package net.elytrium.limboauth.handler;

import com.google.common.primitives.Longs;
import com.velocitypowered.api.proxy.Player;
import com.velocitypowered.proxy.protocol.packet.PluginMessagePacket;
import io.netty.buffer.ByteBuf;
import io.whitfin.siphash.SipHasher;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.text.MessageFormat;
import java.util.List;
import java.util.Locale;
import java.util.UUID;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import net.elytrium.limboapi.api.Limbo;
import net.elytrium.limboapi.api.LimboSessionHandler;
import net.elytrium.limboapi.api.player.LimboPlayer;
import net.elytrium.limboapi.thirdparty.commons.kyori.serialization.Serializer;
import net.elytrium.limboauth.LimboAuth;
import net.elytrium.limboauth.Settings;
import net.elytrium.limboauth.event.PostAuthorizationEvent;
import net.elytrium.limboauth.event.PostRegisterEvent;
import net.elytrium.limboauth.event.TaskEvent;
import net.elytrium.limboauth.migration.MigrationHash;
import net.elytrium.limboauth.model.RegisteredPlayer;
import net.elytrium.limboauth.model.SQLRuntimeException;
import net.elytrium.limboauth.thirdparty.at.favre.lib.crypto.bcrypt.BCrypt;
import net.elytrium.limboauth.thirdparty.com.j256.ormlite.dao.Dao;
import net.elytrium.limboauth.thirdparty.dev.samstevens.totp.code.CodeVerifier;
import net.elytrium.limboauth.thirdparty.dev.samstevens.totp.code.DefaultCodeGenerator;
import net.elytrium.limboauth.thirdparty.dev.samstevens.totp.code.DefaultCodeVerifier;
import net.elytrium.limboauth.thirdparty.dev.samstevens.totp.time.SystemTimeProvider;
import net.kyori.adventure.bossbar.BossBar;
import net.kyori.adventure.text.Component;
import net.kyori.adventure.title.Title;

/* loaded from: input_file:net/elytrium/limboauth/handler/AuthSessionHandler.class */
public class AuthSessionHandler implements LimboSessionHandler {
    public static final CodeVerifier TOTP_CODE_VERIFIER = new DefaultCodeVerifier(new DefaultCodeGenerator(), new SystemTimeProvider());
    private static final BCrypt.Verifyer HASH_VERIFIER = BCrypt.verifyer();
    private static final BCrypt.Hasher HASHER = BCrypt.withDefaults();
    private static Component ratelimited;
    private static BossBar.Color bossbarColor;
    private static BossBar.Overlay bossbarOverlay;
    private static Component ipLimitKick;
    private static Component databaseErrorKick;
    private static String wrongNicknameCaseKick;
    private static Component timesUp;
    private static Component registerSuccessful;
    private static Title registerSuccessfulTitle;
    private static Component[] loginWrongPassword;
    private static Component loginWrongPasswordKick;
    private static Component totp;
    private static Title totpTitle;
    private static Component register;
    private static Title registerTitle;
    private static Component[] login;
    private static Title loginTitle;
    private static Component registerDifferentPasswords;
    private static Component registerPasswordTooLong;
    private static Component registerPasswordTooShort;
    private static Component registerPasswordUnsafe;
    private static Component loginSuccessful;
    private static Component sessionExpired;
    private static Title loginSuccessfulTitle;
    private static MigrationHash migrationHash;
    private final Dao<RegisteredPlayer, String> playerDao;
    private final Player proxyPlayer;
    private final LimboAuth plugin;
    private final long joinTime = System.currentTimeMillis();
    private final BossBar bossBar = BossBar.bossBar(Component.empty(), 1.0f, bossbarColor, bossbarOverlay);
    private final boolean loginOnlyByMod;
    private RegisteredPlayer playerInfo;
    private ScheduledFuture<?> authMainTask;
    private LimboPlayer player;
    private int attempts;
    private boolean totpState;
    private String tempPassword;
    private boolean tokenReceived;

