package pro.gravit.launchserver.manangers;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import pro.gravit.launcher.ClientPermissions;
import pro.gravit.launcher.profiles.ClientProfile;
import pro.gravit.launcher.profiles.PlayerProfile;
import pro.gravit.launcher.request.auth.AuthRequest;
import pro.gravit.launcher.request.auth.password.Auth2FAPassword;
import pro.gravit.launcher.request.auth.password.AuthAESPassword;
import pro.gravit.launcher.request.auth.password.AuthMultiPassword;
import pro.gravit.launcher.request.auth.password.AuthOAuthPassword;
import pro.gravit.launcher.request.auth.password.AuthPlainPassword;
import pro.gravit.launcher.request.auth.password.AuthRSAPassword;
import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.auth.AuthException;
import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.auth.core.AuthCoreProvider;
import pro.gravit.launchserver.auth.core.User;
import pro.gravit.launchserver.auth.core.UserSession;
import pro.gravit.launchserver.auth.core.interfaces.session.UserSessionSupportKeys;
import pro.gravit.launchserver.auth.core.interfaces.user.UserSupportProperties;
import pro.gravit.launchserver.auth.core.interfaces.user.UserSupportTextures;
import pro.gravit.launchserver.auth.texture.TextureProvider;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.auth.AuthResponse;
import pro.gravit.launchserver.socket.response.auth.RestoreResponse;
import pro.gravit.utils.helper.IOHelper;
import pro.gravit.utils.helper.SecurityHelper;

/* loaded from: input_file:pro/gravit/launchserver/manangers/AuthManager.class */
public class AuthManager {
    private final transient LaunchServer server;
    private final transient Logger logger = LogManager.getLogger();
    private final transient JwtParser checkServerTokenParser;

    /* loaded from: input_file:pro/gravit/launchserver/manangers/AuthManager$AuthReport.class */
    public static final class AuthReport extends Record {
        private final String minecraftAccessToken;
        private final String oauthAccessToken;
        private final String oauthRefreshToken;
        private final long oauthExpire;
        private final UserSession session;

        public AuthReport(String str, String str2, String str3, long j, UserSession userSession) {
            this.minecraftAccessToken = str;
            this.oauthAccessToken = str2;
            this.oauthRefreshToken = str3;
            this.oauthExpire = j;
            this.session = userSession;
        }

        public static AuthReport ofOAuth(String str, String str2, long j, UserSession userSession) {
            return new AuthReport(null, str, str2, j, userSession);
        }

        public static AuthReport ofOAuthWithMinecraft(String str, String str2, String str3, long j, UserSession userSession) {
            return new AuthReport(str, str2, str3, j, userSession);
        }

        public static AuthReport ofMinecraftAccessToken(String str, UserSession userSession) {
            return new AuthReport(str, null, null, 0L, userSession);
        }

        public boolean isUsingOAuth() {
            return (this.oauthAccessToken == null && this.oauthRefreshToken == null) ? false : true;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, AuthReport.class), AuthReport.class, "minecraftAccessToken;oauthAccessToken;oauthRefreshToken;oauthExpire;session", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->minecraftAccessToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthAccessToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthRefreshToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthExpire:J", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->session:Lpro/gravit/launchserver/auth/core/UserSession;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, AuthReport.class), AuthReport.class, "minecraftAccessToken;oauthAccessToken;oauthRefreshToken;oauthExpire;session", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->minecraftAccessToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthAccessToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthRefreshToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthExpire:J", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->session:Lpro/gravit/launchserver/auth/core/UserSession;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, AuthReport.class, Object.class), AuthReport.class, "minecraftAccessToken;oauthAccessToken;oauthRefreshToken;oauthExpire;session", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->minecraftAccessToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthAccessToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthRefreshToken:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->oauthExpire:J", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$AuthReport;->session:Lpro/gravit/launchserver/auth/core/UserSession;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String minecraftAccessToken() {
            return this.minecraftAccessToken;
        }

        public String oauthAccessToken() {
            return this.oauthAccessToken;
        }

        public String oauthRefreshToken() {
            return this.oauthRefreshToken;
        }

        public long oauthExpire() {
            return this.oauthExpire;
        }

        public UserSession session() {
            return this.session;
        }
    }

    /* loaded from: input_file:pro/gravit/launchserver/manangers/AuthManager$CheckServerReport.class */
    public static class CheckServerReport {
        public UUID uuid;
        public User user;
        public PlayerProfile playerProfile;

        public CheckServerReport(UUID uuid, User user, PlayerProfile playerProfile) {
            this.uuid = uuid;
            this.user = user;
            this.playerProfile = playerProfile;
        }

        public static CheckServerReport ofUser(User user, PlayerProfile playerProfile) {
            return new CheckServerReport(user.getUUID(), user, playerProfile);
        }

        public static CheckServerReport ofUUID(UUID uuid, PlayerProfile playerProfile) {
            return new CheckServerReport(uuid, null, playerProfile);
        }
    }

