package com.veridiumid.sdk.orchestrator.internal.authentication.service;

import android.content.Context;
import android.os.Bundle;
import android.util.Pair;
import com.veridiumid.mobilesdk.managers.AuthenticationManager;
import com.veridiumid.mobilesdk.managers.ProfilesManager;
import com.veridiumid.mobilesdk.model.data.domain.datamodel.AuthenticatorProfile;
import com.veridiumid.mobilesdk.model.data.persistence.account.IAccountModel;
import com.veridiumid.mobilesdk.otp.OtpProvider;
import com.veridiumid.sdk.IVeridiumSDK;
import com.veridiumid.sdk.VeridiumIdException;
import com.veridiumid.sdk.authenticator.pin.PinAuthenticator;
import com.veridiumid.sdk.authenticator.pin.PinAuthenticatorRequestOptions;
import com.veridiumid.sdk.biometric.PlatformBiometricAuthenticator;
import com.veridiumid.sdk.client.api.model.domain.client.registration.AuthenticatorKey;
import com.veridiumid.sdk.client.api.model.domain.server.AuthenticationMode;
import com.veridiumid.sdk.client.api.model.domain.server.VeridiumIdCommand;
import com.veridiumid.sdk.client.api.model.domain.server.biometrics.VeridiumIDBiometricStatus;
import com.veridiumid.sdk.client.exception.VeridiumIDException;
import com.veridiumid.sdk.core.util.function.Predicate;
import com.veridiumid.sdk.fourf.FourFInterface;
import com.veridiumid.sdk.log.Timber;
import com.veridiumid.sdk.model.biometrics.engine.sampling.IBiometricSampler;
import com.veridiumid.sdk.orchestrator.R;
import com.veridiumid.sdk.orchestrator.internal.authentication.method.AuthenticationMethodFactory;
import com.veridiumid.sdk.orchestrator.internal.authentication.method.PinAuthenticatorConfig;
import com.veridiumid.sdk.orchestrator.internal.authentication.model.AuthenticatingSession;
import com.veridiumid.sdk.orchestrator.internal.authentication.model.AuthenticationChallenge;
import com.veridiumid.sdk.orchestrator.internal.authentication.model.AuthenticationMethodChallenge;
import com.veridiumid.sdk.orchestrator.internal.authentication.model.EnrollMethodChallenge;
import com.veridiumid.sdk.orchestrator.internal.pairing.EnvironmentPolicyService;
import com.veridiumid.sdk.orchestrator.internal.pairing.EnvironmentStorage;
import com.veridiumid.sdk.orchestrator.internal.registration.model.AuthenticationKey;
import com.veridiumid.sdk.util.CollectionUtils;
import com.veridiumid.sdk.vface.VFaceInterface;
import java.security.KeyStore;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AuthenticationMethodService {
    private final IAccountModel mAccountModel;
    private final Context mContext;
    private final EnvironmentPolicyService mEnvironmentPolicyService;
    private final EnvironmentStorage mEnvironmentStorage;
    private final com.google.gson.e mGson;

    /* loaded from: classes.dex */
    public interface BiometricAuthenticator {
        public static final String KEY_LIVENESS_ENABLED = "enableLiveness";
        public static final String KEY_LIVENESS_FACTOR = "livenessFactor";
    }

    /* loaded from: classes.dex */
    public interface CertificateAuthenticator {
        public static final String KEY_ALGORITHM = "com.veridiumid.sdk.authenticator.certificate.ALGORITHM";
        public static final String KEY_CERTIFICATE = "com.veridiumid.sdk.authenticator.certificate.CERTIFICATE";
        public static final String KEY_CERTIFICATE_ISSUERS = "com.veridiumid.sdk.authenticator.certificate.ISSUER";
        public static final String KEY_CONFIGURATION_CERTIFICATE_AUTHENTICATOR_ISSUER_LIST = "issuers";
        public static final String KEY_ERROR_CODE = "com.veridiumid.sdk.authenticator.certificate.ERROR_CODE";
        public static final String KEY_ERROR_EXTRA = "com.veridiumid.sdk.authenticator.certificate.ERROR";
        public static final String KEY_ERROR_MESSAGE = "com.veridiumid.sdk.authenticator.certificate.ERROR_MESSAGE";
        public static final String KEY_EXTRA_REQUEST_OPTIONS = "com.veridiumid.authenticator.certificate.REQUEST_OPTIONS";
        public static final String KEY_RESPONSE_EXTRA = "com.veridiumid.sdk.authenticator.certificate.RESPONSE";
        public static final String KEY_SIGNED_DATA = "com.veridiumid.sdk.authenticator.certificate.SIGNED_DATA";
        public static final String KEY_SIGNING_DATA = "com.veridiumid.sdk.authenticator.certificate.SIGNING_DATA";
        public static final String KEY_TIMEOUT = "com.veridiumid.sdk.authenticator.certificate.TIMEOUT";
        public static final String UID = "CERTIFICATE";
    }

