package org.geysermc.geyser.util;

import java.security.KeyPair;
import java.security.PublicKey;
import java.util.List;
import java.util.function.BiConsumer;
import net.raphimc.minecraftauth.step.msa.StepMsaDeviceCode;
import org.cloudburstmc.protocol.bedrock.data.auth.AuthPayload;
import org.cloudburstmc.protocol.bedrock.data.auth.CertificateChainPayload;
import org.cloudburstmc.protocol.bedrock.packet.LoginPacket;
import org.cloudburstmc.protocol.bedrock.packet.ServerToClientHandshakePacket;
import org.cloudburstmc.protocol.bedrock.util.ChainValidationResult;
import org.cloudburstmc.protocol.bedrock.util.EncryptionUtils;
import org.geysermc.cumulus.form.ModalForm;
import org.geysermc.cumulus.form.SimpleForm;
import org.geysermc.cumulus.response.SimpleFormResponse;
import org.geysermc.cumulus.response.result.FormResponseResult;
import org.geysermc.cumulus.response.result.ValidFormResponseResult;
import org.geysermc.geyser.GeyserImpl;
import org.geysermc.geyser.session.GeyserSession;
import org.geysermc.geyser.session.auth.AuthData;
import org.geysermc.geyser.session.auth.BedrockClientData;
import org.geysermc.geyser.shaded.com.fasterxml.jackson.databind.DeserializationFeature;
import org.geysermc.geyser.shaded.com.fasterxml.jackson.databind.ObjectMapper;
import org.geysermc.geyser.text.ChatColor;
import org.geysermc.geyser.text.GeyserLocale;

/* loaded from: input_file:org/geysermc/geyser/util/LoginEncryptionUtils.class */
public class LoginEncryptionUtils {
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
    private static boolean HAS_SENT_ENCRYPTION_MESSAGE = false;

    public static void encryptPlayerConnection(GeyserSession geyserSession, LoginPacket loginPacket) {
        encryptConnectionWithCert(geyserSession, loginPacket.getAuthPayload(), loginPacket.getClientJwt());
    }

    private static void encryptConnectionWithCert(GeyserSession geyserSession, AuthPayload authPayload, String str) {
        try {
            GeyserImpl geyser = geyserSession.getGeyser();
            ChainValidationResult validatePayload = EncryptionUtils.validatePayload(authPayload);
            geyser.getLogger().debug(String.format("Is player data signed? %s", Boolean.valueOf(validatePayload.signed())));
            if (!validatePayload.signed() && !geyserSession.getGeyser().getConfig().isEnableProxyConnections()) {
                geyserSession.disconnect(GeyserLocale.getLocaleStringLog("geyser.network.remote.invalid_xbox_account"));
                return;
            }
            ChainValidationResult.IdentityData identityData = validatePayload.identityClaims().extraData;
            geyserSession.setAuthData(new AuthData(identityData.displayName, identityData.identity, identityData.xuid));
            if (authPayload instanceof CertificateChainPayload) {
                geyserSession.setCertChainData(((CertificateChainPayload) authPayload).getChain());
            } else {
                GeyserImpl.getInstance().getLogger().warning("Received new auth payload!");
                geyserSession.setCertChainData(List.of());
            }
            PublicKey parsedIdentityPublicKey = validatePayload.identityClaims().parsedIdentityPublicKey();
            byte[] verifyClientData = EncryptionUtils.verifyClientData(str, parsedIdentityPublicKey);
            if (verifyClientData == null) {
                throw new IllegalStateException("Client data isn't signed by the given chain data");
            }
            BedrockClientData bedrockClientData = (BedrockClientData) JSON_MAPPER.convertValue(JSON_MAPPER.readTree(verifyClientData), BedrockClientData.class);
            bedrockClientData.setOriginalString(str);
            geyserSession.setClientData(bedrockClientData);
            try {
                startEncryptionHandshake(geyserSession, parsedIdentityPublicKey);
            } catch (Throwable th) {
                if (geyser.getConfig().isDebugMode()) {
                    th.printStackTrace();
                }
                sendEncryptionFailedMessage(geyser);
            }
        } catch (Exception e) {
            geyserSession.disconnect("disconnectionScreen.internalError.cantConnect");
            throw new RuntimeException("Unable to complete login", e);
        }
    }

    private static void startEncryptionHandshake(GeyserSession geyserSession, PublicKey publicKey) throws Exception {
        KeyPair createKeyPair = EncryptionUtils.createKeyPair();
        byte[] generateRandomToken = EncryptionUtils.generateRandomToken();
        ServerToClientHandshakePacket serverToClientHandshakePacket = new ServerToClientHandshakePacket();
        serverToClientHandshakePacket.setJwt(EncryptionUtils.createHandshakeJwt(createKeyPair, generateRandomToken));
        geyserSession.sendUpstreamPacketImmediately(serverToClientHandshakePacket);
        geyserSession.getUpstream().getSession().enableEncryption(EncryptionUtils.getSecretKey(createKeyPair.getPrivate(), publicKey, generateRandomToken));
    }