    /* loaded from: input_file:pro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo.class */
    public static final class CheckServerTokenInfo extends Record {
        private final String serverName;
        private final String authId;

        public CheckServerTokenInfo(String str, String str2) {
            this.serverName = str;
            this.authId = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CheckServerTokenInfo.class), CheckServerTokenInfo.class, "serverName;authId", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo;->serverName:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo;->authId:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CheckServerTokenInfo.class), CheckServerTokenInfo.class, "serverName;authId", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo;->serverName:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo;->authId:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CheckServerTokenInfo.class, Object.class), CheckServerTokenInfo.class, "serverName;authId", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo;->serverName:Ljava/lang/String;", "FIELD:Lpro/gravit/launchserver/manangers/AuthManager$CheckServerTokenInfo;->authId:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String serverName() {
            return this.serverName;
        }

        public String authId() {
            return this.authId;
        }
    }

    /* loaded from: input_file:pro/gravit/launchserver/manangers/AuthManager$CheckServerVerifier.class */
    public static class CheckServerVerifier implements RestoreResponse.ExtendedTokenProvider {
        private final LaunchServer server;

        public CheckServerVerifier(LaunchServer launchServer) {
            this.server = launchServer;
        }

        @Override // pro.gravit.launchserver.socket.response.auth.RestoreResponse.ExtendedTokenProvider
        public boolean accept(Client client, AuthProviderPair authProviderPair, String str) {
            CheckServerTokenInfo parseCheckServerToken = this.server.authManager.parseCheckServerToken(str);
            if (parseCheckServerToken == null) {
                return false;
            }
            client.auth_id = parseCheckServerToken.authId;
            client.auth = this.server.config.getAuthProviderPair(parseCheckServerToken.authId);
            if (client.permissions == null) {
                client.permissions = new ClientPermissions();
            }
            client.permissions.addPerm("launchserver.checkserver");
            client.permissions.addPerm("launchserver.profile.%s.show".formatted(parseCheckServerToken.serverName));
            client.setProperty("launchserver.serverName", parseCheckServerToken.serverName);
            return true;
        }
    }

    public AuthManager(LaunchServer launchServer) {
        this.server = launchServer;
        this.checkServerTokenParser = Jwts.parserBuilder().requireIssuer("LaunchServer").require("tokenType", "checkServer").setSigningKey(launchServer.keyAgreementManager.ecdsaPublicKey).build();
    }

    public String newCheckServerToken(String str, String str2) {
        return Jwts.builder().setIssuer("LaunchServer").claim("serverName", str).claim("authId", str2).claim("tokenType", "checkServer").signWith(this.server.keyAgreementManager.ecdsaPrivateKey).compact();
    }

    public CheckServerTokenInfo parseCheckServerToken(String str) {
        try {
            Claims claims = (Claims) this.checkServerTokenParser.parseClaimsJws(str).getBody();
            return new CheckServerTokenInfo((String) claims.get("serverName", String.class), (String) claims.get("authId", String.class));
        } catch (Exception e) {
            return null;
        }
    }

    public AuthResponse.AuthContext makeAuthContext(Client client, AuthResponse.ConnectTypes connectTypes, AuthProviderPair authProviderPair, String str, String str2, String str3) {
        Objects.requireNonNull(client, "Client must be not null");
        Objects.requireNonNull(connectTypes, "authType must be not null");
        Objects.requireNonNull(authProviderPair, "AuthProviderPair must be not null");
        return new AuthResponse.AuthContext(client, str, str2, str3, connectTypes, authProviderPair);
    }

    public void check(AuthResponse.AuthContext authContext) throws AuthException {
        if (authContext.authType == AuthResponse.ConnectTypes.CLIENT && !authContext.client.checkSign) {
            throw new AuthException("Don't skip Launcher Update");
        }
        if (authContext.client.isAuth) {
            throw new AuthException("You are already logged in");
        }
    }

