package stirling.software.SPDF.EE;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.posthog.java.shaded.org.json.JSONException;
import com.posthog.java.shaded.org.json.JSONObject;
import com.vladsch.flexmark.html2md.converter.FlexmarkHtmlConverter;
import java.net.InetAddress;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Instant;
import java.util.Base64;
import lombok.Generated;
import org.apache.batik.util.SVGConstants;
import org.apache.commons.lang3.SystemProperties;
import org.apache.fontbox.ttf.OpenTypeScript;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Service;
import org.springframework.web.servlet.tags.BindTag;
import stirling.software.SPDF.model.ApplicationProperties;
import stirling.software.SPDF.utils.GeneralUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/EE/KeygenLicenseVerifier.class */
public class KeygenLicenseVerifier {
    private static final String ACCOUNT_ID = "e5430f69-e834-4ae4-befd-b602aae5f372";
    private static final String BASE_URL = "https://api.keygen.sh/v1/accounts";
    private static final String PUBLIC_KEY = "9fbc0d78593dcfcf03c945146edd60083bf5fae77dbc08aaa3935f03ce94a58d";
    private static final String CERT_PREFIX = "-----BEGIN LICENSE FILE-----";
    private static final String CERT_SUFFIX = "-----END LICENSE FILE-----";
    private static final String JWT_PREFIX = "key/";
    private final ApplicationProperties applicationProperties;
    private boolean isEnterpriseLicense = false;

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeygenLicenseVerifier.class);
    private static final ObjectMapper objectMapper = new ObjectMapper();

    /* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/EE/KeygenLicenseVerifier$License.class */
    enum License {
        NORMAL,
        PRO,
        ENTERPRISE
    }

    public License verifyLicense(String str) {
        License license;
        if (isCertificateLicense(str)) {
            log.info("Detected certificate-based license. Processing...");
            if (verifyCertificateLicense(str)) {
                license = this.isEnterpriseLicense ? License.ENTERPRISE : License.PRO;
            } else {
                license = License.NORMAL;
            }
        } else if (isJWTLicense(str)) {
            log.info("Detected JWT-style license key. Processing...");
            if (verifyJWTLicense(str)) {
                license = this.isEnterpriseLicense ? License.ENTERPRISE : License.PRO;
            } else {
                license = License.NORMAL;
            }
        } else {
            log.info("Detected standard license key. Processing...");
            if (verifyStandardLicense(str)) {
                license = this.isEnterpriseLicense ? License.ENTERPRISE : License.PRO;
            } else {
                license = License.NORMAL;
            }
        }
        return license;
    }

    private boolean isCertificateLicense(String str) {
        return str != null && str.trim().startsWith(CERT_PREFIX);
    }

    private boolean isJWTLicense(String str) {
        return str != null && str.trim().startsWith(JWT_PREFIX);
    }

    private boolean verifyCertificateLicense(String str) {
        try {
            String str2 = new String(Base64.getDecoder().decode(str.replace(CERT_PREFIX, "").replace(CERT_SUFFIX, "").replaceAll("\\r?\\n", "")));
            log.info("Decoded certificate payload: {}", str2);
            try {
                JSONObject jSONObject = new JSONObject(str2);
                String str3 = (String) jSONObject.get("enc");
                String str4 = (String) jSONObject.get("sig");
                String str5 = (String) jSONObject.get("alg");
                if (!"base64+ed25519".equals(str5)) {
                    log.error("Unsupported algorithm: {}. Only base64+ed25519 is supported.", str5);
                    return false;
                }
                if (!verifyEd25519Signature(str3, str4)) {
                    log.error("License file signature is invalid");
                    return false;
                }
                log.info("License file signature is valid");
                try {
                    return processCertificateData(new String(Base64.getDecoder().decode(str3)));
                } catch (IllegalArgumentException e) {
                    log.error("Failed to decode license data: {}", e.getMessage());
                    return false;
                }
            } catch (JSONException e2) {
                log.error("Failed to parse license file: {}", e2.getMessage());
                return false;
            }
        } catch (Exception e3) {
            log.error("Error verifying certificate license: {}", e3.getMessage(), e3);
            return false;
        }
    }

