package net.md_5.bungee;

import com.google.common.io.ByteStreams;
import com.google.common.primitives.Longs;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Random;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.md_5.bungee.jni.NativeCode;
import net.md_5.bungee.jni.cipher.BungeeCipher;
import net.md_5.bungee.jni.cipher.JavaCipher;
import net.md_5.bungee.jni.cipher.NativeCipher;
import net.md_5.bungee.protocol.PlayerPublicKey;
import net.md_5.bungee.protocol.packet.EncryptionRequest;
import net.md_5.bungee.protocol.packet.EncryptionResponse;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:net/md_5/bungee/EncryptionUtil.class */
public class EncryptionUtil {
    public static final KeyPair keys;
    private static final PublicKey MOJANG_KEY;
    private static final Random random = new Random();
    private static final Base64.Encoder MIME_ENCODER = Base64.getMimeEncoder(76, StringUtils.LF.getBytes(StandardCharsets.UTF_8));
    public static final NativeCode<BungeeCipher> nativeFactory = new NativeCode<>("native-cipher", JavaCipher::new, NativeCipher::new);

    public static EncryptionRequest encryptRequest() {
        String l = Long.toString(random.nextLong(), 16);
        byte[] encoded = keys.getPublic().getEncoded();
        byte[] bArr = new byte[4];
        random.nextBytes(bArr);
        return new EncryptionRequest(l, encoded, bArr, true);
    }

    public static boolean check(PlayerPublicKey playerPublicKey, UUID uuid) throws GeneralSecurityException {
        byte[] bytes;
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initVerify(MOJANG_KEY);
        if (uuid != null) {
            byte[] encoded = getPubkey(playerPublicKey.getKey()).getEncoded();
            bytes = new byte[24 + encoded.length];
            ByteBuffer.wrap(bytes).order(ByteOrder.BIG_ENDIAN).putLong(uuid.getMostSignificantBits()).putLong(uuid.getLeastSignificantBits()).putLong(playerPublicKey.getExpiry()).put(encoded);
        } else {
            bytes = (playerPublicKey.getExpiry() + "-----BEGIN RSA PUBLIC KEY-----\n" + MIME_ENCODER.encodeToString(getPubkey(playerPublicKey.getKey()).getEncoded()) + "\n-----END RSA PUBLIC KEY-----\n").getBytes(StandardCharsets.US_ASCII);
        }
        signature.update(bytes);
        return signature.verify(playerPublicKey.getSignature());
    }

    public static boolean check(PlayerPublicKey playerPublicKey, EncryptionResponse encryptionResponse, EncryptionRequest encryptionRequest) throws GeneralSecurityException {
        if (playerPublicKey == null) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, keys.getPrivate());
            return MessageDigest.isEqual(encryptionRequest.getVerifyToken(), cipher.doFinal(encryptionResponse.getVerifyToken()));
        }
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initVerify(getPubkey(playerPublicKey.getKey()));
        signature.update(encryptionRequest.getVerifyToken());
        signature.update(Longs.toByteArray(encryptionResponse.getEncryptionData().getSalt()));
        return signature.verify(encryptionResponse.getEncryptionData().getSignature());
    }

    public static SecretKey getSecret(EncryptionResponse encryptionResponse, EncryptionRequest encryptionRequest) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, keys.getPrivate());
        return new SecretKeySpec(cipher.doFinal(encryptionResponse.getSharedSecret()), "AES");
    }

    public static BungeeCipher getCipher(boolean z, SecretKey secretKey) throws GeneralSecurityException {
        BungeeCipher newInstance = nativeFactory.newInstance();
        newInstance.init(z, secretKey);
        return newInstance;
    }

    public static PublicKey getPubkey(EncryptionRequest encryptionRequest) throws GeneralSecurityException {
        return getPubkey(encryptionRequest.getPublicKey());
    }

    private static PublicKey getPubkey(byte[] bArr) throws GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static byte[] encrypt(Key key, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, key);
        return cipher.doFinal(bArr);
    }

    static {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            keys = keyPairGenerator.generateKeyPair();
            try {
                MOJANG_KEY = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(ByteStreams.toByteArray(EncryptionUtil.class.getResourceAsStream("/yggdrasil_session_pubkey.der"))));
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new ExceptionInInitializerError(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new ExceptionInInitializerError(e2);
        }
    }
}
