package com.noknok.android.uaf.framework.service;

import android.app.Activity;
import com.fido.android.utils.Logger;
import com.fido.uaf.ver0100.types.MatchCriteria;
import com.noknok.android.uaf.asm.api.AuthenticatorInfo;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.eclipse.paho.client.mqttv3.MqttTopic;

/* loaded from: classes2.dex */
public class UafPolicyProcessor {
    private static final String TAG = UafPolicyProcessor.class.getSimpleName();
    private List<Authenticator> eligibleAuths;
    private int iCurrComb;
    private int nCriterion;
    private List<List<MatchCriteria>> policyAccepted;
    private List<MatchCriteria> policyDisallowed;
    private List<List<AcceptedAuthnr>> retAcceptedAuthnrs;
    AuthenticatorManager uafTokenManager;

    /* loaded from: classes2.dex */
    public class AcceptedAuthnr {
        public int index;
        public List<String> kayIDList;

        public AcceptedAuthnr(int i, List<String> list) {
            this.kayIDList = new ArrayList();
            this.index = i;
            this.kayIDList = this.kayIDList;
        }
    }

    public UafPolicyProcessor(List<List<MatchCriteria>> list, List<MatchCriteria> list2, List<Authenticator> list3, Activity activity) {
        this.uafTokenManager = null;
        this.policyAccepted = null;
        this.policyDisallowed = null;
        this.eligibleAuths = null;
        this.retAcceptedAuthnrs = null;
        this.policyAccepted = list;
        this.policyDisallowed = list2;
        this.eligibleAuths = list3;
        this.retAcceptedAuthnrs = new ArrayList();
        this.uafTokenManager = AuthenticatorManager.instance(activity);
    }

    private void getNextCombination(ArrayList<AcceptedAuthnr> arrayList, int i) {
        if (i == 0) {
            this.retAcceptedAuthnrs.add(arrayList);
            return;
        }
        int size = this.eligibleAuths.size();
        for (int i2 = 0; i2 < size; i2++) {
            Authenticator authenticator = this.eligibleAuths.get(i2);
            MatchCriteria matchCriteria = this.policyAccepted.get(this.iCurrComb).get(this.nCriterion - i);
            ArrayList arrayList2 = new ArrayList();
            if (!isIncluded(arrayList, i2) && matchAuthnrCriteria(authenticator, matchCriteria, arrayList2)) {
                ArrayList<AcceptedAuthnr> arrayList3 = new ArrayList<>(arrayList);
                arrayList3.add(new AcceptedAuthnr(i2, arrayList2));
                getNextCombination(arrayList3, i - 1);
            }
        }
    }

    private boolean isIncluded(ArrayList<AcceptedAuthnr> arrayList, int i) {
        Iterator<AcceptedAuthnr> it = arrayList.iterator();
        while (it.hasNext()) {
            if (it.next().index == i) {
                return true;
            }
        }
        return false;
    }