    private boolean verifyEd25519Signature(String str, String str2) {
        try {
            log.info("Signature to verify: {}", str2);
            byte[] decode = Base64.getDecoder().decode(str2);
            byte[] bytes = String.format("license/%s", str).getBytes();
            log.info("Signing data length: {} bytes", Integer.valueOf(bytes.length));
            Ed25519PublicKeyParameters ed25519PublicKeyParameters = new Ed25519PublicKeyParameters(Hex.decode(PUBLIC_KEY), 0);
            Ed25519Signer ed25519Signer = new Ed25519Signer();
            ed25519Signer.init(false, ed25519PublicKeyParameters);
            ed25519Signer.update(bytes, 0, bytes.length);
            boolean verifySignature = ed25519Signer.verifySignature(decode);
            if (!verifySignature) {
                log.error("Signature verification failed with standard public key");
            }
            return verifySignature;
        } catch (Exception e) {
            log.error("Error verifying Ed25519 signature: {}", e.getMessage(), e);
            return false;
        }
    }

    private boolean processCertificateData(String str) {
        try {
            JSONObject jSONObject = new JSONObject(str);
            JSONObject optJSONObject = jSONObject.optJSONObject("meta");
            if (optJSONObject != null) {
                String optString = optJSONObject.optString("issued", null);
                String optString2 = optJSONObject.optString("expiry", null);
                if (optString != null && optString2 != null) {
                    Instant parse = Instant.parse(optString);
                    Instant parse2 = Instant.parse(optString2);
                    Instant now = Instant.now();
                    if (parse.isAfter(now)) {
                        log.error("License file issued date is in the future. Please adjust system time or request a new license");
                        return false;
                    }
                    if (parse2.isBefore(now)) {
                        log.error("License file has expired on {}", optString2);
                        return false;
                    }
                    log.info("License file valid until {}", optString2);
                }
            }
            JSONObject optJSONObject2 = jSONObject.optJSONObject("data");
            if (optJSONObject2 == null) {
                log.error("No data object found in certificate");
                return false;
            }
            JSONObject optJSONObject3 = optJSONObject2.optJSONObject("attributes");
            if (optJSONObject3 == null) {
                return true;
            }
            log.info("Found attributes in certificate data");
            JSONObject optJSONObject4 = optJSONObject3.optJSONObject(SVGConstants.SVG_METADATA_TAG);
            if (optJSONObject4 != null) {
                int optInt = optJSONObject4.optInt("users", 0);
                if (optInt > 0) {
                    this.applicationProperties.getPremium().setMaxUsers(optInt);
                    log.info("License allows for {} users", Integer.valueOf(optInt));
                }
                this.isEnterpriseLicense = optJSONObject4.optBoolean("isEnterprise", false);
            }
            String optString3 = optJSONObject3.optString(BindTag.STATUS_VARIABLE_NAME, null);
            if (optString3 == null || "ACTIVE".equals(optString3) || "EXPIRING".equals(optString3)) {
                return true;
            }
            log.error("License status is not active: {}", optString3);
            return false;
        } catch (Exception e) {
            log.error("Error processing certificate data: {}", e.getMessage(), e);
            return false;
        }
    }

    private boolean verifyJWTLicense(String str) {
        try {
            log.info("Verifying ED25519_SIGN format license key");
            String[] split = str.substring(JWT_PREFIX.length()).split("\\.", 2);
            if (split.length != 2) {
                log.error("Invalid ED25519_SIGN license format. Expected format: key/payload.signature");
                return false;
            }
            String str2 = split[0];
            if (!verifyJWTSignature(str2, split[1])) {
                log.error("ED25519_SIGN license signature is invalid");
                return false;
            }
            log.info("ED25519_SIGN license signature is valid");
            return processJWTLicensePayload(new String(Base64.getDecoder().decode(str2.replace('-', '+').replace('_', '/'))));
        } catch (Exception e) {
            log.error("Error verifying ED25519_SIGN license: {}", e.getMessage());
            return false;
        }
    }

