package com.veridiumid.sdk.orchestrator.internal.pairing;

import android.content.Context;
import android.provider.Settings;
import android.view.inputmethod.InputMethodInfo;
import android.view.inputmethod.InputMethodManager;
import com.veridiumid.mobilesdk.VeridiumConstants;
import com.veridiumid.sdk.IVeridiumSDK;
import com.veridiumid.sdk.VeridiumIdException;
import com.veridiumid.sdk.client.api.model.domain.server.VeridiumIDMemberDefinitionEx;
import com.veridiumid.sdk.licensing.LicensingService;
import com.veridiumid.sdk.licensing.exception.LicenseException;
import com.veridiumid.sdk.licensing.exception.LicenseValidationException;
import com.veridiumid.sdk.licensing.model.LicenseValidationOutput;
import com.veridiumid.sdk.log.Timber;
import com.veridiumid.sdk.model.domain.LicenseStatus;
import com.veridiumid.sdk.orchestrator.internal.SdkContextStorage;
import com.veridiumid.sdk.orchestrator.internal.device.context.DeviceRuntimeService;
import com.veridiumid.sdk.orchestrator.internal.device.integrity.DeviceIntegrityProvider;
import com.veridiumid.sdk.orchestrator.internal.pairing.model.ServerPairingIdentity;
import com.veridiumid.sdk.orchestrator.internal.pairing.model.SystemSettings;
import com.veridiumid.sdk.util.SemverComparator;
import com.veridiumid.sdk.util.Strings;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.ExecutionException;

/* loaded from: classes.dex */
public class EnvironmentPolicyService {
    private final DeviceIntegrityProvider mDeviceIntegrityProvider;
    private final DeviceRuntimeService mDeviceRuntimeService;
    private final com.google.gson.e mGson;
    private final LicensingService mLicensingService;
    private final SdkContextStorage mSdkContextStorage;
    private final IVeridiumSDK mVeridiumSdk;

    public EnvironmentPolicyService(com.google.gson.e eVar, LicensingService licensingService, DeviceIntegrityProvider deviceIntegrityProvider, SdkContextStorage sdkContextStorage, IVeridiumSDK iVeridiumSDK, DeviceRuntimeService deviceRuntimeService) {
        this.mGson = eVar;
        this.mLicensingService = licensingService;
        this.mDeviceIntegrityProvider = deviceIntegrityProvider;
        this.mSdkContextStorage = sdkContextStorage;
        this.mVeridiumSdk = iVeridiumSDK;
        this.mDeviceRuntimeService = deviceRuntimeService;
    }

    private SystemSettings.DeviceCompliancePolicy extractDeviceCompliancePolicy(String str) {
        if (!Strings.isEmpty(str)) {
            try {
                return new SystemSettings.DeviceCompliancePolicy((Map) this.mGson.m(str, new com.google.gson.reflect.a<Map<String, String>>() { // from class: com.veridiumid.sdk.orchestrator.internal.pairing.EnvironmentPolicyService.2
                }.getType()));
            } catch (Exception e10) {
                Timber.e(e10, "Could not parse device compliance policy", new Object[0]);
            }
        }
        return new SystemSettings.DeviceCompliancePolicy(null, null, null);
    }

    private void validateAuthenticationMethods(String[] strArr, String[] strArr2) {
        boolean z10;
        if (strArr == null || strArr.length == 0) {
            Timber.w("Member definition validation error: available biometrics are null or empty", new Object[0]);
            throw new VeridiumIdException(1039, "Invalid configuration: no biometrics setup");
        }
        List asList = Arrays.asList(this.mVeridiumSdk.getAvailableAuthenticatorIds(true));
        Iterator it = asList.iterator();
        while (true) {
            if (it.hasNext()) {
                if (asList.contains((String) it.next())) {
                    z10 = true;
                    break;
                }
            } else {
                z10 = false;
                break;
            }
        }
        if (!z10) {
            Timber.w("None of the available biometrics required by the server are compatible with this device", new Object[0]);
            throw new VeridiumIdException(1040, strArr, "Device is not supporting available biometric methods", null);
        }
        for (String str : strArr2) {
            if (!asList.contains(str)) {
                Timber.w("Some mandatory biometrics required by the server are incompatible with this device %s", str);
                throw new VeridiumIdException(1038, new String[]{str}, "Device is not supporting required biometric method", null);
            }
        }
    }

    private void validateDeviceIntegrity() {
        try {
            if (this.mDeviceIntegrityProvider.getLocalIntegrityService().deviceIntegrityTask().await().booleanValue()) {
                Timber.w("Device detected as rooted", new Object[0]);
                throw new VeridiumIdException(1052, "Device is rooted");
            }
        } catch (InterruptedException | ExecutionException e10) {
            Timber.w(e10, "Device integrity validation failed", new Object[0]);
            throw new VeridiumIdException(1051, "Device integrity validation failed");
        }
    }

    public SystemSettings.DeviceCompliancePolicy extractDeviceCompliancePolicy(Map<String, Object> map, Map<String, String> map2) {
        return !map2.containsKey(SystemSettings.KEY_DEVICE_OS_ENFORCEMENT) ? new SystemSettings.DeviceCompliancePolicy(extractMinimumOsVersion(map), null, null) : extractDeviceCompliancePolicy(map2.get(SystemSettings.KEY_DEVICE_OS_ENFORCEMENT));
    }

