package pro.gravit.launchserver.auth.core;

import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.time.Clock;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import pro.gravit.launcher.base.ClientPermissions;
import pro.gravit.launcher.base.request.auth.AuthRequest;
import pro.gravit.launcher.base.request.auth.password.AuthPlainPassword;
import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.auth.AuthException;
import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.auth.MySQLSourceConfig;
import pro.gravit.launchserver.auth.SQLSourceConfig;
import pro.gravit.launchserver.auth.core.AuthCoreProvider;
import pro.gravit.launchserver.auth.core.interfaces.provider.AuthSupportSudo;
import pro.gravit.launchserver.auth.password.PasswordVerifier;
import pro.gravit.launchserver.helper.LegacySessionHelper;
import pro.gravit.launchserver.manangers.AuthManager;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.auth.AuthResponse;
import pro.gravit.utils.helper.SecurityHelper;

/* loaded from: input_file:pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider.class */
public abstract class AbstractSQLCoreProvider extends AuthCoreProvider implements AuthSupportSudo {
    public final transient Logger logger = LogManager.getLogger();
    public long expireSeconds = TimeUnit.HOURS.toSeconds(1);
    public String uuidColumn;
    public String usernameColumn;
    public String accessTokenColumn;
    public String passwordColumn;
    public String serverIDColumn;
    public String table;
    public String permissionsTable;
    public String permissionsPermissionColumn;
    public String permissionsUUIDColumn;
    public String rolesTable;
    public String rolesNameColumn;
    public String rolesUUIDColumn;
    public PasswordVerifier passwordVerifier;
    public String customQueryByUUIDSQL;
    public String customQueryByUsernameSQL;
    public String customQueryByLoginSQL;
    public String customQueryPermissionsByUUIDSQL;
    public String customQueryRolesByUserUUID;
    public String customUpdateAuthSQL;
    public String customUpdateServerIdSQL;
    public transient String queryByUUIDSQL;
    public transient String queryByUsernameSQL;
    public transient String queryByLoginSQL;
    public transient String queryPermissionsByUUIDSQL;
    public transient String queryRolesByUserUUID;
    public transient String updateAuthSQL;
    public transient String updateServerIDSQL;

    /* loaded from: input_file:pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider$SQLUser.class */
    public static class SQLUser implements User {
        protected final UUID uuid;
        protected final String username;
        protected String accessToken;
        protected String serverId;
        protected final String password;
        protected ClientPermissions permissions;

        public SQLUser(UUID uuid, String str, String str2, String str3, String str4) {
            this.uuid = uuid;
            this.username = str;
            this.accessToken = str2;
            this.serverId = str3;
            this.password = str4;
        }

        @Override // pro.gravit.launchserver.auth.core.User
        public String getUsername() {
            return this.username;
        }

        @Override // pro.gravit.launchserver.auth.core.User
        public UUID getUUID() {
            return this.uuid;
        }

        public String getServerId() {
            return this.serverId;
        }

        public String getAccessToken() {
            return this.accessToken;
        }

        @Override // pro.gravit.launchserver.auth.core.User
        public ClientPermissions getPermissions() {
            return this.permissions;
        }

        public String toString() {
            return "SQLUser{uuid=" + String.valueOf(this.uuid) + ", username='" + this.username + "', permissions=" + String.valueOf(this.permissions) + "}";
        }
    }

    /* loaded from: input_file:pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider$SQLUserSession.class */
    public static class SQLUserSession implements UserSession {
        private final SQLUser user;
        private final String id;

        public SQLUserSession(SQLUser sQLUser) {
            this.user = sQLUser;
            this.id = sQLUser.username;
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public String getID() {
            return this.id;
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public User getUser() {
            return this.user;
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public String getMinecraftAccessToken() {
            return this.user.getAccessToken();
        }

        @Override // pro.gravit.launchserver.auth.core.UserSession
        public long getExpireIn() {
            return 0L;
        }
    }

    public abstract SQLSourceConfig getSQLConfig();