    public AuthenticationMethodService(Context context, com.google.gson.e eVar, EnvironmentPolicyService environmentPolicyService, IAccountModel iAccountModel, EnvironmentStorage environmentStorage) {
        this.mContext = context;
        this.mGson = eVar;
        this.mEnvironmentPolicyService = environmentPolicyService;
        this.mEnvironmentStorage = environmentStorage;
        this.mAccountModel = iAccountModel;
    }

    private byte[] createDefaultClientChallenge(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder(str);
        if (str2 != null) {
            sb.append(str2);
        }
        if (str3 != null) {
            sb.append(str3);
        }
        return sb.toString().getBytes();
    }

    private List<AuthenticationChallenge> createJourneyAuthenticationChallenges(String str, long j10, AuthenticatorProfile authenticatorProfile, String str2, List<VeridiumIdCommand> list) {
        String str3;
        Map<String, String> map;
        Map map2;
        String str4 = "configuration";
        List<AuthenticationChallenge> linkedList = new LinkedList<>();
        if (list == null) {
            return linkedList;
        }
        List<VeridiumIdCommand> filter = CollectionUtils.filter(list, new Predicate() { // from class: com.veridiumid.sdk.orchestrator.internal.authentication.service.a
            @Override // com.veridiumid.sdk.core.util.function.Predicate
            public final boolean test(Object obj) {
                boolean lambda$createJourneyAuthenticationChallenges$0;
                lambda$createJourneyAuthenticationChallenges$0 = AuthenticationMethodService.lambda$createJourneyAuthenticationChallenges$0((VeridiumIdCommand) obj);
                return lambda$createJourneyAuthenticationChallenges$0;
            }
        });
        Map<String, String> authenticatorKeyAlias = authenticatorProfile.getAuthenticatorKeyAlias();
        authenticatorKeyAlias.put("CERTIFICATE", "");
        for (VeridiumIdCommand veridiumIdCommand : filter) {
            Map<String, Object> attributes = veridiumIdCommand.getAttributes();
            try {
                ArrayList arrayList = new ArrayList();
                JSONObject jSONObject = new JSONObject(attributes).getJSONObject("authenticate");
                JSONArray jSONArray = jSONObject.getJSONArray("methods");
                int i10 = 0;
                while (i10 < jSONArray.length()) {
                    JSONObject jSONObject2 = jSONArray.getJSONObject(i10);
                    String string = jSONObject2.getString("type");
                    String str5 = authenticatorKeyAlias.get(string);
                    if (str5 != null) {
                        map = authenticatorKeyAlias;
                        byte[] createDefaultClientChallenge = createDefaultClientChallenge(authenticatorProfile.getId(), str, str2);
                        int i11 = jSONObject.has("retries") ? jSONObject.getInt("retries") : 0;
                        Map emptyMap = Collections.emptyMap();
                        if (jSONObject2.isNull(str4)) {
                            str3 = str4;
                            map2 = emptyMap;
                        } else {
                            str3 = str4;
                            map2 = (Map) this.mGson.m(jSONObject2.getJSONObject(str4).toString(), new com.google.gson.reflect.a<Map<String, Object>>() { // from class: com.veridiumid.sdk.orchestrator.internal.authentication.service.AuthenticationMethodService.1
                            }.getType());
                        }
                        arrayList.add(new AuthenticationMethodChallenge(string, createDefaultClientChallenge, j10, str5, i11, map2));
                    } else {
                        str3 = str4;
                        map = authenticatorKeyAlias;
                    }
                    i10++;
                    authenticatorKeyAlias = map;
                    str4 = str3;
                }
                String str6 = str4;
                Map<String, String> map3 = authenticatorKeyAlias;
                if (arrayList.size() == jSONArray.length()) {
                    linkedList.add(new AuthenticationChallenge(veridiumIdCommand.getId(), arrayList));
                }
                authenticatorKeyAlias = map3;
                str4 = str6;
            } catch (JSONException e10) {
                throw new VeridiumIdException(IBiometricSampler.ERROR_UNKNOWN, "Could not extract authentication methods", e10);
            }
        }
        if (!filter.isEmpty() && linkedList.isEmpty()) {
            throw new VeridiumIdException(IBiometricSampler.ERROR_UNKNOWN, "Authentication method list is empty");
        }
        List<AuthenticationChallenge> preferredAuthenticationMethods = getPreferredAuthenticationMethods(authenticatorProfile, linkedList);
        if (!preferredAuthenticationMethods.isEmpty()) {
            linkedList = preferredAuthenticationMethods;
        }
        if (linkedList.size() == 1 && filter.size() > 1) {
            AuthenticationChallenge remove = linkedList.remove(0);
            linkedList.add(new AuthenticationChallenge(remove.getId(), remove.getAuthenticationMethodChallenges(), true));
        }
        return linkedList;
    }

