package pro.gravit.launchserver.auth.protect;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.util.Base64;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import pro.gravit.launcher.events.request.GetSecureLevelInfoRequestEvent;
import pro.gravit.launcher.events.request.HardwareReportRequestEvent;
import pro.gravit.launcher.events.request.VerifySecureLevelKeyRequestEvent;
import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.auth.core.interfaces.UserHardware;
import pro.gravit.launchserver.auth.core.interfaces.provider.AuthSupportHardware;
import pro.gravit.launchserver.auth.protect.interfaces.HardwareProtectHandler;
import pro.gravit.launchserver.auth.protect.interfaces.JoinServerProtectHandler;
import pro.gravit.launchserver.auth.protect.interfaces.SecureProtectHandler;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.auth.RestoreResponse;
import pro.gravit.launchserver.socket.response.secure.HardwareReportResponse;

/* loaded from: input_file:pro/gravit/launchserver/auth/protect/AdvancedProtectHandler.class */
public class AdvancedProtectHandler extends StdProtectHandler implements SecureProtectHandler, HardwareProtectHandler, JoinServerProtectHandler {
    private final transient Logger logger = LogManager.getLogger();
    public boolean enableHardwareFeature;
    private transient LaunchServer server;

    /* loaded from: input_file:pro/gravit/launchserver/auth/protect/AdvancedProtectHandler$HardwareInfoTokenVerifier.class */
    public static class HardwareInfoTokenVerifier implements RestoreResponse.ExtendedTokenProvider {
        private final transient Logger logger = LogManager.getLogger();
        private final JwtParser parser;

        public HardwareInfoTokenVerifier(LaunchServer launchServer) {
            this.parser = Jwts.parserBuilder().requireIssuer("LaunchServer").setSigningKey(launchServer.keyAgreementManager.ecdsaPublicKey).build();
        }

        @Override // pro.gravit.launchserver.socket.response.auth.RestoreResponse.ExtendedTokenProvider
        public boolean accept(Client client, AuthProviderPair authProviderPair, String str) {
            AuthSupportHardware authSupportHardware;
            try {
                String str2 = (String) ((Claims) this.parser.parseClaimsJws(str).getBody()).get("hardware", String.class);
                if (str2 == null || client.auth == null || (authSupportHardware = (AuthSupportHardware) client.auth.core.isSupport(AuthSupportHardware.class)) == null) {
                    return false;
                }
                UserHardware hardwareInfoById = authSupportHardware.getHardwareInfoById(str2);
                if (client.trustLevel == null) {
                    client.trustLevel = new Client.TrustLevel();
                }
                client.trustLevel.hardwareInfo = hardwareInfoById;
                return true;
            } catch (Throwable th) {
                this.logger.error("Hardware JWT error", th);
                return false;
            }
        }
    }

    /* loaded from: input_file:pro/gravit/launchserver/auth/protect/AdvancedProtectHandler$PublicKeyTokenVerifier.class */
    public static class PublicKeyTokenVerifier implements RestoreResponse.ExtendedTokenProvider {
        private final transient Logger logger = LogManager.getLogger();
        private final JwtParser parser;

        public PublicKeyTokenVerifier(LaunchServer launchServer) {
            this.parser = Jwts.parserBuilder().requireIssuer("LaunchServer").setSigningKey(launchServer.keyAgreementManager.ecdsaPublicKey).build();
        }

        @Override // pro.gravit.launchserver.socket.response.auth.RestoreResponse.ExtendedTokenProvider
        public boolean accept(Client client, AuthProviderPair authProviderPair, String str) {
            try {
                String str2 = (String) ((Claims) this.parser.parseClaimsJws(str).getBody()).get("publicKey", String.class);
                if (str2 == null) {
                    return false;
                }
                if (client.trustLevel == null) {
                    client.trustLevel = new Client.TrustLevel();
                }
                client.trustLevel.publicKey = Base64.getDecoder().decode(str2);
                return true;
            } catch (Throwable th) {
                this.logger.error("Public Key JWT error", th);
                return false;
            }
        }
    }

    @Override // pro.gravit.launchserver.auth.protect.interfaces.SecureProtectHandler
    public GetSecureLevelInfoRequestEvent onGetSecureLevelInfo(GetSecureLevelInfoRequestEvent getSecureLevelInfoRequestEvent) {
        return getSecureLevelInfoRequestEvent;
    }

    @Override // pro.gravit.launchserver.auth.protect.interfaces.SecureProtectHandler
    public boolean allowGetSecureLevelInfo(Client client) {
        return client.checkSign;
    }

