package xyz.kyngs.librelogin.paper;

import co.aikar.commands.apachecommonslang.ApacheCommonsLangUtil;
import com.comphenix.protocol.PacketType;
import com.comphenix.protocol.ProtocolLibrary;
import com.comphenix.protocol.events.PacketContainer;
import com.comphenix.protocol.events.PacketEvent;
import com.comphenix.protocol.injector.BukkitUnwrapper;
import com.comphenix.protocol.injector.packet.PacketRegistry;
import com.comphenix.protocol.injector.temporary.TemporaryPlayerFactory;
import com.comphenix.protocol.reflect.FuzzyReflection;
import com.comphenix.protocol.reflect.StructureModifier;
import com.comphenix.protocol.reflect.accessors.Accessors;
import com.comphenix.protocol.utility.MinecraftReflection;
import com.comphenix.protocol.utility.MinecraftVersion;
import com.comphenix.protocol.wrappers.BukkitConverters;
import com.comphenix.protocol.wrappers.WrappedChatComponent;
import com.comphenix.protocol.wrappers.WrappedGameProfile;
import com.comphenix.protocol.wrappers.WrappedProfilePublicKey;
import com.destroystokyo.paper.profile.PlayerProfile;
import com.mojang.datafixers.util.Either;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.List;
import java.util.Optional;
import java.util.Random;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.serializer.legacy.LegacyComponentSerializer;
import org.bukkit.Location;
import org.bukkit.World;
import org.bukkit.entity.Player;
import org.bukkit.event.EventHandler;
import org.bukkit.event.EventPriority;
import org.bukkit.event.Listener;
import org.bukkit.event.player.AsyncPlayerPreLoginEvent;
import org.bukkit.event.player.PlayerJoinEvent;
import org.bukkit.event.player.PlayerLoginEvent;
import org.bukkit.event.player.PlayerQuitEvent;
import org.spigotmc.event.player.PlayerSpawnLocationEvent;
import xyz.kyngs.librelogin.api.database.User;
import xyz.kyngs.librelogin.common.config.ConfigurationKeys;
import xyz.kyngs.librelogin.common.listener.AuthenticListeners;
import xyz.kyngs.librelogin.common.listener.PreLoginResult;
import xyz.kyngs.librelogin.common.util.GeneralUtil;
import xyz.kyngs.librelogin.lib.caffeine.cache.Cache;
import xyz.kyngs.librelogin.lib.caffeine.cache.Caffeine;
import xyz.kyngs.librelogin.paper.protocollib.ClientPublicKey;
import xyz.kyngs.librelogin.paper.protocollib.EncryptionUtil;
import xyz.kyngs.librelogin.paper.protocollib.ProtocolListener;

/* loaded from: input_file:xyz/kyngs/librelogin/paper/PaperListeners.class */
public class PaperListeners extends AuthenticListeners<PaperLibreLogin, Player, World> implements Listener {
    private static final String ENCRYPTION_CLASS_NAME = "MinecraftEncryption";
    private static final Class<?> ENCRYPTION_CLASS;
    private static Method encryptMethod;
    private static Method cipherMethod;
    private final KeyPair keyPair;
    private final Random random;
    private final Cache<String, EncryptionData> encryptionDataCache;
    private final FloodgateHelper floodgateHelper;
    private final Cache<Player, String> ipCache;
    private final Cache<UUID, User> readOnlyUserCache;
    private final Cache<Player, Location> spawnLocationCache;
    static final /* synthetic */ boolean $assertionsDisabled;

    public PaperListeners(PaperLibreLogin paperLibreLogin) {
        super(paperLibreLogin);
        this.keyPair = EncryptionUtil.generateKeyPair();
        this.random = new SecureRandom();
        this.encryptionDataCache = Caffeine.newBuilder().expireAfterWrite(1L, TimeUnit.MINUTES).build();
        this.floodgateHelper = ((PaperLibreLogin) this.plugin).floodgateEnabled() ? new FloodgateHelper() : null;
        new ProtocolListener(this, (PaperLibreLogin) this.plugin);
        this.ipCache = Caffeine.newBuilder().expireAfterWrite(1L, TimeUnit.MINUTES).build();
        this.readOnlyUserCache = Caffeine.newBuilder().expireAfterWrite(1L, TimeUnit.MINUTES).build();
        this.spawnLocationCache = Caffeine.newBuilder().expireAfterWrite(1L, TimeUnit.MINUTES).build();
    }

    public Cache<Player, Location> getSpawnLocationCache() {
        return this.spawnLocationCache;
    }

    @EventHandler
    public void onQuit(PlayerQuitEvent playerQuitEvent) {
        GeneralUtil.runAsync(() -> {
            onPlayerDisconnect(playerQuitEvent.getPlayer());
        });
    }

