package org.geysermc.connector.utils;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.JsonNodeType;
import com.github.steveice10.mc.auth.service.MsaAuthenticationService;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.shaded.json.JSONObject;
import com.nimbusds.jose.shaded.json.JSONValue;
import com.nukkitx.network.util.Preconditions;
import com.nukkitx.protocol.bedrock.packet.LoginPacket;
import com.nukkitx.protocol.bedrock.packet.ServerToClientHandshakePacket;
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Iterator;
import java.util.UUID;
import org.geysermc.connector.GeyserConnector;
import org.geysermc.connector.network.session.GeyserSession;
import org.geysermc.connector.network.session.auth.AuthData;
import org.geysermc.connector.network.session.auth.BedrockClientData;
import org.geysermc.cumulus.CustomForm;
import org.geysermc.cumulus.ModalForm;
import org.geysermc.cumulus.SimpleForm;
import org.geysermc.cumulus.response.CustomFormResponse;
import org.geysermc.cumulus.response.ModalFormResponse;
import org.geysermc.cumulus.response.SimpleFormResponse;

/* loaded from: input_file:org/geysermc/connector/utils/LoginEncryptionUtils.class */
public class LoginEncryptionUtils {
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
    private static boolean HAS_SENT_ENCRYPTION_MESSAGE = false;

    private static boolean validateChainData(JsonNode jsonNode) throws Exception {
        if (jsonNode.size() != 3) {
            return false;
        }
        ECPublicKey eCPublicKey = null;
        boolean z = false;
        Iterator it = jsonNode.iterator();
        while (it.hasNext()) {
            JWSObject parse = JWSObject.parse(((JsonNode) it.next()).asText());
            if (parse.getHeader().getX509CertURL() == null) {
                return false;
            }
            Object generateKey = EncryptionUtils.generateKey(parse.getHeader().getX509CertURL().toString());
            if (eCPublicKey == null) {
                eCPublicKey = generateKey;
            } else if (!eCPublicKey.equals(generateKey)) {
                return false;
            }
            if (!EncryptionUtils.verifyJwt(parse, eCPublicKey)) {
                return false;
            }
            if (z) {
                return !it.hasNext();
            }
            if (eCPublicKey.equals(EncryptionUtils.getMojangPublicKey())) {
                z = true;
            }
            Object parse2 = JSONValue.parse(parse.getPayload().toString());
            Preconditions.checkArgument(parse2 instanceof JSONObject, "Payload is not an object");
            Object obj = ((JSONObject) parse2).get("identityPublicKey");
            Preconditions.checkArgument(obj instanceof String, "identityPublicKey node is missing in chain");
            eCPublicKey = EncryptionUtils.generateKey((String) obj);
        }
        return z;
    }

    public static void encryptPlayerConnection(GeyserSession geyserSession, LoginPacket loginPacket) {
        try {
            JsonNode jsonNode = JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray()).get("chain");
            if (jsonNode.getNodeType() != JsonNodeType.ARRAY) {
                throw new RuntimeException("Certificate data is not valid");
            }
            encryptConnectionWithCert(geyserSession, loginPacket.getSkinData().toString(), jsonNode);
        } catch (IOException e) {
            throw new RuntimeException("Certificate JSON can not be read.");
        }
    }

    private static void encryptConnectionWithCert(GeyserSession geyserSession, String str, JsonNode jsonNode) {
        try {
            GeyserConnector connector = geyserSession.getConnector();
            boolean validateChainData = validateChainData(jsonNode);
            connector.getLogger().debug(String.format("Is player data valid? %s", Boolean.valueOf(validateChainData)));
            if (!validateChainData && !geyserSession.getConnector().getConfig().isEnableProxyConnections()) {
                geyserSession.disconnect(LanguageUtils.getLocaleStringLog("geyser.network.remote.invalid_xbox_account", new Object[0]));
                return;
            }
            JsonNode readTree = JSON_MAPPER.readTree(JWSObject.parse(jsonNode.get(jsonNode.size() - 1).asText()).getPayload().toBytes());
            if (readTree.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
                throw new RuntimeException("AuthData was not found!");
            }
            JsonNode jsonNode2 = readTree.get("extraData");
            geyserSession.setAuthenticationData(new AuthData(jsonNode2.get("displayName").asText(), UUID.fromString(jsonNode2.get("identity").asText()), jsonNode2.get("XUID").asText(), jsonNode, str));
            if (readTree.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
                throw new RuntimeException("Identity Public Key was not found!");
            }
            ECPublicKey generateKey = EncryptionUtils.generateKey(readTree.get("identityPublicKey").textValue());
            JWSObject parse = JWSObject.parse(str);
            EncryptionUtils.verifyJwt(parse, generateKey);
            geyserSession.setClientData((BedrockClientData) JSON_MAPPER.convertValue(JSON_MAPPER.readTree(parse.getPayload().toBytes()), BedrockClientData.class));
            if (EncryptionUtils.canUseEncryption()) {
                try {
                    startEncryptionHandshake(geyserSession, generateKey);
                } catch (Throwable th) {
                    if (connector.getConfig().isDebugMode()) {
                        th.printStackTrace();
                    }
                    sendEncryptionFailedMessage(connector);
                }
            } else {
                sendEncryptionFailedMessage(connector);
            }
        } catch (Exception e) {
            geyserSession.disconnect("disconnectionScreen.internalError.cantConnect");
            throw new RuntimeException("Unable to complete login", e);
        }
    }

