package com.echoworx.edt.internal.credential;

import com.echoworx.edt.common.ErrorCodes;
import com.echoworx.edt.common.registry.CryptographyFacade;
import com.echoworx.edt.common.registry.HandlerRegistry;
import com.echoworx.edt.common.registry.HandlerType;
import com.echoworx.edt.common.registry.LoggingFacade;
import com.echoworx.edt.configuration.domain.ESSCommunicationConfiguration;
import com.echoworx.edt.credential.ChangePasswordException;
import com.echoworx.edt.credential.domain.Password;
import com.echoworx.edt.credential.domain.UserCredentials;
import com.echoworx.edt.internal.common.AbstractServiceModel;
import com.echoworx.edt.internal.common.CryptographyConstants;
import com.echoworx.edt.internal.common.KeyInfo;
import com.echoworx.edt.internal.common.communication.ESSXMLConstants;
import com.echoworx.edt.internal.common.communication.XMLConnection;
import com.echoworx.edt.internal.common.communication.XMLSchema;
import com.echoworx.edt.internal.util.Base64;
import com.echoworx.edt.internal.util.CryptographyUtils;
import com.echoworx.edt.internal.util.PKIUtils;
import org.w3c.dom.Document;

/* loaded from: classes.dex */
public class ChangePasswordModel extends AbstractServiceModel {
    private static LoggingFacade logger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(ChangePasswordModel.class);
    protected ESSCommunicationConfiguration fConfig;
    protected CryptographyFacade fCryptoHelper;
    protected Password fCurrentPassword;
    protected Password fNewPassword;
    protected String fSecureID;
    protected UserCredentials fUpdatedCredentials;

    public ChangePasswordModel(ESSCommunicationConfiguration eSSCommunicationConfiguration, String str, Password password, Password password2) {
        super(eSSCommunicationConfiguration.getKeyServiceUrl());
        this.fConfig = eSSCommunicationConfiguration;
        this.fSecureID = str;
        this.fCurrentPassword = password;
        this.fNewPassword = password2;
        this.fCryptoHelper = (CryptographyFacade) HandlerRegistry.getHandler(HandlerType.CRYPTOGRAPHY_FACADE);
    }

    public UserCredentials getUpdatedCredentials() {
        return this.fUpdatedCredentials;
    }

    public void invoke() throws ChangePasswordException {
        KeyDrawModel keyDrawModel = new KeyDrawModel(this.fConfig, this.fSecureID, this.fCurrentPassword);
        keyDrawModel.invoke();
        CredentialPackageDataModel dataModel = keyDrawModel.getDataModel();
        if (dataModel == null) {
            throw new ChangePasswordException(ErrorCodes.KEYDRAW_FOR_PASSWORDCHANGE_FAIL);
        }
        String KSS_PWDMETADRAW = XMLSchema.KSS_PWDMETADRAW(this.fSecureID);
        try {
            Document processRequest = keyDrawModel.getChannel().processRequest(KSS_PWDMETADRAW);
            if (processRequest == null) {
                throw getCommunicationResponseException(KSS_PWDMETADRAW, "Encrypted password response was empty.");
            }
            byte[] decode = Base64.decode(processRequest.getElementsByTagName(ESSXMLConstants.RESPONSE_XML_FIELD_PASSWORD_KEY_CRYPT).item(0).getFirstChild().getNodeValue().getBytes());
            KeyInfo keyInfo = PKIUtils.getInstance().getKeyInfo(dataModel.getSigningKeyContainer().getEncoded(), this.fCurrentPassword, PKIUtils.KEY_SERVICE_TEMPORARY_CERTIFICATE_NAME);
            String encode = Base64.encode(this.fCryptoHelper.encryptDataWithAES(CryptographyConstants.PASSWORD_INITIALIZATION_VECTOR, PKIUtils.getInstance().decryptAndVerifyPKCS7(decode, keyInfo.getKey(), keyInfo.getCertificate()), this.fNewPassword.getPasswordString().getBytes()));
            String sHA1Digest = CryptographyUtils.getInstance().getSHA1Digest((this.fSecureID + this.fNewPassword.getPasswordString()).getBytes());
            byte[] generateAESKey = CryptographyUtils.getInstance().generateAESKey(this.fSecureID, this.fNewPassword);
            dataModel.getSigningKeyContainer().changePassword(this.fNewPassword);
            dataModel.setPassword(this.fNewPassword);
            String KSS_PWDCOMMIT = XMLSchema.KSS_PWDCOMMIT(this.fSecureID, sHA1Digest, encode, Base64.encode(dataModel.produceNewProtectedCredentials(generateAESKey, null).getSigningKeyBlobContents()));
            try {
                Document processRequest2 = keyDrawModel.getChannel().processRequest(KSS_PWDCOMMIT);
                if (processRequest2 == null) {
                    throw getCommunicationResponseException(KSS_PWDCOMMIT, "Submitted password response was empty.");
                }
                if (!XMLConnection.checkXMLResponse(processRequest2, ESSXMLConstants.OPERATION_PASSWORDCOMMIT, ESSXMLConstants.RESPONSE_VALUE_OK)) {
                    logger.warn("Key commit on registration failed");
                }
                dataModel.getCipherKeyContainer().changePassword(this.fNewPassword);
                dataModel.getSigningKeyContainer().removeCertificate(dataModel.getSigningKeyContainer().getCertificateByCanonicalName(PKIUtils.KEY_SERVICE_TEMPORARY_CERTIFICATE_NAME));
                this.fUpdatedCredentials = dataModel.generateUserCredentials();
            } catch (Exception e) {
                throw getCommunicationResponseException(KSS_PWDCOMMIT, "Could submit new password.", e);
            }
        } catch (Exception e2) {
            throw getCommunicationException(KSS_PWDMETADRAW, "Could not retrieve encrypted password.", e2);
        }
    }
}