    @EventHandler(priority = EventPriority.HIGHEST)
    public void onPostLogin(PlayerLoginEvent playerLoginEvent) {
        this.ipCache.put(playerLoginEvent.getPlayer(), playerLoginEvent.getAddress().getHostName());
    }

    @EventHandler(priority = EventPriority.LOWEST)
    public void onJoin(PlayerJoinEvent playerJoinEvent) {
        User user = (User) this.readOnlyUserCache.getIfPresent(playerJoinEvent.getPlayer().getUniqueId());
        if (user == null) {
            playerJoinEvent.getPlayer().kick(Component.text("Internal error, please try again later."));
        } else {
            this.readOnlyUserCache.invalidate(playerJoinEvent.getPlayer().getUniqueId());
            onPostLogin(playerJoinEvent.getPlayer(), user);
        }
    }

    @EventHandler(priority = EventPriority.LOWEST)
    public void onPreLogin(AsyncPlayerPreLoginEvent asyncPlayerPreLoginEvent) {
        PlayerProfile playerProfile = asyncPlayerPreLoginEvent.getPlayerProfile();
        if (((PaperLibreLogin) this.plugin).fromFloodgate(asyncPlayerPreLoginEvent.getName())) {
            return;
        }
        User byName = ((PaperLibreLogin) this.plugin).getDatabaseProvider().getByName(asyncPlayerPreLoginEvent.getName());
        playerProfile.setId(byName.getUuid());
        this.readOnlyUserCache.put(byName.getUuid(), byName);
    }

    @EventHandler(priority = EventPriority.HIGHEST)
    public void chooseWorld(PlayerSpawnLocationEvent playerSpawnLocationEvent) {
        World chooseServer = chooseServer(playerSpawnLocationEvent.getPlayer(), (String) this.ipCache.getIfPresent(playerSpawnLocationEvent.getPlayer()), (User) this.readOnlyUserCache.getIfPresent(playerSpawnLocationEvent.getPlayer().getUniqueId()));
        this.ipCache.invalidate(playerSpawnLocationEvent.getPlayer());
        this.spawnLocationCache.invalidate(playerSpawnLocationEvent.getPlayer());
        if (chooseServer == null) {
            playerSpawnLocationEvent.getPlayer().kick(Component.text("Internal error"));
            return;
        }
        playerSpawnLocationEvent.getPlayer().hasPlayedBefore();
        if (playerSpawnLocationEvent.getPlayer().hasPlayedBefore() && !((List) ((PaperLibreLogin) this.plugin).getConfiguration().get(ConfigurationKeys.LIMBO)).contains(playerSpawnLocationEvent.getSpawnLocation().getWorld().getName())) {
            if (!((List) ((PaperLibreLogin) this.plugin).getConfiguration().get(ConfigurationKeys.LIMBO)).contains(chooseServer.getName())) {
                return;
            } else {
                this.spawnLocationCache.put(playerSpawnLocationEvent.getPlayer(), playerSpawnLocationEvent.getSpawnLocation());
            }
        }
        playerSpawnLocationEvent.setSpawnLocation(chooseServer.getSpawnLocation());
    }