    /* loaded from: input_file:net/elytrium/limboauth/handler/AuthSessionHandler$Command.class */
    private enum Command {
        INVALID,
        REGISTER,
        LOGIN,
        TOTP;

        static Command parse(String str) {
            return Settings.IMP.MAIN.REGISTER_COMMAND.contains(str) ? REGISTER : Settings.IMP.MAIN.LOGIN_COMMAND.contains(str) ? LOGIN : Settings.IMP.MAIN.TOTP_COMMAND.contains(str) ? TOTP : INVALID;
        }
    }

    public AuthSessionHandler(Dao<RegisteredPlayer, String> dao, Player player, LimboAuth limboAuth, RegisteredPlayer registeredPlayer) {
        this.loginOnlyByMod = Settings.IMP.MAIN.MOD.ENABLED && Settings.IMP.MAIN.MOD.LOGIN_ONLY_BY_MOD;
        this.attempts = Settings.IMP.MAIN.LOGIN_ATTEMPTS;
        this.playerDao = dao;
        this.proxyPlayer = player;
        this.plugin = limboAuth;
        this.playerInfo = registeredPlayer;
    }

    public void onSpawn(Limbo limbo, LimboPlayer limboPlayer) {
        this.player = limboPlayer;
        if (Settings.IMP.MAIN.DISABLE_FALLING) {
            this.player.disableFalling();
        } else {
            this.player.enableFalling();
        }
        Serializer serializer = LimboAuth.getSerializer();
        if (this.playerInfo == null) {
            try {
                List<RegisteredPlayer> queryForEq = this.playerDao.queryForEq(RegisteredPlayer.IP_FIELD, this.proxyPlayer.getRemoteAddress().getAddress().getHostAddress());
                if (queryForEq != null) {
                    int size = queryForEq.size();
                    if (Settings.IMP.MAIN.IP_LIMIT_VALID_TIME > 0) {
                        for (RegisteredPlayer registeredPlayer : (List) queryForEq.stream().filter(registeredPlayer2 -> {
                            return registeredPlayer2.getRegDate() < System.currentTimeMillis() - Settings.IMP.MAIN.IP_LIMIT_VALID_TIME;
                        }).collect(Collectors.toList())) {
                            registeredPlayer.setIP("");
                            this.playerDao.update((Dao<RegisteredPlayer, String>) registeredPlayer);
                            size--;
                        }
                    }
                    if (size >= Settings.IMP.MAIN.IP_LIMIT_REGISTRATIONS) {
                        this.proxyPlayer.disconnect(ipLimitKick);
                        return;
                    }
                }
            } catch (SQLException e) {
                this.proxyPlayer.disconnect(databaseErrorKick);
                throw new SQLRuntimeException(e);
            }
        } else if (!this.proxyPlayer.getUsername().equals(this.playerInfo.getNickname())) {
            this.proxyPlayer.disconnect(serializer.deserialize(MessageFormat.format(wrongNicknameCaseKick, this.playerInfo.getNickname(), this.proxyPlayer.getUsername())));
            return;
        }
        boolean z = !this.loginOnlyByMod && Settings.IMP.MAIN.ENABLE_BOSSBAR;
        int i = Settings.IMP.MAIN.AUTH_TIME;
        float f = 1000.0f / i;
        this.authMainTask = this.player.getScheduledExecutor().scheduleWithFixedDelay(() -> {
            if (System.currentTimeMillis() - this.joinTime > i) {
                this.proxyPlayer.disconnect(timesUp);
            } else if (z) {
                float currentTimeMillis = ((float) (i - (System.currentTimeMillis() - this.joinTime))) / 1000.0f;
                this.bossBar.name(serializer.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.BOSSBAR, Integer.valueOf((int) currentTimeMillis))));
                this.bossBar.progress(Math.min(1.0f, currentTimeMillis * f));
            }
        }, 0L, 1L, TimeUnit.SECONDS);
        if (z) {
            this.proxyPlayer.showBossBar(this.bossBar);
        }
        if (this.loginOnlyByMod) {
            return;
        }
        sendMessage(true);
    }

