package io.confluent.license;

import io.confluent.license.util.StringUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.utils.Time;
import org.apache.kafka.common.utils.Utils;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.ReservedClaimNames;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.IssValidator;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.jwt.consumer.SubValidator;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/license/License.class */
public final class License {
    private static final String DATE_FORMAT_STR = "yyyy-MM-dd";
    private final JwtClaims jwtClaims;
    private final Time clock;
    private final String serialized;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) License.class);
    static final String MONITORING_CLAIM = "monitoring";
    static final String TYPE_CLAIM_NAME = "licenseType";
    private static final Collection<String> RELEVANT_CLAIM_NAMES = Collections.unmodifiableList(Arrays.asList(ReservedClaimNames.AUDIENCE, ReservedClaimNames.ISSUER, ReservedClaimNames.SUBJECT, ReservedClaimNames.EXPIRATION_TIME, MONITORING_CLAIM, TYPE_CLAIM_NAME));

    /* loaded from: input_file:io/confluent/license/License$Type.class */
    public enum Type {
        ENTERPRISE,
        TRIAL,
        FREE_TIER
    }

    public static JwtClaims baseClaims(String str, long j, boolean z) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer("Confluent");
        jwtClaims.setAudience(str);
        jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(j));
        jwtClaims.setGeneratedJwtId();
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(2.0f);
        jwtClaims.setSubject("Confluent Enterprise");
        jwtClaims.setClaim(MONITORING_CLAIM, Boolean.valueOf(z));
        return jwtClaims;
    }

    public static String sign(PrivateKey privateKey, String str, long j, boolean z) throws JoseException {
        JwtClaims baseClaims = baseClaims(str, j, z);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(baseClaims.toJson());
        jsonWebSignature.setKey(privateKey);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        return jsonWebSignature.getCompactSerialization();
    }

    public static JwtClaims verify(PublicKey publicKey, String str) throws InvalidJwtException {
        return commonVerifyOptions().setRequireSubject().setExpectedIssuer("Confluent").setVerificationKey(publicKey).build().processToClaims(str);
    }

    public static JwtClaims verifyStored(PublicKey publicKey, String str) throws InvalidJwtException {
        return commonVerifyOptions().setDisableRequireSignature().setSkipVerificationKeyResolutionOnNone().setJwsAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS).setVerificationKey(publicKey).build().processToClaims(str);
    }

    private static JwtConsumerBuilder commonVerifyOptions() throws InvalidJwtException {
        return new JwtConsumerBuilder().setSkipAllDefaultValidators().registerValidator(new IssValidator("Confluent", true)).registerValidator(new SubValidator(true));
    }

    public static long getExpiration(JwtClaims jwtClaims) throws Throwable {
        try {
            return expiration(jwtClaims);
        } catch (MalformedClaimException e) {
            log.warn("Unable to extract expiration due to malformed claim: ", (Throwable) e);
            throw e;
        } catch (Throwable th) {
            log.warn("Unable to extract expiration: ", th);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static long expiration(JwtClaims jwtClaims) throws Throwable {
        NumericDate expirationTime = jwtClaims.getExpirationTime();
        if (expirationTime != null) {
            return expirationTime.getValueInMillis();
        }
        return Long.MIN_VALUE;
    }

    public static List<String> getAudience(JwtClaims jwtClaims) {
        try {
            return jwtClaims.getAudience();
        } catch (Throwable th) {
            log.warn("unable to getAudience", th);
            return new ArrayList();
        }
    }

    public static boolean verifyMonitoring(JwtClaims jwtClaims) {
        try {
            return ((Boolean) jwtClaims.getClaimValue(MONITORING_CLAIM, Boolean.class)).booleanValue();
        } catch (MalformedClaimException e) {
            return false;
        } catch (Throwable th) {
            log.warn("unable to verifyMonitoring", th);
            return false;
        }
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(readFully(inputStream)));
    }

    public static PublicKey loadPublicKey() throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        InputStream resourceAsStream = License.class.getClassLoader().getResourceAsStream("secrets/public_key.der");
        Throwable th = null;
        try {
            PublicKey loadPublicKey = loadPublicKey(resourceAsStream);
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            return loadPublicKey;
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    public static PublicKey loadPublicKey(InputStream inputStream) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(readFully(inputStream)));
    }

