package io.confluent.license;

import io.confluent.license.LicenseChanged;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.time.Duration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.common.errors.ClusterAuthorizationException;
import org.apache.kafka.common.errors.TimeoutException;
import org.apache.kafka.common.errors.UnsupportedVersionException;
import org.apache.kafka.common.utils.Time;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.InvalidJwtSignatureException;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/license/LicenseManager.class */
public class LicenseManager {
    private static final Logger log;
    protected static final long WARN_THRESHOLD_DAYS = 10;
    private final String invalidLicenseErrorMessage = "Supplied license is invalid.";
    private final LicenseStore licenseStore;
    private final Time time;
    private final ClusterClient primaryClusterClient;
    private final Map<String, ClusterClient> clusterClients;
    private final CopyOnWriteArrayList<Consumer<LicenseChanged>> listeners;
    private final License configuredLicense;
    private boolean isConfiguredLicenseInvalid;
    private boolean allowInvalidLicenseToRun;
    private long timeUntilLicenseExpirationMs;
    static final long DEFAULT_INITIAL_DELAY = 1;
    static final long DEFAULT_PERIOD = 1;
    static final TimeUnit DEFAULT_TIMEUNIT;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:io/confluent/license/LicenseManager$BasicClusterClient.class */
    protected static class BasicClusterClient implements ClusterClient {
        private final Map<String, Object> adminConfig;

        BasicClusterClient(Map<String, Object> map) {
            this.adminConfig = new HashMap(map);
        }

        @Override // io.confluent.license.LicenseManager.ClusterClient
        public int brokerCount() {
            try {
                AdminClient create = AdminClient.create(this.adminConfig);
                Throwable th = null;
                try {
                    int size = create.describeCluster().nodes().get().size();
                    LicenseManager.log.debug("Found {} brokers in Kafka cluster at {}", Integer.valueOf(size), this);
                    if (create != null) {
                        if (0 != 0) {
                            try {
                                create.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            create.close();
                        }
                    }
                    return size;
                } finally {
                }
            } catch (InterruptedException e) {
                Thread.interrupted();
                return -5;
            } catch (ExecutionException e2) {
                Throwable cause = e2.getCause();
                if (cause instanceof UnsupportedVersionException) {
                    LicenseManager.log.debug("Unable to use admin client to connect to older Kafka cluster at {}", this);
                    return -2;
                }
                if (cause instanceof ClusterAuthorizationException) {
                    LicenseManager.log.debug("Not authorized to use admin client to connect to Kafka cluster at {}", this);
                    return -3;
                }
                if (!(cause instanceof TimeoutException)) {
                    return -1;
                }
                LicenseManager.log.debug("Timed out waiting to connect to Kafka cluster at {}", this);
                return -4;
            }
        }

        @Override // io.confluent.license.LicenseManager.ClusterClient
        public String clusterId() {
            try {
                AdminClient create = AdminClient.create(this.adminConfig);
                Throwable th = null;
                try {
                    String str = create.describeCluster().clusterId().get();
                    if (create != null) {
                        if (0 != 0) {
                            try {
                                create.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            create.close();
                        }
                    }
                    return str;
                } finally {
                }
            } catch (InterruptedException | ExecutionException e) {
                LicenseManager.log.debug("Failed to fetch cLusterId of Kafka cluster at {}", this);
                return null;
            }
        }

        public String toString() {
            Object obj = this.adminConfig.get("bootstrap.servers");
            return obj == null ? "<unknown>" : obj.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:io/confluent/license/LicenseManager$ClusterClient.class */
    public interface ClusterClient {
        int brokerCount();

        String clusterId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:io/confluent/license/LicenseManager$LicenseChangedEvent.class */
    public static class LicenseChangedEvent implements LicenseChanged {
        private final License license;
        private final LicenseChanged.Type type;
        private final String description;

        LicenseChangedEvent(License license, LicenseChanged.Type type, String str) {
            Objects.nonNull(type);
            Objects.nonNull(str);
            this.license = license;
            this.type = type;
            this.description = str;
        }

        @Override // io.confluent.license.LicenseChanged
        public License license() {
            return this.license;
        }