    public void onChat(String str) {
        if (this.loginOnlyByMod) {
            return;
        }
        if (!LimboAuth.RATELIMITER.attempt(this.proxyPlayer.getRemoteAddress().getAddress())) {
            this.proxyPlayer.sendMessage(ratelimited);
            return;
        }
        String[] split = str.split(" ");
        if (split.length != 0 && checkArgsLength(split.length)) {
            Command parse = Command.parse(split[0]);
            if (parse == Command.REGISTER && !this.totpState && this.playerInfo == null) {
                String str2 = split[1];
                if (checkPasswordsRepeat(split) && checkPasswordLength(str2) && checkPasswordStrength(str2)) {
                    saveTempPassword(str2);
                    RegisteredPlayer password = new RegisteredPlayer(this.proxyPlayer).setPassword(str2);
                    try {
                        this.playerDao.create((Dao<RegisteredPlayer, String>) password);
                        this.playerInfo = password;
                        this.proxyPlayer.sendMessage(registerSuccessful);
                        if (registerSuccessfulTitle != null) {
                            this.proxyPlayer.showTitle(registerSuccessfulTitle);
                        }
                        this.plugin.getServer().getEventManager().fire(new PostRegisterEvent(this::finishAuth, this.player, this.playerInfo, this.tempPassword)).thenAcceptAsync((v1) -> {
                            finishAuth(v1);
                        });
                        return;
                    } catch (SQLException e) {
                        this.proxyPlayer.disconnect(databaseErrorKick);
                        throw new SQLRuntimeException(e);
                    }
                }
                return;
            }
            if (parse == Command.LOGIN && !this.totpState && this.playerInfo != null) {
                String str3 = split[1];
                saveTempPassword(str3);
                if (str3.length() > 0 && checkPassword(str3, this.playerInfo, this.playerDao)) {
                    if (this.playerInfo.getTotpToken().isEmpty()) {
                        finishLogin();
                        return;
                    } else {
                        this.totpState = true;
                        sendMessage(true);
                        return;
                    }
                }
                int i = this.attempts - 1;
                this.attempts = i;
                if (i == 0) {
                    this.proxyPlayer.disconnect(loginWrongPasswordKick);
                    return;
                } else {
                    this.proxyPlayer.sendMessage(loginWrongPassword[this.attempts - 1]);
                    checkBruteforceAttempts();
                    return;
                }
            }
            if (parse == Command.TOTP && this.totpState && this.playerInfo != null) {
                if (TOTP_CODE_VERIFIER.isValidCode(this.playerInfo.getTotpToken(), split[1])) {
                    finishLogin();
                    return;
                }
                checkBruteforceAttempts();
            }
        }
        sendMessage(false);
    }

    public void onGeneric(Object obj) {
        if (Settings.IMP.MAIN.MOD.ENABLED && (obj instanceof PluginMessagePacket)) {
            PluginMessagePacket pluginMessagePacket = (PluginMessagePacket) obj;
            String channel = pluginMessagePacket.getChannel();
            if (channel.equals("MC|Brand") || channel.equals("minecraft:brand")) {
                if (Settings.IMP.MAIN.MOD.ENABLED) {
                    this.proxyPlayer.sendPluginMessage(this.plugin.getChannelIdentifier(this.proxyPlayer), new byte[0]);
                    return;
                }
                return;
            }
            if (channel.equals(this.plugin.getChannelIdentifier(this.proxyPlayer).getId())) {
                if (this.tokenReceived) {
                    checkBruteforceAttempts();
                    this.proxyPlayer.disconnect(Component.empty());
                    return;
                }
                this.tokenReceived = true;
                if (this.playerInfo == null) {
                    return;
                }
                ByteBuf content = pluginMessagePacket.content();
                if (content.readableBytes() < 16) {
                    checkBruteforceAttempts();
                    this.proxyPlayer.sendMessage(sessionExpired);
                    return;
                }
                long readLong = content.readLong();
                long readLong2 = content.readLong();
                if (this.playerInfo.getTokenIssuedAt() > readLong) {
                    this.proxyPlayer.sendMessage(sessionExpired);
                    return;
                }
                if (readLong2 == SipHasher.init(Settings.IMP.MAIN.MOD.VERIFY_KEY).update(this.playerInfo.getLowercaseNickname().getBytes(StandardCharsets.UTF_8)).update(Longs.toByteArray(readLong)).digest()) {
                    finishAuth();
                } else {
                    checkBruteforceAttempts();
                    this.proxyPlayer.sendMessage(sessionExpired);
                }
            }
        }
    }

