package baimo.minecraft.plugins.authshield.security;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.reflect.TypeToken;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:baimo/minecraft/plugins/authshield/security/PasswordManager.class */
public class PasswordManager {
    private static final int ITERATIONS = 65536;
    private static final int KEY_LENGTH = 256;
    private static final String ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final int SALT_LENGTH = 16;
    private static final String PASSWORD_FILE = "config/authshield/playerdata.json";
    private final Map<String, String> passwords = new HashMap();
    private final ReadWriteLock lock = new ReentrantReadWriteLock();
    private final Path passwordPath = Path.of(PASSWORD_FILE, new String[0]);
    private static final Logger LOGGER = LogManager.getLogger("authshield");
    private static final Gson gson = new GsonBuilder().setPrettyPrinting().create();
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();

    public PasswordManager() {
        doInitialLoad();
    }

    /* JADX WARN: Type inference failed for: r2v5, types: [baimo.minecraft.plugins.authshield.security.PasswordManager$1] */
    private void doInitialLoad() {
        this.lock.writeLock().lock();
        try {
            try {
                if (Files.exists(this.passwordPath, new LinkOption[0])) {
                    FileReader fileReader = new FileReader(this.passwordPath.toFile());
                    try {
                        Map<? extends String, ? extends String> map = (Map) gson.fromJson(fileReader, new TypeToken<Map<String, String>>(this) { // from class: baimo.minecraft.plugins.authshield.security.PasswordManager.1
                        }.getType());
                        if (map != null) {
                            this.passwords.clear();
                            this.passwords.putAll(map);
                            LOGGER.info("已加载 {} 个玩家的密码数据", Integer.valueOf(map.size()));
                        }
                        fileReader.close();
                    } catch (Throwable th) {
                        try {
                            fileReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } else {
                    LOGGER.info("密码文件不存在，将在首次保存时创建");
                }
                this.lock.writeLock().unlock();
            } catch (Throwable th3) {
                this.lock.writeLock().unlock();
                throw th3;
            }
        } catch (IOException e) {
            LOGGER.error("加载密码文件失败: {}", e.getMessage());
            this.lock.writeLock().unlock();
        }
    }

    public void loadPasswords() {
        doInitialLoad();
    }

    public void savePasswords() {
        this.lock.readLock().lock();
        try {
            try {
                Files.createDirectories(this.passwordPath.getParent(), new FileAttribute[0]);
                FileWriter fileWriter = new FileWriter(this.passwordPath.toFile());
                try {
                    gson.toJson(this.passwords, fileWriter);
                    LOGGER.info("密码数据已保存到: {}", this.passwordPath);
                    fileWriter.close();
                    this.lock.readLock().unlock();
                } catch (Throwable th) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                this.lock.readLock().unlock();
                throw th3;
            }
        } catch (IOException e) {
            LOGGER.error("保存密码文件失败: {}", e.getMessage());
            this.lock.readLock().unlock();
        }
    }

    public String hashPassword(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("密码不能为空");
        }
        try {
            byte[] bArr = new byte[SALT_LENGTH];
            SECURE_RANDOM.nextBytes(bArr);
            PBEKeySpec pBEKeySpec = new PBEKeySpec(str.toCharArray(), bArr, ITERATIONS, KEY_LENGTH);
            byte[] encoded = SecretKeyFactory.getInstance(ALGORITHM).generateSecret(pBEKeySpec).getEncoded();
            pBEKeySpec.clearPassword();
            byte[] bArr2 = new byte[bArr.length + encoded.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            System.arraycopy(encoded, 0, bArr2, bArr.length, encoded.length);
            return Base64.getEncoder().encodeToString(bArr2);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.error("密码加密失败: {}", e.getMessage());
            throw new SecurityException("密码加密失败", e);
        }
    }

    public boolean verifyPassword(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return false;
        }
        try {
            try {
                byte[] decode = Base64.getDecoder().decode(str2);
                if (decode.length <= SALT_LENGTH) {
                    LOGGER.error("存储的密码哈希格式无效");
                    return false;
                }
                byte[] bArr = new byte[SALT_LENGTH];
                byte[] bArr2 = new byte[decode.length - SALT_LENGTH];
                System.arraycopy(decode, 0, bArr, 0, bArr.length);
                System.arraycopy(decode, bArr.length, bArr2, 0, bArr2.length);
                PBEKeySpec pBEKeySpec = new PBEKeySpec(str.toCharArray(), bArr, ITERATIONS, KEY_LENGTH);
                byte[] encoded = SecretKeyFactory.getInstance(ALGORITHM).generateSecret(pBEKeySpec).getEncoded();
                pBEKeySpec.clearPassword();
                return MessageDigest.isEqual(bArr2, encoded);
            } catch (IllegalArgumentException e) {
                LOGGER.error("Base64 解码失败: {}", e.getMessage());
                return false;
            }
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            LOGGER.error("密码验证失败: {}", e2.getMessage());
            throw new SecurityException("密码验证失败", e2);
        }
    }

    public void setPassword(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("UUID 和密码哈希不能为空");
        }
        this.lock.writeLock().lock();
        try {
            this.passwords.put(str, str2);
            savePasswords();
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public boolean hasPassword(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        this.lock.readLock().lock();
        try {
            return this.passwords.containsKey(str);
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public String getPassword(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        this.lock.readLock().lock();
        try {
            return this.passwords.get(str);
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public void removePassword(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        this.lock.writeLock().lock();
        try {
            if (this.passwords.remove(str) != null) {
                savePasswords();
                LOGGER.info("已删除玩家 {} 的密码数据", str);
            }
        } finally {
            this.lock.writeLock().unlock();
        }
    }

    public int getPasswordCount() {
        this.lock.readLock().lock();
        try {
            return this.passwords.size();
        } finally {
            this.lock.readLock().unlock();
        }
    }
}
