package pro.gravit.launchserver.socket.response.update;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.netty.channel.ChannelHandlerContext;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import pro.gravit.launcher.events.request.LauncherRequestEvent;
import pro.gravit.launchserver.LaunchServer;
import pro.gravit.launchserver.auth.AuthProviderPair;
import pro.gravit.launchserver.socket.Client;
import pro.gravit.launchserver.socket.response.SimpleResponse;
import pro.gravit.launchserver.socket.response.auth.AuthResponse;
import pro.gravit.launchserver.socket.response.auth.RestoreResponse;
import pro.gravit.utils.Version;
import pro.gravit.utils.helper.SecurityHelper;

/* loaded from: input_file:pro/gravit/launchserver/socket/response/update/LauncherResponse.class */
public class LauncherResponse extends SimpleResponse {
    public Version version;
    public String hash;
    public byte[] digest;
    public int launcher_type;
    public String secureHash;
    public String secureSalt;

    /* loaded from: input_file:pro/gravit/launchserver/socket/response/update/LauncherResponse$LauncherTokenVerifier.class */
    public static class LauncherTokenVerifier implements RestoreResponse.ExtendedTokenProvider {
        private final LaunchServer server;
        private final JwtParser parser;
        private final Logger logger = LogManager.getLogger();

        public LauncherTokenVerifier(LaunchServer launchServer) {
            this.server = launchServer;
            this.parser = Jwts.parserBuilder().setSigningKey(launchServer.keyAgreementManager.ecdsaPublicKey).requireIssuer("LaunchServer").build();
        }

        @Override // pro.gravit.launchserver.socket.response.auth.RestoreResponse.ExtendedTokenProvider
        public boolean accept(Client client, AuthProviderPair authProviderPair, String str) {
            try {
                client.checkSign = ((Boolean) ((Claims) this.parser.parseClaimsJws(str).getBody()).get("checkSign", Boolean.class)).booleanValue();
                client.type = AuthResponse.ConnectTypes.CLIENT;
                return true;
            } catch (Exception e) {
                this.logger.error("JWT check failed", e);
                return false;
            }
        }
    }

    @Override // pro.gravit.launchserver.socket.response.WebSocketServerResponse
    public String getType() {
        return "launcher";
    }

    @Override // pro.gravit.launchserver.socket.response.WebSocketServerResponse
    public void execute(ChannelHandlerContext channelHandlerContext, Client client) {
        byte[] decode = this.hash != null ? Base64.getDecoder().decode(this.hash) : this.digest;
        if (this.launcher_type == 1) {
            byte[] digest = this.server.launcherBinary.getDigest();
            if (digest == null) {
                this.service.sendObjectAndClose(channelHandlerContext, new LauncherRequestEvent(true, this.server.config.netty.launcherURL));
            }
            if (!Arrays.equals(decode, digest) || !checkSecure(this.secureHash, this.secureSalt)) {
                sendResultAndClose(new LauncherRequestEvent(true, this.server.config.netty.launcherURL, createLauncherExtendedToken()));
                return;
            } else {
                client.checkSign = true;
                sendResult(new LauncherRequestEvent(false, this.server.config.netty.launcherURL, createLauncherExtendedToken()));
                return;
            }
        }
        if (this.launcher_type != 2) {
            sendError("Request launcher type error");
            return;
        }
        byte[] digest2 = this.server.launcherEXEBinary.getDigest();
        if (digest2 == null) {
            sendResultAndClose(new LauncherRequestEvent(true, this.server.config.netty.launcherEXEURL));
        }
        if (!Arrays.equals(decode, digest2) || !checkSecure(this.secureHash, this.secureSalt)) {
            sendResultAndClose(new LauncherRequestEvent(true, this.server.config.netty.launcherEXEURL, createLauncherExtendedToken()));
        } else {
            client.checkSign = true;
            sendResult(new LauncherRequestEvent(false, this.server.config.netty.launcherEXEURL, createLauncherExtendedToken()));
        }
    }

    public String createLauncherExtendedToken() {
        return Jwts.builder().setIssuer("LaunchServer").claim("checkSign", true).setExpiration(Date.from(LocalDateTime.now().plusSeconds(this.server.config.netty.security.launcherTokenExpire).toInstant(ZoneOffset.UTC))).signWith(this.server.keyAgreementManager.ecdsaPrivateKey, SignatureAlgorithm.ES256).compact();
    }

    private boolean checkSecure(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return Arrays.equals(SecurityHelper.digest(SecurityHelper.DigestAlgorithm.SHA256, this.server.runtime.clientCheckSecret.concat(".").concat(str2)), Base64.getDecoder().decode(str));
    }
}