    private List<EnrollMethodChallenge> createJourneyEnrollMethodChallenges(AuthenticatorProfile authenticatorProfile, List<VeridiumIdCommand> list) {
        LinkedList linkedList = new LinkedList();
        if (list != null && !list.isEmpty()) {
            for (VeridiumIdCommand veridiumIdCommand : list) {
                if (VeridiumIdCommand.TYPE_ENROLLMENT.equals(veridiumIdCommand.getType())) {
                    try {
                        JSONArray optJSONArray = new JSONObject(veridiumIdCommand.getAttributes()).optJSONArray("methods");
                        if (optJSONArray != null) {
                            for (int i10 = 0; i10 < optJSONArray.length(); i10++) {
                                JSONObject jSONObject = optJSONArray.getJSONObject(i10);
                                String string = jSONObject.getString("type");
                                String string2 = jSONObject.getString("enrollmentTrackerId");
                                String string3 = jSONObject.getString("reason");
                                boolean z10 = jSONObject.has("mandatory") && jSONObject.getBoolean("mandatory");
                                String string4 = jSONObject.has("userMessage") ? jSONObject.getString("userMessage") : null;
                                Map<String, Object> map = (Map) this.mGson.m(jSONObject.getJSONObject("configuration").toString(), new com.google.gson.reflect.a<Map<String, Object>>() { // from class: com.veridiumid.sdk.orchestrator.internal.authentication.service.AuthenticationMethodService.2
                                }.getType());
                                updateMethodConfiguration(string, map);
                                linkedList.add(new EnrollMethodChallenge(authenticatorProfile.getId(), string, string2, string3, Boolean.valueOf(z10), string4, map));
                            }
                        }
                    } catch (JSONException e10) {
                        throw new VeridiumIdException(IBiometricSampler.ERROR_UNKNOWN, "Could not extract authentication methods", e10);
                    }
                }
            }
        }
        return linkedList;
    }

    private Bundle getBiometricConfig(Map<String, Object> map) {
        Bundle bundle = new Bundle();
        if (map != null) {
            try {
                JSONObject jSONObject = new JSONObject(map);
                if (jSONObject.has(BiometricAuthenticator.KEY_LIVENESS_ENABLED)) {
                    bundle.putBoolean(IVeridiumSDK.KEY_LIVENESS, jSONObject.getBoolean(BiometricAuthenticator.KEY_LIVENESS_ENABLED));
                }
                if (jSONObject.has(BiometricAuthenticator.KEY_LIVENESS_FACTOR)) {
                    bundle.putInt(IVeridiumSDK.KEY_LIVENESS_FACTOR, jSONObject.getInt(BiometricAuthenticator.KEY_LIVENESS_FACTOR));
                }
            } catch (JSONException unused) {
                Timber.d("Error reading biometric configuration.", new Object[0]);
            }
        }
        return bundle;
    }

    private List<AuthenticationChallenge> getPreferredAuthenticationMethods(AuthenticatorProfile authenticatorProfile, List<AuthenticationChallenge> list) {
        ArrayList arrayList = new ArrayList();
        if (authenticatorProfile.getVeridiumIDProfile().biometricMethods == null || authenticatorProfile.getVeridiumIDProfile().biometricMethods.length == 0) {
            return Collections.emptyList();
        }
        List asList = Arrays.asList(authenticatorProfile.getVeridiumIDProfile().biometricMethods);
        for (AuthenticationChallenge authenticationChallenge : list) {
            boolean z10 = true;
            Iterator<AuthenticationMethodChallenge> it = authenticationChallenge.getAuthenticationMethodChallenges().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AuthenticationMethodChallenge next = it.next();
                if ("CERTIFICATE".equals(next.getId())) {
                    break;
                }
                if (!asList.contains(next.getId())) {
                    z10 = false;
                    break;
                }
            }
            if (z10) {
                arrayList.add(authenticationChallenge);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$createJourneyAuthenticationChallenges$0(VeridiumIdCommand veridiumIdCommand) {
        return VeridiumIdCommand.TYPE_AUTHENTICATION.equals(veridiumIdCommand.getType());
    }

