package xyz.kyngs.librelogin.paper;

import java.io.IOException;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.List;
import java.util.Optional;
import java.util.Random;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import net.kyori.adventure.text.Component;
import org.bukkit.Bukkit;
import org.bukkit.Location;
import org.bukkit.World;
import org.bukkit.entity.Player;
import org.bukkit.event.EventHandler;
import org.bukkit.event.EventPriority;
import org.bukkit.event.Listener;
import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
import org.bukkit.event.player.PlayerJoinEvent;
import org.bukkit.event.player.PlayerLoginEvent;
import org.bukkit.event.player.PlayerQuitEvent;
import org.spigotmc.event.player.PlayerSpawnLocationEvent;
import xyz.kyngs.librelogin.api.BiHolder;
import xyz.kyngs.librelogin.api.database.User;
import xyz.kyngs.librelogin.common.AuthenticLibreLogin;
import xyz.kyngs.librelogin.common.config.ConfigurationKeys;
import xyz.kyngs.librelogin.common.listener.AuthenticListeners;
import xyz.kyngs.librelogin.common.listener.PreLoginResult;
import xyz.kyngs.librelogin.common.util.GeneralUtil;
import xyz.kyngs.librelogin.lib.caffeine.cache.Cache;
import xyz.kyngs.librelogin.lib.caffeine.cache.Caffeine;
import xyz.kyngs.librelogin.lib.packetevents.api.PacketEvents;
import xyz.kyngs.librelogin.lib.packetevents.api.event.PacketReceiveEvent;
import xyz.kyngs.librelogin.lib.packetevents.api.manager.server.ServerVersion;
import xyz.kyngs.librelogin.lib.packetevents.api.protocol.packettype.PacketType;
import xyz.kyngs.librelogin.lib.packetevents.api.util.crypto.SaltSignature;
import xyz.kyngs.librelogin.lib.packetevents.api.util.reflection.Reflection;
import xyz.kyngs.librelogin.lib.packetevents.api.wrapper.login.client.WrapperLoginClientEncryptionResponse;
import xyz.kyngs.librelogin.lib.packetevents.api.wrapper.login.client.WrapperLoginClientLoginStart;
import xyz.kyngs.librelogin.lib.packetevents.api.wrapper.login.server.WrapperLoginServerDisconnect;
import xyz.kyngs.librelogin.lib.packetevents.api.wrapper.login.server.WrapperLoginServerEncryptionRequest;
import xyz.kyngs.librelogin.lib.packetevents.platform.util.SpigotReflectionUtil;
import xyz.kyngs.librelogin.paper.protocol.ClientPublicKey;
import xyz.kyngs.librelogin.paper.protocol.EncryptionUtil;
import xyz.kyngs.librelogin.paper.protocol.ProtocolUtil;

/* loaded from: input_file:xyz/kyngs/librelogin/paper/PaperListeners.class */
public class PaperListeners extends AuthenticListeners<PaperLibreLogin, Player, World> implements Listener {
    private static final String ENCRYPTION_CLASS_NAME = "MinecraftEncryption";
    private static final Class<?> ENCRYPTION_CLASS;
    private static Method encryptMethod;
    private static Method cipherMethod;
    private final KeyPair keyPair;
    private final Random random;
    private final Cache<String, EncryptionData> encryptionDataCache;
    private final FloodgateHelper floodgateHelper;
    private final Cache<Player, String> ipCache;
    private final Cache<UUID, User> readOnlyUserCache;
    private final Cache<Player, Location> spawnLocationCache;
    static final /* synthetic */ boolean $assertionsDisabled;

    public PaperListeners(PaperLibreLogin paperLibreLogin) {
        super(paperLibreLogin);
        this.keyPair = EncryptionUtil.generateKeyPair();
        this.random = new SecureRandom();
        this.encryptionDataCache = Caffeine.newBuilder().expireAfterWrite(2L, TimeUnit.MINUTES).build();
        this.floodgateHelper = ((PaperLibreLogin) this.plugin).floodgateEnabled() ? new FloodgateHelper() : null;
        this.ipCache = Caffeine.newBuilder().expireAfterWrite(2L, TimeUnit.MINUTES).build();
        this.readOnlyUserCache = Caffeine.newBuilder().expireAfterWrite(2L, TimeUnit.MINUTES).build();
        this.spawnLocationCache = Caffeine.newBuilder().expireAfterWrite(2L, TimeUnit.MINUTES).build();
    }

    public Cache<Player, Location> getSpawnLocationCache() {
        return this.spawnLocationCache;
    }