    public AuthReport auth(AuthResponse.AuthContext authContext, AuthRequest.AuthPasswordInterface authPasswordInterface) throws AuthException {
        AuthCoreProvider authCoreProvider = authContext.pair.core;
        authCoreProvider.verifyAuth(authContext);
        if (authPasswordInterface instanceof AuthOAuthPassword) {
            try {
                UserSession userSessionByOAuthAccessToken = authCoreProvider.getUserSessionByOAuthAccessToken(((AuthOAuthPassword) authPasswordInterface).accessToken);
                if (userSessionByOAuthAccessToken == null) {
                    throw new AuthException("auth.invalidtoken");
                }
                User user = userSessionByOAuthAccessToken.getUser();
                authContext.client.coreObject = user;
                authContext.client.sessionObject = userSessionByOAuthAccessToken;
                internalAuth(authContext.client, authContext.authType, authContext.pair, user.getUsername(), user.getUUID(), user.getPermissions(), true);
                return (authContext.authType == AuthResponse.ConnectTypes.CLIENT && this.server.config.protectHandler.allowGetAccessToken(authContext)) ? AuthReport.ofMinecraftAccessToken(user.getAccessToken(), userSessionByOAuthAccessToken) : AuthReport.ofMinecraftAccessToken(null, userSessionByOAuthAccessToken);
            } catch (AuthCoreProvider.OAuthAccessTokenExpired e) {
                throw new AuthException("auth.expiretoken");
            }
        }
        try {
            AuthReport authorize = authCoreProvider.authorize(authContext.login, authContext, authPasswordInterface, authContext.authType == AuthResponse.ConnectTypes.CLIENT && this.server.config.protectHandler.allowGetAccessToken(authContext));
            if (authorize == null || authorize.session == null || authorize.session.getUser() == null) {
                this.logger.error("AuthCoreProvider {} method 'authorize' return null", authContext.pair.name);
                throw new AuthException("Internal Auth Error");
            }
            UserSession userSession = authorize.session;
            User user2 = userSession.getUser();
            authContext.client.coreObject = user2;
            authContext.client.sessionObject = userSession;
            internalAuth(authContext.client, authContext.authType, authContext.pair, user2.getUsername(), user2.getUUID(), user2.getPermissions(), authorize.isUsingOAuth());
            return authorize;
        } catch (IOException e2) {
            if (e2 instanceof AuthException) {
                throw ((AuthException) e2);
            }
            this.logger.error(e2);
            throw new AuthException("Internal Auth Error");
        }
    }

    public void internalAuth(Client client, AuthResponse.ConnectTypes connectTypes, AuthProviderPair authProviderPair, String str, UUID uuid, ClientPermissions clientPermissions, boolean z) {
        if (!z) {
            throw new UnsupportedOperationException("Unsupported legacy session system");
        }
        client.isAuth = true;
        client.permissions = clientPermissions;
        client.auth_id = authProviderPair.name;
        client.auth = authProviderPair;
        client.username = str;
        client.type = connectTypes;
        client.uuid = uuid;
    }

    public UserSessionSupportKeys.ClientProfileKeys createClientProfileKeys(UUID uuid) {
        throw new UnsupportedOperationException("Minecraft 1.19.1 signature");
    }

    public CheckServerReport checkServer(Client client, String str, String str2) throws IOException {
        User checkServer;
        if (client.auth == null || (checkServer = client.auth.core.checkServer(client, str, str2)) == null) {
            return null;
        }
        return CheckServerReport.ofUser(checkServer, getPlayerProfile(client.auth, checkServer));
    }

    public boolean joinServer(Client client, String str, String str2, String str3) throws IOException {
        if (client.auth == null) {
            return false;
        }
        return client.auth.core.joinServer(client, str, str2, str3);
    }

    public PlayerProfile getPlayerProfile(Client client) {
        User user;
        if (client.auth == null || (user = client.getUser()) == null) {
            return null;
        }
        PlayerProfile playerProfile = getPlayerProfile(client.auth, user);
        if (playerProfile != null) {
            return playerProfile;
        }
        if (client.auth.textureProvider != null) {
            return getPlayerProfile(client.uuid, client.username, client.profile == null ? null : client.profile.getTitle(), client.auth.textureProvider, new HashMap());
        }
        return new PlayerProfile(client.uuid, client.username, new HashMap(), new HashMap());
    }

    public PlayerProfile getPlayerProfile(AuthProviderPair authProviderPair, String str) {
        return getPlayerProfile(authProviderPair, str, (ClientProfile) null);
    }

