package com.vaadin.pro.licensechecker;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import io.opentelemetry.javaagent.slf4j.Logger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.time.Instant;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:extensions/opentelemetry-vaadin-observability-instrumentation-extension-1.0.0.rc2-all.jar:com/vaadin/pro/licensechecker/OfflineKeyValidator.class */
public class OfflineKeyValidator {
    private static final Map<String, String> PUBLIC_KEYS = new HashMap();

    private static Logger getLogger() {
        return LicenseChecker.getLogger();
    }

    private static boolean isExpired(long j) {
        return Instant.now().isAfter(Instant.ofEpochMilli(j));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validate(Product product, BuildType buildType, OfflineKey offlineKey, String str) {
        getLogger().debug("Offline validation using offlineKey for " + product);
        if (offlineKey == null) {
            getLogger().debug("No offline key found");
            return false;
        }
        if (History.isRecentlyValidated(product, buildType)) {
            getLogger().debug("Skipping check as product license was recently validated.");
            return true;
        }
        validateOfflineKey(offlineKey, str);
        if (buildType != null) {
            if (buildType == BuildType.DEVELOPMENT && !offlineKey.isDevelopmentBuildAllowed()) {
                getLogger().debug("Offline key is not for development");
                throw new LicenseException(getNotDevelopmentMessage(str));
            }
            if (buildType == BuildType.PRODUCTION && !offlineKey.isProductionBuildAllowed()) {
                getLogger().debug("Offline key is not for production builds");
                throw new LicenseException(getNotProductionBuildMessage(str));
            }
        }
        if (offlineKey.getMachineId() != null && !str.equals(offlineKey.getMachineId())) {
            getLogger().debug("Offline key has incorrect machine id");
            throw new LicenseException(getInvalidOfflineKeyMessage(str));
        }
        if (isExpired(offlineKey.getExpires())) {
            getLogger().debug("Offline key expired");
            throw new LicenseException(getExpiredOfflineKeyMessage(str));
        }
        if (!containsProduct(offlineKey, product)) {
            throw new LicenseException("The offline key does not provide access to " + product.getName() + StringUtils.SPACE + product.getVersion());
        }
        History.setLastCheckTimeNow(product, buildType);
        History.setLastSubscription(product, offlineKey.getSubscription());
        getLogger().debug("Offline key OK");
        return true;
    }

    private boolean containsProduct(OfflineKey offlineKey, Product product) {
        if (offlineKey.getAllowedProducts().contains(product.getName()) || product.getName().startsWith("test-")) {
            return true;
        }
        if (!product.getName().equals("vaadin-framework")) {
            return false;
        }
        if (product.getVersion().startsWith("7") && offlineKey.getAllowedFeatures().contains("v7extendedsupport")) {
            return true;
        }
        return product.getVersion().startsWith("8") && offlineKey.getAllowedFeatures().contains("v8extendedsupport");
    }

    private void validateOfflineKey(OfflineKey offlineKey, String str) {
        try {
            SignedJWT signedJWT = (SignedJWT) JWTParser.parse(offlineKey.getJwtData());
            if (signedJWT.verify(new ECDSAVerifier((ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(PUBLIC_KEYS.get(signedJWT.getHeader().getKeyID()))))))) {
                return;
            }
            getLogger().debug("Offline key failed verification");
            throw new LicenseException(getInvalidOfflineKeyMessage(str));
        } catch (JOSEException e) {
            getLogger().debug("Error reading offline key", (Throwable) e);
            throw new LicenseException(getInvalidOfflineKeyMessage(str), e);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            getLogger().debug("Offline key could not be read", e2);
            throw new LicenseException(getErrorValidatingOfflineKeyMessage(str), e2);
        } catch (ParseException e3) {
            getLogger().debug("Error parsing offline key", (Throwable) e3);
            throw new LicenseException(getInvalidOfflineKeyMessage(str), e3);
        }
    }

    private static String getExpiredOfflineKeyMessage(String str) {
        return "Offline key has expired, " + getOfflineKeyLinkMessage(str);
    }

    private static String getNotDevelopmentMessage(String str) {
        return "The provided offline key does not allow development, " + getOfflineKeyLinkMessage(str);
    }

    private static String getNotProductionBuildMessage(String str) {
        return "The provided offline key does not allow production builds, " + getOfflineKeyLinkMessage(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getOfflineKeyLinkMessage(String str) {
        return "please go to " + getOfflineUrl(str) + " to retrieve an offline key. For troubleshooting steps, see https://vaadin.com/licensing-faq-and-troubleshooting.";
    }

    public static String getOfflineUrl(String str) {
        return "https://vaadin.com/pro/validate-license?getOfflineKey=" + str;
    }

    private static String getErrorValidatingOfflineKeyMessage(String str) {
        return "Unable to validate offline key, " + getOfflineKeyLinkMessage(str);
    }

    static String getInvalidOfflineKeyMessage(String str) {
        return "Invalid offline key, " + getOfflineKeyLinkMessage(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getMissingOfflineKeyMessage(String str) {
        return "No offline key, " + getOfflineKeyLinkMessage(str);
    }

    static {
        PUBLIC_KEYS.put("b98c7421853a2d11fb2be2fb73f89be54414a4e9", "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB/qMpeWPlOKTd8+93GSpi3s/CQMx1gpkw728vl8iijo2965zIBD1bePNULT9VK1iul2iNJA2ev9ImXecLAA4UoMwAlz3tQHIA8zJksNbQUHZhzS74hH/jJr9pE6ra4Q3lnNvmJKEXkFvCpUoBmdYS94Hu0MFXFi16IJfooLW6qzmtUGs=");
        PUBLIC_KEYS.put("542764e7000908e65dc3fc1dabf4e2cd28966758", "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQABaxDhdMljdpoM43y31co033oQjTZoCj+Wjby9LRBPmdlvMTAJV6gXOzZHDpXQb4N1O0NJr4AeXxaE4GO/p4GGywAkg+SYIO1v8X+n2beq1czN+i8WL1cfUu8DFITUkSHtULtPyNTvW1Ew7XeTGVUQ6n/Xz2YfAy7tcoFDsldrurE1nY=");
    }
}