    private static void startEncryptionHandshake(GeyserSession geyserSession, PublicKey publicKey) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        byte[] generateRandomToken = EncryptionUtils.generateRandomToken();
        geyserSession.getUpstream().getSession().enableEncryption(EncryptionUtils.getSecretKey(generateKeyPair.getPrivate(), publicKey, generateRandomToken));
        ServerToClientHandshakePacket serverToClientHandshakePacket = new ServerToClientHandshakePacket();
        serverToClientHandshakePacket.setJwt(EncryptionUtils.createHandshakeJwt(generateKeyPair, generateRandomToken).serialize());
        geyserSession.sendUpstreamPacketImmediately(serverToClientHandshakePacket);
    }

    private static void sendEncryptionFailedMessage(GeyserConnector geyserConnector) {
        if (HAS_SENT_ENCRYPTION_MESSAGE) {
            return;
        }
        geyserConnector.getLogger().warning(LanguageUtils.getLocaleStringLog("geyser.network.encryption.line_1", new Object[0]));
        geyserConnector.getLogger().warning(LanguageUtils.getLocaleStringLog("geyser.network.encryption.line_2", "https://geysermc.org/supported_java"));
        HAS_SENT_ENCRYPTION_MESSAGE = true;
    }

    public static void buildAndShowLoginWindow(GeyserSession geyserSession) {
        geyserSession.setDaylightCycle(false);
        boolean isPasswordAuthentication = geyserSession.getConnector().getConfig().getRemote().isPasswordAuthentication();
        geyserSession.sendForm(SimpleForm.builder().translator((str, str2) -> {
            return LanguageUtils.getPlayerLocaleString(str, str2, new Object[0]);
        }, geyserSession.getLocale()).title("geyser.auth.login.form.notice.title").content("geyser.auth.login.form.notice.desc").optionalButton("geyser.auth.login.form.notice.btn_login.mojang", isPasswordAuthentication).button("geyser.auth.login.form.notice.btn_login.microsoft").button("geyser.auth.login.form.notice.btn_disconnect").responseHandler((simpleForm, str3) -> {
            SimpleFormResponse parseResponse = simpleForm.parseResponse(str3);
            if (!parseResponse.isCorrect()) {
                buildAndShowLoginWindow(geyserSession);
                return;
            }
            if (isPasswordAuthentication && parseResponse.getClickedButtonId() == 0) {
                geyserSession.setMicrosoftAccount(false);
                buildAndShowLoginDetailsWindow(geyserSession);
            } else if (isPasswordAuthentication && parseResponse.getClickedButtonId() == 1) {
                geyserSession.setMicrosoftAccount(true);
                buildAndShowMicrosoftAuthenticationWindow(geyserSession);
            } else if (parseResponse.getClickedButtonId() == 0) {
                geyserSession.authenticateWithMicrosoftCode();
            } else {
                geyserSession.disconnect(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.disconnect", geyserSession.getLocale(), new Object[0]));
            }
        }));
    }

    public static void buildAndShowLoginDetailsWindow(GeyserSession geyserSession) {
        geyserSession.sendForm(CustomForm.builder().translator((str, str2) -> {
            return LanguageUtils.getPlayerLocaleString(str, str2, new Object[0]);
        }, geyserSession.getLocale()).title("geyser.auth.login.form.details.title").label("geyser.auth.login.form.details.desc").input("geyser.auth.login.form.details.email", "account@geysermc.org", "").input("geyser.auth.login.form.details.pass", "123456", "").responseHandler((customForm, str3) -> {
            CustomFormResponse parseResponse = customForm.parseResponse(str3);
            if (parseResponse.isCorrect()) {
                geyserSession.authenticate((String) parseResponse.next(), (String) parseResponse.next());
            } else {
                buildAndShowLoginDetailsWindow(geyserSession);
            }
        }));
    }

    public static void buildAndShowMicrosoftAuthenticationWindow(GeyserSession geyserSession) {
        geyserSession.sendForm(SimpleForm.builder().translator((str, str2) -> {
            return LanguageUtils.getPlayerLocaleString(str, str2, new Object[0]);
        }, geyserSession.getLocale()).title("geyser.auth.login.form.notice.btn_login.microsoft").button("geyser.auth.login.method.browser").button("geyser.auth.login.method.password").button("geyser.auth.login.form.notice.btn_disconnect").responseHandler((simpleForm, str3) -> {
            SimpleFormResponse parseResponse = simpleForm.parseResponse(str3);
            if (!parseResponse.isCorrect()) {
                buildAndShowLoginWindow(geyserSession);
                return;
            }
            if (parseResponse.getClickedButtonId() == 0) {
                geyserSession.authenticateWithMicrosoftCode();
            } else if (parseResponse.getClickedButtonId() == 1) {
                buildAndShowLoginDetailsWindow(geyserSession);
            } else {
                geyserSession.disconnect(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.disconnect", geyserSession.getLocale(), new Object[0]));
            }
        }));
    }

    public static void buildAndShowMicrosoftCodeWindow(GeyserSession geyserSession, MsaAuthenticationService.MsCodeResponse msCodeResponse) {
        geyserSession.sendForm(ModalForm.builder().title("%xbox.signin").content("%xbox.signin.website\n%xbox.signin.url\n%xbox.signin.enterCode\n" + msCodeResponse.user_code).button1("%gui.done").button2("%menu.disconnect").responseHandler((modalForm, str) -> {
            ModalFormResponse parseResponse = modalForm.parseResponse(str);
            if (!parseResponse.isCorrect()) {
                buildAndShowMicrosoftAuthenticationWindow(geyserSession);
            } else if (parseResponse.getClickedButtonId() == 1) {
                geyserSession.disconnect(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.disconnect", geyserSession.getLocale(), new Object[0]));
            }
        }));
    }
}
