package net.raphimc.viabedrock.protocol.packets;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import com.google.gson.ToNumberPolicy;
import com.viaversion.viaversion.api.Via;
import com.viaversion.viaversion.api.connection.ProtocolInfo;
import com.viaversion.viaversion.api.connection.UserConnection;
import com.viaversion.viaversion.api.protocol.packet.PacketWrapper;
import com.viaversion.viaversion.api.protocol.packet.State;
import com.viaversion.viaversion.api.protocol.remapper.PacketHandlers;
import com.viaversion.viaversion.api.type.Type;
import com.viaversion.viaversion.libs.gson.JsonNull;
import com.viaversion.viaversion.protocols.base.ClientboundLoginPackets;
import com.viaversion.viaversion.protocols.base.ServerboundLoginPackets;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import io.jsonwebtoken.gson.io.GsonDeserializer;
import io.jsonwebtoken.io.Decoders;
import io.netty.util.AsciiString;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ThreadLocalRandom;
import java.util.logging.Level;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.lenni0451.mcstructs_bedrock.text.utils.BedrockTranslator;
import net.lenni0451.mcstructs_bedrock.text.utils.TranslatorOptions;
import net.raphimc.viabedrock.ViaBedrock;
import net.raphimc.viabedrock.api.util.JsonUtil;
import net.raphimc.viabedrock.protocol.BedrockProtocol;
import net.raphimc.viabedrock.protocol.ClientboundBedrockPackets;
import net.raphimc.viabedrock.protocol.ServerboundBedrockPackets;
import net.raphimc.viabedrock.protocol.providers.NettyPipelineProvider;
import net.raphimc.viabedrock.protocol.providers.SkinProvider;
import net.raphimc.viabedrock.protocol.storage.AuthChainData;
import net.raphimc.viabedrock.protocol.storage.HandshakeStorage;
import net.raphimc.viabedrock.protocol.types.BedrockTypes;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: input_file:net/raphimc/viabedrock/protocol/packets/LoginPackets.class */
public class LoginPackets {
    private static final KeyFactory EC_KEYFACTORY;
    private static final ECPublicKey MOJANG_PUBLIC_KEY;
    private static final Gson GSON = new GsonBuilder().setObjectToNumberStrategy(ToNumberPolicy.LONG_OR_DOUBLE).disableHtmlEscaping().create();
    private static final GsonDeserializer<Map<String, ?>> GSON_DESERIALIZER = new GsonDeserializer<>(GSON);

    public static void register(BedrockProtocol bedrockProtocol) {
        bedrockProtocol.registerClientbound(State.LOGIN, ClientboundBedrockPackets.DISCONNECT.getId(), ClientboundLoginPackets.LOGIN_DISCONNECT.getId(), new PacketHandlers() { // from class: net.raphimc.viabedrock.protocol.packets.LoginPackets.1
            @Override // com.viaversion.viaversion.api.protocol.remapper.PacketHandlers
            public void register() {
                handler(packetWrapper -> {
                    if (!((Boolean) packetWrapper.read(Type.BOOLEAN)).booleanValue()) {
                        packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockTranslator.translate((String) packetWrapper.read(BedrockTypes.STRING), str -> {
                            return BedrockProtocol.MAPPINGS.getTranslations().getOrDefault(str, str);
                        }, new Object[0], new TranslatorOptions[0])));
                    } else {
                        packetWrapper.write(Type.COMPONENT, JsonNull.INSTANCE);
                    }
                });
            }
        });
        bedrockProtocol.registerClientbound(State.LOGIN, ClientboundBedrockPackets.NETWORK_SETTINGS.getId(), -1, new PacketHandlers() { // from class: net.raphimc.viabedrock.protocol.packets.LoginPackets.2
            @Override // com.viaversion.viaversion.api.protocol.remapper.PacketHandlers
            public void register() {
                handler(packetWrapper -> {
                    packetWrapper.cancel();
                    HandshakeStorage handshakeStorage = (HandshakeStorage) packetWrapper.user().get(HandshakeStorage.class);
                    AuthChainData authChainData = (AuthChainData) packetWrapper.user().get(AuthChainData.class);
                    ((NettyPipelineProvider) Via.getManager().getProviders().get(NettyPipelineProvider.class)).enableCompression(packetWrapper.user(), ((Integer) packetWrapper.read(BedrockTypes.UNSIGNED_SHORT_LE)).intValue(), ((Integer) packetWrapper.read(BedrockTypes.UNSIGNED_SHORT_LE)).intValue());
                    JsonObject jsonObject = new JsonObject();