    @Override // pro.gravit.launchserver.auth.protect.interfaces.HardwareProtectHandler
    public void onHardwareReport(HardwareReportResponse hardwareReportResponse, Client client) {
        if (!this.enableHardwareFeature) {
            hardwareReportResponse.sendResult(new HardwareReportRequestEvent());
            return;
        }
        if (!client.isAuth || client.trustLevel == null || client.trustLevel.publicKey == null) {
            hardwareReportResponse.sendError("Access denied");
            return;
        }
        if (client.trustLevel.hardwareInfo != null) {
            hardwareReportResponse.sendResult(new HardwareReportRequestEvent(createHardwareToken(client.username, client.trustLevel.hardwareInfo), TimeUnit.SECONDS.toMillis(this.server.config.netty.security.hardwareTokenExpire)));
            return;
        }
        this.logger.debug("HardwareInfo received");
        AuthSupportHardware authSupportHardware = (AuthSupportHardware) client.auth.isSupport(AuthSupportHardware.class);
        if (authSupportHardware == null) {
            this.logger.error("AuthCoreProvider not supported hardware");
            hardwareReportResponse.sendError("AuthCoreProvider not supported hardware");
            return;
        }
        UserHardware hardwareInfoByData = authSupportHardware.getHardwareInfoByData(hardwareReportResponse.hardware);
        if (hardwareInfoByData == null) {
            hardwareInfoByData = authSupportHardware.createHardwareInfo(hardwareReportResponse.hardware, client.trustLevel.publicKey);
        } else {
            authSupportHardware.addPublicKeyToHardwareInfo(hardwareInfoByData, client.trustLevel.publicKey);
        }
        authSupportHardware.connectUserAndHardware(client.sessionObject, hardwareInfoByData);
        if (hardwareInfoByData.isBanned()) {
            throw new SecurityException("Your hardware banned");
        }
        client.trustLevel.hardwareInfo = hardwareInfoByData;
        hardwareReportResponse.sendResult(new HardwareReportRequestEvent(createHardwareToken(client.username, hardwareInfoByData), TimeUnit.SECONDS.toMillis(this.server.config.netty.security.hardwareTokenExpire)));
    }

    @Override // pro.gravit.launchserver.auth.protect.interfaces.SecureProtectHandler
    public VerifySecureLevelKeyRequestEvent onSuccessVerify(Client client) {
        if (this.enableHardwareFeature) {
            AuthSupportHardware authSupportHardware = (AuthSupportHardware) client.auth.isSupport(AuthSupportHardware.class);
            if (authSupportHardware != null) {
                UserHardware hardwareInfoByPublicKey = authSupportHardware.getHardwareInfoByPublicKey(client.trustLevel.publicKey);
                if (hardwareInfoByPublicKey == null) {
                    return new VerifySecureLevelKeyRequestEvent(true, false, createPublicKeyToken(client.username, client.trustLevel.publicKey), TimeUnit.SECONDS.toMillis(this.server.config.netty.security.publicKeyTokenExpire));
                }
                if (hardwareInfoByPublicKey.isBanned()) {
                    throw new SecurityException("Your hardware banned");
                }
                client.trustLevel.hardwareInfo = hardwareInfoByPublicKey;
                authSupportHardware.connectUserAndHardware(client.sessionObject, hardwareInfoByPublicKey);
                return new VerifySecureLevelKeyRequestEvent(false, false, createPublicKeyToken(client.username, client.trustLevel.publicKey), TimeUnit.SECONDS.toMillis(this.server.config.netty.security.publicKeyTokenExpire));
            }
            this.logger.warn("AuthCoreProvider not supported hardware. HardwareInfo not checked!");
        }
        return new VerifySecureLevelKeyRequestEvent(false, false, createPublicKeyToken(client.username, client.trustLevel.publicKey), TimeUnit.SECONDS.toMillis(this.server.config.netty.security.publicKeyTokenExpire));
    }

    @Override // pro.gravit.launchserver.auth.protect.interfaces.JoinServerProtectHandler
    public boolean onJoinServer(String str, String str2, UUID uuid, Client client) {
        return (this.enableHardwareFeature && (client.trustLevel == null || client.trustLevel.hardwareInfo == null)) ? false : true;
    }

    @Override // pro.gravit.launchserver.auth.protect.StdProtectHandler, pro.gravit.launchserver.auth.protect.ProtectHandler
    public void init(LaunchServer launchServer) {
        this.server = launchServer;
    }

    public String createHardwareToken(String str, UserHardware userHardware) {
        return Jwts.builder().setIssuer("LaunchServer").setSubject(str).setExpiration(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(this.server.config.netty.security.hardwareTokenExpire))).claim("hardware", userHardware.getId()).signWith(this.server.keyAgreementManager.ecdsaPrivateKey).compact();
    }

    public String createPublicKeyToken(String str, byte[] bArr) {
        return Jwts.builder().setIssuer("LaunchServer").setSubject(str).setExpiration(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(this.server.config.netty.security.publicKeyTokenExpire))).claim("publicKey", Base64.getEncoder().encodeToString(bArr)).signWith(this.server.keyAgreementManager.ecdsaPrivateKey).compact();
    }
}
