package com.samsung.android.authfw.client.policy;

import com.samsung.android.authfw.client.CSLog;
import com.samsung.android.authfw.client.OxygenMessenger;
import com.samsung.android.authfw.client.asm.AuthenticatorManager;
import com.sec.android.fido.uaf.message.asm.AuthenticatorInfo;
import com.sec.android.fido.uaf.message.common.Transaction;
import com.sec.android.fido.uaf.message.metadata.statement.DisplayPngCharacteristicsDescriptor;
import com.sec.android.fido.uaf.message.protocol.Extension;
import com.sec.android.fido.uaf.message.protocol.MatchCriteria;
import com.sec.android.fido.uaf.message.util.AuthenticatorValidator;
import e3.r;
import java.util.ArrayList;
import java.util.List;
import z4.b;

/* loaded from: classes.dex */
public class PolicyMatcher {
    private static final String TAG = "PolicyMatcher";
    private static final String sPngImageType = "image/png";
    private String mAppId;
    private AuthenticatorInfo mAuthenticatorInfo;
    private boolean mIsTransaction;
    private MatchCriteria mMatchCriteria;
    private Short mMatchedAttestationType;
    private List<Transaction> mMatchedTransactions;
    private OxygenMessenger mOxygenMessenger;

    public PolicyMatcher(String str) {
        this.mMatchedAttestationType = (short) 15879;
        this.mIsTransaction = false;
        this.mAppId = str;
        this.mOxygenMessenger = null;
    }

    public PolicyMatcher(String str, OxygenMessenger oxygenMessenger) {
        this.mMatchedAttestationType = (short) 15879;
        this.mIsTransaction = false;
        this.mAppId = str;
        this.mOxygenMessenger = oxygenMessenger;
    }

    private boolean aaidMatch() {
        List<String> aaidList = this.mMatchCriteria.getAaidList();
        if (isEmpty(aaidList)) {
            return true;
        }
        return aaidList.contains(this.mAuthenticatorInfo.getAaid());
    }

    private boolean attachmentMatch() {
        Integer attachmentHint = this.mMatchCriteria.getAttachmentHint();
        return attachmentHint == null || (this.mAuthenticatorInfo.getAttachmentHint() & attachmentHint.intValue()) != 0;
    }

    private boolean extsMatch() {
        List<Extension> extensionList = this.mMatchCriteria.getExtensionList();
        if (isEmpty(extensionList)) {
            return true;
        }
        List<String> supportedExtensionIdList = this.mAuthenticatorInfo.getSupportedExtensionIdList();
        if (isEmpty(supportedExtensionIdList)) {
            CSLog.d(TAG, "authenticator extensionIdList is null or empty");
            return false;
        }
        for (Extension extension : extensionList) {
            if (!extension.getFailIfUnknown()) {
                CSLog.d(TAG, "getFailIfUnknown is false");
            } else if (!supportedExtensionIdList.contains(extension.getId())) {
                CSLog.d(TAG, "authenticator does not contain " + extension.getId());
                return false;
            }
        }
        return true;
    }

    private boolean isEmpty(List<?> list) {
        return list == null || list.isEmpty();
    }

    private boolean keyIdMatch() {
        List<String> keyIdList = this.mMatchCriteria.getKeyIdList();
        if (isEmpty(keyIdList)) {
            return true;
        }
        final List<String> keyIds = AuthenticatorManager.getInstance().getKeyIds(this.mAppId, this.mAuthenticatorInfo.getAaid(), this.mOxygenMessenger);
        if (!isEmpty(keyIds)) {
            return b.g(keyIdList, new r() { // from class: com.samsung.android.authfw.client.policy.PolicyMatcher.2
                @Override // e3.r
                public boolean apply(String str) {
                    return keyIds.contains(str);
                }
            });
        }
        CSLog.d(TAG, "authenticator KeyIdList is null or empty");
        return false;
    }

    private boolean keyProtectionMatch() {
        Short keyProtection = this.mMatchCriteria.getKeyProtection();
        return keyProtection == null || (this.mAuthenticatorInfo.getKeyProtection() & keyProtection.shortValue()) != 0;
    }

    private boolean matcherProtectionMatch() {
        Short matcherProtection = this.mMatchCriteria.getMatcherProtection();
        return matcherProtection == null || (this.mAuthenticatorInfo.getMatcherProtection() & matcherProtection.shortValue()) != 0;
    }

    private boolean preferredAttestationTypesMatch() {
        List<Short> attestationTypeList = this.mMatchCriteria.getAttestationTypeList();
        if (isEmpty(attestationTypeList)) {
            return true;
        }
        List<Short> attestationTypeList2 = this.mAuthenticatorInfo.getAttestationTypeList();
        if (isEmpty(attestationTypeList2)) {
            CSLog.d(TAG, "authenticator attestationTypes is null or empty");
            return false;
        }
        for (Short sh : attestationTypeList) {
            if (attestationTypeList2.contains(sh)) {
                this.mMatchedAttestationType = sh;
                return true;
            }
        }
        return false;
    }

    private boolean supportedAuthAlgsMatch() {
        List<Short> authenticationAlgorithmList = this.mMatchCriteria.getAuthenticationAlgorithmList();
        if (isEmpty(authenticationAlgorithmList)) {
            return true;
        }
        return authenticationAlgorithmList.contains(Short.valueOf(this.mAuthenticatorInfo.getAuthenticationAlgorithm()));
    }

    private boolean supportedSchemesMatch() {
        List<String> assertionSchemeList = this.mMatchCriteria.getAssertionSchemeList();
        if (isEmpty(assertionSchemeList)) {
            return true;
        }
        return assertionSchemeList.contains(this.mAuthenticatorInfo.getAssertionScheme());
    }

