package com.daon.fido.client.sdk.policy;

import android.os.Bundle;
import com.daon.fido.client.sdk.core.Error;
import com.daon.fido.client.sdk.core.IFidoSdk;
import com.daon.fido.client.sdk.exception.UafProcessingException;
import com.daon.fido.client.sdk.model.Authenticator;
import com.daon.fido.client.sdk.model.AuthenticatorReg;
import com.daon.fido.client.sdk.model.MatchCriteria;
import com.daon.fido.client.sdk.model.Policy;
import com.daon.fido.client.sdk.model.UafProtocolMessageBase;
import com.daon.fido.client.sdk.model.Version;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes3.dex */
public class q implements k {
    private com.daon.fido.client.sdk.db.e a;
    private m b = new t();

    private Bundle a(IFidoSdk.AuthenticatorFilter authenticatorFilter) {
        if (authenticatorFilter != IFidoSdk.AuthenticatorFilter.UnregisteredEmbedded) {
            return null;
        }
        Bundle bundle = new Bundle();
        bundle.putBoolean("AllowUnregisteredNativeAuthenticators", true);
        return bundle;
    }

    private List<s> a(List<s> list, Policy policy, List<l> list2) {
        ArrayList arrayList = new ArrayList();
        if (policy.disallowed == null) {
            return list;
        }
        for (s sVar : list) {
            boolean z = true;
            for (MatchCriteria matchCriteria : policy.disallowed) {
                Authenticator[] b = sVar.b();
                int length = b.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Authenticator authenticator = b[i];
                    if (a(list2, authenticator, matchCriteria, (Bundle) null)) {
                        com.daon.fido.client.sdk.log.a.a("Disallow authenticator with AAID: " + authenticator.getAaid());
                        com.daon.fido.client.sdk.log.a.a("Discard policy match: " + sVar.toString());
                        z = false;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    break;
                }
            }
            if (z) {
                arrayList.add(sVar);
            }
        }
        return arrayList;
    }

    private void a(int i, List<Authenticator> list, List<s> list2) {
        Iterator<s> it = list2.iterator();
        while (it.hasNext()) {
            if (a(it.next(), list)) {
                return;
            }
        }
        list2.add(new s(i, (Authenticator[]) list.toArray(new Authenticator[list.size()])));
    }

    private void a(Authenticator authenticator, List<Authenticator> list, int i) {
        Iterator<Authenticator> it = list.iterator();
        while (it.hasNext()) {
            if (authenticator == it.next()) {
                com.daon.fido.client.sdk.log.a.b("Policy allowed MatchCriteria array with index" + i + " matches the same authenticator more than once. AAID: " + authenticator.getAaid());
                throw new UafProcessingException(Error.PROTOCOL_ERROR);
            }
        }
        list.add(authenticator);
    }

    private void a(AuthenticatorReg authenticatorReg, com.daon.fido.client.sdk.db.f[] fVarArr) {
        for (com.daon.fido.client.sdk.db.f fVar : fVarArr) {
            if (fVar.a().equals(authenticatorReg.getAaid())) {
                authenticatorReg.setRegistered(true);
                return;
            }
        }
    }

    private void a(AuthenticatorReg authenticatorReg, com.daon.fido.client.sdk.db.f[] fVarArr, String str, String str2) {
        for (com.daon.fido.client.sdk.db.f fVar : fVarArr) {
            if (fVar.i().equals(str) && fVar.b().equals(str2) && fVar.a().equals(authenticatorReg.getAaid())) {
                authenticatorReg.setRegistered(true);
                return;
            }
        }
    }

    private boolean a(s sVar, List<Authenticator> list) {
        if (sVar.b().length != list.size()) {
            return false;
        }
        int i = 0;
        for (Authenticator authenticator : sVar.b()) {
            Iterator<Authenticator> it = list.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (authenticator.getAaid().equals(it.next().getAaid())) {
                        i++;
                        break;
                    }
                }
            }
        }
        return i == sVar.b().length;
    }

    public com.daon.fido.client.sdk.db.e a() {
        return this.a;
    }

    @Override // com.daon.fido.client.sdk.policy.k
    public r a(r rVar, UafProtocolMessageBase uafProtocolMessageBase) {
        Version version = uafProtocolMessageBase.header.upv;
        if (version.major == 1 && version.minor == 0 && !com.daon.fido.client.sdk.uaf.client.f.c()) {
            return rVar;
        }
        ArrayList arrayList = new ArrayList();
        for (s sVar : rVar.b()) {
            if (a(sVar.b(), uafProtocolMessageBase.header.upv)) {
                arrayList.add(sVar);
            }
        }
        return new r(arrayList);
    }

