package org.geysermc.connector.utils;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.JsonNodeType;
import com.nimbusds.jose.JWSObject;
import com.nukkitx.network.util.Preconditions;
import com.nukkitx.protocol.bedrock.packet.LoginPacket;
import com.nukkitx.protocol.bedrock.packet.ServerToClientHandshakePacket;
import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Iterator;
import java.util.UUID;
import org.geysermc.common.window.CustomFormBuilder;
import org.geysermc.common.window.CustomFormWindow;
import org.geysermc.common.window.FormWindow;
import org.geysermc.common.window.SimpleFormWindow;
import org.geysermc.common.window.button.FormButton;
import org.geysermc.common.window.component.InputComponent;
import org.geysermc.common.window.component.LabelComponent;
import org.geysermc.common.window.response.CustomFormResponse;
import org.geysermc.common.window.response.SimpleFormResponse;
import org.geysermc.connector.GeyserConnector;
import org.geysermc.connector.network.session.GeyserSession;
import org.geysermc.connector.network.session.auth.AuthData;
import org.geysermc.connector.network.session.auth.BedrockClientData;
import org.geysermc.connector.network.session.cache.WindowCache;

/* loaded from: input_file:org/geysermc/connector/utils/LoginEncryptionUtils.class */
public class LoginEncryptionUtils {
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
    private static int AUTH_FORM_ID = 1336;
    private static int AUTH_DETAILS_FORM_ID = 1337;

    private static boolean validateChainData(JsonNode jsonNode) throws Exception {
        ECPublicKey eCPublicKey = null;
        boolean z = false;
        Iterator it = jsonNode.iterator();
        while (it.hasNext()) {
            JWSObject parse = JWSObject.parse(((JsonNode) it.next()).asText());
            if (!z) {
                z = EncryptionUtils.verifyJwt(parse, EncryptionUtils.getMojangPublicKey());
            }
            if (eCPublicKey != null && !EncryptionUtils.verifyJwt(parse, eCPublicKey)) {
                return false;
            }
            JsonNode jsonNode2 = JSON_MAPPER.readTree(parse.getPayload().toString()).get("identityPublicKey");
            Preconditions.checkState(jsonNode2 != null && jsonNode2.getNodeType() == JsonNodeType.STRING, "identityPublicKey node is missing in chain");
            eCPublicKey = EncryptionUtils.generateKey(jsonNode2.asText());
        }
        return z;
    }

    public static void encryptPlayerConnection(GeyserConnector geyserConnector, GeyserSession geyserSession, LoginPacket loginPacket) {
        try {
            JsonNode jsonNode = JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray()).get("chain");
            if (jsonNode.getNodeType() != JsonNodeType.ARRAY) {
                throw new RuntimeException("Certificate data is not valid");
            }
            encryptConnectionWithCert(geyserConnector, geyserSession, loginPacket.getSkinData().toString(), jsonNode);
        } catch (IOException e) {
            throw new RuntimeException("Certificate JSON can not be read.");
        }
    }

    private static void encryptConnectionWithCert(GeyserConnector geyserConnector, GeyserSession geyserSession, String str, JsonNode jsonNode) {
        try {
            boolean validateChainData = validateChainData(jsonNode);
            geyserConnector.getLogger().debug(String.format("Is player data valid? %s", Boolean.valueOf(validateChainData)));
            if (!validateChainData && !geyserSession.getConnector().getConfig().isEnableProxyConnections()) {
                geyserSession.disconnect(LanguageUtils.getLocaleStringLog("geyser.network.remote.invalid_xbox_account", new Object[0]));
                return;
            }
            JsonNode readTree = JSON_MAPPER.readTree(JWSObject.parse(jsonNode.get(jsonNode.size() - 1).asText()).getPayload().toBytes());
            if (readTree.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
                throw new RuntimeException("AuthData was not found!");
            }
            JsonNode jsonNode2 = readTree.get("extraData");
            geyserSession.setAuthenticationData(new AuthData(jsonNode2.get("displayName").asText(), UUID.fromString(jsonNode2.get("identity").asText()), jsonNode2.get("XUID").asText()));
            if (readTree.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
                throw new RuntimeException("Identity Public Key was not found!");
            }
            ECPublicKey generateKey = EncryptionUtils.generateKey(readTree.get("identityPublicKey").textValue());
            JWSObject parse = JWSObject.parse(str);
            EncryptionUtils.verifyJwt(parse, generateKey);
            geyserSession.setClientData((BedrockClientData) JSON_MAPPER.convertValue(JSON_MAPPER.readTree(parse.getPayload().toBytes()), BedrockClientData.class));
            if (EncryptionUtils.canUseEncryption()) {
                startEncryptionHandshake(geyserSession, generateKey);
            }
        } catch (Exception e) {
            geyserSession.disconnect("disconnectionScreen.internalError.cantConnect");
            throw new RuntimeException("Unable to complete login", e);
        }
    }