        @Override // io.confluent.license.LicenseChanged
        public LicenseChanged.Type type() {
            return this.type;
        }

        @Override // io.confluent.license.LicenseChanged
        public String description() {
            return this.description;
        }

        public int hashCode() {
            return type().hashCode();
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof LicenseChangedEvent)) {
                return false;
            }
            LicenseChangedEvent licenseChangedEvent = (LicenseChangedEvent) obj;
            return type() == licenseChangedEvent.type() && Objects.equals(license(), licenseChangedEvent.license());
        }

        public String toString() {
            return this.type + StringUtils.SPACE + this.license + " (" + this.description + ")";
        }
    }

    public LicenseManager(String str, Map<String, Object> map, Map<String, Object> map2, Map<String, Object> map3) {
        this(new BasicClusterClient(map3), new LicenseStore(str, map, map2, map3), Time.SYSTEM);
    }

    public LicenseManager(String str, Map<String, Object> map, Map<String, Object> map2, Map<String, Object> map3, Duration duration, Duration duration2, Duration duration3) {
        this(new BasicClusterClient(map3), new LicenseStore(str, map, map2, map3, duration, duration2, duration3, Time.SYSTEM), Time.SYSTEM);
    }

    public LicenseManager(Map<String, Object> map, LicenseStore licenseStore, String str, boolean z) {
        this(new BasicClusterClient(map), licenseStore, Time.SYSTEM, str, z, false);
    }

    public LicenseManager(Map<String, Object> map, LicenseStore licenseStore, String str, boolean z, boolean z2) {
        this(new BasicClusterClient(map), licenseStore, Time.SYSTEM, str, z, z2);
    }

    protected LicenseManager(ClusterClient clusterClient, LicenseStore licenseStore, Time time) {
        this(clusterClient, licenseStore, time, null, true, false);
    }

    protected LicenseManager(ClusterClient clusterClient, LicenseStore licenseStore, Time time, String str, boolean z, boolean z2) {
        this.invalidLicenseErrorMessage = "Supplied license is invalid.";
        this.clusterClients = new ConcurrentHashMap();
        this.listeners = new CopyOnWriteArrayList<>();
        this.isConfiguredLicenseInvalid = false;
        this.allowInvalidLicenseToRun = false;
        this.timeUntilLicenseExpirationMs = -1L;
        this.licenseStore = licenseStore;
        this.time = time;
        this.configuredLicense = readAndValidateConfiguredLicense(str);
        this.primaryClusterClient = clusterClient;
        this.allowInvalidLicenseToRun = z2;
        if (z) {
            licenseStore.start();
        }
    }

    public void addCluster(String str, Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        addCluster(str, new BasicClusterClient(map));
    }

    public void addCluster(String str, ClusterClient clusterClient) {
        Objects.nonNull(str);
        Objects.nonNull(clusterClient);
        this.clusterClients.put(str, clusterClient);
    }

    public boolean removeCluster(String str) {
        return (str == null || this.clusterClients.remove(str) == null) ? false : true;
    }

    public boolean addListener(Consumer<LicenseChanged> consumer) {
        return consumer != null && this.listeners.addIfAbsent(consumer);
    }

    public boolean removeListener(Consumer<LicenseChanged> consumer) {
        return consumer != null && this.listeners.remove(consumer);
    }

    public void start() {
        start(1L, 1L, DEFAULT_TIMEUNIT);
    }

    public void start(long j, long j2, TimeUnit timeUnit) {
        if (j < 0) {
            throw new IllegalArgumentException("The initial delay should be non-negative.");
        }
        if (j2 <= 0) {
            throw new IllegalArgumentException("The period should be positive.");
        }
        LicenseManagers.INSTANCE.start(this, j, j2, timeUnit);
    }

    public void stop() {
        if (LicenseManagers.INSTANCE.stop(this)) {
            return;
        }
        doStop();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doStart() {
        this.licenseStore.start();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doStop() {
        this.licenseStore.stop();
    }

    public License configuredLicense() {
        return this.configuredLicense;
    }