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User getUserByUsername(String str) {
        try {
            return queryUser(this.queryByUsernameSQL, str);
        } catch (Exception e) {
            this.logger.error("SQL error", e);
            return null;
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User getUserByUUID(UUID uuid) {
        try {
            return queryUser(this.queryByUUIDSQL, uuid.toString());
        } catch (Exception e) {
            this.logger.error("SQL error", e);
            return null;
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User getUserByLogin(String str) {
        try {
            return queryUser(this.queryByLoginSQL, str);
        } catch (Exception e) {
            this.logger.error("SQL error", e);
            return null;
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public UserSession getUserSessionByOAuthAccessToken(String str) throws AuthCoreProvider.OAuthAccessTokenExpired {
        try {
            SQLUser sQLUser = (SQLUser) getUserByUUID(LegacySessionHelper.getJwtInfoFromAccessToken(str, this.server.keyAgreementManager.ecdsaPublicKey).uuid());
            if (sQLUser == null) {
                return null;
            }
            return createSession(sQLUser);
        } catch (ExpiredJwtException e) {
            throw new AuthCoreProvider.OAuthAccessTokenExpired();
        } catch (JwtException e2) {
            return null;
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public AuthManager.AuthReport refreshAccessToken(String str, AuthResponse.AuthContext authContext) {
        String[] split = str.split("\\.");
        if (split.length != 2) {
            return null;
        }
        String str2 = split[0];
        String str3 = split[1];
        SQLUser sQLUser = (SQLUser) getUserByUsername(str2);
        if (sQLUser == null || sQLUser.password == null || !str3.equals(LegacySessionHelper.makeRefreshTokenFromPassword(str2, sQLUser.password, this.server.keyAgreementManager.legacySalt))) {
            return null;
        }
        return new AuthManager.AuthReport(null, LegacySessionHelper.makeAccessJwtTokenFromString(sQLUser, LocalDateTime.now(Clock.systemUTC()).plusSeconds(this.expireSeconds), this.server.keyAgreementManager.ecdsaPrivateKey), str, TimeUnit.SECONDS.toMillis(this.expireSeconds), createSession(sQLUser));
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public AuthManager.AuthReport authorize(String str, AuthResponse.AuthContext authContext, AuthRequest.AuthPasswordInterface authPasswordInterface, boolean z) throws IOException {
        SQLUser sQLUser = (SQLUser) getUserByLogin(str);
        if (sQLUser == null) {
            throw AuthException.userNotFound();
        }
        AuthPlainPassword authPlainPassword = (AuthPlainPassword) authPasswordInterface;
        if (authPlainPassword == null) {
            throw AuthException.wrongPassword();
        }
        if (!this.passwordVerifier.check(sQLUser.password, authPlainPassword.password)) {
            throw AuthException.wrongPassword();
        }
        SQLUserSession createSession = createSession(sQLUser);
        String makeAccessJwtTokenFromString = LegacySessionHelper.makeAccessJwtTokenFromString(sQLUser, LocalDateTime.now(Clock.systemUTC()).plusSeconds(this.expireSeconds), this.server.keyAgreementManager.ecdsaPrivateKey);
        String concat = sQLUser.username.concat(".").concat(LegacySessionHelper.makeRefreshTokenFromPassword(sQLUser.username, sQLUser.password, this.server.keyAgreementManager.legacySalt));
        if (!z) {
            return AuthManager.AuthReport.ofOAuth(makeAccessJwtTokenFromString, concat, TimeUnit.SECONDS.toMillis(this.expireSeconds), createSession);
        }
        String randomStringToken = SecurityHelper.randomStringToken();
        updateAuth(sQLUser, randomStringToken);
        return AuthManager.AuthReport.ofOAuthWithMinecraft(randomStringToken, makeAccessJwtTokenFromString, concat, TimeUnit.SECONDS.toMillis(this.expireSeconds), createSession);
    }

