package dk.elera.damnation.bungeebouncer;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bukkit.entity.Player;
import org.bukkit.event.EventHandler;
import org.bukkit.event.Listener;
import org.bukkit.event.player.AsyncPlayerChatEvent;
import org.bukkit.event.player.PlayerCommandPreprocessEvent;
import org.bukkit.event.player.PlayerJoinEvent;
import org.bukkit.event.player.PlayerKickEvent;
import org.bukkit.event.player.PlayerQuitEvent;
import org.bukkit.event.player.PlayerRegisterChannelEvent;
import org.bukkit.plugin.java.JavaPlugin;
import org.bukkit.plugin.messaging.PluginMessageListener;

/* loaded from: input_file:dk/elera/damnation/bungeebouncer/BungeeBouncerClient.class */
public class BungeeBouncerClient extends JavaPlugin implements Listener, PluginMessageListener {
    private static final String CHANNEL_NAME = "BungeeBouncer";
    private static final int DEFAULT_VERIFICATION_TIMEOUT = 20;
    private static final SecureRandom random = new SecureRandom();
    private static final String UNABLE_TO_VERIFY_AUTHENTICATION_ON_BUNGEE = "Unable to verify authentication on Bungee";
    private static final String VERIFICATION_REPLY = "VerificationReply";
    private Logger log;
    private Signature verifier;
    HashMap<Player, Long> expectedNounces = new HashMap<>();
    private int verificationTimeout = DEFAULT_VERIFICATION_TIMEOUT;

    private void acceptPlayer(Player player) {
        this.log.info(player.getName() + " is authenticated on bungee");
        this.expectedNounces.remove(player);
    }

    @EventHandler
    public void denyCritical(AsyncPlayerChatEvent asyncPlayerChatEvent) {
        if (this.expectedNounces.containsKey(asyncPlayerChatEvent.getPlayer())) {
            asyncPlayerChatEvent.setCancelled(true);
        }
    }

    @EventHandler
    public void denyCritical(PlayerCommandPreprocessEvent playerCommandPreprocessEvent) {
        if (this.expectedNounces.containsKey(playerCommandPreprocessEvent.getPlayer())) {
            playerCommandPreprocessEvent.setCancelled(true);
            playerCommandPreprocessEvent.setMessage("/harmlesscommand");
        }
    }

    private void freezePlayer(final Player player) {
        this.log.info("Asking bungee for " + player.getName());
        getServer().getScheduler().runTaskLater(this, new Runnable() { // from class: dk.elera.damnation.bungeebouncer.BungeeBouncerClient.1
            @Override // java.lang.Runnable
            public void run() {
                if (BungeeBouncerClient.this.expectedNounces.containsKey(player)) {
                    BungeeBouncerClient.this.log.severe("SECURITY WARNING: Bungee did not reply with verification on " + player.getName());
                    player.kickPlayer(BungeeBouncerClient.UNABLE_TO_VERIFY_AUTHENTICATION_ON_BUNGEE);
                }
            }
        }, this.verificationTimeout);
        this.expectedNounces.put(player, null);
    }

    private Signature getSignatureVerifier() {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(KeyManager.getPublic());
            return signature;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public void onDisable() {
        Iterator<Player> it = this.expectedNounces.keySet().iterator();
        while (it.hasNext()) {
            it.next().kickPlayer("Plugin reload while verifying user");
        }
    }

    public void onEnable() {
        this.log = getLogger();
        this.verificationTimeout = getConfig().getInt("timeout", DEFAULT_VERIFICATION_TIMEOUT);
        getServer().getPluginManager().registerEvents(this, this);
        getServer().getMessenger().registerOutgoingPluginChannel(this, CHANNEL_NAME);
        getServer().getMessenger().registerIncomingPluginChannel(this, CHANNEL_NAME, this);
        this.verifier = getSignatureVerifier();
        for (Player player : getServer().getOnlinePlayers()) {
            this.log.log(Level.SEVERE, "SECURITY WARNING: Player online before plugin load: " + player.getName());
            freezePlayer(player);
            requestVerification(player);
        }
    }

    @EventHandler
    public void onPlayerJoin(PlayerJoinEvent playerJoinEvent) {
        freezePlayer(playerJoinEvent.getPlayer());
    }

    @EventHandler
    public void onPlayerKick(PlayerKickEvent playerKickEvent) {
        this.expectedNounces.remove(playerKickEvent.getPlayer());
    }

    @EventHandler
    public void onPlayerQuit(PlayerQuitEvent playerQuitEvent) {
        this.expectedNounces.remove(playerQuitEvent.getPlayer());
    }

    public void onPluginMessageReceived(String str, Player player, byte[] bArr) {
        if (str.equals(CHANNEL_NAME)) {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            try {
                String readUTF = dataInputStream.readUTF();
                getLogger().info(readUTF);
                if (VERIFICATION_REPLY.equals(readUTF)) {
                    onVerificationReply(new VerificationReply(dataInputStream, this.verifier));
                }
            } catch (IOException e) {
                this.log.log(Level.SEVERE, "Error during parsing of packet - size was " + bArr.length, (Throwable) e);
            }
        }
    }

    @EventHandler
    public void onRegisterChannel(PlayerRegisterChannelEvent playerRegisterChannelEvent) {
        if (CHANNEL_NAME.equals(playerRegisterChannelEvent.getChannel())) {
            requestVerification(playerRegisterChannelEvent.getPlayer());
        }
    }

    private void onVerificationReply(VerificationReply verificationReply) {
        if (!verificationReply.isValid) {
            this.log.severe("SECURITY WARNING: Invalid signature for " + verificationReply.playerName);
            return;
        }
        Player player = getServer().getPlayer(verificationReply.playerName);
        if (player != null) {
            if (this.expectedNounces.get(player).longValue() == verificationReply.nouce) {
                acceptPlayer(player);
            } else {
                this.log.severe("SECURITY WARNING: Potential replay attack detected on " + verificationReply.playerName);
                player.kickPlayer(UNABLE_TO_VERIFY_AUTHENTICATION_ON_BUNGEE);
            }
        }
    }

    private void requestVerification(Player player) {
        long nextLong = random.nextLong();
        this.expectedNounces.put(player, Long.valueOf(nextLong));
        player.sendPluginMessage(this, CHANNEL_NAME, new VerificationRequest(player.getName(), nextLong).toBytes());
    }
}
