package com.unitedinternet.portal.commands.login;

import android.accounts.AccountManager;
import android.content.Context;
import android.text.TextUtils;
import com.unitedinternet.portal.account.Account;
import com.unitedinternet.portal.android.lib.authenticator.EncryptHelper;
import com.unitedinternet.portal.android.lib.authenticator.oauth2client.JsonOAuth2ClientFactoryFactory;
import com.unitedinternet.portal.android.lib.oauth2.OAuth2Authenticator;
import com.unitedinternet.portal.android.lib.oauth2.exceptions.AccountLockedException;
import com.unitedinternet.portal.android.lib.oauth2.exceptions.AccountNotFoundPasswordWrongException;
import com.unitedinternet.portal.android.lib.oauth2.exceptions.IpBlockedException;
import com.unitedinternet.portal.android.lib.oauth2.exceptions.OAuth2LoginException;
import com.unitedinternet.portal.android.lib.oauth2.exceptions.TokenLimitExceededException;
import com.unitedinternet.portal.android.lib.oauth2.exceptions.UseAuthorizationCodeGrantException;
import com.unitedinternet.portal.appmon.AppMonEvents;
import com.unitedinternet.portal.appmon.MailAppMonProxy;
import com.unitedinternet.portal.authenticator.Authenticator;
import com.unitedinternet.portal.authenticator.OAuthCredentialStore;
import com.unitedinternet.portal.commands.login.authcodegrant.AuthorizationCodeContainer;
import com.unitedinternet.portal.commands.login.authcodegrant.AuthorizationCodeGrantHandler;
import com.unitedinternet.portal.core.restmail.RESTStore;
import com.unitedinternet.portal.injection.ComponentProvider;
import dagger.Reusable;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLHandshakeException;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import org.dmfs.httpessentials.exceptions.ProtocolError;
import org.dmfs.httpessentials.exceptions.ProtocolException;
import timber.log.Timber;

@Reusable
/* loaded from: classes2.dex */
public class OAuth2LoginController implements RestLoginController {
    AuthorizationCodeGrantHandler authorizationCodeGrantHandler;
    Context context;
    private JsonOAuth2ClientFactoryFactory jsonOAuth2ClientFactoryFactory;
    MailAppMonProxy mailAppMonProxy;
    OkHttpClient okHttpClient;

    public OAuth2LoginController() {
        ComponentProvider.getApplicationComponent().inject(this);
        this.jsonOAuth2ClientFactoryFactory = new JsonOAuth2ClientFactoryFactory(new OAuthCredentialStore());
    }

    private void deleteToken(String str, String str2) {
        try {
            this.okHttpClient.newCall(new Request.Builder().url(str).addHeader(Authenticator.KEY_REFRESH_TOKEN, str2).delete().build()).execute();
        } catch (IOException e) {
            Timber.e(e, "Could not delete token", new Object[0]);
        }
    }

    private void doLoginAndSaveToken(Account account, String str, String str2, String str3) throws ProtocolException, ProtocolError, IOException, URISyntaxException, OAuth2LoginException {
        String encryptBase64 = EncryptHelper.getInstance(this.context.getApplicationContext()).encryptBase64(new OAuth2Authenticator(this.jsonOAuth2ClientFactoryFactory.oAuth2ClientFactory(str3), this.okHttpClient).loginWithUsernamePassword(str, str2, str3).refreshToken().toString());
        AccountManager.get(this.context).setUserData(account.getAndroidAccount(this.context), Authenticator.KEY_REFRESH_TOKEN, encryptBase64);
        String uri = new URI(RESTStore.SCHEME, encryptBase64, str3, 80, null, null, null).toString();
        account.setStoreUri(uri);
        account.setTransportUri(uri);
    }

    private void handleOAuth2LoginException(OAuth2LoginException oAuth2LoginException) throws AutomaticAccountSetupException {
        if (oAuth2LoginException instanceof AccountNotFoundPasswordWrongException) {
            throw new AutomaticAccountSetupException(0);
        }
        if ((oAuth2LoginException instanceof AccountLockedException) || (oAuth2LoginException instanceof TokenLimitExceededException)) {
            throw new AutomaticAccountSetupException(4);
        }
        if (oAuth2LoginException instanceof IpBlockedException) {
            throw new AutomaticAccountSetupException(10);
        }
        if (oAuth2LoginException instanceof UseAuthorizationCodeGrantException) {
            throw new AutomaticAccountSetupException(8, ((UseAuthorizationCodeGrantException) oAuth2LoginException).getEueBrand());
        }
    }

    protected static boolean isPossibleGmxComAlias(String str) {
        return str.endsWith("@gmx.com") || str.endsWith("@gmx.us") || str.endsWith("@gmx.tm");
    }

