package org.nrnr.neverdies.api.account.msa;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.mojang.util.UndashedUuid;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpServer;
import java.awt.Desktop;
import java.awt.Toolkit;
import java.awt.datatransfer.ClipboardOwner;
import java.awt.datatransfer.StringSelection;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.StringJoiner;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import net.minecraft.class_320;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.nrnr.neverdies.Neverdies;
import org.nrnr.neverdies.api.account.msa.callback.BrowserLoginCallback;
import org.nrnr.neverdies.api.account.msa.exception.MSAAuthException;
import org.nrnr.neverdies.api.account.msa.model.MinecraftProfile;
import org.nrnr.neverdies.api.account.msa.model.OAuthResult;
import org.nrnr.neverdies.api.account.msa.model.XboxLiveData;
import org.nrnr.neverdies.api.account.msa.security.PKCEData;

/* loaded from: input_file:org/nrnr/neverdies/api/account/msa/MSAAuthenticator.class */
public final class MSAAuthenticator {
    private static final String CLIENT_ID = "d1bbd256-3323-4ab7-940e-e8a952ebdb83";
    private static final int PORT = 6969;
    private static final String REAL_USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0";
    private static final String OAUTH_AUTH_DESKTOP_URL = "https://login.live.com/oauth20_authorize.srf?client_id=000000004C12AE6F&redirect_uri=https://login.live.com/oauth20_desktop.srf&scope=service::user.auth.xboxlive.com::MBI_SSL&display=touch&response_type=token&locale=en";
    private static final String OAUTH_AUTHORIZE_URL = "https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=%s&redirect_uri=http://localhost:%s/login&code_challenge=%s&code_challenge_method=S256&scope=XboxLive.signin+offline_access&state=NOT_NEEDED&prompt=select_account";
    private static final String OAUTH_TOKEN_URL = "https://login.live.com/oauth20_token.srf";
    private static final String XBOX_LIVE_AUTH_URL = "https://user.auth.xboxlive.com/user/authenticate";
    private static final String XBOX_XSTS_AUTH_URL = "https://xsts.auth.xboxlive.com/xsts/authorize";
    private static final String LOGIN_WITH_XBOX_URL = "https://api.minecraftservices.com/authentication/login_with_xbox";
    private static final String MINECRAFT_PROFILE_URL = "https://api.minecraftservices.com/minecraft/profile";
    private HttpServer localServer;
    private String loginStage = "";
    private boolean serverOpen;
    private PKCEData pkceData;
    private static final Logger LOGGER = LogManager.getLogger("MSA-Authenticator");
    private static final CloseableHttpClient HTTP_CLIENT = HttpClientBuilder.create().setRedirectStrategy(new LaxRedirectStrategy()).disableAuthCaching().disableCookieManagement().disableDefaultUserAgent().build();
    private static final Pattern SFTT_TAG_PATTERN = Pattern.compile("value=\"(.+?)\"");
    private static final Pattern POST_URL_PATTERN = Pattern.compile("urlPost:'(.+?)'");

    public class_320 loginWithCredentials(String str, String str2) throws MSAAuthException {
        OAuthResult oAuth = getOAuth();
        if (oAuth.getPostUrl() == null || oAuth.getSfttTag() == null) {
            throw new MSAAuthException("Failed to retrieve SFTT tag & Post URL");
        }
        return loginWithToken(getOAuthLoginData(oAuth, str, str2), false);
    }