    private boolean verifyJWTSignature(String str, String str2) {
        try {
            byte[] decode = Base64.getDecoder().decode(str2.replace('-', '+').replace('_', '/'));
            byte[] bytes = String.format("key/%s", str).getBytes();
            Ed25519PublicKeyParameters ed25519PublicKeyParameters = new Ed25519PublicKeyParameters(Hex.decode(PUBLIC_KEY), 0);
            Ed25519Signer ed25519Signer = new Ed25519Signer();
            ed25519Signer.init(false, ed25519PublicKeyParameters);
            ed25519Signer.update(bytes, 0, bytes.length);
            return ed25519Signer.verifySignature(decode);
        } catch (Exception e) {
            log.error("Error verifying JWT signature: {}", e.getMessage());
            return false;
        }
    }

    private boolean processJWTLicensePayload(String str) {
        try {
            log.info("Processing license payload: {}", str);
            JSONObject jSONObject = new JSONObject(str);
            JSONObject optJSONObject = jSONObject.optJSONObject("license");
            if (optJSONObject == null) {
                String optString = jSONObject.optString("id", null);
                if (optString == null) {
                    log.error("License data not found in payload");
                    return false;
                }
                log.info("Found license ID: {}", optString);
                optJSONObject = jSONObject;
            }
            log.info("Processing license with ID: {}", optJSONObject.optString("id", "unknown"));
            String optString2 = optJSONObject.optString("expiry", null);
            if (optString2 == null || "null".equals(optString2)) {
                log.info("License has no expiration date");
            } else {
                if (Instant.now().isAfter(Instant.parse(optString2))) {
                    log.error("License has expired on {}", optString2);
                    return false;
                }
                log.info("License valid until {}", optString2);
            }
            JSONObject optJSONObject2 = jSONObject.optJSONObject("account");
            if (optJSONObject2 != null) {
                String optString3 = optJSONObject2.optString("id", "unknown");
                log.info("License belongs to account: {}", optString3);
                if (!ACCOUNT_ID.equals(optString3)) {
                    log.warn("License account ID does not match expected account ID");
                }
            }
            JSONObject optJSONObject3 = jSONObject.optJSONObject("policy");
            if (optJSONObject3 == null) {
                return true;
            }
            log.info("License uses policy: {}", optJSONObject3.optString("id", "unknown"));
            int optInt = optJSONObject3.optInt("users", 0);
            this.isEnterpriseLicense = optJSONObject3.optBoolean("isEnterprise", false);
            if (optInt > 0) {
                this.applicationProperties.getPremium().setMaxUsers(optInt);
                log.info("License allows for {} users", Integer.valueOf(optInt));
                return true;
            }
            Object opt = optJSONObject3.opt(SVGConstants.SVG_METADATA_TAG);
            if (!(opt instanceof JSONObject)) {
                this.applicationProperties.getPremium().setMaxUsers(1);
                log.info("Using default of 1 user for license");
                return true;
            }
            JSONObject jSONObject2 = (JSONObject) opt;
            int optInt2 = jSONObject2.optInt("users", 1);
            this.applicationProperties.getPremium().setMaxUsers(optInt2);
            log.info("License allows for {} users (from metadata)", Integer.valueOf(optInt2));
            this.isEnterpriseLicense = jSONObject2.optBoolean("isEnterprise", false);
            return true;
        } catch (Exception e) {
            log.error("Error processing license payload: {}", e.getMessage(), e);
            return false;
        }
    }

    private boolean verifyStandardLicense(String str) {
        boolean z;
        try {
            log.info("Checking standard license key");
            String generateMachineFingerprint = generateMachineFingerprint();
            JsonNode validateLicense = validateLicense(str, generateMachineFingerprint);
            if (validateLicense == null) {
                return false;
            }
            boolean asBoolean = validateLicense.path("meta").path("valid").asBoolean();
            String asText = validateLicense.path("data").path("id").asText();
            if (!asBoolean) {
                String asText2 = validateLicense.path("meta").path(FlexmarkHtmlConverter.CODE_NODE).asText();
                log.info(asText2);
                if ("NO_MACHINE".equals(asText2) || "NO_MACHINES".equals(asText2) || "FINGERPRINT_SCOPE_MISMATCH".equals(asText2)) {
                    log.info("License not activated for this machine. Attempting to activate...");
                    if (activateMachine(str, asText, generateMachineFingerprint)) {
                        JsonNode validateLicense2 = validateLicense(str, generateMachineFingerprint);
                        if (validateLicense2 != null) {
                            if (validateLicense2.path("meta").path("valid").asBoolean()) {
                                z = true;
                                asBoolean = z;
                            }
                        }
                        z = false;
                        asBoolean = z;
                    }
                }
            }
            return asBoolean;
        } catch (Exception e) {
            log.error("Error verifying standard license: {}", e.getMessage());
            return false;
        }
    }