    @EventHandler
    public void onQuit(PlayerQuitEvent playerQuitEvent) {
        GeneralUtil.runAsync(() -> {
            onPlayerDisconnect(playerQuitEvent.getPlayer());
        });
    }

    @EventHandler(priority = EventPriority.HIGHEST)
    public void onPostLogin(PlayerLoginEvent playerLoginEvent) {
        this.ipCache.put(playerLoginEvent.getPlayer(), playerLoginEvent.getAddress().getHostAddress());
    }

    @EventHandler(priority = EventPriority.LOWEST)
    public void onJoin(PlayerJoinEvent playerJoinEvent) {
        User user = (User) this.readOnlyUserCache.getIfPresent(playerJoinEvent.getPlayer().getUniqueId());
        if (user == null && !((PaperLibreLogin) this.plugin).fromFloodgate(playerJoinEvent.getPlayer().getName())) {
            playerJoinEvent.getPlayer().kick(Component.text("Internal error, please try again later."));
        } else {
            this.readOnlyUserCache.invalidate(playerJoinEvent.getPlayer().getUniqueId());
            onPostLogin(playerJoinEvent.getPlayer(), user);
        }
    }

    @EventHandler(priority = EventPriority.LOWEST)
    public void onPreLogin(AsyncPlayerPreLoginEvent asyncPlayerPreLoginEvent) {
        if (((PaperLibreLogin) this.plugin).fromFloodgate(asyncPlayerPreLoginEvent.getName())) {
            return;
        }
        User byName = ((PaperLibreLogin) this.plugin).getDatabaseProvider().getByName(asyncPlayerPreLoginEvent.getName());
        asyncPlayerPreLoginEvent.setPlayerProfile(Bukkit.createProfileExact(byName.getUuid(), asyncPlayerPreLoginEvent.getName()));
        this.readOnlyUserCache.put(byName.getUuid(), byName);
    }

    @EventHandler(priority = EventPriority.HIGHEST)
    public void chooseWorld(PlayerSpawnLocationEvent playerSpawnLocationEvent) {
        String str = (String) this.ipCache.getIfPresent(playerSpawnLocationEvent.getPlayer());
        if (str == null) {
            playerSpawnLocationEvent.getPlayer().kick(Component.text("Internal error, please try again later."));
            return;
        }
        BiHolder<Boolean, World> chooseServer = chooseServer(playerSpawnLocationEvent.getPlayer(), str, (User) this.readOnlyUserCache.getIfPresent(playerSpawnLocationEvent.getPlayer().getUniqueId()));
        this.ipCache.invalidate(playerSpawnLocationEvent.getPlayer());
        this.spawnLocationCache.invalidate(playerSpawnLocationEvent.getPlayer());
        if (chooseServer.value() == null) {
            playerSpawnLocationEvent.getPlayer().kick(((PaperLibreLogin) this.plugin).getMessages().getMessage("kick-no-" + (chooseServer.key().booleanValue() ? "lobby" : "limbo"), new String[0]));
            return;
        }
        if (playerSpawnLocationEvent.getPlayer().getHealth() == 0.0d) {
            playerSpawnLocationEvent.getPlayer().setHealth(playerSpawnLocationEvent.getPlayer().getMaxHealth());
            Location bedSpawnLocation = playerSpawnLocationEvent.getPlayer().getBedSpawnLocation();
            playerSpawnLocationEvent.setSpawnLocation(bedSpawnLocation == null ? chooseServer.value().getSpawnLocation() : bedSpawnLocation);
        }
        if (playerSpawnLocationEvent.getPlayer().hasPlayedBefore() && !((List) ((PaperLibreLogin) this.plugin).getConfiguration().get(ConfigurationKeys.LIMBO)).contains(playerSpawnLocationEvent.getSpawnLocation().getWorld().getName())) {
            if (!((List) ((PaperLibreLogin) this.plugin).getConfiguration().get(ConfigurationKeys.LIMBO)).contains(chooseServer.value().getName())) {
                return;
            } else {
                this.spawnLocationCache.put(playerSpawnLocationEvent.getPlayer(), playerSpawnLocationEvent.getSpawnLocation());
            }
        }
        playerSpawnLocationEvent.setSpawnLocation(chooseServer.value().getSpawnLocation());
    }

