package com.callpod.android_apps.keeper.common.account.recovery;

import android.content.Context;
import android.os.AsyncTask;
import android.util.Base64;
import com.callpod.android_apps.keeper.common.R;
import com.callpod.android_apps.keeper.common.api.API;
import com.callpod.android_apps.keeper.common.api.APICommand;
import com.callpod.android_apps.keeper.common.api.ApiResponseMessageUtils;
import com.callpod.android_apps.keeper.common.database.room.processors.localkey.LocalKeyType;
import com.callpod.android_apps.keeper.common.login.LoginStatus;
import com.callpod.android_apps.keeper.common.record.RecordDAO;
import com.callpod.android_apps.keeper.common.reference.activity.TwoFactorActivityReference;
import com.callpod.android_apps.keeper.common.restrictions.Enforcement;
import com.callpod.android_apps.keeper.common.restrictions.EnforcementUtil;
import com.callpod.android_apps.keeper.common.util.AppAuthenticationParams;
import com.callpod.android_apps.keeper.common.util.MasterPasswordUtil;
import com.callpod.android_apps.keeper.common.util.StringUtil;
import com.callpod.android_apps.keeper.common.util.encryption.AppClientKey;
import com.callpod.android_apps.keeper.common.util.encryption.AuthVerifier;
import com.callpod.android_apps.keeper.common.util.encryption.ClientKey;
import com.callpod.android_apps.keeper.common.util.encryption.ClientKeyStatus;
import com.callpod.android_apps.keeper.common.util.encryption.Encrypter;
import com.callpod.android_apps.keeper.common.util.encryption.EncrypterFactory;
import com.callpod.android_apps.keeper.common.util.encryption.EncryptionExceptionUtils;
import com.callpod.android_apps.keeper.common.util.encryption.EncryptionParams;
import com.callpod.android_apps.keeper.common.util.encryption.EncryptionUtil;
import com.callpod.android_apps.keeper.common.util.encryption.InvalidKeyException;
import com.callpod.android_apps.keeper.common.util.encryption.IterationsUtil;
import com.callpod.android_apps.keeper.common.util.encryption.NewClientKeyProcessor;
import com.callpod.android_apps.keeper.common.util.encryption.PasswordBasedEncrypter;
import com.callpod.android_apps.keeper.common.util.encryption.SpongyPasswordBasedKeyDerivationFunction;
import com.keepersecurity.proto.Authentication;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AccountRecoveryLogic {
    private static final String CAPABILITIES = "capabilities";
    private static final String DATA_KEY_BACKUP = "data_key_backup";
    private static final String DEVICE_TOKEN = "device_token";
    private static final String ENCRYPTED_PRIVATE_KEY = "encrypted_private_key";
    private static final String INVALID_VALIDATION_CODE = "invalid_validation_code";
    private static final String PUBLIC_KEY = "public_key";
    private static final String SECURITY_ANSWER_ITERATIONS = "iterations";
    private static final String SECURITY_ANSWER_SALT = "salt";
    private static final String SECURITY_QUESTION = "security_question";
    private static final String SESSION_TOKEN = "session_token";
    private static final String TAG = "AccountRecoveryLogic";
    private static boolean dialogsInProgress = false;
    private static boolean inProgress;
    private String clientKey;
    private Context context;
    private String dataKeyBackup;
    private byte[] decryptedClientKey;
    private String email;
    private String privateKey;
    private String publicKey;
    private String securityAnswer;
    private int securityIterations;
    private String securityQuestion = "";
    private String securitySalt;
    private String sessionToken;

    /* loaded from: classes.dex */
    abstract class ApiProgressListener implements API.ResponseListener {
        ApiProgressListener() {
            AccountRecoveryLogic.setInProgress(true);
        }

        abstract void handleResponse(JSONObject jSONObject, Context context);

