package de.blitzdose.minecraftserverremote.web.webserver.auth;

import com.amdelamar.jotp.OTP;
import com.amdelamar.jotp.type.Type;
import de.blitzdose.minecraftserverremote.ServerCtrl;
import de.blitzdose.minecraftserverremote.crypt.CryptManager;
import de.blitzdose.minecraftserverremote.logging.Logger;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.bukkit.configuration.file.FileConfiguration;
import org.bukkit.plugin.Plugin;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:de/blitzdose/minecraftserverremote/web/webserver/auth/UserManager.class */
public class UserManager {
    static Map<String, TokenUser> tokens = new HashMap();
    public static final int SUCCESS = 1;
    public static final int WRONG_PASSWORD_OR_USERNAME = 2;
    public static final int WRONG_TOTP = 5;
    public static final int TOKEN_NOT_FOUND = 3;
    public static final int NO_PERMISSION = 4;

    public int authenticateUser(String str, String str2, @Nullable String str3) {
        Plugin plugin = ServerCtrl.getPlugin();
        String string = plugin.getConfig().getString("Webserver.users." + str);
        List stringList = plugin.getConfig().getStringList("Webserver.apppasswords." + str);
        String string2 = plugin.getConfig().getString("Webserver.totp." + str);
        if (str2 != null && !str2.isEmpty() && stringList.contains(str2)) {
            string = str2;
        } else if (string2 != null && !checkTOTP(string2, str3)) {
            return 5;
        }
        if (str2 == null || str2.isEmpty() || !Objects.equals(string, str2)) {
            return 2;
        }
        List stringList2 = plugin.getConfig().getStringList("Webserver.permissions." + str);
        ArrayList arrayList = new ArrayList();
        stringList2.forEach(str4 -> {
            try {
                arrayList.add(Role.valueOf(str4));
            } catch (IllegalArgumentException e) {
                Logger.error("Invalid permission \"" + str4 + "\" at user \"" + str + "\". Check the config.yml");
            }
        });
        tokens.put(generateNewToken(), new TokenUser(str, System.currentTimeMillis(), arrayList));
        return 1;
    }

    public int authenticateUser(String str, Role role) {
        if (!tokens.containsKey(str)) {
            return 3;
        }
        TokenUser tokenUser = tokens.get(str);
        if (!tokenUser.getRoles().contains(role)) {
            return 4;
        }
        if (tokenUser.getUpdatedDateMillis() + 172800000 > System.currentTimeMillis()) {
            return 1;
        }
        tokens.remove(str);
        return 3;
    }

    public int authenticateUser(String str) {
        if (!tokens.containsKey(str)) {
            return 3;
        }
        if (tokens.get(str).getUpdatedDateMillis() + 172800000 > System.currentTimeMillis()) {
            return 1;
        }
        tokens.remove(str);
        return 3;
    }

    public String getToken(String str) {
        for (String str2 : tokens.keySet()) {
            if (tokens.get(str2).getUsername().equals(str)) {
                return str2;
            }
        }
        return "";
    }

    public String getUsername(String str) {
        return tokens.containsKey(str) ? tokens.get(str).getUsername() : "";
    }

    public static String generateNewToken() {
        byte[] bArr = new byte[24];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    public ArrayList<String> getPermissions(String str, boolean z) {
        TokenUser tokenUser = tokens.get(getToken(str));
        ArrayList<String> arrayList = new ArrayList<>();
        if (tokenUser == null) {
            tokenUser = new TokenUser(str, System.currentTimeMillis(), (ArrayList) ServerCtrl.getPlugin().getConfig().getStringList("Webserver.users." + str).stream().map(Role::valueOf).collect(Collectors.toCollection(ArrayList::new)));
        }
        if (tokenUser.getRoles().contains(Role.ADMIN) && z) {
            arrayList.addAll(Arrays.stream(Role.values()).map((v0) -> {
                return v0.name();
            }).filter(str2 -> {
                return !str2.equals("ANYONE");
            }).toList());
        } else {
            tokenUser.getRoles().forEach(role -> {
                arrayList.add(role.name());
            });
        }
        return arrayList;
    }