    public void loginWithBrowser(BrowserLoginCallback browserLoginCallback) throws IOException, URISyntaxException, MSAAuthException {
        if (!this.serverOpen || this.localServer == null) {
            this.localServer = HttpServer.create();
            this.localServer.createContext("/login", httpExchange -> {
                setLoginStage("Parsing access token from response");
                Map<String, String> parseQueryString = parseQueryString(httpExchange.getRequestURI().getQuery());
                if (parseQueryString.containsKey("error")) {
                    String str = parseQueryString.get("error_description");
                    if (str != null && !str.isEmpty()) {
                        LOGGER.error("Failed to get token from browser login: {}", str);
                        writeToWebpage("Failed to get token: " + str, httpExchange);
                        setLoginStage(str);
                    }
                } else {
                    String str2 = parseQueryString.get("code");
                    if (str2 != null) {
                        browserLoginCallback.callback(str2);
                        writeToWebpage("Successfully got code. You may now close this window", httpExchange);
                    } else {
                        writeToWebpage("Failed to get code. Please try again.", httpExchange);
                    }
                }
                this.serverOpen = false;
                this.localServer.stop(0);
            });
        }
        this.pkceData = generateKeys();
        if (this.pkceData == null) {
            throw new MSAAuthException("Failed to generate PKCE keys");
        }
        String format = String.format(OAUTH_AUTHORIZE_URL, CLIENT_ID, Integer.valueOf(PORT), this.pkceData.challenge());
        if (Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
            Desktop.getDesktop().browse(new URI(format));
            setLoginStage("Waiting user response...");
        } else {
            Toolkit.getDefaultToolkit().getSystemClipboard().setContents(new StringSelection(format), (ClipboardOwner) null);
            LOGGER.warn("BROWSE action not supported on Desktop Environment, copied to clipboard instead.");
            setLoginStage("Link copied to clipboard!");
        }
        if (this.serverOpen) {
            return;
        }
        this.localServer.bind(new InetSocketAddress(PORT), 1);
        this.localServer.start();
        this.serverOpen = true;
    }

    public class_320 loginWithToken(String str, boolean z) throws MSAAuthException {
        setLoginStage("Logging in with Xbox Live...");
        XboxLiveData authWithXboxLive = authWithXboxLive(str, z);
        requestTokenFromXboxLive(authWithXboxLive);
        String loginWithXboxLive = loginWithXboxLive(authWithXboxLive);
        setLoginStage("Fetching MC profile...");
        MinecraftProfile fetchMinecraftProfile = fetchMinecraftProfile(loginWithXboxLive);
        this.pkceData = null;
        return new class_320(fetchMinecraftProfile.username(), UndashedUuid.fromStringLenient(fetchMinecraftProfile.id()), loginWithXboxLive, Optional.empty(), Optional.empty(), class_320.class_321.field_34962);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v1, types: [java.lang.String[], java.lang.String[][]] */
    public String getLoginToken(String str) throws MSAAuthException {
        HttpPost httpPost = new HttpPost(OAUTH_TOKEN_URL);
        httpPost.setHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.getMimeType());
        httpPost.setHeader("Accept", "application/json");
        httpPost.setHeader("Origin", "http://localhost:6969/");
        httpPost.setEntity(new StringEntity(makeQueryString(new String[]{new String[]{"client_id", CLIENT_ID}, new String[]{"code_verifier", this.pkceData.verifier()}, new String[]{"code", str}, new String[]{"grant_type", "authorization_code"}, new String[]{"redirect_uri", "http://localhost:6969/login"}}), ContentType.create(ContentType.APPLICATION_FORM_URLENCODED.getMimeType(), Charset.defaultCharset())));
        try {
            CloseableHttpResponse execute = HTTP_CLIENT.execute(httpPost);
            try {
                String entityUtils = EntityUtils.toString(execute.getEntity());
                if (entityUtils == null || entityUtils.isEmpty()) {
                    throw new MSAAuthException("Failed to get login token from MSA OAuth");
                }
                JsonObject asJsonObject = JsonParser.parseString(entityUtils).getAsJsonObject();
                if (asJsonObject.has("error")) {
                    throw new MSAAuthException(asJsonObject.get("error").getAsString() + ": " + asJsonObject.get("error_description").getAsString());
                }
                String asString = asJsonObject.get("access_token").getAsString();
                if (execute != null) {
                    execute.close();
                }
                return asString;
            } finally {
            }
        } catch (IOException e) {
            e.printStackTrace();
            throw new MSAAuthException("Failed to get login token");
        }
    }