        @Override // com.callpod.android_apps.keeper.common.api.API.ResponseListener
        public void responseIs(JSONObject jSONObject, Context context) {
            AccountRecoveryLogic.setInProgress(false);
            handleResponse(jSONObject, context);
        }
    }

    public AccountRecoveryLogic(Context context, String str) {
        this.context = context;
        this.email = str;
    }

    private boolean canDecryptRecords(byte[] bArr) {
        setInProgress(true);
        List<String> allRecordUids = RecordDAO.getAllRecordUids();
        try {
            try {
                try {
                    Encrypter defaultEncrypter = EncrypterFactory.getDefaultEncrypter(bArr);
                    Iterator<String> it = allRecordUids.iterator();
                    while (it.hasNext()) {
                        if (RecordDAO.getRecordByUid(it.next(), defaultEncrypter) == null) {
                            setInProgress(false);
                            return false;
                        }
                    }
                } catch (InvalidKeyException unused) {
                    EncryptionExceptionUtils.restartApp(this.context);
                }
                setInProgress(false);
                return true;
            } catch (RuntimeException e) {
                boolean z = e.getCause() instanceof GeneralSecurityException;
                setInProgress(false);
                return false;
            }
        } catch (Throwable th) {
            setInProgress(false);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void clearTwoFaTokens() {
        AppAuthenticationParams.INSTANCE.setTotpDeviceToken("", "");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] decryptDataKey(EncryptionParams encryptionParams, String str) {
        return new PasswordBasedEncrypter(str, encryptionParams.getSalt(), encryptionParams.getIterations(), new SpongyPasswordBasedKeyDerivationFunction()).decryptDataKey(encryptionParams.getEncryptedDataKey());
    }

    private int getIterations() {
        return Math.max(new IterationsUtil().getIterations(), (int) EnforcementUtil.getLong(Enforcement.minPBKDF2Iterations));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getNoBackupDataKeyString() {
        return this.context.getString(R.string.no_backup_data_key);
    }

    public static boolean isInProgress() {
        return inProgress || dialogsInProgress;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveClientKey(String str, byte[] bArr) {
        if (bArr == null) {
            return;
        }
        ClientKey.createAndSave(str, bArr, LocalKeyType.MasterPassword);
        AppClientKey.getInstance().saveClientKeyStatus(ClientKeyStatus.OnServer);
    }

    public static void setInProgress(boolean z) {
        inProgress = z;
    }

    private API.ProgressType showProgress(boolean z) {
        return z ? API.ProgressType.PROGRESS_BAR : API.ProgressType.NONE;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean verifyBackupDatakey() {
        EncryptionParams encryptionParams = new EncryptionParams(Base64.decode(this.dataKeyBackup.getBytes(), 11));
        byte[] decryptDataKey = new PasswordBasedEncrypter(this.securityAnswer, encryptionParams.getSalt(), encryptionParams.getIterations()).decryptDataKey(encryptionParams.getEncryptedDataKey());
        if (StringUtil.notBlank(this.clientKey)) {
            try {
                this.decryptedClientKey = EncrypterFactory.getDefaultEncrypter(decryptDataKey).decrypt(Base64.decode(this.clientKey.getBytes(), 11));
            } catch (InvalidKeyException unused) {
                EncryptionExceptionUtils.restartApp(this.context);
            }
        }
        if (AppClientKey.getInstance().isFoldersConvertedToClientKey() && this.decryptedClientKey != null) {
            decryptDataKey = this.decryptedClientKey;
        }
        return canDecryptRecords(decryptDataKey);
    }

    public void cancel() {
        inProgress = false;
        dialogsInProgress = false;
    }

    public String getSecurityQuestion() {
        return this.securityQuestion;
    }