    @Override // com.daon.fido.client.sdk.policy.k
    public r a(Authenticator[] authenticatorArr, Policy policy, String str, IFidoSdk.AuthenticatorFilter authenticatorFilter, Bundle bundle) throws UafProcessingException {
        MatchCriteria[] matchCriteriaArr;
        com.daon.fido.client.sdk.log.a.a("Filter available authenticators using policy:");
        a(policy);
        Bundle bundle2 = new Bundle();
        bundle2.putString(IFidoSdk.SDK_STATUS_APP_ID, str);
        List<l> b = b();
        Iterator<l> it = b.iterator();
        while (it.hasNext()) {
            it.next().a(bundle2);
        }
        ArrayList arrayList = new ArrayList();
        if (authenticatorArr != null) {
            arrayList.addAll(Arrays.asList(authenticatorArr));
        }
        com.daon.fido.client.sdk.log.a.a("Available authenticators:");
        a(arrayList);
        Bundle a = a(authenticatorFilter);
        ArrayList arrayList2 = new ArrayList();
        MatchCriteria[][] matchCriteriaArr2 = policy.accepted;
        if (matchCriteriaArr2[0][0].aaid != null && matchCriteriaArr2[0][0].aaid.length > 0) {
            for (int i = 0; i < policy.accepted.length; i++) {
                ArrayList arrayList3 = new ArrayList();
                MatchCriteria[] matchCriteriaArr3 = policy.accepted[i];
                int length = matchCriteriaArr3.length;
                int i2 = 0;
                while (i2 < length) {
                    MatchCriteria matchCriteria = matchCriteriaArr3[i2];
                    b(matchCriteria);
                    Iterator<Authenticator> it2 = arrayList.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            matchCriteriaArr = matchCriteriaArr3;
                            break;
                        }
                        Authenticator next = it2.next();
                        if (a(b, next, matchCriteria, a)) {
                            StringBuilder sb = new StringBuilder();
                            sb.append("Allow authenticator with AAID: ");
                            matchCriteriaArr = matchCriteriaArr3;
                            sb.append(next.getAaid());
                            com.daon.fido.client.sdk.log.a.a(sb.toString());
                            a(next, arrayList3, i);
                            break;
                        }
                    }
                    i2++;
                    matchCriteriaArr3 = matchCriteriaArr;
                }
                if (arrayList3.size() == policy.accepted[i].length) {
                    a(i, arrayList3, arrayList2);
                }
            }
        } else {
            if (matchCriteriaArr2.length != 1 || matchCriteriaArr2[0].length != 1) {
                com.daon.fido.client.sdk.log.a.b("An open policy accepted field contains more than one match criteria.");
                throw new UafProcessingException(Error.PROTOCOL_ERROR);
            }
            boolean a2 = a(matchCriteriaArr2[0][0]);
            if (!a2) {
                c(policy.accepted[0][0]);
            }
            for (Authenticator authenticator : arrayList) {
                if (a2 || a(b, authenticator, policy.accepted[0][0], a)) {
                    com.daon.fido.client.sdk.log.a.a("Allow authenticator with AAID: " + authenticator.getAaid());
                    arrayList2.add(new s(0, new Authenticator[]{authenticator}));
                }
            }
        }
        List<s> a3 = a(arrayList2, str, authenticatorFilter);
        com.daon.fido.client.sdk.log.a.c("Policy matches (before SDK support filtering):");
        com.daon.fido.client.sdk.log.a.c(new r(a3).toString());
        List<s> a4 = this.b.a(a3);
        com.daon.fido.client.sdk.log.a.c("Policy matches (after SDK support filtering):");
        com.daon.fido.client.sdk.log.a.c(new r(a4).toString());
        r rVar = new r(a(a4, policy, b));
        com.daon.fido.client.sdk.log.a.a("Final policy matches.");
        com.daon.fido.client.sdk.log.a.a(rVar.toString());
        return rVar;
    }

    protected List<s> a(List<s> list, String str, IFidoSdk.AuthenticatorFilter authenticatorFilter) {
        if (authenticatorFilter == null || authenticatorFilter == IFidoSdk.AuthenticatorFilter.None) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (s sVar : list) {
            Authenticator[] b = sVar.b();
            int length = b.length;
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= length) {
                    z = true;
                    break;
                }
                Authenticator authenticator = b[i];
                if ((com.daon.fido.client.sdk.discover.a.c().c(authenticator) || authenticatorFilter == IFidoSdk.AuthenticatorFilter.Unregistered) && com.daon.fido.client.sdk.core.impl.c.j().k().c(authenticator.getAaid(), str).length == 0) {
                    break;
                }
                i++;
            }
            if (z) {
                arrayList.add(sVar);
            } else {
                com.daon.fido.client.sdk.log.a.a("Remove policy match for unregistered authenticator: " + sVar.toString());
            }
        }
        return arrayList;
    }

    public void a(com.daon.fido.client.sdk.db.e eVar) {
        this.a = eVar;
    }

    protected void a(Policy policy) throws UafProcessingException {
        if (policy.accepted != null) {
            return;
        }
        com.daon.fido.client.sdk.log.a.b("UAF policy does not contain the mandatory accepted field.");
        throw new UafProcessingException(Error.PROTOCOL_ERROR);
    }

    protected void a(List<Authenticator> list) {
        StringBuilder sb = new StringBuilder();
        sb.append("AAIDs: ");
        Iterator<Authenticator> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next().getAaid());
            sb.append(" ");
        }
        com.daon.fido.client.sdk.log.a.a(sb.toString());
    }

