package net.raphimc.viabedrock.protocol.packet;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import com.google.gson.ToNumberPolicy;
import com.viaversion.viaversion.api.Via;
import com.viaversion.viaversion.api.connection.ProtocolInfo;
import com.viaversion.viaversion.api.connection.UserConnection;
import com.viaversion.viaversion.api.protocol.packet.PacketWrapper;
import com.viaversion.viaversion.api.type.Types;
import com.viaversion.viaversion.protocols.base.ServerboundLoginPackets;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.LocatorAdapter;
import io.jsonwebtoken.ProtectedHeader;
import io.jsonwebtoken.gson.io.GsonDeserializer;
import io.jsonwebtoken.lang.Strings;
import io.jsonwebtoken.security.SecureDigestAlgorithm;
import io.netty.util.AsciiString;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ThreadLocalRandom;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.raphimc.viabedrock.api.io.compression.ProtocolCompression;
import net.raphimc.viabedrock.protocol.BedrockProtocol;
import net.raphimc.viabedrock.protocol.ClientboundBedrockPackets;
import net.raphimc.viabedrock.protocol.ServerboundBedrockPackets;
import net.raphimc.viabedrock.protocol.data.enums.bedrock.PacketCompressionAlgorithm;
import net.raphimc.viabedrock.protocol.provider.NettyPipelineProvider;
import net.raphimc.viabedrock.protocol.provider.SkinProvider;
import net.raphimc.viabedrock.protocol.storage.AuthChainData;
import net.raphimc.viabedrock.protocol.storage.GameSessionStorage;
import net.raphimc.viabedrock.protocol.storage.HandshakeStorage;
import net.raphimc.viabedrock.protocol.types.BedrockTypes;

/* loaded from: input_file:META-INF/jars/ViaBedrock-0.0.9-SNAPSHOT.jar:net/raphimc/viabedrock/protocol/packet/LoginPackets.class */
public class LoginPackets {
    private static final KeyFactory EC_KEYFACTORY;
    private static final String MOJANG_PUBLIC_KEY_BASE64 = "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECRXueJeTDqNRRgJi/vlRufByu/2G0i2Ebt6YMar5QX/R0DIIyrJMcUpruK4QveTfJSTp3Shlq4Gk34cD/4GUWwkv0DVuzeuB+tXija7HBxii03NHDbPAD0AKnLr2wdAp";
    private static final ECPublicKey MOJANG_PUBLIC_KEY;
    private static final int CLOCK_SKEW = 60;
    private static final Gson GSON = new GsonBuilder().setObjectToNumberStrategy(ToNumberPolicy.LONG_OR_DOUBLE).disableHtmlEscaping().create();
    private static final GsonDeserializer<Map<String, ?>> GSON_DESERIALIZER = new GsonDeserializer<>(GSON);