    private void loginToOAuth2(Account account, String str, String str2) throws ProtocolException, ProtocolError, IOException, URISyntaxException, OAuth2LoginException {
        try {
            doLoginAndSaveToken(account, str, str2, account.getEuebrand());
        } catch (OAuth2LoginException e) {
            Timber.i(e, "Error while login into oAuth", new Object[0]);
            if (!(e instanceof AccountNotFoundPasswordWrongException) || !isPossibleGmxComAlias(str)) {
                throw e;
            }
            doLoginAndSaveToken(account, str, str2, Account.BRAND_GMXNET);
            account.setEuebrand(Account.BRAND_GMXNET);
        }
    }

    public void deleteRefreshToken(Account account) {
        String str = this.jsonOAuth2ClientFactoryFactory.oAuth2ClientFactory(account.getEuebrand()).tokenEndpoint();
        String userData = AccountManager.get(this.context).getUserData(account.getAndroidAccount(), Authenticator.KEY_REFRESH_TOKEN);
        if (TextUtils.isEmpty(userData)) {
            Timber.i("Refreshtoken was already removed cant delete", new Object[0]);
            return;
        }
        String decryptBase64 = EncryptHelper.getInstance(this.context.getApplicationContext()).decryptBase64(userData);
        if (decryptBase64 != null) {
            deleteToken(str, decryptBase64);
        }
    }

    @Override // com.unitedinternet.portal.commands.login.RestLoginController
    public void login(Account account, AuthorizationCodeContainer authorizationCodeContainer) throws AutomaticAccountSetupException, URISyntaxException {
        try {
            String encryptBase64 = EncryptHelper.getInstance(this.context.getApplicationContext()).encryptBase64(new OAuth2Authenticator(this.jsonOAuth2ClientFactoryFactory.oAuth2ClientFactory(authorizationCodeContainer.getEueBrand()), this.okHttpClient).loginWithAuthorizationCode(authorizationCodeContainer.getAuthorizationCode(), URI.create(authorizationCodeContainer.getRedirectUri()), this.authorizationCodeGrantHandler.getCodeVerifier(), "").refreshToken().toString());
            AccountManager.get(this.context).setUserData(account.getAndroidAccount(this.context), Authenticator.KEY_REFRESH_TOKEN, encryptBase64);
            String uri = new URI(RESTStore.SCHEME, encryptBase64, account.getEuebrand(), 80, null, null, null).toString();
            account.setStoreUri(uri);
            account.setTransportUri(uri);
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_2FA_LOGIN_SUCCESS);
        } catch (IOException e) {
            Timber.e(e, "Error during Auth Code Login", new Object[0]);
            throw new AutomaticAccountSetupException(1);
        } catch (ProtocolError e2) {
            Timber.e(e2, "Error during Auth Code Login", new Object[0]);
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_2FA_WRONG_CREDENTIALS);
            throw new AutomaticAccountSetupException(0);
        } catch (ProtocolException e3) {
            Timber.e(e3, "Error during Auth Code Login", new Object[0]);
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_2FA_LOGIN_GENERIC);
            throw new AutomaticAccountSetupException(3);
        }
    }

    @Override // com.unitedinternet.portal.commands.login.RestLoginController
    public void login(Account account, String str, String str2) throws AutomaticAccountSetupException, URISyntaxException {
        try {
            loginToOAuth2(account, str, str2);
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_LOGIN_SUCCESS);
        } catch (OAuth2LoginException e) {
            handleOAuth2LoginException(e);
        } catch (SSLHandshakeException e2) {
            Timber.i(e2, "SSLHandshakeException while login into oAuth", new Object[0]);
            if (e2.getCause() instanceof CertificateException) {
                this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_LOGIN_SSL_DATE);
                throw new AutomaticAccountSetupException(7);
            }
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_LOGIN_SSL_HANDSHAKE);
            throw new AutomaticAccountSetupException(6);
        } catch (IOException e3) {
            Timber.i(e3, "IOException while login into oAuth", new Object[0]);
            throw new AutomaticAccountSetupException(1);
        } catch (ProtocolError e4) {
            Timber.i(e4, "Error while login into oAuth", new Object[0]);
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_LOGIN_WRONG_CREDENTIALS);
            throw new AutomaticAccountSetupException(0);
        } catch (ProtocolException e5) {
            Timber.i(e5, "ProtocolException while login into oAuth", new Object[0]);
            this.mailAppMonProxy.sendEvent(AppMonEvents.OAUTH_LOGIN_GENERIC);
            throw new AutomaticAccountSetupException(3);
        }
    }
}
