package org.cloudburstmc.protocol.bedrock.util;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.HashUtil;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:META-INF/jars/bedrock-connection-3.0.0.Beta3-20240819.124045-12.jar:org/cloudburstmc/protocol/bedrock/util/EncryptionUtils.class */
public final class EncryptionUtils {
    private static final ECPublicKey MOJANG_PUBLIC_KEY;
    private static final String MOJANG_PUBLIC_KEY_BASE64 = "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAECRXueJeTDqNRRgJi/vlRufByu/2G0i2Ebt6YMar5QX/R0DIIyrJMcUpruK4QveTfJSTp3Shlq4Gk34cD/4GUWwkv0DVuzeuB+tXija7HBxii03NHDbPAD0AKnLr2wdAp";
    private static final KeyPairGenerator KEY_PAIR_GEN;
    public static final String ALGORITHM_TYPE = "ES384";
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final AlgorithmConstraints ALGORITHM_CONSTRAINTS = new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.PERMIT, "ES384");

    public static ECPublicKey parseKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
    }

    public static KeyPair createKeyPair() {
        return KEY_PAIR_GEN.generateKeyPair();
    }

    public static byte[] verifyClientData(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException, JoseException {
        return verifyClientData(str, parseKey(str2));
    }

    public static byte[] verifyClientData(String str, PublicKey publicKey) throws JoseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setCompactSerialization(str);
        jsonWebSignature.setKey(publicKey);
        if (jsonWebSignature.verifySignature()) {
            return jsonWebSignature.getUnverifiedPayloadBytes();
        }
        return null;
    }

    public static ChainValidationResult validateChain(List<String> list) throws JoseException, NoSuchAlgorithmException, InvalidKeySpecException {
        switch (list.size()) {
            case 1:
                JsonWebSignature jsonWebSignature = new JsonWebSignature();
                jsonWebSignature.setCompactSerialization(list.get(0));
                return new ChainValidationResult(false, jsonWebSignature.getUnverifiedPayload());
            case 3:
                ECPublicKey eCPublicKey = null;
                Map<String, Object> map = null;
                for (int i = 0; i < 3; i++) {
                    JsonWebSignature jsonWebSignature2 = new JsonWebSignature();
                    jsonWebSignature2.setCompactSerialization(list.get(i));
                    ECPublicKey parseKey = parseKey(jsonWebSignature2.getHeader("x5u"));
                    if (eCPublicKey == null) {
                        eCPublicKey = parseKey;
                    } else if (!eCPublicKey.equals(parseKey)) {
                        throw new IllegalStateException("Received broken chain");
                    }
                    jsonWebSignature2.setAlgorithmConstraints(ALGORITHM_CONSTRAINTS);
                    jsonWebSignature2.setKey(eCPublicKey);
                    if (!jsonWebSignature2.verifySignature()) {
                        throw new IllegalStateException("Chain signature doesn't match content");
                    }
                    if (i == 1 && !eCPublicKey.equals(MOJANG_PUBLIC_KEY)) {
                        throw new IllegalStateException("The chain isn't signed by Mojang!");
                    }
                    map = JsonUtil.parseJson(jsonWebSignature2.getUnverifiedPayload());
                    eCPublicKey = parseKey((String) JsonUtils.childAsType(map, "identityPublicKey", String.class));
                }
                return new ChainValidationResult(true, map);
            default:
                throw new IllegalStateException("Unexpected login chain length");
        }
    }

    public static SecretKey getSecretKey(PrivateKey privateKey, PublicKey publicKey, byte[] bArr) throws InvalidKeyException {
        byte[] ecdhSecret = getEcdhSecret(privateKey, publicKey);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(HashUtil.SHA_256);
            messageDigest.update(bArr);
            messageDigest.update(ecdhSecret);
            return new SecretKeySpec(messageDigest.digest(), AesKey.ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private static byte[] getEcdhSecret(PrivateKey privateKey, PublicKey publicKey) throws InvalidKeyException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return keyAgreement.generateSecret();
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static String createHandshakeJwt(KeyPair keyPair, byte[] bArr) throws JoseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setAlgorithmHeaderValue("ES384");
        jsonWebSignature.setHeader("x5u", Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
        jsonWebSignature.setKey(keyPair.getPrivate());
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setClaim("salt", Base64.getEncoder().encodeToString(bArr));
        jsonWebSignature.setPayload(jwtClaims.toJson());
        return jsonWebSignature.getCompactSerialization();
    }

    public static byte[] generateRandomToken() {
        byte[] bArr = new byte[16];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    public static ECPublicKey getMojangPublicKey() {
        return MOJANG_PUBLIC_KEY;
    }

    public static Cipher createCipher(boolean z, boolean z2, SecretKey secretKey) {
        byte[] copyOf;
        String str;
        try {
            if (z) {
                copyOf = new byte[16];
                System.arraycopy(secretKey.getEncoded(), 0, copyOf, 0, 12);
                copyOf[15] = 2;
                str = "AES/CTR/NoPadding";
            } else {
                copyOf = Arrays.copyOf(secretKey.getEncoded(), 16);
                str = "AES/CFB8/NoPadding";
            }
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(z2 ? 1 : 2, secretKey, new IvParameterSpec(copyOf));
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new AssertionError("Unable to initialize required encryption", e);
        }
    }

    private EncryptionUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }

    static {
        String property = System.getProperty("jdk.tls.namedGroups");
        System.setProperty("jdk.tls.namedGroups", (property == null || property.isEmpty()) ? "secp384r1" : ", secp384r1");
        try {
            KEY_PAIR_GEN = KeyPairGenerator.getInstance("EC");
            KEY_PAIR_GEN.initialize(new ECGenParameterSpec("secp384r1"));
            MOJANG_PUBLIC_KEY = parseKey(MOJANG_PUBLIC_KEY_BASE64);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new AssertionError("Unable to initialize required encryption", e);
        }
    }
}