    public void asyncPacketReceive(PacketReceiveEvent packetReceiveEvent) {
        xyz.kyngs.librelogin.lib.packetevents.api.protocol.player.User user = packetReceiveEvent.getUser();
        PacketType.Login.Client packetType = packetReceiveEvent.getPacketType();
        ((PaperLibreLogin) this.plugin).getLogger().debug("Packet received " + packetType + " from " + user.getName() + " (" + user.getAddress().toString() + ")");
        if (packetType != PacketType.Login.Client.LOGIN_START) {
            WrapperLoginClientEncryptionResponse wrapperLoginClientEncryptionResponse = new WrapperLoginClientEncryptionResponse(packetReceiveEvent);
            byte[] encryptedSharedSecret = wrapperLoginClientEncryptionResponse.getEncryptedSharedSecret();
            EncryptionData encryptionData = (EncryptionData) this.encryptionDataCache.getIfPresent(user.getAddress().toString());
            if (encryptionData == null) {
                kickPlayer("Illegal encryption state", user);
                return;
            }
            if (!verifyNonce(wrapperLoginClientEncryptionResponse, encryptionData.publicKey(), (byte[]) encryptionData.token().clone())) {
                kickPlayer("Invalid nonce", user);
            }
            try {
                SecretKey decryptSharedKey = EncryptionUtil.decryptSharedKey(this.keyPair.getPrivate(), encryptedSharedSecret);
                try {
                    if (enableEncryption(decryptSharedKey, user, packetReceiveEvent.getChannel())) {
                        String serverIdHashString = EncryptionUtil.getServerIdHashString("", decryptSharedKey, this.keyPair.getPublic());
                        String username = encryptionData.username();
                        try {
                            if (hasJoined(username, serverIdHashString, user.getAddress().getAddress())) {
                                receiveFakeStartPacket(username, encryptionData.publicKey(), packetReceiveEvent.getChannel(), encryptionData.uuid());
                            } else {
                                kickPlayer("Invalid session", user);
                            }
                            return;
                        } catch (IOException e) {
                            if (e instanceof SocketTimeoutException) {
                                ((PaperLibreLogin) this.plugin).getLogger().warn("Session verification timed out (5 seconds) for " + username);
                            }
                            kickPlayer("Cannot verify session", user);
                            return;
                        }
                    }
                    return;
                } catch (Exception e2) {
                    kickPlayer("Cannot decrypt shared secret", user);
                    return;
                }
            } catch (GeneralSecurityException e3) {
                kickPlayer("Cannot decrypt shared secret", user);
                return;
            }
        }
        WrapperLoginClientLoginStart wrapperLoginClientLoginStart = new WrapperLoginClientLoginStart(packetReceiveEvent);
        String inetSocketAddress = user.getAddress().toString();
        this.encryptionDataCache.invalidate(inetSocketAddress);
        if (!((PaperLibreLogin) this.plugin).floodgateEnabled() || this.floodgateHelper.processFloodgateTasks(packetReceiveEvent, wrapperLoginClientLoginStart)) {
            String username2 = wrapperLoginClientLoginStart.getUsername();
            Optional empty = ProtocolUtil.getServerVersion().isNewerThanOrEquals(ServerVersion.V_1_19_3) ? Optional.empty() : wrapperLoginClientLoginStart.getSignatureData().map(signatureData -> {
                return new ClientPublicKey(signatureData.getTimestamp(), signatureData.getPublicKey(), signatureData.getSignature());
            });
            if (((PaperLibreLogin) this.plugin).fromFloodgate(username2)) {
                receiveFakeStartPacket(username2, (ClientPublicKey) empty.orElse(null), packetReceiveEvent.getChannel(), UUID.randomUUID());
                return;
            }
            PreLoginResult onPreLogin = onPreLogin(username2, user.getAddress().getAddress());
            switch (onPreLogin.state()) {
                case DENIED:
                    if (!$assertionsDisabled && onPreLogin.message() == null) {
                        throw new AssertionError();
                    }
                    kickPlayer(onPreLogin.message(), user);
                    return;
                case FORCE_ONLINE:
                    try {
                        byte[] generateVerifyToken = EncryptionUtil.generateVerifyToken(this.random);
                        WrapperLoginServerEncryptionRequest wrapperLoginServerEncryptionRequest = new WrapperLoginServerEncryptionRequest("", this.keyPair.getPublic(), generateVerifyToken);
                        this.encryptionDataCache.put(inetSocketAddress, new EncryptionData(username2, generateVerifyToken, (ClientPublicKey) empty.orElse(null), onPreLogin.user().getUuid()));
                        PacketEvents.getAPI().getProtocolManager().sendPacket(packetReceiveEvent.getChannel(), wrapperLoginServerEncryptionRequest);
                        return;
                    } catch (Exception e4) {
                        ((PaperLibreLogin) this.plugin).getLogger().error("Failed to send encryption begin packet for player " + username2 + "! Kicking player.");
                        e4.printStackTrace();
                        kickPlayer("Internal error", user);
                        return;
                    }
                default:
                    receiveFakeStartPacket(username2, (ClientPublicKey) empty.orElse(null), packetReceiveEvent.getChannel(), UUID.randomUUID());
                    return;
            }
        }
    }