                    JsonArray jsonArray = new JsonArray();
                    if (authChainData.getSelfSignedJwt() != null) {
                        jsonArray.add(new JsonPrimitive(authChainData.getSelfSignedJwt()));
                    }
                    if (authChainData.getMojangJwt() != null) {
                        jsonArray.add(new JsonPrimitive(authChainData.getMojangJwt()));
                    }
                    if (authChainData.getIdentityJwt() != null) {
                        jsonArray.add(new JsonPrimitive(authChainData.getIdentityJwt()));
                    }
                    jsonObject.add("chain", jsonArray);
                    String jsonObject2 = jsonObject.toString();
                    PacketWrapper create = PacketWrapper.create(ServerboundBedrockPackets.LOGIN, packetWrapper.user());
                    create.write(Type.INT, Integer.valueOf(handshakeStorage.getProtocolVersion()));
                    create.write(BedrockTypes.UNSIGNED_VAR_INT, Integer.valueOf(jsonObject2.length() + authChainData.getSkinJwt().length() + 8));
                    create.write(BedrockTypes.ASCII_STRING, AsciiString.of(jsonObject2));
                    create.write(BedrockTypes.ASCII_STRING, AsciiString.of(authChainData.getSkinJwt()));
                    create.sendToServer(BedrockProtocol.class);
                });
            }
        });
        bedrockProtocol.registerClientbound(State.LOGIN, ClientboundBedrockPackets.SERVER_TO_CLIENT_HANDSHAKE.getId(), -1, new PacketHandlers() { // from class: net.raphimc.viabedrock.protocol.packets.LoginPackets.3
            @Override // com.viaversion.viaversion.api.protocol.remapper.PacketHandlers
            public void register() {
                handler(packetWrapper -> {
                    packetWrapper.cancel();
                    AuthChainData authChainData = (AuthChainData) packetWrapper.user().get(AuthChainData.class);
                    final boolean[] zArr = {true};
                    Jws<Claims> parseClaimsJws = Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() { // from class: net.raphimc.viabedrock.protocol.packets.LoginPackets.3.1
                        @Override // io.jsonwebtoken.SigningKeyResolverAdapter, io.jsonwebtoken.SigningKeyResolver
                        public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) {
                            zArr[0] = false;
                            return LoginPackets.publicKeyFromBase64((String) jwsHeader.get(JwsHeader.X509_URL));
                        }
                    }).base64UrlDecodeWith(str -> {
                        return zArr[0] ? new String(Decoders.BASE64URL.decode(str), StandardCharsets.UTF_8).trim().getBytes(StandardCharsets.UTF_8) : Decoders.BASE64URL.decode(str);
                    }).build().parseClaimsJws((String) packetWrapper.read(BedrockTypes.STRING));
                    ((NettyPipelineProvider) Via.getManager().getProviders().get(NettyPipelineProvider.class)).enableEncryption(packetWrapper.user(), LoginPackets.ecdhKeyExchange(authChainData.getPrivateKey(), LoginPackets.publicKeyFromBase64((String) parseClaimsJws.getHeader().get(JwsHeader.X509_URL)), Base64.getDecoder().decode((String) parseClaimsJws.getBody().get("salt", String.class))));
                    PacketWrapper.create(ServerboundBedrockPackets.CLIENT_TO_SERVER_HANDSHAKE, packetWrapper.user()).sendToServer(BedrockProtocol.class);
                });
            }
        });
        bedrockProtocol.registerClientbound(State.LOGIN, ClientboundBedrockPackets.PLAY_STATUS.getId(), ClientboundLoginPackets.GAME_PROFILE.getId(), new PacketHandlers() { // from class: net.raphimc.viabedrock.protocol.packets.LoginPackets.4
            @Override // com.viaversion.viaversion.api.protocol.remapper.PacketHandlers
            public void register() {
                handler(packetWrapper -> {
                    int intValue = ((Integer) packetWrapper.read(Type.INT)).intValue();
                    if (intValue != 0) {
                        packetWrapper.setPacketType(ClientboundLoginPackets.LOGIN_DISCONNECT);
                        LoginPackets.writePlayStatusKickMessage(packetWrapper, intValue);
                        return;
                    }
                    AuthChainData authChainData = (AuthChainData) packetWrapper.user().get(AuthChainData.class);
                    packetWrapper.write(Type.UUID, authChainData.getIdentity());
