package com.noknok.android.uaf.framework.service;

import android.app.Activity;
import com.fido.uaf.ver0100.types.MatchCriteria;
import com.noknok.android.client.asm.api.uaf.json.AuthenticatorInfo;
import com.noknok.android.client.asm.api.uaf.json.Extension;
import com.noknok.android.client.utils.Logger;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class UafPolicyProcessor {
    private static final String TAG = "UafPolicyProcessor";
    private List<Authenticator> eligibleAuths;
    private int iCurrComb;
    private int nCriterion;
    private List<List<MatchCriteria>> policyAccepted;
    private List<MatchCriteria> policyDisallowed;
    private List<List<AcceptedAuthnr>> retAcceptedAuthnrs;
    private AuthenticatorManager uafTokenManager;

    /* loaded from: classes2.dex */
    public static class AcceptedAuthnr {
        public final int index;
        public List<String> keyIDList;

        public AcceptedAuthnr(int i, List<String> list) {
            this.keyIDList = new ArrayList();
            this.index = i;
            this.keyIDList = list;
        }
    }

    public UafPolicyProcessor(List<List<MatchCriteria>> list, List<MatchCriteria> list2, List<Authenticator> list3, Activity activity) {
        this.uafTokenManager = null;
        this.policyAccepted = null;
        this.policyDisallowed = null;
        this.eligibleAuths = null;
        this.retAcceptedAuthnrs = null;
        this.policyAccepted = list;
        this.policyDisallowed = list2;
        this.eligibleAuths = list3;
        this.retAcceptedAuthnrs = new ArrayList();
        this.uafTokenManager = AuthenticatorManager.instance(activity);
    }

    private void getNextCombination(ArrayList<AcceptedAuthnr> arrayList, int i) {
        if (i == 0) {
            if (isCombinationIncluded(arrayList)) {
                return;
            }
            this.retAcceptedAuthnrs.add(arrayList);
            return;
        }
        int size = this.eligibleAuths.size();
        for (int i2 = 0; i2 < size; i2++) {
            Authenticator authenticator = this.eligibleAuths.get(i2);
            MatchCriteria matchCriteria = this.policyAccepted.get(this.iCurrComb).get(this.nCriterion - i);
            ArrayList arrayList2 = new ArrayList();
            if (!isIncluded(arrayList, i2) && matchAuthnrCriteria(authenticator, matchCriteria, arrayList2)) {
                ArrayList<AcceptedAuthnr> arrayList3 = new ArrayList<>(arrayList);
                arrayList3.add(new AcceptedAuthnr(i2, arrayList2));
                getNextCombination(arrayList3, i - 1);
            }
        }
    }

    private boolean isCombinationIncluded(ArrayList<AcceptedAuthnr> arrayList) {
        boolean z;
        Iterator<List<AcceptedAuthnr>> it = this.retAcceptedAuthnrs.iterator();
        do {
            z = false;
            if (!it.hasNext()) {
                return false;
            }
            List<AcceptedAuthnr> next = it.next();
            Iterator<AcceptedAuthnr> it2 = arrayList.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    z = true;
                    break;
                }
                if (!isIncluded(next, it2.next().index)) {
                    break;
                }
            }
        } while (!z);
        return true;
    }

    private boolean isIncluded(List<AcceptedAuthnr> list, int i) {
        Iterator<AcceptedAuthnr> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().index == i) {
                return true;
            }
        }
        return false;
    }