    private void checkBruteforceAttempts() {
        this.plugin.incrementBruteforceAttempts(this.proxyPlayer.getRemoteAddress().getAddress());
        if (this.plugin.getBruteforceAttempts(this.proxyPlayer.getRemoteAddress().getAddress()) >= Settings.IMP.MAIN.BRUTEFORCE_MAX_ATTEMPTS) {
            this.proxyPlayer.disconnect(loginWrongPasswordKick);
        }
    }

    private void saveTempPassword(String str) {
        this.tempPassword = str;
    }

    public void onDisconnect() {
        if (this.authMainTask != null) {
            this.authMainTask.cancel(true);
        }
        this.proxyPlayer.hideBossBar(this.bossBar);
    }

    private void sendMessage(boolean z) {
        if (this.totpState) {
            this.proxyPlayer.sendMessage(totp);
            if (!z || totpTitle == null) {
                return;
            }
            this.proxyPlayer.showTitle(totpTitle);
            return;
        }
        if (this.playerInfo == null) {
            this.proxyPlayer.sendMessage(register);
            if (!z || registerTitle == null) {
                return;
            }
            this.proxyPlayer.showTitle(registerTitle);
            return;
        }
        this.proxyPlayer.sendMessage(login[this.attempts - 1]);
        if (!z || loginTitle == null) {
            return;
        }
        this.proxyPlayer.showTitle(loginTitle);
    }

    private boolean checkArgsLength(int i) {
        return (this.playerInfo == null && Settings.IMP.MAIN.REGISTER_NEED_REPEAT_PASSWORD) ? i == 3 : i == 2;
    }

    private boolean checkPasswordsRepeat(String[] strArr) {
        if (!Settings.IMP.MAIN.REGISTER_NEED_REPEAT_PASSWORD || strArr[1].equals(strArr[2])) {
            return true;
        }
        this.proxyPlayer.sendMessage(registerDifferentPasswords);
        return false;
    }

    private boolean checkPasswordLength(String str) {
        int length = str.length();
        if (length > Settings.IMP.MAIN.MAX_PASSWORD_LENGTH) {
            this.proxyPlayer.sendMessage(registerPasswordTooLong);
            return false;
        }
        if (length >= Settings.IMP.MAIN.MIN_PASSWORD_LENGTH) {
            return true;
        }
        this.proxyPlayer.sendMessage(registerPasswordTooShort);
        return false;
    }

    private boolean checkPasswordStrength(String str) {
        if (!Settings.IMP.MAIN.CHECK_PASSWORD_STRENGTH || !this.plugin.getUnsafePasswords().contains(str)) {
            return true;
        }
        this.proxyPlayer.sendMessage(registerPasswordUnsafe);
        return false;
    }

    private void finishLogin() {
        this.proxyPlayer.sendMessage(loginSuccessful);
        if (loginSuccessfulTitle != null) {
            this.proxyPlayer.showTitle(loginSuccessfulTitle);
        }
        this.plugin.clearBruteforceAttempts(this.proxyPlayer.getRemoteAddress().getAddress());
        this.plugin.getServer().getEventManager().fire(new PostAuthorizationEvent(this::finishAuth, this.player, this.playerInfo, this.tempPassword)).thenAcceptAsync((v1) -> {
            finishAuth(v1);
        });
    }

