package com.flowkode.terrastate;

import ch.qos.logback.core.rolling.helper.DateTokenConverter;
import com.flowkode.terrastate.InvalidArgumentException;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.List;
import java.util.ListIterator;
import java.util.Properties;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.text.Regex;
import org.jetbrains.annotations.NotNull;

/* compiled from: AuthService.kt */
@Metadata(mv = {1, 1, 10}, bv = {1, 0, 2}, k = 1, d1 = {"��L\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\t\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0019\n\u0002\b\u0004\n\u0002\u0010\u0012\n\u0002\b\u0005\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0002\b\u0003\u0018�� #2\u00020\u0001:\u0001#B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0016\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010J\u0016\u0010\u0011\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010J\u000e\u0010\u0012\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010J\b\u0010\u0013\u001a\u00020\fH\u0002J\u0010\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u000eH\u0002J\b\u0010\u0017\u001a\u00020\fH\u0002J(\u0010\u0018\u001a\u00020\u00152\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0019\u001a\u00020\u00152\u0006\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001bH\u0002J\u000e\u0010\u001d\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eJ\u0010\u0010\u001e\u001a\u00020\u000e2\u0006\u0010\u001f\u001a\u00020\u0015H\u0002J\u0018\u0010 \u001a\u00020!2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\"\u001a\u00020\u000eH\u0002R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u000e¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\t\u001a\n \n*\u0004\u0018\u00010\u00030\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006$"}, d2 = {"Lcom/flowkode/terrastate/AuthService;", "", "baseDir", "Ljava/nio/file/Path;", "(Ljava/nio/file/Path;)V", "lastUserLoadTime", "", "users", "Ljava/util/Properties;", "usersFile", "kotlin.jvm.PlatformType", "addUser", "", "username", "", "password", "", "authenticate", "encryptPassword", "ensureUsersFileExists", "fromHex", "", "hex", "loadUsers", "pbkdf2Internal", "salt", "iterations", "", "bytes", "removeUser", "toHex", "array", "validatePassword", "", "goodHash", "Companion", "terrastate"})
/* loaded from: input_file:com/flowkode/terrastate/AuthService.class */
public final class AuthService {
    private final Path usersFile;
    private final Properties users;
    private long lastUserLoadTime;
    private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final int PBKDF2_SALT_BYTES = 24;
    private static final int PBKDF2_ITERATIONS = 1000;
    private static final int HASH_BYTES = 24;
    public static final Companion Companion = new Companion(null);

    /* compiled from: AuthService.kt */
    @Metadata(mv = {1, 1, 10}, bv = {1, 0, 2}, k = 1, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��¨\u0006\t"}, d2 = {"Lcom/flowkode/terrastate/AuthService$Companion;", "", "()V", "HASH_BYTES", "", "PBKDF2_ALGORITHM", "", "PBKDF2_ITERATIONS", "PBKDF2_SALT_BYTES", "terrastate"})
    /* loaded from: input_file:com/flowkode/terrastate/AuthService$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private final synchronized void loadUsers() {
        if (this.lastUserLoadTime < System.currentTimeMillis()) {
            ensureUsersFileExists();
            this.users.clear();
            this.users.load(new FileInputStream(this.usersFile.toFile()));
            this.lastUserLoadTime = System.currentTimeMillis();
        }
    }

    private final void ensureUsersFileExists() {
        if (Files.exists(this.usersFile, new LinkOption[0])) {
            return;
        }
        Files.createFile(this.usersFile, new FileAttribute[0]);
    }

    public final synchronized void authenticate(@NotNull String username, @NotNull char[] password) {
        Intrinsics.checkParameterIsNotNull(username, "username");
        Intrinsics.checkParameterIsNotNull(password, "password");
        loadUsers();
        if (this.users.containsKey(username)) {
            String property = this.users.getProperty(username);
            Intrinsics.checkExpressionValueIsNotNull(property, "users.getProperty(username)");
            if (validatePassword(password, property)) {
                return;
            }
        }
        throw new InvalidCredentialsException();
    }

