package pro.gravit.launchserver.auth.core.openid;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import pro.gravit.launcher.base.ClientPermissions;
import pro.gravit.launcher.base.events.request.GetAvailabilityAuthRequestEvent;
import pro.gravit.launcher.base.request.auth.AuthRequest;
import pro.gravit.launcher.base.request.auth.password.AuthCodePassword;
import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.auth.AuthException;
import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.auth.HikariSQLSourceConfig;
import pro.gravit.launchserver.auth.core.AuthCoreProvider;
import pro.gravit.launchserver.auth.core.User;
import pro.gravit.launchserver.auth.core.UserSession;
import pro.gravit.launchserver.manangers.AuthManager;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.auth.AuthResponse;
import pro.gravit.utils.helper.LogHelper;

/* loaded from: input_file:pro/gravit/launchserver/auth/core/openid/OpenIDAuthCoreProvider.class */
public class OpenIDAuthCoreProvider extends AuthCoreProvider {
    private transient SQLUserStore sqlUserStore;
    private transient SQLServerSessionStore sqlSessionStore;
    private transient OpenIDAuthenticator openIDAuthenticator;
    private OpenIDConfig openIDConfig;
    private HikariSQLSourceConfig sqlSourceConfig;

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public List<GetAvailabilityAuthRequestEvent.AuthAvailabilityDetails> getDetails(Client client) {
        return this.openIDAuthenticator.getDetails();
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User getUserByUsername(String str) {
        return this.sqlUserStore.getByUsername(str);
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User getUserByUUID(UUID uuid) {
        return this.sqlUserStore.getUserByUUID(uuid);
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public UserSession getUserSessionByOAuthAccessToken(String str) throws AuthCoreProvider.OAuthAccessTokenExpired {
        return this.openIDAuthenticator.getUserSessionByOAuthAccessToken(str);
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public AuthManager.AuthReport refreshAccessToken(String str, AuthResponse.AuthContext authContext) {
        TokenResponse refreshAccessToken = this.openIDAuthenticator.refreshAccessToken(str);
        String accessToken = refreshAccessToken.accessToken();
        try {
            return AuthManager.AuthReport.ofOAuth(accessToken, refreshAccessToken.refreshToken(), TimeUnit.SECONDS.toMillis(refreshAccessToken.accessTokenExpiresIn()), this.openIDAuthenticator.getUserSessionByOAuthAccessToken(accessToken));
        } catch (AuthCoreProvider.OAuthAccessTokenExpired e) {
            throw new RuntimeException("invalid token", e);
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public AuthManager.AuthReport authorize(String str, AuthResponse.AuthContext authContext, AuthRequest.AuthPasswordInterface authPasswordInterface, boolean z) throws IOException {
        if (authPasswordInterface == null) {
            throw AuthException.wrongPassword();
        }
        TokenResponse authorize = this.openIDAuthenticator.authorize((AuthCodePassword) authPasswordInterface);
        String accessToken = authorize.accessToken();
        String refreshToken = authorize.refreshToken();
        User createUserFromToken = this.openIDAuthenticator.createUserFromToken(accessToken);
        long millis = TimeUnit.SECONDS.toMillis(authorize.accessTokenExpiresIn());
        this.sqlUserStore.createOrUpdateUser(createUserFromToken);
        try {
            UserSession userSessionByOAuthAccessToken = this.openIDAuthenticator.getUserSessionByOAuthAccessToken(accessToken);
            return z ? AuthManager.AuthReport.ofOAuthWithMinecraft(generateMinecraftToken(createUserFromToken), accessToken, refreshToken, millis, userSessionByOAuthAccessToken) : AuthManager.AuthReport.ofOAuth(accessToken, refreshToken, millis, userSessionByOAuthAccessToken);
        } catch (AuthCoreProvider.OAuthAccessTokenExpired e) {
            throw new AuthException("invalid token", e);
        }
    }

    private String generateMinecraftToken(User user) {
        return Jwts.builder().issuer("LaunchServer").subject(user.getUUID().toString()).claim("preferred_username", user.getUsername()).expiration(Date.from(Instant.now().plus(24L, (TemporalUnit) ChronoUnit.HOURS))).signWith(this.server.keyAgreementManager.ecdsaPrivateKey).compact();
    }

    private User createUserFromMinecraftToken(String str) throws AuthException {
        try {
            Jws parseSignedClaims = Jwts.parser().requireIssuer("LaunchServer").verifyWith(this.server.keyAgreementManager.ecdsaPublicKey).build().parseSignedClaims(str);
            return new UserEntity((String) ((Claims) parseSignedClaims.getPayload()).get("preferred_username", String.class), UUID.fromString(((Claims) parseSignedClaims.getPayload()).getSubject()), new ClientPermissions());
        } catch (JwtException e) {
            throw new AuthException("Bad minecraft token", e);
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public void init(LaunchServer launchServer, AuthProviderPair authProviderPair) {
        super.init(launchServer, authProviderPair);
        this.sqlSourceConfig.init();
        this.sqlUserStore = new SQLUserStore(this.sqlSourceConfig);
        this.sqlUserStore.init();
        this.sqlSessionStore = new SQLServerSessionStore(this.sqlSourceConfig);
        this.sqlSessionStore.init();
        this.openIDAuthenticator = new OpenIDAuthenticator(this.openIDConfig);
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public User checkServer(Client client, String str, String str2) throws IOException {
        if (str2.equals(this.sqlSessionStore.getServerIdByUsername(str))) {
            return this.sqlUserStore.getByUsername(str);
        }
        return null;
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider
    public boolean joinServer(Client client, String str, UUID uuid, String str2, String str3) throws IOException {
        try {
            User createUserFromMinecraftToken = createUserFromMinecraftToken(str2);
            if (!createUserFromMinecraftToken.getUUID().equals(uuid)) {
                return false;
            }
            this.sqlUserStore.createOrUpdateUser(createUserFromMinecraftToken);
            return this.sqlSessionStore.joinServer(createUserFromMinecraftToken.getUUID(), createUserFromMinecraftToken.getUsername(), str3);
        } catch (AuthException e) {
            LogHelper.error(e);
            return false;
        }
    }

    @Override // pro.gravit.launchserver.auth.core.AuthCoreProvider, java.lang.AutoCloseable
    public void close() {
        this.sqlSourceConfig.close();
    }
}