    private boolean matchAAID(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    private boolean matchAuthnrCriteria(Authenticator authenticator, MatchCriteria matchCriteria, List<String> list) {
        List arrayList;
        boolean z;
        boolean z2;
        AuthenticatorInfo authnrInfo = authenticator.getAuthnrInfo();
        if (matchCriteria.exts != null) {
            for (Extension extension : matchCriteria.exts) {
                if (extension.fail_if_unknown) {
                    Iterator<String> it = authnrInfo.supportedExtensionIDs.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            z2 = false;
                            break;
                        }
                        if (it.next().equals(extension.id)) {
                            z2 = true;
                            break;
                        }
                    }
                    if (!z2) {
                        return false;
                    }
                }
            }
        }
        if (matchCriteria.aaid != null && matchCriteria.aaid.size() > 0) {
            Logger.d(TAG, "Matching aaid " + authenticator.mAuthnrInfo.aaid + " and matchCriteria aaid " + matchCriteria.aaid);
            if (!matchAAID(matchCriteria.aaid, authenticator.mAuthnrInfo.aaid)) {
                return false;
            }
            if (matchCriteria.keyIDs != null && matchCriteria.keyIDs.size() > 0) {
                Iterator<String> it2 = matchCriteria.keyIDs.iterator();
                while (true) {
                    Iterator<String> it3 = it2;
                    if (!it3.hasNext()) {
                        z = false;
                        break;
                    }
                    String next = it3.next();
                    if (authenticator.isKeyIDRegistered(next)) {
                        if (list != null) {
                            list.add(next);
                        }
                        z = true;
                    }
                }
                if (!z) {
                    return false;
                }
            }
        } else {
            if (matchCriteria.authenticationAlgorithms == null || matchCriteria.authenticationAlgorithms.size() <= 0 || matchCriteria.assertionSchemes == null || matchCriteria.assertionSchemes.size() <= 0 || !matchCriteria.authenticationAlgorithms.contains(Short.valueOf(authenticator.mAuthnrInfo.authenticationAlgorithm)) || !matchCriteria.assertionSchemes.contains(authenticator.mAuthnrInfo.assertionScheme)) {
                return false;
            }
            if (matchCriteria.vendorID != null && matchCriteria.vendorID.size() > 0) {
                if (!matchCriteria.vendorID.contains(authenticator.mAuthnrInfo.aaid.split("#")[0])) {
                    return false;
                }
            }
            if (matchCriteria.userVerification != 0 && matchCriteria.userVerification != authnrInfo.userVerification && ((authnrInfo.userVerification & 1024) != 0 || (matchCriteria.userVerification & 1024) != 0 || (authnrInfo.userVerification & matchCriteria.userVerification) == 0)) {
                return false;
            }
            if (matchCriteria.keyProtection != 0 && (matchCriteria.keyProtection & authnrInfo.keyProtection) == 0) {
                return false;
            }
            if (matchCriteria.matcherProtection != 0 && (matchCriteria.matcherProtection & authnrInfo.matcherProtection) == 0) {
                return false;
            }
            if (matchCriteria.tcDisplay != 0 && (matchCriteria.tcDisplay & authnrInfo.tcDisplay) == 0) {
                return false;
            }
        }
        if (matchCriteria.attestationTypes == null || matchCriteria.attestationTypes.size() <= 0) {
            arrayList = new ArrayList();
            List list2 = arrayList;
            list2.add(Short.valueOf(AuthenticatorInfo.ProtocolTags.TAG_ATTESTATION_BASIC_FULL));
            list2.add(Short.valueOf(AuthenticatorInfo.ProtocolTags.TAG_ATTESTATION_BASIC_SURROGATE));
        } else {
            arrayList = matchCriteria.attestationTypes;
        }
        if (authenticator.mAuthnrInfo.attestationTypes == null || authenticator.mAuthnrInfo.attestationTypes.size() == 0) {
            Logger.d(TAG, "AttestationType not defined in AuthenticatorInfo for aaid " + authenticator.mAuthnrInfo.aaid);
            return false;
        }
        Iterator it4 = arrayList.iterator();
        boolean z3 = false;
        do {
            Iterator it5 = it4;
            if (!it5.hasNext()) {
                break;
            }
            Object next2 = it5.next();
            Iterator<Short> it6 = authenticator.mAuthnrInfo.attestationTypes.iterator();
            while (true) {
                if (!it6.hasNext()) {
                    break;
                }
                Short next3 = it6.next();
                if (((Short) next2).shortValue() == next3.shortValue()) {
                    authenticator.setAttestationType(next3.shortValue());
                    z3 = true;
                    break;
                }
            }
        } while (!z3);
        if (z3) {
            return matchCriteria.attachmentHint == 0 || (matchCriteria.attachmentHint & authnrInfo.attachmentHint) != 0;
        }
        return false;
    }

    public List<List<AcceptedAuthnr>> getAcceptedAuthnrs() {
        int size = this.policyAccepted.size();
        int i = 0;
        while (true) {
            this.iCurrComb = i;
            if (this.iCurrComb >= size) {
                return this.retAcceptedAuthnrs;
            }
            this.nCriterion = this.policyAccepted.get(this.iCurrComb).size();
            getNextCombination(new ArrayList<>(), this.nCriterion);
            i = this.iCurrComb + 1;
        }
    }

    public List<List<AcceptedAuthnr>> getAllAuthnrs() {
        int size = this.eligibleAuths.size();
        for (int i = 0; i < size; i++) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(new AcceptedAuthnr(i, arrayList));
            this.retAcceptedAuthnrs.add(arrayList2);
        }
        return this.retAcceptedAuthnrs;
    }

    public List<Authenticator> getEligibleAuthnrs() {
        int size = this.policyDisallowed.size();
        Iterator<Authenticator> it = this.eligibleAuths.iterator();
        while (it.hasNext()) {
            Authenticator next = it.next();
            if (next.isEnabled()) {
                int i = 0;
                while (true) {
                    if (i < size) {
                        if (matchAuthnrCriteria(next, this.policyDisallowed.get(i), null)) {
                            it.remove();
                            break;
                        }
                        i++;
                    }
                }
            } else {
                it.remove();
            }
        }
        return this.eligibleAuths;
    }
}