    public ArrayList<Role> getRoles(String str) {
        TokenUser tokenUser = tokens.get(str);
        if (tokenUser != null) {
            return tokenUser.getRoles();
        }
        return null;
    }

    public void logout(String str) {
        tokens.remove(getToken(str));
    }

    public boolean hasPermission(Role role, String str) {
        TokenUser tokenUser = tokens.get(str);
        return tokenUser != null && tokenUser.getRoles().contains(role);
    }

    public void setPassword(String str, String str2) {
        Plugin plugin = ServerCtrl.getPlugin();
        plugin.getConfig().set("Webserver.users." + str, str2);
        plugin.getConfig().set("Webserver.apppasswords." + str, new ArrayList());
        plugin.saveConfig();
        plugin.reloadConfig();
    }

    public boolean createUser(String str, String str2) {
        String hash = CryptManager.getHash(str2);
        if (hash == null) {
            return false;
        }
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (config.contains("Webserver.users." + str)) {
            return false;
        }
        config.set("Webserver.users." + str, hash);
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return true;
    }

    public boolean setRoles(String str, List<Role> list) {
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (!config.contains("Webserver.users." + str)) {
            return false;
        }
        config.set("Webserver.permissions." + str, (String[]) list.stream().map((v0) -> {
            return v0.name();
        }).filter(str2 -> {
            return !str2.equals("ANYONE");
        }).toArray(i -> {
            return new String[i];
        }));
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return true;
    }

    public boolean setRole(String str, Role role, boolean z) {
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (!config.contains("Webserver.users." + str)) {
            return false;
        }
        List stringList = config.getStringList("Webserver.permissions." + str);
        if (stringList.contains(role.name()) && !z) {
            stringList.remove(role.name());
        } else if (!stringList.contains(role.name()) && z) {
            stringList.add(role.name());
        }
        config.set("Webserver.permissions." + str, stringList);
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return true;
    }

    @Nullable
    public String initTOTP(String str) {
        String randomBase32 = OTP.randomBase32(20);
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (!config.contains("Webserver.users." + str) || config.contains("Webserver.totp." + str)) {
            return null;
        }
        config.set("Webserver.totp-pending." + str, randomBase32);
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return randomBase32;
    }

    public boolean verifyTOTP(String str, String str2) throws IOException, NoSuchAlgorithmException, InvalidKeyException {
        String string;
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (!config.contains("Webserver.totp-pending." + str) || (string = config.getString("Webserver.totp-pending." + str)) == null || !checkTOTP(string, str2)) {
            return false;
        }
        config.set("Webserver.totp." + str, string);
        config.set("Webserver.totp-pending." + str, (Object) null);
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return true;
    }

    private boolean checkTOTP(String str, String str2) {
        try {
            String create = OTP.create(str, OTP.timeInHex(System.currentTimeMillis() - 30000), 6, Type.TOTP);
            String create2 = OTP.create(str, OTP.timeInHex(System.currentTimeMillis()), 6, Type.TOTP);
            String create3 = OTP.create(str, OTP.timeInHex(System.currentTimeMillis() + 30000), 6, Type.TOTP);
            if (!create.equals(str2) && !create2.equals(str2)) {
                if (!create3.equals(str2)) {
                    return false;
                }
            }
            return true;
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public boolean removeTOTP(String str, String str2) {
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (!config.contains("Webserver.users." + str) || !config.contains("Webserver.totp." + str)) {
            return false;
        }
        config.set("Webserver.totp." + str, (Object) null);
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return true;
    }

    public boolean hasTOTP(String str) {
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (config.contains("Webserver.users." + str)) {
            return config.contains("Webserver.totp." + str);
        }
        return false;
    }

    @Nullable
    public String createAppPassword(String str) {
        FileConfiguration config = ServerCtrl.getPlugin().getConfig();
        if (!config.contains("Webserver.users." + str)) {
            return null;
        }
        String randomBase32 = OTP.randomBase32(128);
        String hash = CryptManager.getHash(randomBase32);
        List stringList = config.getStringList("Webserver.apppasswords." + str);
        stringList.add(hash);
        config.set("Webserver.apppasswords." + str, stringList);
        ServerCtrl.getPlugin().saveConfig();
        ServerCtrl.getPlugin().reloadConfig();
        return randomBase32;
    }
}