    private static void sendEncryptionFailedMessage(GeyserImpl geyserImpl) {
        if (HAS_SENT_ENCRYPTION_MESSAGE) {
            return;
        }
        geyserImpl.getLogger().warning(GeyserLocale.getLocaleStringLog("geyser.network.encryption.line_1"));
        geyserImpl.getLogger().warning(GeyserLocale.getLocaleStringLog("geyser.network.encryption.line_2", "https://geysermc.org/supported_java"));
        HAS_SENT_ENCRYPTION_MESSAGE = true;
    }

    public static void buildAndShowLoginWindow(GeyserSession geyserSession) {
        if (geyserSession.isLoggedIn()) {
            return;
        }
        geyserSession.setDaylightCycle(false);
        geyserSession.sendForm(SimpleForm.builder().translator(GeyserLocale::getPlayerLocaleString, geyserSession.locale()).title("geyser.auth.login.form.notice.title").content("geyser.auth.login.form.notice.desc").button("geyser.auth.login.form.notice.btn_login.microsoft").button("geyser.auth.login.form.notice.btn_disconnect").closedOrInvalidResultHandler(() -> {
            buildAndShowLoginWindow(geyserSession);
        }).validResultHandler(simpleFormResponse -> {
            if (simpleFormResponse.clickedButtonId() == 0) {
                geyserSession.authenticateWithMicrosoftCode();
            } else {
                geyserSession.disconnect(GeyserLocale.getPlayerLocaleString("geyser.auth.login.form.disconnect", geyserSession.locale()));
            }
        }));
    }

    public static void buildAndShowConsentWindow(GeyserSession geyserSession) {
        geyserSession.sendForm(SimpleForm.builder().translator(LoginEncryptionUtils::translate, geyserSession.locale()).title("%gui.signIn").content("geyser.auth.login.save_token.warning\n\ngeyser.auth.login.save_token.proceed").button("%gui.ok").button("%gui.decline").resultHandler(authenticateOrKickHandler(geyserSession)));
    }

    public static void buildAndShowTokenExpiredWindow(GeyserSession geyserSession) {
        geyserSession.sendForm(SimpleForm.builder().translator(LoginEncryptionUtils::translate, geyserSession.locale()).title("geyser.auth.login.form.expired").content("geyser.auth.login.save_token.expired\n\ngeyser.auth.login.save_token.proceed").button("%gui.ok").resultHandler(authenticateOrKickHandler(geyserSession)));
    }

    private static BiConsumer<SimpleForm, FormResponseResult<SimpleFormResponse>> authenticateOrKickHandler(GeyserSession geyserSession) {
        return (simpleForm, formResponseResult) -> {
            if ((formResponseResult instanceof ValidFormResponseResult) && ((SimpleFormResponse) ((ValidFormResponseResult) formResponseResult).response()).clickedButtonId() == 0) {
                geyserSession.authenticateWithMicrosoftCode(true);
            } else {
                geyserSession.disconnect("%disconnect.quitting");
            }
        };
    }

    public static void buildAndShowMicrosoftCodeWindow(GeyserSession geyserSession, StepMsaDeviceCode.MsaDeviceCode msaDeviceCode) {
        String locale = geyserSession.locale();
        StringBuilder append = new StringBuilder("%xbox.signin.website\n").append(ChatColor.AQUA).append("%xbox.signin.url").append(ChatColor.RESET).append("\n%xbox.signin.enterCode\n").append(ChatColor.GREEN).append(msaDeviceCode.getUserCode());
        int pendingAuthenticationTimeout = geyserSession.getGeyser().getConfig().getPendingAuthenticationTimeout();
        if (pendingAuthenticationTimeout != 0) {
            append.append("\n\n").append(ChatColor.RESET).append(GeyserLocale.getPlayerLocaleString("geyser.auth.login.timeout", geyserSession.locale(), String.valueOf(pendingAuthenticationTimeout)));
        }
        geyserSession.sendForm(ModalForm.builder().title("%xbox.signin").content(append.toString()).button1("%gui.done").button2("%menu.disconnect").closedOrInvalidResultHandler(() -> {
            buildAndShowLoginWindow(geyserSession);
        }).validResultHandler(modalFormResponse -> {
            if (modalFormResponse.clickedButtonId() == 1) {
                geyserSession.disconnect(GeyserLocale.getPlayerLocaleString("geyser.auth.login.form.disconnect", locale));
            }
        }));
    }

    private static String translate(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= str.length()) {
                return sb.toString();
            }
            int indexOf = str.indexOf(10, i2);
            int length = indexOf == -1 ? str.length() : indexOf;
            if (length - i2 > 1) {
                String substring = str.substring(i2, length);
                if (str.charAt(i2) != '%') {
                    sb.append(GeyserLocale.getPlayerLocaleString(substring, str2));
                } else {
                    sb.append(substring);
                }
            }
            sb.append('\n');
            i = length + 1;
        }
    }
}