    @NotNull
    public final String encryptPassword(@NotNull char[] password) {
        Intrinsics.checkParameterIsNotNull(password, "password");
        if (password.length == 0) {
            throw new InvalidArgumentException(InvalidArgumentException.Messages.EMPTY_PASSWORD);
        }
        byte[] bArr = new byte[24];
        new SecureRandom().nextBytes(bArr);
        return "1000:" + toHex(bArr) + ':' + toHex(pbkdf2Internal(password, bArr, 1000, 24));
    }

    private final boolean validatePassword(char[] cArr, String str) {
        List emptyList;
        List<String> split = new Regex(":").split(str, 0);
        if (!split.isEmpty()) {
            ListIterator<String> listIterator = split.listIterator(split.size());
            while (listIterator.hasPrevious()) {
                if (!(listIterator.previous().length() == 0)) {
                    emptyList = CollectionsKt.take(split, listIterator.nextIndex() + 1);
                    break;
                }
            }
        }
        emptyList = CollectionsKt.emptyList();
        List list = emptyList;
        if (list == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.util.Collection<T>");
        }
        Object[] array = list.toArray(new String[0]);
        if (array == null) {
            throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
        }
        String[] strArr = (String[]) array;
        int parseInt = Integer.parseInt(strArr[0]);
        byte[] fromHex = fromHex(strArr[1]);
        byte[] fromHex2 = fromHex(strArr[2]);
        return Arrays.equals(fromHex2, pbkdf2Internal(cArr, fromHex, parseInt, fromHex2.length));
    }

    private final byte[] pbkdf2Internal(char[] cArr, byte[] bArr, int i, int i2) {
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr, i, i2 * 8));
            Intrinsics.checkExpressionValueIsNotNull(generateSecret, "SecretKeyFactory.getInst…THM).generateSecret(spec)");
            byte[] encoded = generateSecret.getEncoded();
            Intrinsics.checkExpressionValueIsNotNull(encoded, "SecretKeyFactory.getInst…erateSecret(spec).encoded");
            return encoded;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not hash password.", e);
        } catch (InvalidKeySpecException e2) {
            throw new RuntimeException("Could not hash password.", e2);
        }
    }

    private final String toHex(byte[] bArr) {
        String hex = new BigInteger(1, bArr).toString(16);
        int length = (bArr.length * 2) - hex.length();
        if (length <= 0) {
            Intrinsics.checkExpressionValueIsNotNull(hex, "hex");
            return hex;
        }
        StringBuilder sb = new StringBuilder();
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        Object[] objArr = {0};
        String format = String.format("%0" + length + DateTokenConverter.CONVERTER_KEY, Arrays.copyOf(objArr, objArr.length));
        Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(format, *args)");
        return sb.append(format).append(hex).toString();
    }

    private final byte[] fromHex(String str) {
        byte[] bArr = new byte[str.length() / 2];
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            int i2 = i;
            int i3 = 2 * i;
            int i4 = (2 * i) + 2;
            if (str == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            String substring = str.substring(i3, i4);
            Intrinsics.checkExpressionValueIsNotNull(substring, "(this as java.lang.Strin…ing(startIndex, endIndex)");
            bArr[i2] = (byte) Integer.parseInt(substring, 16);
        }
        return bArr;
    }

    public final synchronized void addUser(@NotNull String username, @NotNull char[] password) {
        Intrinsics.checkParameterIsNotNull(username, "username");
        Intrinsics.checkParameterIsNotNull(password, "password");
        if (username.length() == 0) {
            throw new InvalidArgumentException(InvalidArgumentException.Messages.EMPTY_USERNAME);
        }
        if (this.users.containsKey(username)) {
            throw new InvalidArgumentException(InvalidArgumentException.Messages.USER_ALREADY_EXISTS);
        }
        this.users.put(username, encryptPassword(password));
        ensureUsersFileExists();
        this.users.store(new FileOutputStream(this.usersFile.toFile()), "");
    }

    public final synchronized void removeUser(@NotNull String username) {
        Intrinsics.checkParameterIsNotNull(username, "username");
        if (!this.users.containsKey(username)) {
            throw new InvalidArgumentException(InvalidArgumentException.Messages.USER_DOES_NOT_EXIST);
        }
        this.users.remove(username);
        ensureUsersFileExists();
        this.users.store(new FileOutputStream(this.usersFile.toFile()), "");
    }

    public AuthService(@NotNull Path baseDir) {
        Intrinsics.checkParameterIsNotNull(baseDir, "baseDir");
        this.usersFile = baseDir.resolve("users.properties").normalize().toAbsolutePath();
        this.users = new Properties();
        Files.createDirectories(baseDir, new FileAttribute[0]);
        loadUsers();
    }
}