    public void getSecurityQuestion(final String str, final AccountRecoveryCallback accountRecoveryCallback) {
        new API(this.context, showProgress(false)).executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, APICommand.getSecurityQuestion(this.email, str, null, null), new ApiProgressListener() { // from class: com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.ApiProgressListener
            public void handleResponse(JSONObject jSONObject, Context context) {
                if (ApiResponseMessageUtils.isSuccess(jSONObject)) {
                    AccountRecoveryLogic.this.securitySalt = jSONObject.optString(AccountRecoveryLogic.SECURITY_ANSWER_SALT);
                    AccountRecoveryLogic.this.securityIterations = jSONObject.optInt("iterations");
                    AccountRecoveryLogic.this.securityQuestion = jSONObject.optString("security_question");
                    AppAuthenticationParams.INSTANCE.setTotpDeviceToken(jSONObject.optString("device_token"), "");
                    int optInt = jSONObject.optInt(Enforcement.minPBKDF2Iterations.getKeyName());
                    if (optInt > 0) {
                        EnforcementUtil.saveEnforcement(Enforcement.minPBKDF2Iterations, optInt);
                    }
                    accountRecoveryCallback.getSecurityQASuccess(context);
                    return;
                }
                AccountRecoveryLogic.this.clearTwoFaTokens();
                if (ApiResponseMessageUtils.isTwoFactorRequired(jSONObject)) {
                    accountRecoveryCallback.needsTwoFactor(context, str, ApiResponseMessageUtils.channel(jSONObject), TwoFactorActivityReference.jsonArrayToStringList(jSONObject.optJSONArray(AccountRecoveryLogic.CAPABILITIES)), ApiResponseMessageUtils.resultMessage(context, jSONObject));
                    return;
                }
                if (Objects.equals(ApiResponseMessageUtils.resultCode(jSONObject), AccountRecoveryLogic.INVALID_VALIDATION_CODE)) {
                    accountRecoveryCallback.getSecurityQAFail(context, ApiResponseMessageUtils.resultMessage(jSONObject));
                } else {
                    AccountRecoveryLogic.this.cancel();
                    accountRecoveryCallback.getSecurityQAFail(context, ApiResponseMessageUtils.resultMessage(jSONObject));
                }
            }
        });
    }

    public boolean isPrivateKeyValid() {
        EncryptionParams encryptionParams = new EncryptionParams(Base64.decode(this.dataKeyBackup.getBytes(), 11));
        return EncryptionUtil.isPublicPrivateKeyPairValid(new PasswordBasedEncrypter(this.securityAnswer, encryptionParams.getSalt(), encryptionParams.getIterations()).decryptDataKey(encryptionParams.getEncryptedDataKey()), Base64.decode(this.privateKey, 11), Base64.decode(this.publicKey, 11));
    }

    public void requestDataKeyBackup(boolean z, String str, String str2, final AccountRecoveryCallback accountRecoveryCallback) {
        this.securityAnswer = StringUtil.normalizeSecurityAnswer(str2);
        new API(this.context, showProgress(z)).executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, APICommand.getDataKeyBackupCommand(this.email, str, str2, this.securitySalt, this.securityIterations), new ApiProgressListener() { // from class: com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.3
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.ApiProgressListener
            public void handleResponse(JSONObject jSONObject, Context context) {
                if (!ApiResponseMessageUtils.isSuccess(jSONObject)) {
                    accountRecoveryCallback.sendDataKeyBackupFail(context, ApiResponseMessageUtils.resultMessage(context, jSONObject));
                    AccountRecoveryLogic.this.clearTwoFaTokens();
                    return;
                }
                if (jSONObject.has(MasterPasswordUtil.PASSWORD_RULES_PROPERTY)) {
                    MasterPasswordUtil.setRulesFromSettings(jSONObject);
                }
                AccountRecoveryLogic.this.dataKeyBackup = jSONObject.optString(AccountRecoveryLogic.DATA_KEY_BACKUP);
                AccountRecoveryLogic.this.sessionToken = jSONObject.optString("session_token");
                if (StringUtil.notBlank(jSONObject.optString("session_token"))) {
                    AccountRecoveryLogic.this.sessionToken = jSONObject.optString("session_token");
                    AppAuthenticationParams.INSTANCE.setSessionToken(AccountRecoveryLogic.this.sessionToken, Authentication.SessionTokenType.ACCOUNT_RECOVERY);
                }
                AccountRecoveryLogic.this.privateKey = jSONObject.optString("encrypted_private_key");
                AccountRecoveryLogic.this.clientKey = jSONObject.optString(NewClientKeyProcessor.CLIENT_KEY);
                AccountRecoveryLogic.this.publicKey = jSONObject.optString("public_key");
                if (AccountRecoveryLogic.this.verifyBackupDatakey()) {
                    accountRecoveryCallback.sendDataKeyBackupSuccess(context);
                } else {
                    accountRecoveryCallback.sendDataKeyBackupFail(context, AccountRecoveryLogic.this.getNoBackupDataKeyString());
                }
            }
        });
    }

