package com.gallagher.security.fidoauthenticators;

import android.content.Context;
import com.gallagher.security.fidoauthenticators.FidoVersionSelector;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.json.JSONException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import rx.Observable;
import rx.functions.Func1;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class FidoUAFClient {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FidoUAFClient.class);
    final FidoASM asm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FidoUAFClient(FidoASM fidoASM) {
        this.asm = fidoASM;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String loadAndVerifyTrustedFacet(final String str, String str2, FidoVersion fidoVersion, boolean z) throws FidoUAFException {
        final Ref ref = new Ref(null);
        final Ref ref2 = new Ref(null);
        Thread thread = new Thread(new Runnable() { // from class: com.gallagher.security.fidoauthenticators.FidoUAFClient.4
            @Override // java.lang.Runnable
            public void run() {
                try {
                    String trustedFacetList = Utils.getTrustedFacetList(str);
                    if (trustedFacetList == null) {
                        ref2.set(new FidoUAFException(FidoUAFErrorCode.UNTRUSTED_FACET_ID, "IOException fetching trusted facet list"));
                    }
                    ref.set(trustedFacetList);
                } catch (IOException e) {
                    ref2.set(new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, "IOException fetching trusted facet list", e));
                }
            }
        });
        thread.start();
        try {
            thread.join();
            FidoUAFException fidoUAFException = (FidoUAFException) ref2.get();
            if (fidoUAFException != null) {
                throw fidoUAFException;
            }
            String str3 = (String) ref.get();
            if (str3 == null) {
                throw new IllegalStateException("Thread must set either response or exception!");
            }
            if (z) {
                return str;
            }
            FidoVersionSelector select = FidoVersionSelector.select(Arrays.asList(new FidoUAFTrustedFacetsList(new JSONWrapper(str3)).trustedFacets), new FidoVersionSelector.SubSelector<FidoUAFTrustedFacets>() { // from class: com.gallagher.security.fidoauthenticators.FidoUAFClient.5
                @Override // com.gallagher.security.fidoauthenticators.FidoVersionSelector.SubSelector
                public FidoVersion select(FidoUAFTrustedFacets fidoUAFTrustedFacets) {
                    return fidoUAFTrustedFacets.version;
                }
            }, fidoVersion);
            if (select == null) {
                throw new FidoUAFException(FidoUAFErrorCode.UNTRUSTED_FACET_ID, "Trusted facet list did not have any entries for our version");
            }
            for (String str4 : ((FidoUAFTrustedFacets) select.selectedObject).ids) {
                if (str4.equals(str2)) {
                    return str;
                }
            }
            throw new FidoUAFException(FidoUAFErrorCode.UNTRUSTED_FACET_ID, "Trusted facet list did not have any entries for our facetID");
        } catch (InterruptedException e) {
            throw new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, "InterruptedException from thread", e);
        }
    }

    private void resolveAppID(FidoUAFRequest fidoUAFRequest, Context context, boolean z, String str) throws FidoUAFException {
        String str2 = fidoUAFRequest.header.appID;
        String applicationFacetId = FidoEngine.getApplicationFacetId(context, str);
        if (str2 == null || str2.isEmpty()) {
            str2 = applicationFacetId;
        } else if (!str2.startsWith("https://ggl")) {
            if (str2.startsWith("https://")) {
                str2 = loadAndVerifyTrustedFacet(str2, FidoEngine.getApplicationFacetId(context, str), fidoUAFRequest.header.upv, z);
            } else if (!str2.equals(applicationFacetId)) {
                throw new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, String.format("Candidate App ID (%s) must match Application Facet ID (%s) if not HTTPS", str2, applicationFacetId));
            }
        }
        fidoUAFRequest.header.resolvedAppID = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FidoUAFErrorCode CheckPolicy(String str, List<FidoAuthenticatorMetadata> list, Context context, String str2) {
        try {
            JSONWrapper jSONWrapper = new JSONWrapper(str).get(0);
            if (!jSONWrapper.isObject()) {
                LOG.error("request wrapper is not object");
                return FidoUAFErrorCode.PROTOCOL_ERROR;
            }
            FidoUAFRequest parse = FidoUAFRequest.parse(jSONWrapper);
            resolveAppID(parse, context, false, str2);
            if (!(parse instanceof FidoUAFRequestWithPolicy) || ((FidoUAFRequestWithPolicy) parse).evaluatePolicy(list).size() != 0) {
                return FidoUAFErrorCode.NO_ERROR;
            }
            LOG.error("No valid authenticator found during CheckPolicy");
            return FidoUAFErrorCode.NO_SUITABLE_AUTHENTICATOR;