    public License registerOrValidateLicense(String str) throws InvalidLicenseException {
        License license;
        PublicKey loadPublicKey = loadPublicKey();
        License license2 = this.configuredLicense;
        if (io.confluent.license.util.StringUtils.isNotBlank(str)) {
            try {
                license2 = readLicense(loadPublicKey, str, false);
                log.debug("Found valid new license: {}", license2);
            } catch (InvalidLicenseException e) {
                notifyLicense(null, null, "Supplied license is invalid. " + e.getMessage());
                throw new InvalidLicenseException("Supplied license is invalid. " + e.getMessage(), e);
            }
        }
        long milliseconds = this.time.milliseconds();
        String str2 = "";
        String licenseScan = this.licenseStore.licenseScan();
        License license3 = null;
        if (io.confluent.license.util.StringUtils.isNotBlank(licenseScan)) {
            try {
                license3 = readLicense(loadPublicKey, licenseScan, true);
                License.expiration(license3.jwtClaims());
            } catch (Throwable th) {
                if (license2 == null) {
                    throw new InvalidLicenseException("Stored license is invalid", th);
                }
                str2 = "New license replaces invalid stored license (" + th.getMessage() + ").";
                license3 = null;
            }
        }
        if (license2 != null) {
            try {
                License.expiration(license2.jwtClaims());
            } catch (Throwable th2) {
                if (license3 == null) {
                    throw new InvalidLicenseException("No stored license, and error extracting expiration date from valid license", th2);
                }
                license2 = license3;
                str2 = "Using stored license because new license has an invalid expiration.";
                log.warn(str2, th2);
            }
        }
        if (license3 == null) {
            if (license2 == null) {
                if (this.isConfiguredLicenseInvalid && this.allowInvalidLicenseToRun) {
                    notifyLicense(null, null, "Supplied license is invalid.");
                    throw new InvalidLicenseException("Supplied license is invalid.");
                }
                license2 = generateLicense(loadPublicKey, milliseconds);
            }
            if (!license2.isFreeTier()) {
                log.debug("Storing license: {}", license2);
                this.licenseStore.registerLicense(license2.serializedForm());
            }
            license = license2;
        } else {
            license = license3;
            if (license3.expiresBefore(license2) && !license2.isFreeTier()) {
                log.debug("Storing updated license with later expiration: {}", license2);
                this.licenseStore.registerLicense(license2.serializedForm());
                license = license2;
            }
        }
        if (!$assertionsDisabled && license == null) {
            throw new AssertionError();
        }
        License license4 = new License(license.jwtClaims(), this.time, license.serializedForm(), this.primaryClusterClient.clusterId());
        checkLicense(license4, license3, milliseconds, str2);
        return license4;
    }

    protected License readLicense(PublicKey publicKey, String str, boolean z) throws InvalidLicenseException {
        try {
            return new License(z ? License.verifyStored(publicKey, str) : License.verify(publicKey, str), this.time, str);
        } catch (InvalidJwtSignatureException e) {
            throw new InvalidLicenseException("Invalid signature", e);
        } catch (InvalidJwtException e2) {
            throw new InvalidLicenseException("License does not match expected form.", e2);
        } catch (Throwable th) {
            throw new InvalidLicenseException("Invalid license with invalid expiration.", th);
        }
    }

    private License readAndValidateConfiguredLicense(String str) {
        if (!io.confluent.license.util.StringUtils.isNotBlank(str)) {
            return null;
        }
        try {
            License readLicense = readLicense(loadPublicKey(), str, false);
            try {
                License.expiration(readLicense.jwtClaims());
                checkLicense(readLicense, readLicense, this.time.milliseconds(), "Configured license");
                log.debug("Found valid configured license: {}", readLicense);
                return readLicense;
            } catch (Throwable th) {
                throw new InvalidLicenseException("Configured license has invalid expiration", th);
            }
        } catch (InvalidLicenseException e) {
            log.warn("Supplied license is invalid. Will attempt to use stored license.", (Throwable) e);
            this.isConfiguredLicenseInvalid = true;
            return null;
        }
    }