    public void sendEmailVerify(final AccountRecoveryCallback accountRecoveryCallback) {
        new API(this.context, showProgress(false)).executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, APICommand.sendKeyVerificationCodeCommand(this.email), new ApiProgressListener() { // from class: com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.ApiProgressListener
            public void handleResponse(JSONObject jSONObject, Context context) {
                if (ApiResponseMessageUtils.isSuccess(jSONObject)) {
                    accountRecoveryCallback.sendEmailVerifySuccess(context);
                    return;
                }
                AccountRecoveryLogic.this.cancel();
                accountRecoveryCallback.sendEmailVerifyFail(context, ApiResponseMessageUtils.resultMessage(context, jSONObject));
            }
        });
    }

    public void setDialogsInProgess(boolean z) {
        dialogsInProgress = z;
    }

    public void startPasswordReset(final String str, final AccountRecoveryCallback accountRecoveryCallback) {
        int iterations = getIterations();
        final AuthVerifier createNewAuthVerifier = AppAuthenticationParams.INSTANCE.createNewAuthVerifier(str, iterations, EncryptionUtil.generateSalt());
        try {
            final EncryptionParams createEncryptionParams = EncryptionUtil.createEncryptionParams(str, this.securityAnswer, new EncryptionParams(Base64.decode(this.dataKeyBackup.getBytes(), 11)), iterations, EncryptionUtil.generateSalt());
            new API(this.context, API.ProgressType.NONE).executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, APICommand.recoveryPasswordResetCommand(this.email, this.sessionToken, createNewAuthVerifier.getEncodedAsBase64(), createEncryptionParams.getEncodedAsBase64()), new ApiProgressListener() { // from class: com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.4
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super();
                }

                @Override // com.callpod.android_apps.keeper.common.account.recovery.AccountRecoveryLogic.ApiProgressListener
                public void handleResponse(JSONObject jSONObject, Context context) {
                    if (!ApiResponseMessageUtils.isSuccess(jSONObject)) {
                        AccountRecoveryLogic.this.clearTwoFaTokens();
                        accountRecoveryCallback.passwordResetFail(context, ApiResponseMessageUtils.resultMessage(jSONObject));
                        return;
                    }
                    byte[] decryptDataKey = AccountRecoveryLogic.this.decryptDataKey(createEncryptionParams, str);
                    LoginStatus.INSTANCE.setLastLoggedInAccount();
                    AppAuthenticationParams.INSTANCE.setNewAuthVerifier(createNewAuthVerifier);
                    AccountRecoveryLogic accountRecoveryLogic = AccountRecoveryLogic.this;
                    accountRecoveryLogic.saveClientKey(str, accountRecoveryLogic.decryptedClientKey);
                    if (StringUtil.notBlank(jSONObject.optString("session_token"))) {
                        AccountRecoveryLogic.this.sessionToken = jSONObject.optString("session_token");
                        AppAuthenticationParams.INSTANCE.setSessionToken(AccountRecoveryLogic.this.sessionToken, Authentication.SessionTokenType.NO_RESTRICTION);
                    }
                    accountRecoveryCallback.passwordResetSuccess(context, str, decryptDataKey);
                }
            });
        } catch (NullPointerException unused) {
            accountRecoveryCallback.passwordResetFail(this.context, null);
        }
    }
}