    public void onPacketReceive(PacketReceiveEvent packetReceiveEvent) {
        packetReceiveEvent.setCancelled(true);
        PacketReceiveEvent clone = packetReceiveEvent.clone();
        AuthenticLibreLogin.EXECUTOR.execute(() -> {
            try {
                asyncPacketReceive(clone);
            } finally {
                clone.cleanUp();
            }
        });
    }

    private void receiveFakeStartPacket(String str, ClientPublicKey clientPublicKey, Object obj, UUID uuid) {
        WrapperLoginClientLoginStart wrapperLoginClientLoginStart;
        if (ProtocolUtil.getServerVersion().isNewerThanOrEquals(ServerVersion.V_1_20)) {
            wrapperLoginClientLoginStart = new WrapperLoginClientLoginStart(ProtocolUtil.getServerVersion().toClientVersion(), str, clientPublicKey == null ? null : clientPublicKey.toSignatureData(), uuid);
        } else if (ProtocolUtil.getServerVersion().isNewerThanOrEquals(ServerVersion.V_1_19)) {
            wrapperLoginClientLoginStart = new WrapperLoginClientLoginStart(ProtocolUtil.getServerVersion().toClientVersion(), str, clientPublicKey == null ? null : clientPublicKey.toSignatureData());
        } else {
            wrapperLoginClientLoginStart = new WrapperLoginClientLoginStart(ProtocolUtil.getServerVersion().toClientVersion(), str);
        }
        PacketEvents.getAPI().getProtocolManager().receivePacketSilently(obj, wrapperLoginClientLoginStart);
    }