    private void updateMethodConfiguration(String str, Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        HashMap hashMap = this.mEnvironmentStorage.getAuthenticationMethods() != null ? new HashMap(this.mEnvironmentStorage.getAuthenticationMethods()) : new HashMap();
        hashMap.put(str, map);
        this.mEnvironmentStorage.setAuthenticationMethods(hashMap);
    }

    public Bundle buildAuthenticatorRequestBundle(AuthenticatingSession authenticatingSession, AuthenticationMethodChallenge authenticationMethodChallenge) {
        List list;
        Bundle bundle = new Bundle();
        Map<String, Object> configuration = authenticationMethodChallenge.getConfiguration();
        if ("CERTIFICATE".equals(authenticationMethodChallenge.getId())) {
            Bundle bundle2 = new Bundle();
            if (configuration != null) {
                bundle2.putByteArray("com.veridiumid.sdk.authenticator.certificate.SIGNING_DATA", authenticationMethodChallenge.getChallenge());
                if (configuration.containsKey(CertificateAuthenticator.KEY_CONFIGURATION_CERTIFICATE_AUTHENTICATOR_ISSUER_LIST) && (list = (List) configuration.get(CertificateAuthenticator.KEY_CONFIGURATION_CERTIFICATE_AUTHENTICATOR_ISSUER_LIST)) != null && !list.isEmpty()) {
                    bundle2.putStringArrayList("com.veridiumid.sdk.authenticator.certificate.ISSUER", new ArrayList<>(list));
                }
            }
            bundle.putBundle("com.veridiumid.authenticator.certificate.REQUEST_OPTIONS", bundle2);
        } else if (PinAuthenticator.UID.equals(authenticationMethodChallenge.getId())) {
            PinAuthenticatorConfig pinAuthenticatorConfig = this.mEnvironmentStorage.getPinAuthenticatorConfig();
            bundle.putBundle(PinAuthenticator.KEY_EXTRA_REQUEST_OPTIONS, new PinAuthenticatorRequestOptions.Builder().setTitle(pinAuthenticatorConfig.authenticationUserInterfaceConfig.title).setDescription(pinAuthenticatorConfig.authenticationUserInterfaceConfig.description).setSubtitle(pinAuthenticatorConfig.authenticationUserInterfaceConfig.pin.title).setErrorMessage(authenticationMethodChallenge.getRetries() > 0 ? this.mContext.getResources().getQuantityString(R.plurals.veridiumid_pin_retry_error_message, authenticationMethodChallenge.getRetries(), Integer.valueOf(authenticationMethodChallenge.getRetries())) : null).setKeyAlias(authenticationMethodChallenge.getKeyId()).setSigningData(authenticationMethodChallenge.getChallenge()).build().toBundle());
        } else if (authenticationMethodChallenge.getChallenge() != null) {
            Bundle bundle3 = new Bundle();
            bundle3.putString(IVeridiumSDK.EXTRA_KEY_UUID, authenticationMethodChallenge.getKeyId());
            bundle3.putString(IVeridiumSDK.EXTRA_KEY_TRANSACTION_TEXT, new String(authenticationMethodChallenge.getChallenge()));
            bundle3.putString(IVeridiumSDK.EXTRA_KEY_ALGORITHM, AuthenticatorKey.autodetectSupportedAlgorithm().name());
            Bundle bundle4 = new Bundle();
            bundle4.putBundle(authenticationMethodChallenge.getId(), bundle3);
            bundle.putBundle(IVeridiumSDK.EXTRA_TRANSACTION_SIGNING_METADATA, bundle4);
            if (authenticationMethodChallenge.getId().equals(VFaceInterface.UID) || authenticationMethodChallenge.getId().equals(FourFInterface.UID)) {
                bundle.putBundle(IVeridiumSDK.EXTRA_KEY_EXTERNAL_CONFIG, getBiometricConfig(authenticationMethodChallenge.getConfiguration()));
            }
        }
        if (authenticatingSession != null) {
            bundle.putString(AuthenticationManager.EXTRA_KEY_SESSION_ID, authenticatingSession.getSessionId());
            AuthenticatorProfile identity = authenticatingSession.getIdentity();
            if (identity != null) {
                bundle.putString(ProfilesManager.EXTRA_KEY_PROFILE_ID, identity.getId());
            }
        }
        return bundle;
    }