    private OAuthResult getOAuth() throws MSAAuthException {
        HttpGet httpGet = new HttpGet(OAUTH_AUTH_DESKTOP_URL);
        httpGet.setHeader("User-Agent", REAL_USER_AGENT);
        httpGet.setHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8");
        try {
            CloseableHttpResponse execute = HTTP_CLIENT.execute(httpGet);
            try {
                String entityUtils = EntityUtils.toString(execute.getEntity());
                OAuthResult oAuthResult = new OAuthResult();
                Matcher matcher = SFTT_TAG_PATTERN.matcher(entityUtils);
                if (matcher.find()) {
                    oAuthResult.setSfttTag(matcher.group(1));
                }
                Matcher matcher2 = POST_URL_PATTERN.matcher(entityUtils);
                if (matcher2.find()) {
                    oAuthResult.setPostUrl(matcher2.group(1));
                }
                oAuthResult.setCookie((String) Arrays.asList(execute.getHeaders("Set-Cookie")).stream().map((v0) -> {
                    return v0.getValue();
                }).collect(Collectors.joining(";")));
                if (execute != null) {
                    execute.close();
                }
                return oAuthResult;
            } finally {
            }
        } catch (IOException e) {
            e.printStackTrace();
            throw new MSAAuthException("Failed to login with email & password.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v1, types: [java.lang.String[], java.lang.String[][]] */
    private String getOAuthLoginData(OAuthResult oAuthResult, String str, String str2) throws MSAAuthException {
        CloseableHttpResponse execute;
        List redirectLocations;
        String mimeType = ContentType.APPLICATION_FORM_URLENCODED.getMimeType();
        HttpPost httpPost = new HttpPost(oAuthResult.getPostUrl());
        httpPost.setHeader("Cookie", oAuthResult.getCookie());
        httpPost.setHeader("Content-Type", mimeType);
        String encode = URLEncoder.encode(str);
        httpPost.setEntity(new StringEntity(makeQueryString(new String[]{new String[]{"login", encode}, new String[]{"loginfmt", encode}, new String[]{"passwd", URLEncoder.encode(str2)}, new String[]{"PPFT", oAuthResult.getSfttTag()}}), ContentType.create(mimeType)));
        HttpClientContext create = HttpClientContext.create();
        try {
            execute = HTTP_CLIENT.execute(httpPost, create);
            try {
                redirectLocations = create.getRedirectLocations();
            } finally {
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        if (redirectLocations == null || redirectLocations.isEmpty()) {
            throw new MSAAuthException("Failed to get valid response from Microsoft");
        }
        for (String str3 : ((URI) redirectLocations.get(redirectLocations.size() - 1)).toString().split("#")[1].split("&")) {
            String[] split = str3.split("=");
            if (split[0].equals("access_token")) {
                String str4 = split[1];
                if (execute != null) {
                    execute.close();
                }
                return str4;
            }
        }
        String entityUtils = EntityUtils.toString(execute.getEntity());
        if (entityUtils != null && !entityUtils.isEmpty()) {
            if (entityUtils.contains("Sign in to")) {
                throw new MSAAuthException("The provided credentials were incorrect");
            }
            if (entityUtils.contains("Help us protect your account")) {
                throw new MSAAuthException("2FA has been enabled on this account");
            }
        }
        if (execute != null) {
            execute.close();
        }
        throw new MSAAuthException("Failed to get access token");
    }

    private XboxLiveData authWithXboxLive(String str, boolean z) throws MSAAuthException {
        String makePostRequest = makePostRequest(XBOX_LIVE_AUTH_URL, "{\"Properties\":{\"AuthMethod\":\"RPS\",\"SiteName\":\"user.auth.xboxlive.com\",\"RpsTicket\":\"" + (z ? "d=" : "") + str + "\"},\"RelyingParty\":\"http://auth.xboxlive.com\",\"TokenType\":\"JWT\"}", ContentType.APPLICATION_JSON);
        if (makePostRequest == null || makePostRequest.isEmpty()) {
            throw new MSAAuthException("Failed to authenticate with Xbox Live account");
        }
        JsonObject asJsonObject = JsonParser.parseString(makePostRequest).getAsJsonObject();
        XboxLiveData xboxLiveData = new XboxLiveData();
        xboxLiveData.setToken(asJsonObject.get("Token").getAsString());
        xboxLiveData.setUserHash(asJsonObject.get("DisplayClaims").getAsJsonObject().get("xui").getAsJsonArray().get(0).getAsJsonObject().get("uhs").getAsString());
        return xboxLiveData;
    }

    private void requestTokenFromXboxLive(XboxLiveData xboxLiveData) throws MSAAuthException {
        String makePostRequest = makePostRequest(XBOX_XSTS_AUTH_URL, "{\"Properties\":{\"SandboxId\":\"RETAIL\",\"UserTokens\":[\"" + xboxLiveData.getToken() + "\"]},\"RelyingParty\":\"rp://api.minecraftservices.com/\",\"TokenType\":\"JWT\"}", ContentType.APPLICATION_JSON);
        if (makePostRequest == null || makePostRequest.isEmpty()) {
            return;
        }
        JsonObject asJsonObject = JsonParser.parseString(makePostRequest).getAsJsonObject();
        if (asJsonObject.has("XErr")) {
            throw new MSAAuthException("Xbox Live Error: " + asJsonObject.get("XErr").getAsString());
        }
        xboxLiveData.setToken(asJsonObject.get("Token").getAsString());
    }