    public static void register(BedrockProtocol bedrockProtocol) {
        bedrockProtocol.registerClientbound((BedrockProtocol) ClientboundBedrockPackets.NETWORK_SETTINGS, (ClientboundBedrockPackets) null, packetWrapper -> {
            packetWrapper.cancel();
            GameSessionStorage gameSessionStorage = (GameSessionStorage) packetWrapper.user().get(GameSessionStorage.class);
            HandshakeStorage handshakeStorage = (HandshakeStorage) packetWrapper.user().get(HandshakeStorage.class);
            AuthChainData authChainData = (AuthChainData) packetWrapper.user().get(AuthChainData.class);
            ProtocolCompression protocolCompression = new ProtocolCompression(PacketCompressionAlgorithm.getByValue(((Integer) packetWrapper.read(BedrockTypes.UNSIGNED_SHORT_LE)).intValue(), PacketCompressionAlgorithm.None), ((Integer) packetWrapper.read(BedrockTypes.UNSIGNED_SHORT_LE)).intValue());
            if (gameSessionStorage.getProtocolCompression() == null) {
                ((NettyPipelineProvider) Via.getManager().getProviders().get(NettyPipelineProvider.class)).enableCompression(packetWrapper.user(), protocolCompression);
            } else {
                gameSessionStorage.getProtocolCompression().end();
            }
            gameSessionStorage.setProtocolCompression(protocolCompression);
            JsonObject jsonObject = new JsonObject();
            JsonArray jsonArray = new JsonArray();
            if (authChainData.getSelfSignedJwt() != null) {
                jsonArray.add(new JsonPrimitive(authChainData.getSelfSignedJwt()));
            }
            if (authChainData.getMojangJwt() != null) {
                jsonArray.add(new JsonPrimitive(authChainData.getMojangJwt()));
            }
            if (authChainData.getIdentityJwt() != null) {
                jsonArray.add(new JsonPrimitive(authChainData.getIdentityJwt()));
            }
            jsonObject.add("chain", jsonArray);
            String jsonObject2 = jsonObject.toString();
            PacketWrapper create = PacketWrapper.create(ServerboundBedrockPackets.LOGIN, packetWrapper.user());
            create.write(Types.INT, Integer.valueOf(handshakeStorage.protocolVersion()));
            create.write(BedrockTypes.UNSIGNED_VAR_INT, Integer.valueOf(jsonObject2.length() + authChainData.getSkinJwt().length() + 8));
            create.write(BedrockTypes.ASCII_STRING, AsciiString.of(jsonObject2));
            create.write(BedrockTypes.ASCII_STRING, AsciiString.of(authChainData.getSkinJwt()));
            create.sendToServer(BedrockProtocol.class);
        });
        bedrockProtocol.registerClientbound((BedrockProtocol) ClientboundBedrockPackets.SERVER_TO_CLIENT_HANDSHAKE, (ClientboundBedrockPackets) null, packetWrapper2 -> {
            packetWrapper2.cancel();
            AuthChainData authChainData = (AuthChainData) packetWrapper2.user().get(AuthChainData.class);
            Jws<Claims> parseSignedClaims = Jwts.parser().clockSkewSeconds(60L).keyLocator(new LocatorAdapter<Key>() { // from class: net.raphimc.viabedrock.protocol.packet.LoginPackets.1
                /* JADX INFO: Access modifiers changed from: protected */
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // io.jsonwebtoken.LocatorAdapter
                public Key locate(ProtectedHeader protectedHeader) {
                    return LoginPackets.publicKeyFromBase64((String) protectedHeader.get(JwsHeader.X509_URL));
                }
            }).build().parseSignedClaims((CharSequence) packetWrapper2.read(BedrockTypes.STRING));
            try {
                ((NettyPipelineProvider) Via.getManager().getProviders().get(NettyPipelineProvider.class)).enableEncryption(packetWrapper2.user(), ecdhKeyExchange(authChainData.getPrivateKey(), publicKeyFromBase64((String) ((JwsHeader) parseSignedClaims.getHeader()).get(JwsHeader.X509_URL)), Base64.getDecoder().decode((String) parseSignedClaims.getPayload().get("salt", String.class))));
                PacketWrapper.create(ServerboundBedrockPackets.CLIENT_TO_SERVER_HANDSHAKE, packetWrapper2.user()).sendToServer(BedrockProtocol.class);
            } catch (Throwable th) {
                throw new RuntimeException("Could not enable encryption", th);
            }
        });
        bedrockProtocol.registerServerboundTransition(ServerboundLoginPackets.HELLO, ServerboundBedrockPackets.REQUEST_NETWORK_SETTINGS, packetWrapper3 -> {
            HandshakeStorage handshakeStorage = (HandshakeStorage) packetWrapper3.user().get(HandshakeStorage.class);
            ProtocolInfo protocolInfo = packetWrapper3.user().getProtocolInfo();
            protocolInfo.setUsername((String) packetWrapper3.read(Types.STRING));
            protocolInfo.setUuid((UUID) packetWrapper3.read(Types.UUID));
            packetWrapper3.write(Types.INT, Integer.valueOf(handshakeStorage.protocolVersion()));
            try {
                validateAndFillAuthChainData(packetWrapper3.user());
            } catch (Throwable th) {
                throw new RuntimeException("Could not validate and fill auth chain data", th);
            }
        });
        bedrockProtocol.registerServerboundTransition(ServerboundLoginPackets.LOGIN_ACKNOWLEDGED, null, (v0) -> {
            v0.cancel();
        });
    }

    private static ECPublicKey publicKeyFromBase64(String str) {
        try {
            return (ECPublicKey) EC_KEYFACTORY.generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("Could not decode base64 public key", e);
        }
    }

