package io.ibj.mcauthenticator.auth;

import com.google.zxing.WriterException;
import com.warrenstrange.googleauth.GoogleAuthenticator;
import io.ibj.mcauthenticator.MCAuthenticator;
import io.ibj.mcauthenticator.map.ImageMapRenderer;
import io.ibj.mcauthenticator.model.User;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import org.bukkit.Bukkit;
import org.bukkit.Location;
import org.bukkit.Material;
import org.bukkit.entity.Player;
import org.bukkit.inventory.ItemStack;
import org.bukkit.map.MapRenderer;
import org.bukkit.map.MapView;

/* loaded from: input_file:io/ibj/mcauthenticator/auth/RFC6238.class */
public class RFC6238 implements Authenticator {
    private static final GoogleAuthenticator gAuth = new GoogleAuthenticator();
    private static final transient String googleFormat = "https://www.google.com/chart?chs=200x200&chld=M%%7C0&cht=qr&chl=otpauth://totp/%s@%s%%3Fsecret%%3D%s";
    private final String serverIp;
    private final Map<User, String> temporarySecrets = new HashMap();
    private final MCAuthenticator mcAuthenticator;

    public RFC6238(String str, MCAuthenticator mCAuthenticator) {
        this.serverIp = str;
        this.mcAuthenticator = mCAuthenticator;
        validateServerTime();
    }

    @Override // io.ibj.mcauthenticator.auth.Authenticator
    public boolean authenticate(User user, Player player, String str) {
        try {
            Integer valueOf = Integer.valueOf(Integer.parseInt(str));
            String str2 = this.temporarySecrets.get(user);
            boolean z = str2 != null;
            if (!z) {
                if (user.getUserData() == null || user.getUserData().getAuthType() != 0) {
                    return false;
                }
                str2 = user.getUserData().getSecret();
            }
            boolean authorize = gAuth.authorize(str2, valueOf.intValue());
            if (z && authorize) {
                this.temporarySecrets.remove(user);
                user.setUserInfo(str2, 0, player);
            }
            return authorize;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    @Override // io.ibj.mcauthenticator.auth.Authenticator
    public boolean isFormat(String str) {
        return str.matches("^\\d{6}$");
    }

    @Override // io.ibj.mcauthenticator.auth.Authenticator
    public void initUser(User user, Player player) {
        String createNewKey = createNewKey();
        this.temporarySecrets.put(user, createNewKey);
        this.mcAuthenticator.getC().send(player, this.mcAuthenticator.getC().message("sendAuthCode").replaceAll("%code%", createNewKey).replaceAll("%url%", getQRUrl(player.getName(), createNewKey)));
        if (this.mcAuthenticator.getC().isInventoryTampering()) {
            try {
                ImageMapRenderer imageMapRenderer = new ImageMapRenderer(player.getName(), createNewKey, this.serverIp);
                if (!user.isInventoryStored()) {
                    user.storeInventory(player);
                }
                ItemStack itemStack = new ItemStack(Material.MAP);
                MapView createMap = Bukkit.createMap(player.getWorld());
                itemStack.setDurability(createMap.getId());
                itemStack.setAmount(0);
                player.getInventory().setHeldItemSlot(0);
                player.setItemInHand(itemStack);
                Location location = player.getLocation();
                location.setPitch(90.0f);
                player.teleport(location);
                Iterator it = createMap.getRenderers().iterator();
                while (it.hasNext()) {
                    createMap.removeRenderer((MapRenderer) it.next());
                }
                createMap.addRenderer(imageMapRenderer);
                player.sendMap(createMap);
            } catch (WriterException e) {
                this.mcAuthenticator.getC().sendDirect(player, "&cThere was an error rendering your 2FA QR code!");
                this.mcAuthenticator.handleException(e);
            }
        }
    }

    @Override // io.ibj.mcauthenticator.auth.Authenticator
    public void quitUser(User user, Player player) {
        this.temporarySecrets.remove(user);
        user.reverseInventory(player);
    }

    private String getQRUrl(String str, String str2) {
        if (str2 == null) {
            return null;
        }
        return String.format(googleFormat, str, this.serverIp, str2);
    }

    private String createNewKey() {
        return gAuth.createCredentials().getKey();
    }

    private void validateServerTime() {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("http://icanhazepoch.com").openConnection();
            httpURLConnection.setReadTimeout(4000);
            httpURLConnection.setConnectTimeout(4000);
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() != 200) {
                this.mcAuthenticator.getLogger().info("Could not validate the server's time! Ensure that the server's time is within specification!");
                return;
            }
            byte[] bArr = new byte[1024];
            int longValue = (int) (Long.valueOf(Long.parseLong(new String(bArr, 0, httpURLConnection.getInputStream().read(bArr), Charset.defaultCharset()).trim())).longValue() - (System.currentTimeMillis() / 1000));
            if (Math.abs(longValue) > 30) {
                this.mcAuthenticator.getLogger().severe("Your server's Unix time is off by " + Math.abs(longValue) + " seconds! 2FA may not work! Please correct this to make sure 2FA works.");
            }
        } catch (IOException | NumberFormatException e) {
            this.mcAuthenticator.getLogger().log(Level.WARNING, "Was not able to validate the server's Unix time against an external service: Please ensure your server's time is set correctly or 2FA may not operate right.", e);
        }
    }
}