    private String loginWithXboxLive(XboxLiveData xboxLiveData) throws MSAAuthException {
        String makePostRequest = makePostRequest(LOGIN_WITH_XBOX_URL, "{\"ensureLegacyEnabled\":true,\"identityToken\":\"XBL3.0 x=" + xboxLiveData.getUserHash() + ";" + xboxLiveData.getToken() + "\"}", ContentType.APPLICATION_JSON);
        if (makePostRequest == null || makePostRequest.isEmpty()) {
            return null;
        }
        JsonObject asJsonObject = JsonParser.parseString(makePostRequest).getAsJsonObject();
        if (asJsonObject.has("errorMessage")) {
            throw new MSAAuthException(asJsonObject.get("errorMessage").getAsString());
        }
        if (asJsonObject.has("access_token")) {
            return asJsonObject.get("access_token").getAsString();
        }
        return null;
    }

    private MinecraftProfile fetchMinecraftProfile(String str) throws MSAAuthException {
        HttpGet httpGet = new HttpGet(MINECRAFT_PROFILE_URL);
        httpGet.setHeader("Accept", ContentType.APPLICATION_JSON.getMimeType());
        httpGet.setHeader("Authorization", "Bearer " + str);
        try {
            CloseableHttpResponse execute = HTTP_CLIENT.execute(httpGet);
            try {
                if (execute.getStatusLine().getStatusCode() != 200) {
                    throw new MSAAuthException("Failed to fetch MC profile: Status code != 200, sc=" + execute.getStatusLine().getStatusCode());
                }
                JsonObject asJsonObject = JsonParser.parseString(EntityUtils.toString(execute.getEntity())).getAsJsonObject();
                if (asJsonObject.has("error")) {
                    throw new MSAAuthException("Failed to fetch MC profile: " + asJsonObject.get("error").getAsString() + " -> " + asJsonObject.get("errorMessage").getAsString());
                }
                MinecraftProfile minecraftProfile = new MinecraftProfile(asJsonObject.get("name").getAsString(), asJsonObject.get("id").getAsString());
                if (execute != null) {
                    execute.close();
                }
                return minecraftProfile;
            } finally {
            }
        } catch (IOException e) {
            throw new MSAAuthException(e.getMessage());
        }
    }

    private String makePostRequest(String str, String str2, ContentType contentType) {
        HttpPost httpPost = new HttpPost(str);
        httpPost.setHeader("Content-Type", contentType.getMimeType());
        httpPost.setHeader("Accept", "application/json");
        httpPost.setEntity(new StringEntity(str2, ContentType.create(contentType.getMimeType(), Charset.defaultCharset())));
        try {
            CloseableHttpResponse execute = HTTP_CLIENT.execute(httpPost);
            try {
                String entityUtils = EntityUtils.toString(execute.getEntity());
                if (execute != null) {
                    execute.close();
                }
                return entityUtils;
            } finally {
            }
        } catch (IOException e) {
            Neverdies.error("Failed to make POST request to {}", str);
            e.printStackTrace();
            return null;
        }
    }

    private void writeToWebpage(String str, HttpExchange httpExchange) throws IOException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        httpExchange.sendResponseHeaders(200, str.length());
        OutputStream responseBody = httpExchange.getResponseBody();
        responseBody.write(bytes, 0, bytes.length);
        responseBody.close();
    }

    private String makeQueryString(String[][] strArr) {
        StringJoiner stringJoiner = new StringJoiner("&");
        for (String[] strArr2 : strArr) {
            stringJoiner.add(strArr2[0] + "=" + strArr2[1]);
        }
        return stringJoiner.toString();
    }

    private Map<String, String> parseQueryString(String str) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            linkedHashMap.put(split[0], split.length == 1 ? null : split[1]);
        }
        return linkedHashMap;
    }

    private PKCEData generateKeys() {
        try {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
            byte[] bytes = encodeToString.getBytes(StandardCharsets.US_ASCII);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bytes, 0, bytes.length);
            return new PKCEData(Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest()), encodeToString);
        } catch (Exception e) {
            return null;
        }
    }

    public void setLoginStage(String str) {
        this.loginStage = str;
    }

    public String getLoginStage() {
        return this.loginStage;
    }
}
