# this schema must be refactored to match the Android APIs
# e.g. https://developer.android.com/reference/android/os/Build
# Constants are defined in the Build class
# - BRAND
# - DEVICE
# - HARDWARE
# etc
$schema: "http://json-schema.org/draft-07/schema#"
title: Android Posture
description: The posture of the client instance. The structure depends on the platform.
type: object
properties:
  platform_product_id:
    $ref: "./product-id-android.yaml"
    description: The product identifier for Android apps
  product_id:
    type: string
    description: The gematik product identifier
  product_version:
    type: string
    description: The product version
  build:
    description: Android build information, see https://developer.android.com/reference/android/os/Build
    type: object
    properties:
      version:
        type: object
        properties:
          sdk_int:
            type: integer
            description: Build.VERSION.SDK_INT
          security_patch:
            type: string
            description: Build.VERSION.SECURITY_PATCH
      manufacturer:
        type: string
        description: Build.MANUFACTURER
      product:
        type: string
        description: Build.PRODUCT
      model:
        type: string
        description: Build.MODEL
      board:
        type: string
  ro:
    type: object
    properties:
      crypto:
        type: object
        properties:
          state:
            type: boolean
            description: ro.crypto.state
      product:
        type: object
        properties:
          first_api_level:
            type: integer
            description: ro.product.first_api_level
  packageManager:
    type: object
    properties:
      feature_verified_boot:
        type: boolean
      # TODO: document where this comes from
      mainline_patch_level:
        type: string
  keyguardManager:
    type: object
    properties:
      isDeviceSecure:
        type: boolean
  # TODO: Refactor to https://developer.android.com/reference/android/hardware/biometrics/BiometricManager
  biometricManager:
    type: object
    properties:
      deviceCredential:
        type: boolean
      biometricStrong:
        type: boolean
  # TODO: Refactor to https://developer.android.com/reference/android/app/admin/DevicePolicyManager
  devicePolicyManager:
    type: object
    properties:
      passwordComplexity:
        type: integer
        enum:
          - 0
          - 1
          - 2
          - 3
  key_attestation_certificate_chain:
    type: array
    description: The certificate chain from the Android Key Attestation
    items:
      type: string
  play_integrity_token:
    type: string
    description: >
      Das von der Google Play Integrity API ausgestellte und base64-enkodierte Token.
      Wird vom AuthS validiert, um die meets_*_integrity Claims zu generieren.
required:
  - product_id
  - product_version
  - build
  - key_attestation_certificate_chain