                    packetWrapper.write(Type.STRING, authChainData.getDisplayName());
                    packetWrapper.write(Type.VAR_INT, 0);
                    ProtocolInfo protocolInfo = packetWrapper.user().getProtocolInfo();
                    protocolInfo.setUsername(authChainData.getDisplayName());
                    protocolInfo.setUuid(authChainData.getIdentity());
                    protocolInfo.setState(State.PLAY);
                    Via.getManager().getConnectionManager().onLoginSuccess(packetWrapper.user());
                    if (!protocolInfo.getPipeline().hasNonBaseProtocols()) {
                        packetWrapper.user().setActive(false);
                    }
                    PacketWrapper create = PacketWrapper.create(ServerboundBedrockPackets.CLIENT_CACHE_STATUS, packetWrapper.user());
                    create.write(Type.BOOLEAN, Boolean.valueOf(ViaBedrock.getConfig().isBlobCacheEnabled()));
                    create.sendToServer(BedrockProtocol.class);
                });
            }
        });
        bedrockProtocol.registerServerbound(State.LOGIN, ServerboundLoginPackets.HELLO.getId(), ServerboundBedrockPackets.REQUEST_NETWORK_SETTINGS.getId(), new PacketHandlers() { // from class: net.raphimc.viabedrock.protocol.packets.LoginPackets.5
            @Override // com.viaversion.viaversion.api.protocol.remapper.PacketHandlers
            public void register() {
                handler(packetWrapper -> {
                    HandshakeStorage handshakeStorage = (HandshakeStorage) packetWrapper.user().get(HandshakeStorage.class);
                    ProtocolInfo protocolInfo = packetWrapper.user().getProtocolInfo();
                    protocolInfo.setUsername((String) packetWrapper.read(Type.STRING));
                    protocolInfo.setUuid((UUID) packetWrapper.read(Type.OPTIONAL_UUID));
                    packetWrapper.write(Type.INT, Integer.valueOf(handshakeStorage.getProtocolVersion()));
                    LoginPackets.validateAndFullAuthChainData(packetWrapper.user());
                });
            }
        });
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0001. Please report as an issue. */
    public static void writePlayStatusKickMessage(PacketWrapper packetWrapper, int i) {
        switch (i) {
            case 0:
            case 3:
                packetWrapper.cancel();
                return;
            case 1:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.outdatedClient")));
                return;
            case 2:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.outdatedServer")));
                return;
            case 4:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.invalidTenant")));
                return;
            case 5:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.editionMismatchEduToVanilla")));
                return;
            case 6:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.editionMismatchVanillaToEdu")));
                return;
            case 7:
            case 9:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.serverFull") + "\n\n\n\n" + BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.serverFull.title")));
                return;
            case 8:
                packetWrapper.write(Type.COMPONENT, JsonUtil.textToComponent(BedrockProtocol.MAPPINGS.getTranslations().get("disconnectionScreen.editor.mismatchEditorToVanilla")));
                return;
            default:
                ViaBedrock.getPlatform().getLogger().log(Level.WARNING, "Received invalid login status: " + i);
                packetWrapper.cancel();
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ECPublicKey publicKeyFromBase64(String str) {
        try {
            return (ECPublicKey) EC_KEYFACTORY.generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("Could not decode base64 public key", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateAndFullAuthChainData(UserConnection userConnection) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        if (userConnection.has(AuthChainData.class)) {
            AuthChainData authChainData = (AuthChainData) userConnection.get(AuthChainData.class);
            ECPublicKey publicKey = authChainData.getPublicKey();
            ECPrivateKey privateKey = authChainData.getPrivateKey();
            String encodeToString = Base64.getEncoder().encodeToString(publicKey.getEncoded());