    public boolean hasJoined(String str, String str2, InetAddress inetAddress) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(((inetAddress instanceof Inet6Address) || ((Boolean) ((PaperLibreLogin) this.plugin).getConfiguration().get(ConfigurationKeys.ALLOW_PROXY_CONNECTIONS)).booleanValue()) ? String.format("https://sessionserver.mojang.com/session/minecraft/hasJoined?username=%s&serverId=%s", str, str2) : String.format("https://sessionserver.mojang.com/session/minecraft/hasJoined?username=%s&serverId=%s&ip=%s", str, str2, URLEncoder.encode(inetAddress.getHostAddress(), StandardCharsets.UTF_8))).openConnection();
        httpURLConnection.setConnectTimeout(5000);
        httpURLConnection.setReadTimeout(5000);
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        httpURLConnection.disconnect();
        return responseCode != 204;
    }

    private boolean enableEncryption(SecretKey secretKey, xyz.kyngs.librelogin.lib.packetevents.api.protocol.player.User user, Object obj) throws IllegalArgumentException {
        if (encryptMethod == null) {
            Class<?> cls = SpigotReflectionUtil.getNetworkManagers().get(0).getClass();
            encryptMethod = Reflection.getMethod(cls, "setupEncryption", new Class[]{SecretKey.class});
            if (encryptMethod == null) {
                encryptMethod = Reflection.getMethod(cls, "setEncryptionKey", new Class[]{Cipher.class, Cipher.class});
                cipherMethod = Reflection.getMethod(ENCRYPTION_CLASS, "a", new Class[]{Integer.TYPE, Key.class});
            }
        }
        try {
            Object findNetworkManager = ProtocolUtil.findNetworkManager(obj);
            if (cipherMethod == null) {
                encryptMethod.invoke(findNetworkManager, secretKey);
            } else {
                encryptMethod.invoke(findNetworkManager, cipherMethod.invoke(null, 2, secretKey), cipherMethod.invoke(null, 1, secretKey));
            }
            return true;
        } catch (Exception e) {
            kickPlayer("Couldn't enable encryption", user);
            e.printStackTrace();
            return false;
        }
    }

    private void kickPlayer(String str, xyz.kyngs.librelogin.lib.packetevents.api.protocol.player.User user) {
        kickPlayer((Component) Component.text(str), user);
    }

    private void kickPlayer(Component component, xyz.kyngs.librelogin.lib.packetevents.api.protocol.player.User user) {
        try {
            PacketEvents.getAPI().getProtocolManager().sendPacket(user.getChannel(), new WrapperLoginServerDisconnect(component));
            user.closeConnection();
        } catch (Throwable th) {
            user.closeConnection();
            throw th;
        }
    }

    private boolean verifyNonce(WrapperLoginClientEncryptionResponse wrapperLoginClientEncryptionResponse, ClientPublicKey clientPublicKey, byte[] bArr) {
        try {
            if (!ProtocolUtil.getServerVersion().isNewerThanOrEquals(ServerVersion.V_1_19) || ProtocolUtil.getServerVersion().isNewerThanOrEquals(ServerVersion.V_1_19_3)) {
                return EncryptionUtil.verifyNonce(bArr, this.keyPair.getPrivate(), (byte[]) wrapperLoginClientEncryptionResponse.getEncryptedVerifyToken().get());
            }
            if (clientPublicKey == null) {
                return EncryptionUtil.verifyNonce(bArr, this.keyPair.getPrivate(), (byte[]) wrapperLoginClientEncryptionResponse.getEncryptedVerifyToken().get());
            }
            PublicKey key = clientPublicKey.key();
            Optional saltSignature = wrapperLoginClientEncryptionResponse.getSaltSignature();
            if (saltSignature.isEmpty()) {
                return false;
            }
            SaltSignature saltSignature2 = (SaltSignature) saltSignature.get();
            return EncryptionUtil.verifySignedNonce(bArr, key, saltSignature2.getSalt(), saltSignature2.getSignature());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            return false;
        }
    }

    static {
        $assertionsDisabled = !PaperListeners.class.desiredAssertionStatus();
        try {
            ENCRYPTION_CLASS = Class.forName("net.minecraft.util.MinecraftEncryption");
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
    }
}
