package com.nukkitx.protocol.bedrock.util;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nukkitx.natives.aes.AesFactory;
import com.nukkitx.natives.util.Natives;
import com.nukkitx.network.util.Preconditions;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import net.minidev.json.JSONValue;

/* loaded from: input_file:com/nukkitx/protocol/bedrock/util/EncryptionUtils.class */
public final class EncryptionUtils {
    private static final AesFactory AES_FACTORY;
    private static final ECPublicKey MOJANG_PUBLIC_KEY;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final String MOJANG_PUBLIC_KEY_BASE64 = "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8ELkixyLcwlZryUQcu1TvPOmI2B7vX83ndnWRUaXm74wFfa5f/lwQNTfrLVHa2PmenpGI6JhIMUJaWZrjmMj90NoKNFSNBuKdm8rYiXsfaz3K36x/1U26HpG0ZxK/V1V";
    private static final KeyPairGenerator KEY_PAIR_GEN;
    private static final int AES_BLOCK_SIZE = 16;
    private static final Method GCM_GET_J0;
    private static final Method GCM_INCREMENT_32;
    private static final Constructor<?> AES_CONSTRUCTOR;
    private static final Method AES_INIT;
    private static final Method AES_ENCRYPT_BLOCK;

    public static ECPublicKey generateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
    }

    public static KeyPair createKeyPair() {
        return KEY_PAIR_GEN.generateKeyPair();
    }

    public static void signJwt(JWSObject jWSObject, ECPrivateKey eCPrivateKey) throws JOSEException {
        jWSObject.sign(new ECDSASigner(eCPrivateKey, Curve.P_384));
    }

    public static boolean verifyJwt(JWSObject jWSObject, ECPublicKey eCPublicKey) throws JOSEException {
        return jWSObject.verify(new ECDSAVerifier(eCPublicKey));
    }

    public static boolean verifyChain(JSONArray jSONArray) throws JOSEException, ParseException, InvalidKeySpecException, NoSuchAlgorithmException {
        ECPublicKey eCPublicKey = null;
        boolean z = false;
        Iterator it = jSONArray.iterator();
        while (it.hasNext()) {
            Object next = it.next();
            Preconditions.checkArgument(next instanceof String, "Chain node is not a string");
            JWSObject parse = JWSObject.parse((String) next);
            z = eCPublicKey == null ? verifyJwt(parse, MOJANG_PUBLIC_KEY) : verifyJwt(parse, eCPublicKey);
            if (!z) {
                break;
            }
            Object parse2 = JSONValue.parse(parse.getPayload().toString());
            Preconditions.checkArgument(parse2 instanceof JSONObject, "Payload is not a object");
            Object obj = ((JSONObject) parse2).get("identityPublicKey");
            Preconditions.checkArgument(obj instanceof String, "identityPublicKey node is missing in chain");
            eCPublicKey = generateKey((String) obj);
        }
        return z;
    }

    public static SecretKey getSecretKey(PrivateKey privateKey, PublicKey publicKey, byte[] bArr) throws InvalidKeyException {
        byte[] ecdhSecret = getEcdhSecret(privateKey, publicKey);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            messageDigest.update(ecdhSecret);
            return new SecretKeySpec(messageDigest.digest(), "AES");
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private static byte[] getEcdhSecret(PrivateKey privateKey, PublicKey publicKey) throws InvalidKeyException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return keyAgreement.generateSecret();
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static JWSObject createHandshakeJwt(KeyPair keyPair, byte[] bArr) throws JOSEException {
        URI create = URI.create(Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.ES384).x509CertURL(create).build(), new JWTClaimsSet.Builder().claim("salt", Base64.getEncoder().encodeToString(bArr)).build());
        signJwt(signedJWT, (ECPrivateKey) keyPair.getPrivate());
        return signedJWT;
    }

    public static byte[] generateRandomToken() {
        byte[] bArr = new byte[AES_BLOCK_SIZE];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    public static boolean canUseEncryption() {
        return AES_FACTORY != null;
    }