    public AuthenticationKey generatePlatformAuthenticatorSigningKeys(boolean z10) {
        Pair<String, PublicKey> registerSigningKeys = PlatformBiometricAuthenticator.from(this.mContext).registerSigningKeys(AuthenticatorKey.autodetectSupportedAlgorithm().getAlias(), z10);
        return new AuthenticationKey(PlatformBiometricAuthenticator.UID, (String) registerSigningKeys.first, (PublicKey) registerSigningKeys.second);
    }

    public List<AuthenticationChallenge> getAuthenticationChallengeList(AuthenticatorProfile authenticatorProfile) {
        Map<String, String> authenticatorKeyAlias = authenticatorProfile.getAuthenticatorKeyAlias();
        ArrayList<String> arrayList = new ArrayList(authenticatorKeyAlias.keySet());
        Collections.sort(arrayList, AuthenticationMethodFactory.AUTHENTICATION_METHOD_NAME_COMPARATOR);
        byte[] bytes = authenticatorProfile.getId().getBytes();
        LinkedList linkedList = new LinkedList();
        AuthenticationMode phoneAuthenticatorType = this.mAccountModel.getPhoneAuthenticatorType();
        for (String str : arrayList) {
            if (!PinAuthenticator.UID.equals(str) && !OtpProvider.UID.equals(str) && !"CERTIFICATE".equals(str) && (phoneAuthenticatorType == AuthenticationMode.CLIENT_FULL || PlatformBiometricAuthenticator.UID.equals(str))) {
                linkedList.add(new AuthenticationChallenge(UUID.randomUUID().toString(), Collections.singletonList(new AuthenticationMethodChallenge(str, bytes, -1L, authenticatorKeyAlias.get(str), 0, Collections.emptyMap()))));
                authenticatorKeyAlias = authenticatorKeyAlias;
            }
        }
        if (linkedList.isEmpty()) {
            Timber.d("No available local authentication methods found in %s", arrayList);
            throw new VeridiumIdException(IBiometricSampler.ERROR_UNKNOWN, "Invalid session biometrics");
        }
        List<AuthenticationChallenge> preferredAuthenticationMethods = getPreferredAuthenticationMethods(authenticatorProfile, linkedList);
        return preferredAuthenticationMethods.isEmpty() ? linkedList : preferredAuthenticationMethods;
    }

    public List<AuthenticationChallenge> getAuthenticationChallengeList(String str, long j10, AuthenticatorProfile authenticatorProfile, String str2, VeridiumIDBiometricStatus[] veridiumIDBiometricStatusArr, List<VeridiumIdCommand> list) {
        return createJourneyAuthenticationChallenges(str, j10, authenticatorProfile, str2, list);
    }

    public List<EnrollMethodChallenge> getEnrollMethodChallengesList(AuthenticatorProfile authenticatorProfile, VeridiumIDBiometricStatus[] veridiumIDBiometricStatusArr, List<VeridiumIdCommand> list) {
        return createJourneyEnrollMethodChallenges(authenticatorProfile, list);
    }

    public List<String> getUserPresenceOptions(List<VeridiumIdCommand> list) {
        if (list == null) {
            return null;
        }
        for (VeridiumIdCommand veridiumIdCommand : list) {
            if (veridiumIdCommand.getType().equals(VeridiumIdCommand.TYPE_USER_PRESENCE)) {
                try {
                    JSONArray jSONArray = new JSONObject(veridiumIdCommand.getAttributes()).getJSONArray("options");
                    ArrayList arrayList = new ArrayList();
                    for (int i10 = 0; i10 < jSONArray.length(); i10++) {
                        arrayList.add(jSONArray.getString(i10));
                    }
                    return arrayList;
                } catch (JSONException e10) {
                    Timber.e(e10, "Failed to parse user presence command", new Object[0]);
                }
            }
        }
        return null;
    }

    public boolean isKeyBiometricProtected() {
        return this.mEnvironmentStorage.getSystemSettings().isKeyBiometricProtectionEnabled();
    }

    public void removeSigningKeys(List<String> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                keyStore.deleteEntry(it.next());
            }
            Timber.i("Keys removed %s", list);
        } catch (Exception e10) {
            Timber.w(e10, "Failed to delete authenticator signing keys", new Object[0]);
        }
    }

    public void validateDeviceCompliance() {
        try {
            this.mEnvironmentPolicyService.validateDeviceCompliancePolicy(this.mEnvironmentStorage.getDeviceCompliancePolicy());
        } catch (VeridiumIdException e10) {
            throw new VeridiumIDException(180, "Device operating system version does not meet the requirements set by your administrator.", e10);
        }
    }
}