    private void finishAuth(TaskEvent taskEvent) {
        if (taskEvent.getResult() == TaskEvent.Result.CANCEL) {
            this.proxyPlayer.disconnect(taskEvent.getReason());
        } else {
            if (taskEvent.getResult() == TaskEvent.Result.WAIT) {
                return;
            }
            finishAuth();
        }
    }

    private void finishAuth() {
        if (Settings.IMP.MAIN.CRACKED_TITLE_SETTINGS.CLEAR_AFTER_LOGIN) {
            this.proxyPlayer.clearTitle();
        }
        try {
            this.plugin.updateLoginData(this.proxyPlayer);
        } catch (SQLException e) {
            throw new SQLRuntimeException(e);
        } catch (Throwable th) {
            th.printStackTrace();
        }
        this.plugin.cacheAuthUser(this.proxyPlayer);
        this.player.disconnect();
    }

    public static void reload() {
        Serializer serializer = LimboAuth.getSerializer();
        ratelimited = serializer.deserialize(Settings.IMP.MAIN.STRINGS.RATELIMITED);
        bossbarColor = Settings.IMP.MAIN.BOSSBAR_COLOR;
        bossbarOverlay = Settings.IMP.MAIN.BOSSBAR_OVERLAY;
        ipLimitKick = serializer.deserialize(Settings.IMP.MAIN.STRINGS.IP_LIMIT_KICK);
        databaseErrorKick = serializer.deserialize(Settings.IMP.MAIN.STRINGS.DATABASE_ERROR_KICK);
        wrongNicknameCaseKick = Settings.IMP.MAIN.STRINGS.WRONG_NICKNAME_CASE_KICK;
        timesUp = serializer.deserialize(Settings.IMP.MAIN.STRINGS.TIMES_UP);
        registerSuccessful = serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL);
        if (Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_TITLE.isEmpty() && Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_SUBTITLE.isEmpty()) {
            registerSuccessfulTitle = null;
        } else {
            registerSuccessfulTitle = Title.title(serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_TITLE), serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUCCESSFUL_SUBTITLE), Settings.IMP.MAIN.CRACKED_TITLE_SETTINGS.toTimes());
        }
        int i = Settings.IMP.MAIN.LOGIN_ATTEMPTS;
        loginWrongPassword = new Component[i];
        for (int i2 = 0; i2 < i; i2++) {
            loginWrongPassword[i2] = serializer.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_WRONG_PASSWORD, Integer.valueOf(i2 + 1)));
        }
        loginWrongPasswordKick = serializer.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_WRONG_PASSWORD_KICK);
        totp = serializer.deserialize(Settings.IMP.MAIN.STRINGS.TOTP);
        if (Settings.IMP.MAIN.STRINGS.TOTP_TITLE.isEmpty() && Settings.IMP.MAIN.STRINGS.TOTP_SUBTITLE.isEmpty()) {
            totpTitle = null;
        } else {
            totpTitle = Title.title(serializer.deserialize(Settings.IMP.MAIN.STRINGS.TOTP_TITLE), serializer.deserialize(Settings.IMP.MAIN.STRINGS.TOTP_SUBTITLE), Settings.IMP.MAIN.CRACKED_TITLE_SETTINGS.toTimes());
        }
        register = serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER);
        if (Settings.IMP.MAIN.STRINGS.REGISTER_TITLE.isEmpty() && Settings.IMP.MAIN.STRINGS.REGISTER_SUBTITLE.isEmpty()) {
            registerTitle = null;
        } else {
            registerTitle = Title.title(serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_TITLE), serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_SUBTITLE), Settings.IMP.MAIN.CRACKED_TITLE_SETTINGS.toTimes());
        }
        login = new Component[i];
        for (int i3 = 0; i3 < i; i3++) {
            login[i3] = serializer.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN, Integer.valueOf(i3 + 1)));
        }
        if (Settings.IMP.MAIN.STRINGS.LOGIN_TITLE.isEmpty() && Settings.IMP.MAIN.STRINGS.LOGIN_SUBTITLE.isEmpty()) {
            loginTitle = null;
        } else {
            loginTitle = Title.title(serializer.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_TITLE, Integer.valueOf(i))), serializer.deserialize(MessageFormat.format(Settings.IMP.MAIN.STRINGS.LOGIN_SUBTITLE, Integer.valueOf(i))), Settings.IMP.MAIN.CRACKED_TITLE_SETTINGS.toTimes());
        }
        registerDifferentPasswords = serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_DIFFERENT_PASSWORDS);
        registerPasswordTooLong = serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_PASSWORD_TOO_LONG);
        registerPasswordTooShort = serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_PASSWORD_TOO_SHORT);
        registerPasswordUnsafe = serializer.deserialize(Settings.IMP.MAIN.STRINGS.REGISTER_PASSWORD_UNSAFE);
        loginSuccessful = serializer.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL);
        sessionExpired = serializer.deserialize(Settings.IMP.MAIN.STRINGS.MOD_SESSION_EXPIRED);
        if (Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_TITLE.isEmpty() && Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_SUBTITLE.isEmpty()) {
            loginSuccessfulTitle = null;
        } else {
            loginSuccessfulTitle = Title.title(serializer.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_TITLE), serializer.deserialize(Settings.IMP.MAIN.STRINGS.LOGIN_SUCCESSFUL_SUBTITLE), Settings.IMP.MAIN.CRACKED_TITLE_SETTINGS.toTimes());
        }
        migrationHash = Settings.IMP.MAIN.MIGRATION_HASH;
    }