    public void setUUID(Player player, String str) {
        User byName = ((PaperLibreLogin) this.plugin).getDatabaseProvider().getByName(str);
        try {
            Object networkManager = getNetworkManager(player);
            Accessors.getFieldAccessorOrNull(networkManager.getClass(), "spoofedUUID", UUID.class).set(networkManager, byName.getUuid());
        } catch (Exception e) {
            e.printStackTrace();
            kickPlayer("Internal error", player);
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:19:0x00bd. Please report as an issue. */
    public void onPacketReceive(PacketEvent packetEvent) {
        Player player = packetEvent.getPlayer();
        PacketType packetType = packetEvent.getPacketType();
        PacketContainer packet = packetEvent.getPacket();
        if (packetType != PacketType.Login.Client.START) {
            byte[] bArr = (byte[]) packet.getByteArrays().read(0);
            EncryptionData encryptionData = (EncryptionData) this.encryptionDataCache.getIfPresent(player.getAddress().toString());
            if (encryptionData == null) {
                kickPlayer("Illegal encryption state", player);
                return;
            }
            if (!verifyNonce(packet, encryptionData.publicKey(), (byte[]) encryptionData.token().clone())) {
                kickPlayer("Invalid nonce", player);
            }
            try {
                try {
                    SecretKey decryptSharedKey = EncryptionUtil.decryptSharedKey(this.keyPair.getPrivate(), bArr);
                    try {
                        if (!enableEncryption(decryptSharedKey, player)) {
                            synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                                packetEvent.setCancelled(true);
                            }
                            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                            return;
                        }
                        String serverIdHashString = EncryptionUtil.getServerIdHashString(ApacheCommonsLangUtil.EMPTY, decryptSharedKey, this.keyPair.getPublic());
                        String username = encryptionData.username();
                        try {
                            if (hasJoined(username, serverIdHashString, player.getAddress().getAddress())) {
                                receiveFakeStartPacket(username, encryptionData.publicKey(), player);
                            } else {
                                kickPlayer("Invalid session", player);
                            }
                        } catch (IOException e) {
                            kickPlayer("Cannot verify session", player);
                        }
                        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                            packetEvent.setCancelled(true);
                        }
                        ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                        return;
                    } catch (Exception e2) {
                        kickPlayer("Cannot decrypt shared secret", player);
                        synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                            packetEvent.setCancelled(true);
                            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                            return;
                        }
                    }
                } catch (GeneralSecurityException e3) {
                    kickPlayer("Cannot decrypt shared secret", player);
                    synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                        packetEvent.setCancelled(true);
                        ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                        return;
                    }
                }
            } catch (Throwable th) {
                synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                    packetEvent.setCancelled(true);
                    ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                    throw th;
                }
            }
        }
        this.encryptionDataCache.invalidate(player.getAddress().toString());
        if (!((PaperLibreLogin) this.plugin).floodgateEnabled() || this.floodgateHelper.processFloodgateTasks(packetEvent)) {
            String username2 = getUsername(packet);
            Optional empty = MinecraftVersion.atOrAbove(new MinecraftVersion(1, 19, 3)) ? Optional.empty() : packet.getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter()).optionRead(0).flatMap(Function.identity()).flatMap(wrappedProfileKeyData -> {
                return Optional.of(new ClientPublicKey(wrappedProfileKeyData.getExpireTime(), wrappedProfileKeyData.getKey(), wrappedProfileKeyData.getSignature()));
            });
            try {
                if (((PaperLibreLogin) this.plugin).fromFloodgate(username2)) {
                    ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                    return;
                }
                PreLoginResult onPreLogin = onPreLogin(username2);
                switch (onPreLogin.state()) {
                    case DENIED:
                        if (!$assertionsDisabled && onPreLogin.message() == null) {
                            throw new AssertionError();
                        }
                        kickPlayer(LegacyComponentSerializer.legacySection().serialize(onPreLogin.message()), player);
                        ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                        return;
                    case FORCE_ONLINE:
                        try {
                            byte[] generateVerifyToken = EncryptionUtil.generateVerifyToken(this.random);
                            PacketContainer packetContainer = new PacketContainer(PacketType.Login.Server.ENCRYPTION_BEGIN);
                            packetContainer.getStrings().write(0, ApacheCommonsLangUtil.EMPTY);
                            StructureModifier specificModifier = packetContainer.getSpecificModifier(PublicKey.class);
                            int i = 0;
                            if (specificModifier.getFields().isEmpty()) {
                                i = 0 + 1;
                                packetContainer.getByteArrays().write(0, this.keyPair.getPublic().getEncoded());
                            } else {
                                specificModifier.write(0, this.keyPair.getPublic());
                            }
                            packetContainer.getByteArrays().write(i, generateVerifyToken);
                            this.encryptionDataCache.put(player.getAddress().toString(), new EncryptionData(username2, generateVerifyToken, (ClientPublicKey) empty.orElse(null)));
                            ProtocolLibrary.getProtocolManager().sendServerPacket(player, packetContainer);
                            synchronized (packetEvent.getAsyncMarker().getProcessingLock()) {
                                packetEvent.setCancelled(true);
                            }
                            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                            return;
                        } catch (Exception e4) {
                            ((PaperLibreLogin) this.plugin).getLogger().error("Failed to send encryption begin packet for player " + username2 + "! Falling back to offline mode.");
                            e4.printStackTrace();
                            ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                            return;
                        }
                    default:
                        ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                        return;
                }
            } catch (Throwable th2) {
                ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent);
                throw th2;
            }
        }
    }

    private void receiveFakeStartPacket(String str, ClientPublicKey clientPublicKey, Player player) {
        PacketContainer packetContainer;
        if (MinecraftVersion.atOrAbove(new MinecraftVersion(1, 19, 0))) {
            packetContainer = new PacketContainer(PacketType.Login.Client.START);
            packetContainer.getStrings().write(0, str);
            packetContainer.getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter()).write(0, Optional.ofNullable(clientPublicKey).map(clientPublicKey2 -> {
                return new WrappedProfilePublicKey.WrappedProfileKeyData(clientPublicKey.getExpire(), clientPublicKey.getKey(), clientPublicKey.getSignature());
            }));
        } else {
            WrappedGameProfile wrappedGameProfile = new WrappedGameProfile(UUID.randomUUID(), str);
            packetContainer = new PacketContainer(PacketType.Login.Client.START, Accessors.getConstructorAccessorOrNull(PacketRegistry.getPacketClassFromType(PacketType.Login.Client.START), new Class[]{wrappedGameProfile.getHandleType()}).invoke(new Object[]{BukkitUnwrapper.getInstance().unwrapItem(wrappedGameProfile)}));
        }
        ProtocolLibrary.getProtocolManager().receiveClientPacket(player, packetContainer, false);
    }