    protected License generateLicense(PublicKey publicKey, long j) throws InvalidLicenseException {
        if (hasOnlySingleNodeClusters()) {
            JwtClaims baseClaims = License.baseClaims("free tier", Long.MAX_VALUE, true);
            baseClaims.setClaim("licenseType", "free");
            License license = new License(baseClaims, this.time, generateFreeLicense(baseClaims));
            log.debug("All single-node cluster checks satisfied; using {}", license);
            return license;
        }
        JwtClaims baseClaims2 = License.baseClaims("trial", j + TimeUnit.DAYS.toMillis(30L) + 1000, true);
        baseClaims2.setClaim("licenseType", "trial");
        License license2 = new License(baseClaims2, this.time, License.generateTrialLicense(baseClaims2));
        log.debug("Creating new {}", license2);
        return license2;
    }

    private void checkLicense(License license, License license2, long j, String str) throws InvalidLicenseException {
        if (license.isFreeTier()) {
            log.info("License for single cluster, single node");
            notifyLicense(license, license2, "License for single cluster, single node");
            return;
        }
        if (j > license.expirationMillis()) {
            String license3 = license.toString();
            if (io.confluent.license.util.StringUtils.isBlank(str)) {
                str = license3;
            }
            notifyLicense(license, null, str);
            throw new ExpiredLicenseException(license, license3);
        }
        if (license.expirationMillis() < Long.MAX_VALUE) {
            String license4 = license.toString();
            if (license.timeRemaining(TimeUnit.DAYS) < WARN_THRESHOLD_DAYS) {
                log.warn(license4);
            } else {
                log.info(license4);
            }
            notifyLicense(license, license2, io.confluent.license.util.StringUtils.isBlank(str) ? license4 : str + StringUtils.SPACE + license4);
        }
    }

    protected boolean hasOnlySingleNodeClusters() {
        return this.primaryClusterClient != null && this.primaryClusterClient.brokerCount() == 1 && this.clusterClients.values().stream().allMatch(clusterClient -> {
            return clusterClient.brokerCount() == 1;
        });
    }

    protected void notifyLicense(License license, License license2, String str) {
        if (license == null && license2 == null) {
            notifyEventToListeners(new LicenseChangedEvent(null, LicenseChanged.Type.INVALID, str));
            return;
        }
        if (license.isEquivalentTo(license2)) {
            log.debug("Skipping notifying {} listeners of unchanged license: {}", Integer.valueOf(this.listeners.size()), license);
            return;
        }
        LicenseChanged.Type type = LicenseChanged.Type.UPDATED;
        if (license.isExpired()) {
            type = LicenseChanged.Type.EXPIRED;
        } else if (license.isRenewalOf(license2)) {
            type = LicenseChanged.Type.RENEWAL;
        }
        notifyEventToListeners(new LicenseChangedEvent(license, type, str));
    }

    private void notifyEventToListeners(LicenseChangedEvent licenseChangedEvent) {
        log.debug("Notifying {} listeners of license change: {}", Integer.valueOf(this.listeners.size()), licenseChangedEvent);
        Iterator<Consumer<LicenseChanged>> it = this.listeners.iterator();
        while (it.hasNext()) {
            try {
                it.next().accept(licenseChangedEvent);
            } catch (Throwable th) {
                log.error("Unexpected error when calling license manager listener:", th);
            }
        }
    }

    public static PublicKey loadPublicKey() {
        try {
            return License.loadPublicKey();
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException("Internal license validation error", e);
        }
    }

    private static String generateFreeLicense(JwtClaims jwtClaims) throws InvalidLicenseException {
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setAlgorithmConstraints(AlgorithmConstraints.NO_CONSTRAINTS);
        jsonWebSignature.setAlgorithmHeaderValue("none");
        jsonWebSignature.setPayload(jwtClaims.toJson());
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            log.error("Error while attempting to start free tier: ", (Throwable) e);
            throw new InvalidLicenseException("Error creating license for trial version: ", e);
        }
    }

    public void timeUntilLicenseExpirationMs(long j) {
        this.timeUntilLicenseExpirationMs = j;
    }

    public long timeUntilLicenseExpirationMs() {
        return this.timeUntilLicenseExpirationMs;
    }

    static {
        $assertionsDisabled = !LicenseManager.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger((Class<?>) LicenseManager.class);
        DEFAULT_TIMEUNIT = TimeUnit.DAYS;
    }
}