    private static byte[] readFully(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public static String generateTrialLicense(JwtClaims jwtClaims) throws InvalidLicenseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS);
        jsonWebSignature.setAlgorithmHeaderValue("none");
        jsonWebSignature.setPayload(jwtClaims.toJson());
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            log.error("Error while attempting to start trial period: ", (Throwable) e);
            throw new InvalidLicenseException("Error creating license for trial version: ", e);
        }
    }

    public License(JwtClaims jwtClaims, Time time, String str) {
        this.jwtClaims = jwtClaims;
        this.clock = time;
        this.serialized = str;
    }

    public String subject() {
        try {
            return this.jwtClaims.getSubject();
        } catch (MalformedClaimException e) {
            return "";
        }
    }

    public boolean isTrial() {
        return hasLicenseType("trial") || "trial".equalsIgnoreCase(audienceString());
    }

    public boolean isFreeTier() {
        return hasLicenseType("free");
    }

    public Type type() {
        return isFreeTier() ? Type.FREE_TIER : isTrial() ? Type.TRIAL : Type.ENTERPRISE;
    }

    public Date expirationDate() {
        return new Date(expirationMillis());
    }

    public String expirationDateString() {
        return new SimpleDateFormat(DATE_FORMAT_STR).format(expirationDate());
    }

    public boolean isExpired() {
        return !isFreeTier() && timeRemaining(TimeUnit.MILLISECONDS) <= 0;
    }

    public boolean isValid() {
        return !isExpired();
    }

    public boolean isEquivalentTo(License license) {
        return hasMatchingClaims(license, TYPE_CLAIM_NAME);
    }

    public boolean isRenewalOf(License license) {
        return hasMatchingClaims(license, ReservedClaimNames.EXPIRATION_TIME, TYPE_CLAIM_NAME) && license != null && license.expiresBefore(this);
    }

    public long timeRemaining(TimeUnit timeUnit) {
        return timeUnit.convert(expirationMillis() - this.clock.milliseconds(), TimeUnit.MILLISECONDS);
    }

    public List<String> audience() {
        return getAudience(this.jwtClaims);
    }

    public String audienceString() {
        return Utils.join(audience(), ",");
    }

    public boolean expiresBefore(License license) {
        return license != null && expirationMillis() < license.expirationMillis();
    }

    public int hashCode() {
        return this.serialized.hashCode();
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj instanceof License) {
            return jwtClaims().equals(((License) obj).jwtClaims());
        }
        return false;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        if (isFreeTier()) {
            sb.append("Free Tier license ");
        } else if (isTrial()) {
            sb.append("Trial license ");
        } else {
            sb.append("License ");
        }
        if (!StringUtils.isBlank(subject())) {
            sb.append("for ").append(subject());
        }
        try {
            if (isExpired()) {
                sb.append(" expired on ").append(expirationDateString());
            } else if (!isFreeTier()) {
                sb.append(" expires in ").append(TimeUnit.MILLISECONDS.toDays(timeRemaining(TimeUnit.MILLISECONDS))).append(" days on ").append(expirationDateString());
            }
        } catch (Throwable th) {
            sb.append(" with invalid expiration");
        }
        sb.append(".");
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtClaims jwtClaims() {
        return this.jwtClaims;
    }

    public String serializedForm() {
        return this.serialized;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long expirationMillis() {
        try {
            return expiration(this.jwtClaims);
        } catch (RuntimeException e) {
            throw e;
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    }

    protected boolean hasLicenseType(String str) {
        try {
            return str.equalsIgnoreCase(jwtClaims().getStringClaimValue(TYPE_CLAIM_NAME));
        } catch (MalformedClaimException e) {
            return false;
        }
    }

    protected boolean hasMatchingClaims(License license, String... strArr) {
        if (license == this) {
            return true;
        }
        if (license == null) {
            return false;
        }
        HashSet hashSet = new HashSet(Arrays.asList(strArr));
        JwtClaims jwtClaims = jwtClaims();
        JwtClaims jwtClaims2 = license.jwtClaims();
        for (String str : RELEVANT_CLAIM_NAMES) {
            if (!hashSet.contains(str) && !Objects.equals(jwtClaims.getClaimValue(str), jwtClaims2.getClaimValue(str))) {
                return false;
            }
        }
        return true;
    }
}