    public boolean hasJoined(String str, String str2, InetAddress inetAddress) throws IOException {
        return ((HttpURLConnection) new URL(inetAddress instanceof Inet6Address ? String.format("https://sessionserver.mojang.com/session/minecraft/hasJoined?username=%s&serverId=%s", str, str2) : String.format("https://sessionserver.mojang.com/session/minecraft/hasJoined?username=%s&serverId=%s&ip=%s", str, str2, URLEncoder.encode(inetAddress.getHostAddress(), StandardCharsets.UTF_8.name()))).openConnection()).getResponseCode() != 204;
    }

    private boolean enableEncryption(SecretKey secretKey, Player player) throws IllegalArgumentException {
        if (encryptMethod == null) {
            Class networkManagerClass = MinecraftReflection.getNetworkManagerClass();
            try {
                encryptMethod = FuzzyReflection.fromClass(networkManagerClass).getMethodByParameters("a", new Class[]{SecretKey.class});
            } catch (IllegalArgumentException e) {
                encryptMethod = FuzzyReflection.fromClass(networkManagerClass).getMethodByParameters("a", new Class[]{Cipher.class, Cipher.class});
                cipherMethod = FuzzyReflection.fromClass(ENCRYPTION_CLASS).getMethodByParameters("a", new Class[]{Integer.TYPE, Key.class});
            }
        }
        try {
            Object networkManager = getNetworkManager(player);
            if (cipherMethod == null) {
                encryptMethod.invoke(networkManager, secretKey);
            } else {
                encryptMethod.invoke(networkManager, cipherMethod.invoke(null, 2, secretKey), cipherMethod.invoke(null, 1, secretKey));
            }
            return true;
        } catch (Exception e2) {
            kickPlayer("Couldn't enable encryption", player);
            return false;
        }
    }

    private Object getNetworkManager(Player player) throws ClassNotFoundException {
        Object fieldValue = FuzzyReflection.getFieldValue(TemporaryPlayerFactory.getInjectorFromPlayer(player), Class.forName("com.comphenix.protocol.injector.netty.Injector"), true);
        return Accessors.getFieldAccessorOrNull(fieldValue.getClass(), "networkManager", Object.class).get(fieldValue);
    }

    private void kickPlayer(String str, Player player) {
        PacketContainer packetContainer = new PacketContainer(PacketType.Login.Server.DISCONNECT);
        packetContainer.getChatComponents().write(0, WrappedChatComponent.fromText(str));
        ProtocolLibrary.getProtocolManager().sendServerPacket(player, packetContainer);
        player.kickPlayer("Disconnect");
    }

    private String getUsername(PacketContainer packetContainer) {
        WrappedGameProfile wrappedGameProfile = (WrappedGameProfile) packetContainer.getGameProfiles().readSafely(0);
        return wrappedGameProfile == null ? (String) packetContainer.getStrings().read(0) : wrappedGameProfile.getName();
    }

    private boolean verifyNonce(PacketContainer packetContainer, ClientPublicKey clientPublicKey, byte[] bArr) {
        try {
            if (!MinecraftVersion.atOrAbove(new MinecraftVersion(1, 19, 0)) || MinecraftVersion.atOrAbove(new MinecraftVersion(1, 19, 3))) {
                return EncryptionUtil.verifyNonce(bArr, this.keyPair.getPrivate(), (byte[]) packetContainer.getByteArrays().read(1));
            }
            Either either = (Either) packetContainer.getSpecificModifier(Either.class).read(0);
            if (clientPublicKey == null) {
                Optional left = either.left();
                if (left.isEmpty()) {
                    return false;
                }
                return EncryptionUtil.verifyNonce(bArr, this.keyPair.getPrivate(), (byte[]) left.get());
            }
            Optional right = either.right();
            if (right.isEmpty()) {
                return false;
            }
            Object obj = right.get();
            return EncryptionUtil.verifySignedNonce(bArr, clientPublicKey.getKey(), ((Long) FuzzyReflection.getFieldValue(obj, Long.TYPE, true)).longValue(), (byte[]) FuzzyReflection.getFieldValue(obj, byte[].class, true));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            return false;
        }
    }

    static {
        $assertionsDisabled = !PaperListeners.class.desiredAssertionStatus();
        ENCRYPTION_CLASS = MinecraftReflection.getMinecraftClass("util.MinecraftEncryption", new String[]{ENCRYPTION_CLASS_NAME});
    }
}