    private JsonNode validateLicense(String str, String str2) throws Exception {
        HttpResponse send = HttpClient.newHttpClient().send(HttpRequest.newBuilder().uri(URI.create("https://api.keygen.sh/v1/accounts/e5430f69-e834-4ae4-befd-b602aae5f372/licenses/actions/validate-key")).header("Content-Type", "application/vnd.api+json").header("Accept", "application/vnd.api+json").POST(HttpRequest.BodyPublishers.ofString(String.format("{\"meta\":{\"key\":\"%s\",\"scope\":{\"fingerprint\":\"%s\"}}}", str, str2))).build(), HttpResponse.BodyHandlers.ofString());
        log.info("ValidateLicenseResponse body: {}", send.body());
        JsonNode readTree = objectMapper.readTree((String) send.body());
        if (send.statusCode() == 200) {
            JsonNode path = readTree.path("meta");
            boolean asBoolean = path.path("valid").asBoolean();
            String asText = path.path("detail").asText();
            String asText2 = path.path(FlexmarkHtmlConverter.CODE_NODE).asText();
            log.info("License validity: " + asBoolean);
            log.info("Validation detail: " + asText);
            log.info("Validation code: " + asText2);
            this.applicationProperties.getPremium().setMaxUsers(readTree.path("data").path("attributes").path(SVGConstants.SVG_METADATA_TAG).path("users").asInt(0));
            this.isEnterpriseLicense = readTree.path("data").path("attributes").path(SVGConstants.SVG_METADATA_TAG).path("isEnterprise").asBoolean(false);
            log.info(this.applicationProperties.toString());
        } else {
            log.error("Error validating license. Status code: {}", Integer.valueOf(send.statusCode()));
        }
        return readTree;
    }

    private boolean activateMachine(String str, String str2, String str3) throws Exception {
        String str4;
        HttpClient newHttpClient = HttpClient.newHttpClient();
        try {
            str4 = InetAddress.getLocalHost().getHostName();
        } catch (Exception e) {
            str4 = OpenTypeScript.UNKNOWN;
        }
        HttpResponse send = newHttpClient.send(HttpRequest.newBuilder().uri(URI.create("https://api.keygen.sh/v1/accounts/e5430f69-e834-4ae4-befd-b602aae5f372/machines")).header("Content-Type", "application/vnd.api+json").header("Accept", "application/vnd.api+json").header(HttpHeaders.AUTHORIZATION, "License " + str).POST(HttpRequest.BodyPublishers.ofString(new JSONObject().put("data", new JSONObject().put("type", "machines").put("attributes", new JSONObject().put("fingerprint", str3).put("platform", System.getProperty(SystemProperties.OS_NAME)).put("name", str4)).put("relationships", new JSONObject().put("license", new JSONObject().put("data", new JSONObject().put("type", "licenses").put("id", str2))))).toString())).build(), HttpResponse.BodyHandlers.ofString());
        log.info("activateMachine Response body: " + ((String) send.body()));
        if (send.statusCode() == 201) {
            log.info("Machine activated successfully");
            return true;
        }
        log.error("Error activating machine. Status code: {}, error: {}", Integer.valueOf(send.statusCode()), send.body());
        return false;
    }

    private String generateMachineFingerprint() {
        return GeneralUtils.generateMachineFingerprint();
    }

    @Generated
    public KeygenLicenseVerifier(ApplicationProperties applicationProperties) {
        this.applicationProperties = applicationProperties;
    }
}