    @Override // pro.gravit.launchserver.auth.core.interfaces.provider.AuthSupportSudo
    public AuthManager.AuthReport sudo(User user, boolean z) throws IOException {
        SQLUser sQLUser = (SQLUser) user;
        SQLUserSession createSession = createSession(sQLUser);
        String makeAccessJwtTokenFromString = LegacySessionHelper.makeAccessJwtTokenFromString(sQLUser, LocalDateTime.now(Clock.systemUTC()).plusSeconds(this.expireSeconds), this.server.keyAgreementManager.ecdsaPrivateKey);
        String concat = sQLUser.username.concat(".").concat(LegacySessionHelper.makeRefreshTokenFromPassword(sQLUser.username, sQLUser.password, this.server.keyAgreementManager.legacySalt));
        String randomStringToken = SecurityHelper.randomStringToken();
        updateAuth(user, randomStringToken);
        return AuthManager.AuthReport.ofOAuthWithMinecraft(randomStringToken, makeAccessJwtTokenFromString, concat, TimeUnit.SECONDS.toMillis(this.expireSeconds), createSession);
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User checkServer(Client client, String str, String str2) throws IOException {
        SQLUser sQLUser = (SQLUser) getUserByUsername(str);
        if (sQLUser != null && sQLUser.getUsername().equals(str) && sQLUser.getServerId().equals(str2)) {
            return sQLUser;
        }
        return null;
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public boolean joinServer(Client client, String str, UUID uuid, String str2, String str3) throws IOException {
        SQLUser sQLUser = (SQLUser) client.getUser();
        if (sQLUser == null) {
            return false;
        }
        if (uuid != null ? sQLUser.getUUID().equals(uuid) : sQLUser.getUsername().equals(str)) {
            if (sQLUser.getAccessToken().equals(str2) && updateServerID(sQLUser, str3)) {
                return true;
            }
        }
        return false;
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public void init(LaunchServer launchServer, AuthProviderPair authProviderPair) {
        super.init(launchServer, authProviderPair);
        if (getSQLConfig() == null) {
            this.logger.error("SQLHolder cannot be null");
        }
        if (this.uuidColumn == null) {
            this.logger.error("uuidColumn cannot be null");
        }
        if (this.usernameColumn == null) {
            this.logger.error("usernameColumn cannot be null");
        }
        if (this.accessTokenColumn == null) {
            this.logger.error("accessTokenColumn cannot be null");
        }
        if (this.serverIDColumn == null) {
            this.logger.error("serverIDColumn cannot be null");
        }
        if (this.table == null) {
            this.logger.error("table cannot be null");
        }
        String makeUserCols = makeUserCols();
        this.queryByUUIDSQL = this.customQueryByUUIDSQL != null ? this.customQueryByUUIDSQL : "SELECT %s FROM %s WHERE %s=? LIMIT 1".formatted(makeUserCols, this.table, this.uuidColumn);
        this.queryByUsernameSQL = this.customQueryByUsernameSQL != null ? this.customQueryByUsernameSQL : "SELECT %s FROM %s WHERE %s=? LIMIT 1".formatted(makeUserCols, this.table, this.usernameColumn);
        this.queryByLoginSQL = this.customQueryByLoginSQL != null ? this.customQueryByLoginSQL : this.queryByUsernameSQL;
        this.updateAuthSQL = this.customUpdateAuthSQL != null ? this.customUpdateAuthSQL : "UPDATE %s SET %s=?, %s=NULL WHERE %s=?".formatted(this.table, this.accessTokenColumn, this.serverIDColumn, this.uuidColumn);
        this.updateServerIDSQL = this.customUpdateServerIdSQL != null ? this.customUpdateServerIdSQL : "UPDATE %s SET %s=? WHERE %s=?".formatted(this.table, this.serverIDColumn, this.uuidColumn);
        if (isEnabledPermissions()) {
            if (!isEnabledRoles()) {
                this.queryPermissionsByUUIDSQL = this.customQueryPermissionsByUUIDSQL != null ? this.customQueryPermissionsByUUIDSQL : "SELECT (%s) FROM %s WHERE %s=?".formatted(this.permissionsPermissionColumn, this.permissionsTable, this.permissionsUUIDColumn);
            } else {
                this.queryPermissionsByUUIDSQL = this.customQueryPermissionsByUUIDSQL != null ? this.customQueryPermissionsByUUIDSQL : "WITH RECURSIVE req AS (\nSELECT p." + this.permissionsPermissionColumn + " FROM " + this.permissionsTable + " p WHERE p." + this.permissionsUUIDColumn + " = ?\nUNION ALL\nSELECT p." + this.permissionsPermissionColumn + " FROM " + this.permissionsTable + " p\nINNER JOIN " + this.rolesTable + " r ON p." + this.permissionsUUIDColumn + " = r." + this.rolesUUIDColumn + "\nINNER JOIN req ON r." + this.rolesUUIDColumn + "=substring(req." + this.permissionsPermissionColumn + " from 6) or r.name=substring(req." + this.permissionsPermissionColumn + " from 6)\n) SELECT * FROM req";
                this.queryRolesByUserUUID = this.customQueryRolesByUserUUID != null ? this.customQueryRolesByUserUUID : "SELECT r." + this.rolesNameColumn + " FROM " + this.rolesTable + " r\nINNER JOIN " + this.permissionsTable + " pr ON r." + this.rolesUUIDColumn + "=substring(pr." + this.permissionsPermissionColumn + " from 6) or r." + this.rolesNameColumn + "=substring(pr." + this.permissionsPermissionColumn + " from 6)\nWHERE pr." + this.permissionsUUIDColumn + " = ?";
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String makeUserCols() {
        return "%s, %s, %s, %s, %s".formatted(this.uuidColumn, this.usernameColumn, this.accessTokenColumn, this.serverIDColumn, this.passwordColumn);
    }