    @Deprecated
    public String extractMinimumOsVersion(Map<String, Object> map) {
        Map map2;
        if (map == null || (map2 = (Map) map.get("minimumRequirements")) == null) {
            return null;
        }
        for (Map.Entry entry : map2.entrySet()) {
            if ("android".equalsIgnoreCase((String) entry.getKey())) {
                return (String) entry.getValue();
            }
        }
        return null;
    }

    public boolean isUsingPermittedKeyboard(Context context, SystemSettings systemSettings) {
        List<String> permittedKeyboards = systemSettings.getPermittedKeyboards();
        if (permittedKeyboards.isEmpty()) {
            return true;
        }
        for (InputMethodInfo inputMethodInfo : ((InputMethodManager) context.getSystemService("input_method")).getEnabledInputMethodList()) {
            if (inputMethodInfo.getId().equals(Settings.Secure.getString(context.getContentResolver(), "default_input_method")) && (inputMethodInfo.getServiceInfo().applicationInfo.flags & 1) == 1) {
                return true;
            }
        }
        Iterator<String> it = permittedKeyboards.iterator();
        while (it.hasNext()) {
            if (Settings.Secure.getString(context.getContentResolver(), "default_input_method").split(VeridiumConstants.QR_CODE_SEPARATOR)[0].equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    public void validateDeviceCompliancePolicy(SystemSettings.DeviceCompliancePolicy deviceCompliancePolicy) {
        String operatingSystemVersion = this.mDeviceRuntimeService.getOperatingSystemVersion();
        String minimumOsVersion = deviceCompliancePolicy.getMinimumOsVersion();
        if (!Strings.isEmpty(minimumOsVersion) && SemverComparator.compareVersion(operatingSystemVersion, minimumOsVersion) < 0) {
            Timber.w("Minimum os version policy not met: actual=%s expected=%s", operatingSystemVersion, minimumOsVersion);
            throw new VeridiumIdException(1070, "Minimum os version is not met");
        }
        String securityPatchVersion = this.mDeviceRuntimeService.getSecurityPatchVersion();
        String minimumSecurityPatchVersion = deviceCompliancePolicy.getMinimumSecurityPatchVersion();
        if (!Strings.isEmpty(minimumSecurityPatchVersion) && !Strings.isEmpty(securityPatchVersion)) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd", Locale.US);
            try {
                if (simpleDateFormat.parse(securityPatchVersion).before(simpleDateFormat.parse(minimumSecurityPatchVersion))) {
                    Timber.w("Minimum security patch version policy not met: actual=%s expected=%s", securityPatchVersion, minimumSecurityPatchVersion);
                    throw new VeridiumIdException(1080, "Minimum os patch version is not met");
                }
            } catch (ParseException e10) {
                Timber.w(e10, "OS security patch parsing failed", new Object[0]);
            }
        }
        String applicationVersion = this.mDeviceRuntimeService.getApplicationVersion();
        String minimumAppVersion = deviceCompliancePolicy.getMinimumAppVersion();
        if (Strings.isEmpty(minimumAppVersion) || SemverComparator.compareVersion(applicationVersion, minimumAppVersion) >= 0) {
            return;
        }
        Timber.w("Minimum application version policy not met: actual=%s expected=%s", applicationVersion, minimumAppVersion);
        throw new VeridiumIdException(1081, "Minimum app version is not met");
    }

    public void validateMemberDefinition(VeridiumIDMemberDefinitionEx veridiumIDMemberDefinitionEx, String str) {
        if (veridiumIDMemberDefinitionEx.phoneAuthenticatorType == null) {
            Timber.w("Paired sever has not configured any phone biometry requirements", new Object[0]);
            throw new VeridiumIdException(1047, "Biometric methods are not configured");
        }
        if (Strings.isEmpty(str)) {
            validateAuthenticationMethods(veridiumIDMemberDefinitionEx.availableBiometricMethods, veridiumIDMemberDefinitionEx.biometricMethods);
        }
    }

    public String[] validateServerIdentity(String str) {
        try {
            return ((ServerPairingIdentity) this.mGson.m(this.mLicensingService.verifyMessage(str), new com.google.gson.reflect.a<ServerPairingIdentity>() { // from class: com.veridiumid.sdk.orchestrator.internal.pairing.EnvironmentPolicyService.1
            }.getType())).getServerCertHashes();
        } catch (LicenseException unused) {
            Timber.w("Paired environment is not trusted identity=%s", str);
            throw new VeridiumIdException(1032, "The server is not trusted");
        }
    }

    public String[] validateServerIdentityLicense(String str) {
        try {
            LicenseValidationOutput validateLicence = this.mLicensingService.validateLicence(str);
            if (validateLicence.getLicenseStatus() != LicenseStatus.SUCCESS && validateLicence.getLicenseStatus() != LicenseStatus.SUCCESS_WITH_GRACE) {
                throw new LicenseValidationException("License is invalid - " + validateLicence.getLicenseStatus().name(), validateLicence.getLicenseStatus().getCode());
            }
            return validateLicence.getOuterLicense().getServerCertHashes() != null ? validateLicence.getOuterLicense().getServerCertHashes() : validateLicence.getInnerLicense().enforce.serverCertHashes;
        } catch (LicenseException unused) {
            Timber.w("Paired environment is not trusted identity=%s", str);
            throw new VeridiumIdException(1032, "The server is not trusted");
        }
    }

    public void verifySystemSettings(SystemSettings systemSettings) {
        this.mDeviceIntegrityProvider.getLocalIntegrityService().detectHooks();
        validateDeviceIntegrity();
        boolean isUsingHardwareKeys = this.mSdkContextStorage.isUsingHardwareKeys();
        if (!systemSettings.isHardwareEncryptionRequired() || isUsingHardwareKeys) {
            return;
        }
        Timber.w("Paired server requires hardware encryption and is not available on device", new Object[0]);
        throw new VeridiumIdException(1047, "Hardware keys are required!");
    }
}