    public PlayerProfile getPlayerProfile(AuthProviderPair authProviderPair, String str, ClientProfile clientProfile) {
        User userByUsername = authProviderPair.core.getUserByUsername(str);
        if (userByUsername == null) {
            return null;
        }
        PlayerProfile playerProfile = getPlayerProfile(authProviderPair, userByUsername);
        UUID uuid = userByUsername.getUUID();
        if (playerProfile != null) {
            return playerProfile;
        }
        if (uuid == null) {
            return null;
        }
        if (authProviderPair.textureProvider != null) {
            return getPlayerProfile(uuid, str, clientProfile == null ? null : clientProfile.getTitle(), authProviderPair.textureProvider, new HashMap());
        }
        return new PlayerProfile(uuid, str, new HashMap(), new HashMap());
    }

    public PlayerProfile getPlayerProfile(AuthProviderPair authProviderPair, UUID uuid) {
        return getPlayerProfile(authProviderPair, uuid, (ClientProfile) null);
    }

    public PlayerProfile getPlayerProfile(AuthProviderPair authProviderPair, UUID uuid, ClientProfile clientProfile) {
        User userByUUID = authProviderPair.core.getUserByUUID(uuid);
        if (userByUUID == null) {
            return null;
        }
        PlayerProfile playerProfile = getPlayerProfile(authProviderPair, userByUUID);
        String username = userByUUID.getUsername();
        if (playerProfile != null) {
            return playerProfile;
        }
        if (username == null) {
            return null;
        }
        if (authProviderPair.textureProvider != null) {
            return getPlayerProfile(uuid, username, clientProfile == null ? null : clientProfile.getTitle(), authProviderPair.textureProvider, new HashMap());
        }
        return new PlayerProfile(uuid, username, new HashMap(), new HashMap());
    }

    public PlayerProfile getPlayerProfile(AuthProviderPair authProviderPair, User user) {
        Map<String, String> properties = user instanceof UserSupportProperties ? ((UserSupportProperties) user).getProperties() : new HashMap();
        if (user instanceof UserSupportTextures) {
            return new PlayerProfile(user.getUUID(), user.getUsername(), ((UserSupportTextures) user).getUserAssets(), properties);
        }
        if (authProviderPair.textureProvider == null) {
            throw new NullPointerException("TextureProvider not found");
        }
        return getPlayerProfile(user.getUUID(), user.getUsername(), "", authProviderPair.textureProvider, properties);
    }

    private PlayerProfile getPlayerProfile(UUID uuid, String str, String str2, TextureProvider textureProvider, Map<String, String> map) {
        return new PlayerProfile(uuid, str, textureProvider.getAssets(uuid, str, str2), map);
    }

    public AuthRequest.AuthPasswordInterface decryptPassword(AuthRequest.AuthPasswordInterface authPasswordInterface) throws AuthException {
        if (authPasswordInterface instanceof Auth2FAPassword) {
            Auth2FAPassword auth2FAPassword = (Auth2FAPassword) authPasswordInterface;
            auth2FAPassword.firstPassword = tryDecryptPasswordPlain(auth2FAPassword.firstPassword);
            auth2FAPassword.secondPassword = tryDecryptPasswordPlain(auth2FAPassword.secondPassword);
        } else if (authPasswordInterface instanceof AuthMultiPassword) {
            AuthMultiPassword authMultiPassword = (AuthMultiPassword) authPasswordInterface;
            ArrayList arrayList = new ArrayList(authMultiPassword.list.size());
            Iterator it = authMultiPassword.list.iterator();
            while (it.hasNext()) {
                arrayList.add(tryDecryptPasswordPlain((AuthRequest.AuthPasswordInterface) it.next()));
            }
            authMultiPassword.list = arrayList;
        } else {
            authPasswordInterface = tryDecryptPasswordPlain(authPasswordInterface);
        }
        return authPasswordInterface;
    }

    private AuthRequest.AuthPasswordInterface tryDecryptPasswordPlain(AuthRequest.AuthPasswordInterface authPasswordInterface) throws AuthException {
        if (authPasswordInterface instanceof AuthAESPassword) {
            try {
                return new AuthPlainPassword(IOHelper.decode(SecurityHelper.decrypt(this.server.runtime.passwordEncryptKey, ((AuthAESPassword) authPasswordInterface).password)));
            } catch (Exception e) {
                throw new AuthException("Password decryption error");
            }
        }
        if (!(authPasswordInterface instanceof AuthRSAPassword)) {
            return authPasswordInterface;
        }
        try {
            return new AuthPlainPassword(IOHelper.decode(SecurityHelper.newRSADecryptCipher(this.server.keyAgreementManager.rsaPrivateKey).doFinal(((AuthRSAPassword) authPasswordInterface).password)));
        } catch (Exception e2) {
            throw new AuthException("Password decryption error");
        }
    }
}