    protected void updateAuth(User user, String str) throws IOException {
        try {
            Connection connection = getSQLConfig().getConnection();
            try {
                ((SQLUser) user).accessToken = str;
                PreparedStatement prepareStatement = connection.prepareStatement(this.updateAuthSQL);
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, user.getUUID().toString());
                prepareStatement.setQueryTimeout(MySQLSourceConfig.TIMEOUT);
                prepareStatement.executeUpdate();
                if (connection != null) {
                    connection.close();
                }
            } finally {
            }
        } catch (SQLException e) {
            throw new IOException(e);
        }
    }

    protected boolean updateServerID(User user, String str) throws IOException {
        try {
            Connection connection = getSQLConfig().getConnection();
            try {
                ((SQLUser) user).serverId = str;
                PreparedStatement prepareStatement = connection.prepareStatement(this.updateServerIDSQL);
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, user.getUUID().toString());
                prepareStatement.setQueryTimeout(MySQLSourceConfig.TIMEOUT);
                boolean z = prepareStatement.executeUpdate() > 0;
                if (connection != null) {
                    connection.close();
                }
                return z;
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (SQLException e) {
            throw new IOException(e);
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider, java.lang.AutoCloseable
    public void close() {
        getSQLConfig().close();
    }

    protected SQLUser constructUser(ResultSet resultSet) throws SQLException {
        if (resultSet.next()) {
            return new SQLUser(UUID.fromString(resultSet.getString(this.uuidColumn)), resultSet.getString(this.usernameColumn), resultSet.getString(this.accessTokenColumn), resultSet.getString(this.serverIDColumn), resultSet.getString(this.passwordColumn));
        }
        return null;
    }

    public ClientPermissions requestPermissions(String str) throws SQLException {
        return new ClientPermissions(isEnabledRoles() ? queryRolesNames(this.queryRolesByUserUUID, str) : new ArrayList<>(), isEnabledPermissions() ? queryPermissions(this.queryPermissionsByUUIDSQL, str) : new ArrayList<>());
    }

    private SQLUser queryUser(String str, String str2) throws SQLException {
        Connection connection = getSQLConfig().getConnection();
        try {
            PreparedStatement prepareStatement = connection.prepareStatement(str);
            prepareStatement.setString(1, str2);
            prepareStatement.setQueryTimeout(MySQLSourceConfig.TIMEOUT);
            ResultSet executeQuery = prepareStatement.executeQuery();
            try {
                SQLUser constructUser = constructUser(executeQuery);
                if (executeQuery != null) {
                    executeQuery.close();
                }
                if (connection != null) {
                    connection.close();
                }
                if (constructUser != null) {
                    constructUser.permissions = requestPermissions(constructUser.uuid.toString());
                }
                return constructUser;
            } finally {
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<String> queryPermissions(String str, String str2) throws SQLException {
        Connection connection = getSQLConfig().getConnection();
        try {
            PreparedStatement prepareStatement = connection.prepareStatement(str);
            prepareStatement.setString(1, str2);
            prepareStatement.setQueryTimeout(MySQLSourceConfig.TIMEOUT);
            ResultSet executeQuery = prepareStatement.executeQuery();
            ArrayList arrayList = new ArrayList();
            while (executeQuery.next()) {
                arrayList.add(executeQuery.getString(this.permissionsPermissionColumn));
            }
            if (connection != null) {
                connection.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected SQLUserSession createSession(SQLUser sQLUser) {
        return new SQLUserSession(sQLUser);
    }

    public boolean isEnabledPermissions() {
        return this.permissionsPermissionColumn != null;
    }

    public boolean isEnabledRoles() {
        return this.rolesNameColumn != null;
    }

    private List<String> queryRolesNames(String str, String str2) throws SQLException {
        Connection connection = getSQLConfig().getConnection();
        try {
            PreparedStatement prepareStatement = connection.prepareStatement(str);
            prepareStatement.setString(1, str2);
            prepareStatement.setQueryTimeout(MySQLSourceConfig.TIMEOUT);
            ResultSet executeQuery = prepareStatement.executeQuery();
            ArrayList arrayList = new ArrayList();
            while (executeQuery.next()) {
                arrayList.add(executeQuery.getString(this.rolesNameColumn));
            }
            if (connection != null) {
                connection.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
