package ch.protonmail.android.jobs;

import android.text.TextUtils;
import android.util.Base64;
import ch.protonmail.android.api.TokenManager;
import ch.protonmail.android.api.models.Alias;
import ch.protonmail.android.api.models.Keys;
import ch.protonmail.android.api.models.LoginInfoResponse;
import ch.protonmail.android.api.models.ModulusResponse;
import ch.protonmail.android.api.models.PasswordChange;
import ch.protonmail.android.api.models.PasswordVerifier;
import ch.protonmail.android.api.models.PrivateKeyBody;
import ch.protonmail.android.api.models.RefreshResponse;
import ch.protonmail.android.api.models.ResponseBody;
import ch.protonmail.android.api.models.SinglePasswordChange;
import ch.protonmail.android.api.models.SrpResponseBody;
import ch.protonmail.android.api.models.User;
import ch.protonmail.android.api.models.UserInfo;
import ch.protonmail.android.api.services.LoginService;
import ch.protonmail.android.core.ProtonMailApplication;
import ch.protonmail.android.events.AuthStatus;
import ch.protonmail.android.events.PasswordChangeEvent;
import ch.protonmail.android.utils.AppUtil;
import ch.protonmail.android.utils.ConstantTime;
import ch.protonmail.android.utils.Logger;
import ch.protonmail.android.utils.SRPClient;
import ch.protonmail.android.utils.nativelib.OpenPgp;
import com.path.android.jobqueue.Params;
import com.sun.mail.imap.IMAPStore;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: classes.dex */
public class ChangePasswordJob extends ProtonMailBaseJob {
    private String loginPasswordForKeyChange;
    transient TokenManager mTokenManager;
    private final String newPassword;
    private String oldPassword;
    private int passwordMode;
    private int passwordType;
    private String twoFactorCode;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public ChangePasswordJob(int i, int i2, String str, String str2, String str3, String str4) {
        super(new Params(IMAPStore.RESPONSE).requireNetwork());
        ProtonMailApplication.getApplication().getAppComponent().inject(this);
        this.passwordType = i;
        this.passwordMode = i2;
        this.oldPassword = str;
        this.twoFactorCode = str2;
        this.newPassword = str3;
        this.loginPasswordForKeyChange = str4;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String createNewKeySalt() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(bArr, 0).substring(0, r0.length() - 1);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String generateMailboxPassword(String str) throws UnsupportedEncodingException {
        return BCrypt.hashpw(this.newPassword, "$2a$10$" + ConstantTime.encodeBase64DotSlash(ArrayUtils.addAll(Base64.decode(str, 0), "proton".getBytes("UTF8")), false)).substring(r1.length() - 31);
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private PrivateKeyBody updateKey(OpenPgp openPgp, Keys keys, String str, boolean z) {
        String updateSinglePassphrase = OpenPgp.updateSinglePassphrase(keys.getPrivateKey(), this.mUserManager.getMailboxPassword(), str);
        if (!TextUtils.isEmpty(updateSinglePassphrase)) {
            return new PrivateKeyBody(updateSinglePassphrase, keys.getID());
        }
        if (z) {
            AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.FAILED));
        }
        return null;
    }

    /* JADX WARN: Unreachable blocks removed: 22, instructions: 22 */
    @Override // com.path.android.jobqueue.Job
    public void onRun() throws Throwable {
        OpenPgp createInstance = OpenPgp.createInstance();
        User user = this.mUserManager.getUser();
        if (this.passwordMode != 2) {
            LoginInfoResponse loginInfo = this.mApi.loginInfo(this.mUserManager.getUsername());
            ModulusResponse randomModulus = this.mApi.randomModulus();
            String createNewKeySalt = createNewKeySalt();
            String generateMailboxPassword = generateMailboxPassword(createNewKeySalt);
            PasswordVerifier calculate = PasswordVerifier.calculate(this.newPassword, randomModulus);
            SRPClient.Proofs srpProofsForInfo = LoginService.srpProofsForInfo(this.mUserManager.getUsername(), this.oldPassword, loginInfo, 2);
            List<Alias> aliases = user.getAliases();
            ArrayList arrayList = new ArrayList();
            Iterator<Keys> it = user.getKeys().iterator();
            while (it.hasNext()) {
                try {
                    arrayList.add(updateKey(createInstance, it.next(), generateMailboxPassword, true));
                } catch (Exception e) {
                    Logger.doLogException("ChangePasswordJob", e);
                }
            }
            Iterator<Alias> it2 = aliases.iterator();
            while (it2.hasNext()) {
                Keys[] keys = it2.next().getKeys();
                int i = 0;
                while (i < keys.length) {
                    try {
                        arrayList.add(updateKey(createInstance, keys[i], generateMailboxPassword, i == 0));
                    } catch (Exception e2) {
                        Logger.doLogException("ChangePasswordJob", e2);
                    }
                    i++;
                }
            }
            Keys organizationKeys = this.mApi.getOrganization().getCode() == 1000 ? this.mApi.getOrganizationKeys() : null;
            String str = "";
            if (organizationKeys != null && OpenPgp.checkPassphrase(organizationKeys.getPrivateKey(), this.mUserManager.getMailboxPassword())) {
                str = OpenPgp.updateSinglePassphrase(organizationKeys.getPrivateKey(), this.mUserManager.getMailboxPassword(), generateMailboxPassword);
            } else if (organizationKeys != null) {
                str = null;
            }
            ResponseBody updatePrivateKeys = this.mApi.updatePrivateKeys(new SinglePasswordChange(createNewKeySalt, (PrivateKeyBody[]) arrayList.toArray(new PrivateKeyBody[arrayList.size()]), str, loginInfo.getSRPSession(), ConstantTime.encodeBase64(srpProofsForInfo.clientEphemeral, true), ConstantTime.encodeBase64(srpProofsForInfo.clientProof, true), this.twoFactorCode, calculate));
