = list;
        }
    }

    public UafPolicyProcessor(List<List<MatchCriteria>> list, List<MatchCriteria> list2, List<Authenticator> list3, Activity activity) {
        this.uafTokenManager = null;
        this.policyAccepted = null;
        this.policyDisallowed = null;
        this.eligibleAuths = null;
        this.retAcceptedAuthnrs = null;
        this.policyAccepted = list;
        this.policyDisallowed = list2;
        this.eligibleAuths = list3;
        this.retAcceptedAuthnrs = new ArrayList();
        this.uafTokenManager = AuthenticatorManager.instance();
    }

    private void getNextCombination(ArrayList<AcceptedAuthnr> arrayList, int i) {
        if (i == 0) {
            this.retAcceptedAuthnrs.add(arrayList);
            return;
        }
        int size = this.eligibleAuths.size();
        for (int i2 = 0; i2 < size; i2++) {
            Authenticator authenticator = this.eligibleAuths.get(i2);
            MatchCriteria matchCriteria = this.policyAccepted.get(this.iCurrComb).get(this.nCriterion - i);
            ArrayList arrayList2 = new ArrayList(AuthenticatorInfo.UserVerification.USER_VERIFY_ALL);
            if (!isIncluded(arrayList, i2) && matchAuthnrCriteria(authenticator, matchCriteria, arrayList2)) {
                ArrayList<AcceptedAuthnr> arrayList3 = new ArrayList<>(arrayList);
                arrayList3.add(new AcceptedAuthnr(i2, arrayList2));
                getNextCombination(arrayList3, i - 1);
            }
        }
    }

    private boolean isIncluded(ArrayList<AcceptedAuthnr> arrayList, int i) {
        Iterator<AcceptedAuthnr> it = arrayList.iterator();
        while (it.hasNext()) {
            if (it.next().index == i) {
                return true;
            }
        }
        return false;
    }

    private boolean matchAuthnrCriteria(Authenticator authenticator, MatchCriteria matchCriteria, List<String> list) {
        List<Short> arrayList;
        AuthenticatorInfo authnrInfo = authenticator.getAuthnrInfo();
        if (matchCriteria.aaid == null || matchCriteria.aaid.size() <= 0) {
            if (matchCriteria.authenticationAlgorithms != null && matchCriteria.authenticationAlgorithms.size() > 0 && matchCriteria.assertionSchemes != null && matchCriteria.assertionSchemes.size() > 0 && matchCriteria.authenticationAlgorithms.contains(Short.valueOf(authenticator.mAuthnrInfo.authenticationAlgorithm)) && matchCriteria.assertionSchemes.contains(authenticator.mAuthnrInfo.assertionScheme)) {
                if (matchCriteria.vendorID != null && matchCriteria.vendorID.size() > 0) {
                    if (!matchCriteria.vendorID.contains(authenticator.mAuthnrInfo.aaid.split("#")[0])) {
                        return false;
                    }
                }
                if (matchCriteria.userVerification != authnrInfo.userVerification && ((authnrInfo.userVerification & AuthenticatorInfo.UserVerification.USER_VERIFY_ALL) != 0 || (matchCriteria.userVerification & 1024) != 0 || (authnrInfo.userVerification & matchCriteria.userVerification) == 0)) {
                    return false;
                }
                if (matchCriteria.keyProtection != 0 && (matchCriteria.keyProtection & authnrInfo.keyProtection) == 0) {
                    return false;
                }
                if (matchCriteria.matcherProtection != 0 && (matchCriteria.matcherProtection & authnrInfo.matcherProtection) == 0) {
                    return false;
                }
                if (matchCriteria.tcDisplay != 0 && (matchCriteria.tcDisplay & authnrInfo.tcDisplay) == 0) {
                    return false;
                }
            }
            return false;
        }
        Logger.d(TAG, "Matching aaid " + authenticator.mAuthnrInfo.aaid + " and matchCriteria aaid " + matchCriteria.aaid);
        if (!matchCriteria.aaid.contains(authenticator.mAuthnrInfo.aaid)) {
            return false;
        }
        if (matchCriteria.keyIDs != null && matchCriteria.keyIDs.size() > 0) {
            for (String str : matchCriteria.keyIDs) {
                if (authenticator.isKeyIDRegistered(str)) {
                    if (list != null) {
                        list.add(str);
                    }
                    return true;
                }
            }
            return false;
        }
        if (matchCriteria.attestationTypes == null || matchCriteria.attestationTypes.size() <= 0) {
            arrayList = new ArrayList(2);
            arrayList.add(Short.valueOf(AuthenticatorInfo.ProtocolTags.TAG_ATTESTATION_BASIC_FULL));
            arrayList.add(Short.valueOf(AuthenticatorInfo.ProtocolTags.TAG_ATTESTATION_BASIC_SURROGATE));
        } else {
            arrayList = matchCriteria.attestationTypes;
        }
        if (authenticator.mAuthnrInfo.attestationTypes == null || authenticator.mAuthnrInfo.attestationTypes.size() == 0) {
            Logger.d(TAG, "AttestationType not defined in AuthenticatorInfo for aaid " + authenticator.mAuthnrInfo.aaid);
            return false;
        }
        boolean z = false;
        for (Short sh : arrayList) {
            Iterator<Short> it = authenticator.mAuthnrInfo.attestationTypes.iterator();
            while (true) {
                if (it.hasNext()) {
                    Short next = it.next();
                    if (sh.shortValue() == next.shortValue()) {
                        authenticator.setAttestationType(next.shortValue());
                        z = true;
                        break;
                    }
                }
            }
        }
        if (z) {
            return matchCriteria.attachmentHint == 0 || (matchCriteria.attachmentHint & ((long) authnrInfo.attachmentHint)) != 0;
        }
        return false;
    }

    public List<List<AcceptedAuthnr>> getAcceptedAuthnrs() {
        int size = this.policyAccepted.size();
        int i = 0;
        while (true) {
            this.iCurrComb = i;
            int i2 = this.iCurrComb;
            if (i2 >= size) {
                return this.retAcceptedAuthnrs;
            }
            this.nCriterion = this.policyAccepted.get(i2).size();
            getNextCombination(new ArrayList<>(), this.nCriterion);
            i = this.iCurrComb + 1;
        }
    }

    public List<Authenticator> getEligibleAuthnrs() {
        int size = this.policyDisallowed.size();
        Iterator<Authenticator> it = this.eligibleAuths.iterator();
        while (it.hasNext()) {
            Authenticator next = it.next();
            if (next.isEnabled()) {
                int i = 0;
                while (true) {
                    if (i >= size) {
                        break;
                    }
                    if (matchAuthnrCriteria(next, this.policyDisallowed.get(i), null)) {
                        it.remove();
                        break;
                    }
                    i++;
                }
            } else {
                it.remove();
            }
        }
        return this.eligibleAuths;
    }
}