    private boolean matchAuthnrCriteria(Authenticator authenticator, MatchCriteria matchCriteria, List<String> list) {
        List arrayList;
        boolean z;
        boolean z2;
        AuthenticatorInfo authnrInfo = authenticator.getAuthnrInfo();
        if (matchCriteria.aaid != null && matchCriteria.aaid.size() > 0) {
            Logger.d(TAG, "Matching aaid " + authenticator.mAuthnrInfo.aaid + " and matchCriteria aaid " + matchCriteria.aaid);
            if (!matchCriteria.aaid.contains(authenticator.mAuthnrInfo.aaid)) {
                return false;
            }
            if (matchCriteria.keyIDs != null && matchCriteria.keyIDs.size() > 0) {
                Iterator<String> it = matchCriteria.keyIDs.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        z2 = false;
                        break;
                    }
                    String next = it.next();
                    if (authenticator.isKeyIDRegistered(next)) {
                        if (list != null) {
                            list.add(next);
                        }
                        z2 = true;
                    }
                }
                if (!z2) {
                    return false;
                }
            }
        } else {
            if (matchCriteria.authenticationAlgorithms == null || matchCriteria.authenticationAlgorithms.size() <= 0 || matchCriteria.assertionSchemes == null || matchCriteria.assertionSchemes.size() <= 0 || !matchCriteria.authenticationAlgorithms.contains(Short.valueOf(authenticator.mAuthnrInfo.authenticationAlgorithm)) || !matchCriteria.assertionSchemes.contains(authenticator.mAuthnrInfo.assertionScheme)) {
                return false;
            }
            if (matchCriteria.vendorID != null && matchCriteria.vendorID.size() > 0) {
                if (!matchCriteria.aaid.contains(authenticator.mAuthnrInfo.aaid.split(MqttTopic.MULTI_LEVEL_WILDCARD)[0])) {
                    return false;
                }
            }
            if (matchCriteria.userVerification != authnrInfo.userVerification && ((authnrInfo.userVerification & 1024) != 0 || (matchCriteria.userVerification & 1024) != 0 || (authnrInfo.userVerification & matchCriteria.userVerification) == 0)) {
                return false;
            }
            if (matchCriteria.keyProtection != 0 && (matchCriteria.keyProtection & authnrInfo.keyProtection) == 0) {
                return false;
            }
            if (matchCriteria.matcherProtection != 0 && (matchCriteria.matcherProtection & authnrInfo.matcherProtection) == 0) {
                return false;
            }
            if (matchCriteria.tcDisplay != 0 && (matchCriteria.tcDisplay & authnrInfo.tcDisplay) == 0) {
                return false;
            }
        }
        if (matchCriteria.attestationTypes == null || matchCriteria.attestationTypes.size() <= 0) {
            arrayList = new ArrayList();
            arrayList.add(Short.valueOf(AuthenticatorInfo.ProtocolTags.TAG_ATTESTATION_BASIC_FULL));
        } else {
            arrayList = matchCriteria.attestationTypes;
        }
        if (authenticator.mAuthnrInfo.attestationTypes == null || authenticator.mAuthnrInfo.attestationTypes.size() == 0) {
            Logger.d(TAG, "AttestationType not defined in AuthenticatorInfo for aaid " + authenticator.mAuthnrInfo.aaid);
            return false;
        }
        Iterator it2 = arrayList.iterator();
        boolean z3 = false;
        while (true) {
            if (!it2.hasNext()) {
                z = z3;
                break;
            }
            Short sh = (Short) it2.next();
            Iterator<Short> it3 = authenticator.mAuthnrInfo.attestationTypes.iterator();
            while (true) {
                if (!it3.hasNext()) {
                    z = z3;
                    break;
                }
                Short next2 = it3.next();
                if (sh.shortValue() == next2.shortValue()) {
                    authenticator.setAttestationType(next2.shortValue());
                    z = true;
                    break;
                }
            }
            if (z) {
                break;
            }
            z3 = z;
        }
        if (z) {
            return matchCriteria.attachmentHint == 0 || (matchCriteria.attachmentHint & ((long) authnrInfo.attachmentHint)) != 0;
        }
        return false;
    }

    public List<List<AcceptedAuthnr>> getAcceptedAuthnrs() {
        int size = this.policyAccepted.size();
        this.iCurrComb = 0;
        while (this.iCurrComb < size) {
            this.nCriterion = this.policyAccepted.get(this.iCurrComb).size();
            getNextCombination(new ArrayList<>(), this.nCriterion);
            this.iCurrComb++;
        }
        return this.retAcceptedAuthnrs;
    }

    public List<Authenticator> getEligibleAuthnrs() {
        int size = this.policyDisallowed.size();
        Iterator<Authenticator> it = this.eligibleAuths.iterator();
        while (it.hasNext()) {
            Authenticator next = it.next();
            if (next.isEnabled()) {
                int i = 0;
                while (true) {
                    if (i >= size) {
                        break;
                    }
                    if (matchAuthnrCriteria(next, this.policyDisallowed.get(i), null)) {
                        it.remove();
                        break;
                    }
                    i++;
                }
            } else {
                it.remove();
            }
        }
        return this.eligibleAuths;
    }
}