    public static ECPublicKey getMojangPublicKey() {
        return MOJANG_PUBLIC_KEY;
    }

    public static Cipher createCipher(boolean z, boolean z2, SecretKey secretKey) {
        byte[] copyOf;
        String str;
        try {
            if (z) {
                copyOf = getGcmIv(getSubKey(secretKey.getEncoded()), Arrays.copyOf(secretKey.getEncoded(), 12));
                str = "AES/CTR/NoPadding";
            } else {
                copyOf = Arrays.copyOf(secretKey.getEncoded(), AES_BLOCK_SIZE);
                str = "AES/CFB8/NoPadding";
            }
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(z2 ? 1 : 2, secretKey, new IvParameterSpec(copyOf));
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new AssertionError("Unable to initialize required encryption", e);
        }
    }

    private static byte[] getSubKey(byte[] bArr) {
        try {
            Object newInstance = AES_CONSTRUCTOR.newInstance(new Object[0]);
            AES_INIT.invoke(newInstance, false, "AES", bArr);
            byte[] bArr2 = new byte[AES_BLOCK_SIZE];
            AES_ENCRYPT_BLOCK.invoke(newInstance, new byte[AES_BLOCK_SIZE], 0, bArr2, 0);
            return bArr2;
        } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
            throw new AssertionError(e);
        }
    }

    private static byte[] getGcmIv(byte[] bArr, byte[] bArr2) {
        try {
            byte[] bArr3 = (byte[]) GCM_GET_J0.invoke(null, bArr2, bArr);
            GCM_INCREMENT_32.invoke(null, bArr3);
            return bArr3;
        } catch (IllegalAccessException | InvocationTargetException e) {
            throw new AssertionError(e);
        }
    }

    private EncryptionUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }

    static {
        AesFactory aesFactory;
        String property = System.getProperty("jdk.tls.namedGroups");
        System.setProperty("jdk.tls.namedGroups", (property == null || property.isEmpty()) ? "secp384r1" : ", secp384r1");
        try {
            aesFactory = (AesFactory) Natives.AES_CFB8.get();
        } catch (IllegalStateException | NullPointerException e) {
            aesFactory = null;
        }
        AES_FACTORY = aesFactory;
        try {
            KEY_PAIR_GEN = KeyPairGenerator.getInstance("EC");
            KEY_PAIR_GEN.initialize(new ECGenParameterSpec("secp384r1"));
            MOJANG_PUBLIC_KEY = generateKey(MOJANG_PUBLIC_KEY_BASE64);
            try {
                Class<?> cls = Class.forName("com.sun.crypto.provider.GaloisCounterMode");
                GCM_GET_J0 = cls.getDeclaredMethod("getJ0", byte[].class, byte[].class);
                GCM_GET_J0.setAccessible(true);
                GCM_INCREMENT_32 = cls.getDeclaredMethod("increment32", byte[].class);
                GCM_INCREMENT_32.setAccessible(true);
                Class<?> cls2 = Class.forName("com.sun.crypto.provider.AESCrypt");
                AES_CONSTRUCTOR = cls2.getDeclaredConstructor(new Class[0]);
                AES_CONSTRUCTOR.setAccessible(true);
                AES_INIT = cls2.getDeclaredMethod("init", Boolean.TYPE, String.class, byte[].class);
                AES_INIT.setAccessible(true);
                AES_ENCRYPT_BLOCK = cls2.getDeclaredMethod("encryptBlock", byte[].class, Integer.TYPE, byte[].class, Integer.TYPE);
                AES_ENCRYPT_BLOCK.setAccessible(true);
            } catch (ClassNotFoundException | NoSuchMethodException e2) {
                throw new AssertionError(e2);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | InvalidKeySpecException e3) {
            throw new AssertionError("Unable to initialize required encryption", e3);
        }
    }
}