    private boolean tcDisplayMatch() {
        Short tcDisplay = this.mMatchCriteria.getTcDisplay();
        return tcDisplay == null || (this.mAuthenticatorInfo.getTcDisplay() & tcDisplay.shortValue()) != 0;
    }

    private boolean userVerificationMatch() {
        Integer userVerification = this.mMatchCriteria.getUserVerification();
        if (userVerification == null) {
            return true;
        }
        int userVerification2 = this.mAuthenticatorInfo.getUserVerification();
        if (Integer.valueOf(userVerification2).equals(userVerification)) {
            return true;
        }
        return (userVerification2 & 1024) == 0 && (userVerification.intValue() & 1024) == 0 && (userVerification2 & userVerification.intValue()) != 0;
    }

    private boolean validate(boolean z10) {
        if (AuthenticatorValidator.isValidMatchCriteria(this.mMatchCriteria)) {
            return !z10 ? (this.mMatchCriteria.getKeyIdList() != null || this.mMatchCriteria.getAuthenticationAlgorithmList() == null || this.mMatchCriteria.getAssertionSchemeList() == null) ? false : true : this.mMatchCriteria.getVendorIdList() == null && this.mMatchCriteria.getUserVerification() == null && this.mMatchCriteria.getKeyProtection() == null && this.mMatchCriteria.getMatcherProtection() == null && this.mMatchCriteria.getTcDisplay() == null && this.mMatchCriteria.getAttestationTypeList() == null && this.mMatchCriteria.getAuthenticationAlgorithmList() == null && this.mMatchCriteria.getAssertionSchemeList() == null;
        }
        CSLog.w(TAG, "mMatchCriteria(" + this.mMatchCriteria + ") is invalid.");
        return false;
    }

    private boolean vendorIdMatch() {
        List<String> vendorIdList = this.mMatchCriteria.getVendorIdList();
        if (isEmpty(vendorIdList)) {
            return true;
        }
        return vendorIdList.contains(this.mAuthenticatorInfo.getAaid().substring(0, 5));
    }

    public Short getMatchedAttestationType() {
        return this.mMatchedAttestationType;
    }

    public List<Transaction> getMatchedTransactions() {
        return this.mMatchedTransactions;
    }

    public boolean match(AuthenticatorInfo authenticatorInfo, MatchCriteria matchCriteria) {
        String str = TAG;
        CSLog.v(str, "Enter match(" + authenticatorInfo + ", " + matchCriteria + ")");
        this.mAuthenticatorInfo = authenticatorInfo;
        this.mMatchCriteria = matchCriteria;
        List<String> aaidList = matchCriteria.getAaidList();
        boolean z10 = true;
        boolean z11 = false;
        boolean z12 = (aaidList == null || aaidList.isEmpty()) ? false : true;
        if (validate(z12)) {
            if (!z12 ? !vendorIdMatch() || !keyIdMatch() || !userVerificationMatch() || !keyProtectionMatch() || !matcherProtectionMatch() || !attachmentMatch() || !tcDisplayMatch() || !supportedAuthAlgsMatch() || !supportedSchemesMatch() || !preferredAttestationTypesMatch() || !extsMatch() : !aaidMatch() || !keyIdMatch() || !attachmentMatch() || !extsMatch()) {
                z10 = false;
            }
            z11 = z10;
        } else {
            CSLog.w(str, "matchCriteria is invalid");
        }
        CSLog.v(str, "Exit match() return ".concat(z11 ? "true" : "false"));
        return z11;
    }

    public boolean match(AuthenticatorInfo authenticatorInfo, MatchCriteria matchCriteria, List<Transaction> list) {
        this.mIsTransaction = !isEmpty(list);
        if (!match(authenticatorInfo, matchCriteria)) {
            CSLog.v(TAG, "Not matched with MatchCriteria.");
            return false;
        }
        if (this.mIsTransaction) {
            return matchTransaction(authenticatorInfo, list);
        }
        return true;
    }

    public boolean matchTransaction(AuthenticatorInfo authenticatorInfo, List<Transaction> list) {
        String str = TAG;
        CSLog.v(str, "Enter matchTransaction(" + authenticatorInfo + ", " + list + ")");
        String tcDisplayContentType = authenticatorInfo.getTcDisplayContentType();
        if (tcDisplayContentType.isEmpty()) {
            CSLog.v(str, "tcDisplayContentType is EMPTIED");
            return false;
        }
        List<DisplayPngCharacteristicsDescriptor> tcDisplayPngCharacteristicList = authenticatorInfo.getTcDisplayPngCharacteristicList();
        this.mMatchedTransactions = new ArrayList();
        for (final Transaction transaction : list) {
            if (tcDisplayContentType.equals(transaction.getContentType()) && (!tcDisplayContentType.equals("image/png") || b.g(tcDisplayPngCharacteristicList, new r() { // from class: com.samsung.android.authfw.client.policy.PolicyMatcher.1
                @Override // e3.r
                public boolean apply(DisplayPngCharacteristicsDescriptor displayPngCharacteristicsDescriptor) {
                    if (transaction.getTcDisplayPngCharacteristics() != null) {
                        return displayPngCharacteristicsDescriptor.toJson().equals(transaction.getTcDisplayPngCharacteristics().toJson());
                    }
                    CSLog.w(PolicyMatcher.TAG, "TcDisplayPngCharacteristics is null");
                    return true;
                }
            }))) {
                this.mMatchedTransactions.add(transaction);
            }
        }
        boolean z10 = !this.mMatchedTransactions.isEmpty();
        if (!z10) {
            this.mMatchedTransactions = null;
        }
        CSLog.v(TAG, "Exit matchTransaction() return ".concat(z10 ? "true" : "false"));
        return z10;
    }
}
