package eu.locklogin.plugin.bukkit.premium.mojang;

import com.google.common.hash.Hasher;
import com.google.common.hash.Hashing;
import com.google.common.io.Resources;
import com.google.common.primitives.Longs;
import eu.locklogin.api.encryption.libraries.argon.Constants;
import eu.locklogin.plugin.bukkit.LockLogin;
import eu.locklogin.plugin.bukkit.Main;
import eu.locklogin.plugin.bukkit.premium.mojang.client.ClientKey;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.util.Arrays;
import java.util.Base64;
import java.util.Random;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import ml.karmaconfigs.api.common.utils.enums.Level;

/* loaded from: input_file:eu/locklogin/plugin/bukkit/premium/mojang/MojangEncryption.class */
public final class MojangEncryption {
    private static final PublicKey MOJANG_KEY;
    private static boolean warned = false;
    private static boolean shared_warned = false;
    private static boolean valid_warned = false;
    private static boolean nonce_warned = false;
    private static boolean signed_nonce_warned = false;
    private static final Base64.Encoder ENCODER = Base64.getMimeEncoder(76, new byte[]{10});

    public static KeyPair generatePair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(Constants.ARGON2_BLOCK_SIZE);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            if (!warned) {
                warned = true;
                LockLogin.plugin.console().send("An unexpected exception has raised to the java vm. It seems that your computer is not compatible with the RSA hashing algorithm. We won't be able to perform advanced security operations on your server", Level.GRAVE);
            }
            LockLogin.plugin.logger().scheduleLog(Level.GRAVE, e);
            LockLogin.plugin.logger().scheduleLog(Level.INFO, "Failed to generate keypair", new Object[0]);
            return null;
        }
    }

    public static byte[] generateVerifyToken(Random random) {
        byte[] bArr = new byte[4];
        random.nextBytes(bArr);
        return bArr;
    }

    public static String getServerId(String str, SecretKey secretKey, PublicKey publicKey) {
        Hasher newHasher = Hashing.sha1().newHasher();
        newHasher.putBytes(str.getBytes(StandardCharsets.UTF_8));
        newHasher.putBytes(secretKey.getEncoded());
        newHasher.putBytes(publicKey.getEncoded());
        return new BigInteger(newHasher.hash().asBytes()).toString(16);
    }

    public static SecretKey getShared(PrivateKey privateKey, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
            cipher.init(2, privateKey);
            return new SecretKeySpec(cipher.doFinal(bArr), "AES");
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            if (!shared_warned) {
                shared_warned = true;
                LockLogin.plugin.console().send("It seems that your server is not compatible with client encoding ({0}) or AES. Don't expect premium support", Level.WARNING, new Object[]{privateKey.getAlgorithm()});
            }
            LockLogin.plugin.logger().scheduleLog(Level.GRAVE, e);
            LockLogin.plugin.logger().scheduleLog(Level.INFO, "Failed to decrypt shared key", new Object[0]);
            return null;
        }
    }

    public static boolean isValidClient(ClientKey clientKey, Instant instant, UUID uuid) {
        byte[] array;
        if (clientKey.isExpired(instant) || MOJANG_KEY == null) {
            return false;
        }
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(MOJANG_KEY);
            if (uuid == null) {
                array = (clientKey.expiration().toEpochMilli() + "-----BEGIN RSA PUBLIC KEY-----\n" + ENCODER.encodeToString(clientKey.key().getEncoded()) + "\n-----END RSA PUBLIC KEY-----\n").getBytes(StandardCharsets.US_ASCII);
            } else {
                byte[] encoded = clientKey.key().getEncoded();
                array = ByteBuffer.allocate(encoded.length + 24).putLong(uuid.getMostSignificantBits()).putLong(uuid.getLeastSignificantBits()).put(encoded).array();
            }
            signature.update(array);
            return signature.verify(clientKey.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            if (!valid_warned) {
                valid_warned = true;
                LockLogin.plugin.console().send("Unfortunately, it seems that your server/vm is not compatible with the hash SHA1withRSA. Don't expect premium support", Level.WARNING);
            }
            LockLogin.plugin.logger().scheduleLog(Level.GRAVE, e);
            LockLogin.plugin.logger().scheduleLog(Level.INFO, "Failed to validate client", new Object[0]);
            return false;
        }
    }

    public static boolean verifyIntegrity(byte[] bArr, PrivateKey privateKey, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
            cipher.init(2, privateKey);
            return Arrays.equals(bArr, cipher.doFinal(bArr2));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            if (!nonce_warned) {
                nonce_warned = true;
                LockLogin.plugin.console().send("It seems that your server is not compatible with {0} hash. Don't expect premium support", Level.GRAVE, new Object[]{privateKey.getAlgorithm()});
            }
            LockLogin.plugin.logger().scheduleLog(Level.GRAVE, e);
            LockLogin.plugin.logger().scheduleLog(Level.INFO, "Failed to verify integrity of a message", new Object[0]);
            return false;
        }
    }

    public static boolean verifyClientIntegrity(byte[] bArr, PublicKey publicKey, long j, byte[] bArr2) {
        try {
            Signature signature = Signature.getInstance("SHA256WithRSA");
            signature.initVerify(publicKey);
            signature.update(bArr);
            signature.update(Longs.toByteArray(j));
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            if (!signed_nonce_warned) {
                signed_nonce_warned = true;
                LockLogin.plugin.console().send("It seems that your server is not compatible with SHA256WithRSA. Don't expect premium support", Level.GRAVE);
            }
            LockLogin.plugin.logger().scheduleLog(Level.GRAVE, e);
            LockLogin.plugin.logger().scheduleLog(Level.INFO, "Failed to verify integrity of a signed message", new Object[0]);
            return false;
        }
    }

    static {
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Resources.toByteArray(Main.class.getClassLoader().getResource("yggdrasil_session_pubkey.der"))));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LockLogin.plugin.console().send("LockLogin tried to load the mojang session key but failed. Don't expect premium support", Level.GRAVE);
            LockLogin.plugin.logger().scheduleLog(Level.GRAVE, e);
            LockLogin.plugin.logger().scheduleLog(Level.INFO, "Failed to load mojang session key", new Object[0]);
        }
        MOJANG_KEY = publicKey;
    }
}