    public static boolean checkPassword(String str, RegisteredPlayer registeredPlayer, Dao<RegisteredPlayer, String> dao) {
        String hash = registeredPlayer.getHash();
        boolean z = HASH_VERIFIER.verify(str.getBytes(StandardCharsets.UTF_8), hash.replace("BCRYPT$", "$2a$").getBytes(StandardCharsets.UTF_8)).verified;
        if (!z && migrationHash != null) {
            z = migrationHash.checkPassword(hash, str);
            if (z) {
                registeredPlayer.setPassword(str);
                try {
                    dao.update((Dao<RegisteredPlayer, String>) registeredPlayer);
                } catch (SQLException e) {
                    throw new SQLRuntimeException(e);
                }
            }
        }
        return z;
    }

    public static RegisteredPlayer fetchInfo(Dao<RegisteredPlayer, String> dao, UUID uuid) {
        try {
            List<RegisteredPlayer> queryForEq = dao.queryForEq(RegisteredPlayer.PREMIUM_UUID_FIELD, uuid.toString());
            if ((queryForEq != null ? queryForEq.size() : 0) == 0) {
                return null;
            }
            return queryForEq.get(0);
        } catch (SQLException e) {
            throw new SQLRuntimeException(e);
        }
    }

    public static RegisteredPlayer fetchInfo(Dao<RegisteredPlayer, String> dao, String str) {
        return fetchInfoLowercased(dao, str.toLowerCase(Locale.ROOT));
    }

    public static RegisteredPlayer fetchInfoLowercased(Dao<RegisteredPlayer, String> dao, String str) {
        try {
            List<RegisteredPlayer> queryForEq = dao.queryForEq(RegisteredPlayer.LOWERCASE_NICKNAME_FIELD, str);
            if ((queryForEq != null ? queryForEq.size() : 0) == 0) {
                return null;
            }
            return queryForEq.get(0);
        } catch (SQLException e) {
            throw new SQLRuntimeException(e);
        }
    }

    @Deprecated
    public static String genHash(String str) {
        return HASHER.hashToString(Settings.IMP.MAIN.BCRYPT_COST, str.toCharArray());
    }
}