            Jws<Claims> parseClaimsJws = Jwts.parserBuilder().setSigningKey(MOJANG_PUBLIC_KEY).deserializeJsonWith(GSON_DESERIALIZER).build().parseClaimsJws(authChainData.getMojangJwt());
            Jws<Claims> parseClaimsJws2 = Jwts.parserBuilder().setSigningKey(publicKeyFromBase64((String) parseClaimsJws.getBody().get("identityPublicKey", String.class))).build().parseClaimsJws(authChainData.getIdentityJwt());
            if (authChainData.getSelfSignedJwt() == null) {
                authChainData.setSelfSignedJwt(Jwts.builder().signWith(privateKey, SignatureAlgorithm.ES384).setHeaderParam(JwsHeader.X509_URL, encodeToString).claim("certificateAuthority", true).claim("identityPublicKey", parseClaimsJws.getHeader().get(JwsHeader.X509_URL)).setExpiration(Date.from(Instant.now().plus(2L, (TemporalUnit) ChronoUnit.DAYS))).setNotBefore(Date.from(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.MINUTES))).compact());
            }
            if (authChainData.getSkinJwt() == null) {
                authChainData.setSkinJwt(Jwts.builder().signWith(privateKey, SignatureAlgorithm.ES384).setHeaderParam(JwsHeader.X509_URL, encodeToString).addClaims(((SkinProvider) Via.getManager().getProviders().get(SkinProvider.class)).getClientPlayerSkin(userConnection)).compact());
            }
            Map map = (Map) parseClaimsJws2.getBody().get("extraData", Map.class);
            authChainData.setXuid((String) map.get("XUID"));
            authChainData.setIdentity(UUID.fromString((String) map.get("identity")));
            authChainData.setDisplayName((String) map.get("displayName"));
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) generateKeyPair.getPrivate();
        String encodeToString2 = Base64.getEncoder().encodeToString(eCPublicKey.getEncoded());
        String username = userConnection.getProtocolInfo().getUsername();
        UUID nameUUIDFromBytes = UUID.nameUUIDFromBytes(("OfflinePlayer:" + username).getBytes(StandardCharsets.UTF_8));
        HashMap hashMap = new HashMap();
        hashMap.put("XUID", Long.toString(nameUUIDFromBytes.getLeastSignificantBits()));
        hashMap.put("identity", nameUUIDFromBytes.toString());
        hashMap.put("displayName", username);
        hashMap.put("titleId", "896928775");
        String compact = Jwts.builder().signWith(eCPrivateKey, SignatureAlgorithm.ES384).setHeaderParam(JwsHeader.X509_URL, encodeToString2).claim("identityPublicKey", encodeToString2).claim(Claims.ISSUER, "Mojang").claim("randomNonce", Long.valueOf(ThreadLocalRandom.current().nextLong())).claim("extraData", hashMap).setIssuedAt(Date.from(Instant.now())).setExpiration(Date.from(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.DAYS))).setNotBefore(Date.from(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.MINUTES))).compact();
        String compact2 = Jwts.builder().signWith(eCPrivateKey, SignatureAlgorithm.ES384).setHeaderParam(JwsHeader.X509_URL, encodeToString2).addClaims(((SkinProvider) Via.getManager().getProviders().get(SkinProvider.class)).getClientPlayerSkin(userConnection)).compact();
        AuthChainData authChainData2 = new AuthChainData(userConnection, null, compact, eCPublicKey, eCPrivateKey);
        authChainData2.setSkinJwt(compact2);
        authChainData2.setXuid((String) hashMap.get("XUID"));
        authChainData2.setIdentity(UUID.fromString((String) hashMap.get("identity")));
        authChainData2.setDisplayName((String) hashMap.get("displayName"));
        userConnection.put(authChainData2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretKey ecdhKeyExchange(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(eCPrivateKey);
        keyAgreement.doPhase(eCPublicKey, true);
        byte[] generateSecret = keyAgreement.generateSecret();
        MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
        messageDigest.update(bArr);
        messageDigest.update(generateSecret);
        return new SecretKeySpec(messageDigest.digest(), "AES");
    }

    static {
        try {
            EC_KEYFACTORY = KeyFactory.getInstance("EC");
            MOJANG_PUBLIC_KEY = publicKeyFromBase64("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8ELkixyLcwlZryUQcu1TvPOmI2B7vX83ndnWRUaXm74wFfa5f/lwQNTfrLVHa2PmenpGI6JhIMUJaWZrjmMj90NoKNFSNBuKdm8rYiXsfaz3K36x/1U26HpG0ZxK/V1V");
        } catch (Throwable th) {
            throw new RuntimeException("Could not initialize the required cryptography", th);
        }
    }
}