    private static void startEncryptionHandshake(GeyserSession geyserSession, PublicKey publicKey) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        byte[] generateRandomToken = EncryptionUtils.generateRandomToken();
        geyserSession.getUpstream().getSession().enableEncryption(EncryptionUtils.getSecretKey(generateKeyPair.getPrivate(), publicKey, generateRandomToken));
        ServerToClientHandshakePacket serverToClientHandshakePacket = new ServerToClientHandshakePacket();
        serverToClientHandshakePacket.setJwt(EncryptionUtils.createHandshakeJwt(generateKeyPair, generateRandomToken).serialize());
        geyserSession.sendUpstreamPacketImmediately(serverToClientHandshakePacket);
    }

    public static void showLoginWindow(GeyserSession geyserSession) {
        String locale = geyserSession.getLocale();
        SimpleFormWindow simpleFormWindow = new SimpleFormWindow(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.notice.title", locale, new Object[0]), LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.notice.desc", locale, new Object[0]));
        simpleFormWindow.getButtons().add(new FormButton(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.notice.btn_login", locale, new Object[0])));
        simpleFormWindow.getButtons().add(new FormButton(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.notice.btn_disconnect", locale, new Object[0])));
        geyserSession.sendForm(simpleFormWindow, AUTH_FORM_ID);
    }

    public static void showLoginDetailsWindow(GeyserSession geyserSession) {
        String locale = geyserSession.getLocale();
        geyserSession.sendForm(new CustomFormBuilder(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.details.title", locale, new Object[0])).addComponent(new LabelComponent(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.details.desc", locale, new Object[0]))).addComponent(new InputComponent(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.details.email", locale, new Object[0]), "account@geysermc.org", "")).addComponent(new InputComponent(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.details.pass", locale, new Object[0]), "123456", "")).build(), AUTH_DETAILS_FORM_ID);
    }

    public static boolean authenticateFromForm(GeyserSession geyserSession, GeyserConnector geyserConnector, int i, String str) {
        WindowCache windowCache = geyserSession.getWindowCache();
        if (!windowCache.getWindows().containsKey(i)) {
            return false;
        }
        if (i != AUTH_FORM_ID && i != AUTH_DETAILS_FORM_ID) {
            return true;
        }
        CustomFormWindow customFormWindow = (FormWindow) windowCache.getWindows().remove(i);
        customFormWindow.setResponse(str.trim());
        if (geyserSession.isLoggedIn()) {
            return true;
        }
        if (i == AUTH_DETAILS_FORM_ID && (customFormWindow instanceof CustomFormWindow)) {
            CustomFormResponse response = customFormWindow.getResponse();
            if (response != null) {
                geyserSession.authenticate((String) response.getInputResponses().get(1), (String) response.getInputResponses().get(2));
            } else {
                showLoginDetailsWindow(geyserSession);
            }
            windowCache.getWindows().clear();
            return true;
        }
        if (i != AUTH_FORM_ID || !(customFormWindow instanceof SimpleFormWindow)) {
            return true;
        }
        SimpleFormResponse response2 = customFormWindow.getResponse();
        if (response2 == null) {
            showLoginWindow(geyserSession);
            return true;
        }
        if (response2.getClickedButtonId() == 0) {
            showLoginDetailsWindow(geyserSession);
            return true;
        }
        if (response2.getClickedButtonId() != 1) {
            return true;
        }
        geyserSession.disconnect(LanguageUtils.getPlayerLocaleString("geyser.auth.login.form.disconnect", geyserSession.getLocale(), new Object[0]));
        return true;
    }
}