    protected boolean a(MatchCriteria matchCriteria) {
        Long l = matchCriteria.userVerification;
        return l != null && l.longValue() == 1023 && matchCriteria.aaid == null && matchCriteria.vendorID == null && matchCriteria.keyIDs == null && matchCriteria.keyProtection == null && matchCriteria.matcherProtection == null && matchCriteria.attachmentHint == null && matchCriteria.tcDisplay == null && matchCriteria.authenticationAlgorithms == null && matchCriteria.assertionSchemes == null && matchCriteria.attestationTypes == null && matchCriteria.authenticatorVersion == null && matchCriteria.exts == null;
    }

    protected boolean a(List<l> list, Authenticator authenticator, MatchCriteria matchCriteria, Bundle bundle) throws UafProcessingException {
        Iterator<l> it = list.iterator();
        while (it.hasNext()) {
            if (!it.next().a(authenticator, matchCriteria, bundle)) {
                return false;
            }
        }
        return true;
    }

    protected boolean a(Authenticator[] authenticatorArr, Version version) {
        int length = authenticatorArr.length;
        int i = 0;
        while (true) {
            boolean z = true;
            if (i >= length) {
                return true;
            }
            Version[] supportedUAFVersions = authenticatorArr[i].getSupportedUAFVersions();
            int length2 = supportedUAFVersions.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length2) {
                    z = false;
                    break;
                }
                if (supportedUAFVersions[i2].equals(version)) {
                    break;
                }
                i2++;
            }
            if (!z) {
                return false;
            }
            i++;
        }
    }

    @Override // com.daon.fido.client.sdk.policy.k
    public AuthenticatorReg[] a(Authenticator[] authenticatorArr) {
        com.daon.fido.client.sdk.db.f[] d = a().d();
        AuthenticatorReg[] authenticatorRegArr = new AuthenticatorReg[authenticatorArr.length];
        for (int i = 0; i < authenticatorArr.length; i++) {
            authenticatorRegArr[i] = new AuthenticatorReg(authenticatorArr[i]);
            a(authenticatorRegArr[i], d);
        }
        return authenticatorRegArr;
    }

    @Override // com.daon.fido.client.sdk.policy.k
    public AuthenticatorReg[][] a(Authenticator[][] authenticatorArr, String str, String str2) {
        com.daon.fido.client.sdk.db.f[] a = a().a(str2);
        AuthenticatorReg[][] authenticatorRegArr = new AuthenticatorReg[authenticatorArr.length];
        for (int i = 0; i < authenticatorArr.length; i++) {
            authenticatorRegArr[i] = new AuthenticatorReg[authenticatorArr[i].length];
            for (int i2 = 0; i2 < authenticatorArr[i].length; i2++) {
                authenticatorRegArr[i][i2] = new AuthenticatorReg(authenticatorArr[i][i2]);
                a(authenticatorRegArr[i][i2], a, str, str2);
            }
        }
        return authenticatorRegArr;
    }

    protected List<l> b() {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(new a());
        n nVar = new n();
        nVar.a(a());
        arrayList.add(nVar);
        arrayList.add(new o());
        arrayList.add(new x());
        arrayList.add(new w());
        arrayList.add(new p());
        arrayList.add(new c());
        arrayList.add(new u());
        arrayList.add(new e());
        arrayList.add(new b());
        arrayList.add(new d());
        arrayList.add(new h());
        return arrayList;
    }

    protected void b(MatchCriteria matchCriteria) throws UafProcessingException {
        String[] strArr = matchCriteria.aaid;
        if (strArr == null || strArr.length == 0) {
            com.daon.fido.client.sdk.log.a.b("An open match criteria has been included in an AAID-based policy.");
            throw new UafProcessingException(Error.PROTOCOL_ERROR);
        }
        if (matchCriteria.assertionSchemes == null && matchCriteria.attestationTypes == null && matchCriteria.authenticationAlgorithms == null && matchCriteria.exts == null && matchCriteria.matcherProtection == null && matchCriteria.tcDisplay == null && matchCriteria.vendorID == null && matchCriteria.userVerification == null) {
            return;
        }
        com.daon.fido.client.sdk.log.a.b("AAID-based match criteria contains an unsupported field.");
        throw new UafProcessingException(Error.PROTOCOL_ERROR);
    }

    protected void c(MatchCriteria matchCriteria) throws UafProcessingException {
        Integer[] numArr;
        String[] strArr = matchCriteria.aaid;
        if (strArr != null && strArr.length != 0) {
            com.daon.fido.client.sdk.log.a.b("A match criteria with an AAID has been included in an open policy.");
            throw new UafProcessingException(Error.PROTOCOL_ERROR);
        }
        String[] strArr2 = matchCriteria.assertionSchemes;
        if (strArr2 == null || strArr2.length == 0 || (numArr = matchCriteria.authenticationAlgorithms) == null || numArr.length == 0) {
            com.daon.fido.client.sdk.log.a.b("At least assertion schemes and authentication algorithms must be provided in match criteria with no AAID.");
            throw new UafProcessingException(Error.PROTOCOL_ERROR);
        }
    }
}