        } catch (FidoUAFException e) {
            LOG.error("CheckPolicy encountered FidoUAFException", (Throwable) e);
            return e.getErrorCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public Observable<FidoUAFOperationResponse> PerformOperation(String str, String str2, final Context context, boolean z, final TitleAndDescription titleAndDescription, final String str3) {
        try {
            Collection<JSONWrapper> asCollection = new JSONWrapper(str).asCollection();
            if (asCollection != null && !asCollection.isEmpty()) {
                FidoVersionSelector select = FidoVersionSelector.select(asCollection, new FidoVersionSelector.SubSelector<JSONWrapper>() { // from class: com.gallagher.security.fidoauthenticators.FidoUAFClient.1
                    @Override // com.gallagher.security.fidoauthenticators.FidoVersionSelector.SubSelector
                    public FidoVersion select(JSONWrapper jSONWrapper) throws FidoUAFException {
                        try {
                            return new FidoVersion(jSONWrapper.get("header").get("upv"));
                        } catch (JSONException e) {
                            FidoUAFClient.LOG.error("Json object did not contain header.upv, or it was malformed");
                            throw new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, "Json object did not contain header.upv, or it was malformed", e);
                        }
                    }
                }, null);
                if (select == null) {
                    LOG.error("UAF request does not match any of our supported Fido versions");
                    throw new FidoUAFException(FidoUAFErrorCode.UNSUPPORTED_VERSION, "UAF request does not match any of our supported Fido versions");
                }
                final FidoUAFRequest parse = FidoUAFRequest.parse((JSONWrapper) select.selectedObject);
                FidoUAFHeader fidoUAFHeader = parse.header;
                String str4 = fidoUAFHeader.appID;
                if (str4 != null && str4.length() > 512) {
                    LOG.error("Passed App ID longer than 512 characters");
                    throw new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, "Passed App ID longer than 512 characters");
                }
                String str5 = fidoUAFHeader.serverData;
                if (str5 != null && (str5.isEmpty() || str5.length() > 1536)) {
                    LOG.error("Server data is present and empty or greater than 1536 characters");
                    throw new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, "Server data is present and empty or greater than 1536 characters");
                }
                if (fidoUAFHeader.exts != null) {
                    for (FidoExtension fidoExtension : fidoUAFHeader.exts) {
                        if (fidoExtension.id.isEmpty() || fidoExtension.id.length() > 32) {
                            LOG.error("Fido Extension has not been correctly passed");
                            throw new FidoUAFException(FidoUAFErrorCode.PROTOCOL_ERROR, "Fido Extension has not been correctly passed");
                        }
                    }
                }
                resolveAppID(parse, context, z, str3);
                return getAvailableAuthenticators().flatMap(new Func1<List<FidoAuthenticatorMetadata>, Observable<FidoUAFOperationResponse>>() { // from class: com.gallagher.security.fidoauthenticators.FidoUAFClient.2
                    @Override // rx.functions.Func1
                    public Observable<FidoUAFOperationResponse> call(List<FidoAuthenticatorMetadata> list) {
                        return parse.process(FidoUAFClient.this.asm, list, context, titleAndDescription, str3);
                    }
                });
            }
            LOG.error("Request not an array of JSON objects");
            return Observable.just(new FidoUAFOperationResponse(FidoUAFErrorCode.PROTOCOL_ERROR, "Request not an array of JSON objects"));
        } catch (FidoUAFException e) {
            LOG.error("PerformOperation encountered Exception", (Throwable) e);
            return Observable.just(new FidoUAFOperationResponse(e.getErrorCode(), e.getMessage()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Observable<List<FidoAuthenticatorMetadata>> getAvailableAuthenticators() {
        return new FidoASMGetInfoRequest(new FidoVersion(0, 0), null).process(this.asm, null, null).map(new Func1<FidoASMResponse, List<FidoAuthenticatorMetadata>>() { // from class: com.gallagher.security.fidoauthenticators.FidoUAFClient.3
            @Override // rx.functions.Func1
            public List<FidoAuthenticatorMetadata> call(FidoASMResponse fidoASMResponse) {
                ArrayList arrayList = new ArrayList();
                Iterator<FidoASMAuthenticatorInfo> it = FidoUAFClient.this.asm.getAvailableAuthenticators().iterator();
                while (it.hasNext()) {
                    arrayList.add(new FidoAuthenticatorMetadata(it.next()));
                }
                return arrayList;
            }
        }).lift(MapASMErrorToUAFErrors.getInstance());
    }
}
