package xyz.kyngs.librelogin.paper.protocollib;

import com.google.common.hash.Hasher;
import com.google.common.hash.Hashing;
import com.google.common.io.Resources;
import com.google.common.primitives.Longs;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.util.Arrays;
import java.util.Base64;
import java.util.Random;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import xyz.kyngs.librelogin.paper.PaperBootstrap;

/* loaded from: input_file:xyz/kyngs/librelogin/paper/protocollib/EncryptionUtil.class */
public final class EncryptionUtil {
    public static final int VERIFY_TOKEN_LENGTH = 4;
    public static final String KEY_PAIR_ALGORITHM = "RSA";
    private static final int RSA_LENGTH = 1024;
    private static final PublicKey MOJANG_SESSION_KEY;
    private static final int LINE_LENGTH = 76;
    private static final Base64.Encoder KEY_ENCODER = Base64.getMimeEncoder(LINE_LENGTH, "\n".getBytes(StandardCharsets.UTF_8));
    private static final int MILLISECOND_SIZE = 8;
    private static final int UUID_SIZE = 16;

    private EncryptionUtil() {
        throw new RuntimeException("No instantiation of utility classes allowed");
    }

    public static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
            keyPairGenerator.initialize(RSA_LENGTH);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new ExceptionInInitializerError(e);
        }
    }

    public static byte[] generateVerifyToken(Random random) {
        byte[] bArr = new byte[4];
        random.nextBytes(bArr);
        return bArr;
    }

    public static String getServerIdHashString(String str, SecretKey secretKey, PublicKey publicKey) {
        return new BigInteger(getServerIdHash(str, publicKey, secretKey)).toString(16);
    }

    public static SecretKey decryptSharedKey(PrivateKey privateKey, byte[] bArr) throws NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException {
        return new SecretKeySpec(decrypt(privateKey, bArr), "AES");
    }

    public static boolean verifyClientKey(ClientPublicKey clientPublicKey, Instant instant, UUID uuid) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (clientPublicKey.expired(instant)) {
            return false;
        }
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initVerify(MOJANG_SESSION_KEY);
        signature.update(toSignable(clientPublicKey, uuid));
        return signature.verify(clientPublicKey.signature());
    }

    private static byte[] toSignable(ClientPublicKey clientPublicKey, UUID uuid) {
        if (uuid != null) {
            byte[] encoded = clientPublicKey.key().getEncoded();
            return ByteBuffer.allocate(encoded.length + 16 + 8).putLong(uuid.getMostSignificantBits()).putLong(uuid.getLeastSignificantBits()).putLong(clientPublicKey.expire().toEpochMilli()).put(encoded).array();
        }
        long epochMilli = clientPublicKey.expire().toEpochMilli();
        KEY_ENCODER.encodeToString(clientPublicKey.key().getEncoded());
        return (epochMilli + "-----BEGIN RSA PUBLIC KEY-----\n" + epochMilli + "\n-----END RSA PUBLIC KEY-----\n").getBytes(StandardCharsets.US_ASCII);
    }

    public static boolean verifyNonce(byte[] bArr, PrivateKey privateKey, byte[] bArr2) throws NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException {
        return Arrays.equals(bArr, decrypt(privateKey, bArr2));
    }

    public static boolean verifySignedNonce(byte[] bArr, PublicKey publicKey, long j, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(publicKey);
        signature.update(bArr);
        signature.update(Longs.toByteArray(j));
        return signature.verify(bArr2);
    }

    private static PublicKey loadMojangSessionKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(KEY_PAIR_ALGORITHM).generatePublic(new X509EncodedKeySpec(Resources.toByteArray(PaperBootstrap.class.getClassLoader().getResource("yggdrasil_session_pubkey.der"))));
    }

    private static byte[] decrypt(PrivateKey privateKey, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
        cipher.init(2, privateKey);
        return cipher.doFinal(bArr);
    }

    private static byte[] getServerIdHash(String str, PublicKey publicKey, SecretKey secretKey) {
        Hasher newHasher = Hashing.sha1().newHasher();
        newHasher.putBytes(str.getBytes(StandardCharsets.ISO_8859_1));
        newHasher.putBytes(secretKey.getEncoded());
        newHasher.putBytes(publicKey.getEncoded());
        return newHasher.hash().asBytes();
    }

    static {
        try {
            MOJANG_SESSION_KEY = loadMojangSessionKey();
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException("Failed to load Mojang session key", e);
        }
    }
}