            if (updatePrivateKeys.getCode() != 1000) {
                if (updatePrivateKeys.getCode() == 8002 || updatePrivateKeys.getCode() == 12022 || updatePrivateKeys.getCode() == 12020) {
                    AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.INVALID_CREDENTIAL));
                    return;
                } else {
                    AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.FAILED));
                    return;
                }
            }
            UserInfo userInfo = this.mApi.userInfo();
            if (userInfo.getCode() != 1000) {
                AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.FAILED));
                return;
            }
            this.mUserManager.setUserInfo(userInfo);
            this.mUserManager.saveMailboxPassword(generateMailboxPassword);
            RefreshResponse refreshSync = this.mApi.refreshSync(this.mTokenManager.createRefreshBody());
            if (refreshSync != null && refreshSync.getAccessToken() != null) {
                this.mTokenManager.update(refreshSync, this.mUserManager.getMailboxPassword());
            }
            AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.SUCCESS));
            return;
        }
        if (this.passwordType == 0) {
            LoginInfoResponse loginInfo2 = this.mApi.loginInfo(this.mUserManager.getUsername());
            PasswordVerifier calculate2 = PasswordVerifier.calculate(this.newPassword, this.mApi.randomModulus());
            SRPClient.Proofs srpProofsForInfo2 = LoginService.srpProofsForInfo(this.mUserManager.getUsername(), this.oldPassword, loginInfo2, 2);
            SrpResponseBody updateLoginPassword = this.mApi.updateLoginPassword(new PasswordChange(loginInfo2.getSRPSession(), ConstantTime.encodeBase64(srpProofsForInfo2.clientEphemeral, true), ConstantTime.encodeBase64(srpProofsForInfo2.clientProof, true), this.twoFactorCode, calculate2));
            if (updateLoginPassword.getCode() == 8002 || updateLoginPassword.getCode() == 12022 || updateLoginPassword.getCode() == 12020) {
                AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.INVALID_CREDENTIAL));
                return;
            } else if (ConstantTime.isEqual(Base64.decode(updateLoginPassword.getServerProof(), 0), srpProofsForInfo2.expectedServerProof)) {
                AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.SUCCESS));
                return;
            } else {
                AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.INVALID_SERVER_PROOF));
                return;
            }
        }
        if (this.passwordType == 1) {
            LoginInfoResponse loginInfo3 = this.mApi.loginInfo(this.mUserManager.getUsername());
            String createNewKeySalt2 = createNewKeySalt();
            String generateMailboxPassword2 = generateMailboxPassword(createNewKeySalt2);
            SRPClient.Proofs srpProofsForInfo3 = LoginService.srpProofsForInfo(this.mUserManager.getUsername(), this.loginPasswordForKeyChange, loginInfo3, 2);
            List<Alias> aliases2 = user.getAliases();
            ArrayList arrayList2 = new ArrayList();
            Iterator<Keys> it3 = user.getKeys().iterator();
            while (it3.hasNext()) {
                try {
                    arrayList2.add(updateKey(createInstance, it3.next(), generateMailboxPassword2, true));
                } catch (Exception e3) {
                    Logger.doLogException("ChangePasswordJob", e3);
                }
            }
            Iterator<Alias> it4 = aliases2.iterator();
            while (it4.hasNext()) {
                Keys[] keys2 = it4.next().getKeys();
                int i2 = 0;
                while (i2 < keys2.length) {
                    try {
                        arrayList2.add(updateKey(createInstance, keys2[i2], generateMailboxPassword2, i2 == 0));
                    } catch (Exception e4) {
                        Logger.doLogException("ChangePasswordJob", e4);
                    }
                    i2++;
                }
            }
            Keys organizationKeys2 = this.mApi.getOrganization().getCode() == 1000 ? this.mApi.getOrganizationKeys() : null;
            String str2 = "";
            if (organizationKeys2 != null && OpenPgp.checkPassphrase(organizationKeys2.getPrivateKey(), this.mUserManager.getMailboxPassword())) {
                str2 = OpenPgp.updateSinglePassphrase(organizationKeys2.getPrivateKey(), this.mUserManager.getMailboxPassword(), generateMailboxPassword2);
            } else if (organizationKeys2 != null) {
                str2 = null;
            }
            if (this.mApi.updatePrivateKeys(new SinglePasswordChange(createNewKeySalt2, (PrivateKeyBody[]) arrayList2.toArray(new PrivateKeyBody[arrayList2.size()]), str2, loginInfo3.getSRPSession(), ConstantTime.encodeBase64(srpProofsForInfo3.clientEphemeral, true), ConstantTime.encodeBase64(srpProofsForInfo3.clientProof, true), this.twoFactorCode)).getCode() != 1000) {
                AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.FAILED));
                return;
            }
            UserInfo userInfo2 = this.mApi.userInfo();
            if (userInfo2.getCode() != 1000) {
                AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.FAILED));
                return;
            }
            this.mUserManager.setUserInfo(userInfo2);
            this.mUserManager.saveMailboxPassword(generateMailboxPassword2);
            RefreshResponse refreshSync2 = this.mApi.refreshSync(this.mTokenManager.createRefreshBody());
            if (refreshSync2 != null && refreshSync2.getAccessToken() != null) {
                this.mTokenManager.update(refreshSync2, this.mUserManager.getMailboxPassword());
            }
            AppUtil.postEventOnUi(new PasswordChangeEvent(this.passwordType, AuthStatus.SUCCESS));
        }
    }
}
