package com.github.fabricservertools.deltalogger.dao;

import com.github.fabricservertools.deltalogger.SQLUtils;
import com.github.fabricservertools.deltalogger.gql.Validators;
import com.github.fabricservertools.deltalogger.shadow.com.auth0.jwt.JWT;
import com.github.fabricservertools.deltalogger.shadow.com.auth0.jwt.JWTVerifier;
import com.github.fabricservertools.deltalogger.shadow.com.auth0.jwt.algorithms.Algorithm;
import com.github.fabricservertools.deltalogger.shadow.com.auth0.jwt.exceptions.SignatureVerificationException;
import com.github.fabricservertools.deltalogger.shadow.com.auth0.jwt.interfaces.DecodedJWT;
import com.github.fabricservertools.deltalogger.shadow.com.fasterxml.jackson.annotation.JsonProperty;
import com.github.fabricservertools.deltalogger.shadow.io.vavr.collection.Seq;
import com.github.fabricservertools.deltalogger.shadow.io.vavr.control.Either;
import com.github.fabricservertools.deltalogger.shadow.io.vavr.control.Validation;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.jdbi.v3.core.Jdbi;

/* loaded from: input_file:com/github/fabricservertools/deltalogger/dao/AuthDAO.class */
public class AuthDAO {
    private Jdbi jdbi;
    private SecureRandom sr = new SecureRandom();
    private String jwtSecret;
    private JWTVerifier jwtVerifier;

    public AuthDAO(Jdbi jdbi) {
        this.jdbi = jdbi;
        this.jwtSecret = (String) ((Optional) jdbi.withHandle(handle -> {
            return handle.createQuery("SELECT `value` FROM kv_store WHERE `key`='jwt_secret'").mapTo(String.class).findOne();
        })).orElseGet(() -> {
            String b64Encode = b64Encode(genSalt());
            jdbi.withHandle(handle2 -> {
                return Integer.valueOf(handle2.createUpdate("INSERT INTO kv_store (`key`, `value`) VALUES ('jwt_secret',?) ").bind(0, b64Encode).execute());
            });
            return b64Encode;
        });
        this.jwtVerifier = JWT.require(Algorithm.HMAC256(this.jwtSecret)).build();
    }

    private byte[] genSalt() {
        byte[] bArr = new byte[16];
        this.sr.nextBytes(bArr);
        return bArr;
    }

    private String b64Encode(byte[] bArr) {
        return new String(Base64.getEncoder().encode(bArr));
    }

    private byte[] b64Decodde(String str) {
        return Base64.getDecoder().decode(str);
    }

    private byte[] hashPass(String str, byte[] bArr) {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 65536, 128)).getEncoded();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
            return null;
        }
    }

    public Optional<DecodedJWT> verifyJWT(String str) {
        DecodedJWT decodedJWT = null;
        try {
            decodedJWT = this.jwtVerifier.verify(str);
        } catch (SignatureVerificationException e) {
            return Optional.empty();
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        return Optional.ofNullable(decodedJWT);
    }

    public Either<String, String> issueTemporaryPass(UUID uuid, boolean z) {
        byte[] genSalt = genSalt();
        String substring = UUID.randomUUID().toString().replaceAll("-", JsonProperty.USE_DEFAULT_NAME).substring(0, 10);
        if (((List) this.jdbi.withHandle(handle -> {
            return handle.select("SELECT 1 FROM players WHERE UPPER(name) = (SELECT UPPER(name) FROM players WHERE uuid=?)", uuid.toString()).mapTo(Integer.class).list();
        })).size() > 1) {
            return Either.left("Could not issue temporary password: your username is duplicated in the system. Did you login with offline mode?");
        }
        try {
            String b64Encode = b64Encode(hashPass(substring, genSalt));
            this.jdbi.withHandle(handle2 -> {
                return Integer.valueOf(handle2.createUpdate(String.join(" ", "INSERT INTO perms", "(player_id, password_hash, temporary_pass, salt, roll_back, `delete`)", "SELECT players.id, :hash, 1, :salt, :roll_back, :delete", "FROM players WHERE uuid=:uuid", SQLUtils.onDuplicateKeyUpdate("player_id"), "temporary_pass=1, password_hash=:hash, salt=:salt")).bind("uuid", uuid.toString()).bind("hash", b64Encode).bind("salt", b64Encode(genSalt)).bind("roll_back", z).bind("delete", z).execute());
            });
        } catch (Exception e) {
            e.printStackTrace();
        }
        return Either.right(substring);
    }

    public Optional<Map<String, Object>> getUserFromUserName(String str) {
        return (Optional) this.jdbi.withHandle(handle -> {
            return handle.select(String.join(" ", "SELECT players.uuid as uuid, password_hash, salt, temporary_pass", "FROM perms INNER JOIN players on perms.player_id = players.id", "WHERE UPPER(players.name) = UPPER(?)"), str).mapToMap().findOne();
        });
    }

    private boolean extractBool(Object obj) {
        boolean z = false;
        boolean z2 = false;
        try {
            z = ((Boolean) obj).booleanValue();
        } catch (ClassCastException e) {
            z2 = true;
        }
        if (z2) {
            z = ((Integer) obj).intValue() == 1;
        }
        return z;
    }

    public Optional<String> generateJWT(String str, String str2) {
        Algorithm HMAC256 = Algorithm.HMAC256(this.jwtSecret);
        return getUserFromUserName(str).map(map -> {
            String b64Encode = b64Encode(hashPass(str2, b64Decodde((String) map.get("salt"))));
            if (b64Encode == null || !b64Encode.equals((String) map.get("password_hash"))) {
                return null;
            }
            return JWT.create().withClaim("user_id", (String) map.get("uuid")).withClaim("user_name", str.toLowerCase()).withClaim("temporary", Boolean.valueOf(extractBool(map.get("temporary_pass")))).withIssuedAt(new Date()).sign(HMAC256);
        });
    }

    public Either<String, String> changePass(String str, String str2, boolean z) {
        byte[] genSalt = genSalt();
        String b64Encode = b64Encode(genSalt);
        String b64Encode2 = b64Encode(hashPass(str2, genSalt));
        Validation<Seq<String>, String> validatePassword = Validators.validatePassword(str2);
        if (validatePassword.isInvalid()) {
            return Either.left(((StringBuilder) validatePassword.getError().intersperse("\n").foldLeft(new StringBuilder(), (v0, v1) -> {
                return v0.append(v1);
            })).toString());
        }
        if (!(((Integer) this.jdbi.withHandle(handle -> {
            return Integer.valueOf(handle.createUpdate(String.join(" ", "UPDATE perms", "SET password_hash=:hash, salt=:salt, temporary_pass=:temp", "WHERE player_id=(SELECT id FROM players WHERE UPPER(name)=UPPER(:name))")).bind("name", str).bind("hash", b64Encode2).bind("salt", b64Encode).bind("temp", z).execute());
        })).intValue() == 1)) {
            return Either.left("Failed to change password.");
        }
        Optional<String> generateJWT = generateJWT(str, str2);
        return !generateJWT.isPresent() ? Either.left("Failed to generate jwt.") : Either.right(generateJWT.get());
    }
}