    private static void validateAndFillAuthChainData(UserConnection userConnection) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        if (userConnection.has(AuthChainData.class)) {
            AuthChainData authChainData = (AuthChainData) userConnection.get(AuthChainData.class);
            ECPublicKey publicKey = authChainData.getPublicKey();
            ECPrivateKey privateKey = authChainData.getPrivateKey();
            String encodeToString = Base64.getEncoder().encodeToString(publicKey.getEncoded());
            Jws<Claims> parseSignedClaims = Jwts.parser().clockSkewSeconds(60L).verifyWith(MOJANG_PUBLIC_KEY).json(GSON_DESERIALIZER).build().parseSignedClaims(authChainData.getMojangJwt());
            Jws<Claims> parseSignedClaims2 = Jwts.parser().clockSkewSeconds(60L).verifyWith(publicKeyFromBase64((String) parseSignedClaims.getPayload().get("identityPublicKey", String.class))).build().parseSignedClaims(authChainData.getIdentityJwt());
            if (authChainData.getSelfSignedJwt() == null) {
                authChainData.setSelfSignedJwt(((JwtBuilder.BuilderHeader) Jwts.builder().signWith((JwtBuilder) privateKey, (SecureDigestAlgorithm<? super JwtBuilder, ?>) Jwts.SIG.ES384).header().add(JwsHeader.X509_URL, encodeToString)).and().claim("certificateAuthority", true).claim("identityPublicKey", ((JwsHeader) parseSignedClaims.getHeader()).get(JwsHeader.X509_URL)).mo626expiration(Date.from(Instant.now().plus(2L, (TemporalUnit) ChronoUnit.DAYS))).mo624notBefore(Date.from(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.MINUTES))).compact());
            }
            if (authChainData.getSkinJwt() == null) {
                authChainData.setSkinJwt(((JwtBuilder.BuilderHeader) Jwts.builder().signWith((JwtBuilder) privateKey, (SecureDigestAlgorithm<? super JwtBuilder, ?>) Jwts.SIG.ES384).header().add(JwsHeader.X509_URL, encodeToString)).and().claims(((SkinProvider) Via.getManager().getProviders().get(SkinProvider.class)).getClientPlayerSkin(userConnection)).compact());
            }
            Map map = (Map) parseSignedClaims2.getPayload().get("extraData", Map.class);
            authChainData.setXuid((String) map.get("XUID"));
            authChainData.setIdentity(UUID.fromString((String) map.get("identity")));
            authChainData.setDisplayName((String) map.get("displayName"));
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) generateKeyPair.getPrivate();
        String encodeToString2 = Base64.getEncoder().encodeToString(eCPublicKey.getEncoded());
        String username = userConnection.getProtocolInfo().getUsername();
        UUID nameUUIDFromBytes = UUID.nameUUIDFromBytes(("OfflinePlayer:" + username).getBytes(StandardCharsets.UTF_8));
        HashMap hashMap = new HashMap();
        hashMap.put("XUID", Long.toString(nameUUIDFromBytes.getLeastSignificantBits()));
        hashMap.put("identity", nameUUIDFromBytes.toString());
        hashMap.put("displayName", username);
        hashMap.put("titleId", "896928775");
        hashMap.put("sandboxId", "RETAIL");
        AuthChainData authChainData2 = new AuthChainData(null, ((JwtBuilder.BuilderHeader) Jwts.builder().signWith((JwtBuilder) eCPrivateKey, (SecureDigestAlgorithm<? super JwtBuilder, ?>) Jwts.SIG.ES384).header().add(JwsHeader.X509_URL, encodeToString2)).and().claim("identityPublicKey", encodeToString2).claim("randomNonce", Long.valueOf(ThreadLocalRandom.current().nextLong())).claim("extraData", hashMap).mo631issuer("Mojang").mo622issuedAt(Date.from(Instant.now())).mo626expiration(Date.from(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.DAYS))).mo624notBefore(Date.from(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.MINUTES))).compact(), eCPublicKey, eCPrivateKey, UUID.randomUUID(), Strings.EMPTY);
        authChainData2.setXuid((String) hashMap.get("XUID"));
        authChainData2.setIdentity(UUID.fromString((String) hashMap.get("identity")));
        authChainData2.setDisplayName((String) hashMap.get("displayName"));
        userConnection.put(authChainData2);
        authChainData2.setSkinJwt(((JwtBuilder.BuilderHeader) Jwts.builder().signWith((JwtBuilder) eCPrivateKey, (SecureDigestAlgorithm<? super JwtBuilder, ?>) Jwts.SIG.ES384).header().add(JwsHeader.X509_URL, encodeToString2)).and().claims(((SkinProvider) Via.getManager().getProviders().get(SkinProvider.class)).getClientPlayerSkin(userConnection)).compact());
    }

    private static SecretKey ecdhKeyExchange(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(eCPrivateKey);
        keyAgreement.doPhase(eCPublicKey, true);
        byte[] generateSecret = keyAgreement.generateSecret();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        messageDigest.update(generateSecret);
        return new SecretKeySpec(messageDigest.digest(), "AES");
    }

    static {
        try {
            EC_KEYFACTORY = KeyFactory.getInstance("EC");
            MOJANG_PUBLIC_KEY = publicKeyFromBase64(MOJANG_PUBLIC_KEY_BASE64);
        } catch (Throwable th) {
            throw new RuntimeException("Could not initialize the required cryptography", th);
        }
    }
}
