package com.enonic.lib.license;

import com.enonic.xp.app.ApplicationKey;
import com.enonic.xp.branch.Branch;
import com.enonic.xp.context.Context;
import com.enonic.xp.context.ContextAccessor;
import com.enonic.xp.context.ContextBuilder;
import com.enonic.xp.data.PropertyTree;
import com.enonic.xp.home.HomeDir;
import com.enonic.xp.node.CreateNodeParams;
import com.enonic.xp.node.Node;
import com.enonic.xp.node.NodePath;
import com.enonic.xp.node.NodeService;
import com.enonic.xp.node.UpdateNodeParams;
import com.enonic.xp.repository.CreateRepositoryParams;
import com.enonic.xp.repository.RepositoryId;
import com.enonic.xp.repository.RepositoryService;
import com.enonic.xp.resource.Resource;
import com.enonic.xp.resource.ResourceKey;
import com.enonic.xp.resource.ResourceService;
import com.enonic.xp.security.PrincipalKey;
import com.enonic.xp.security.RoleKeys;
import com.enonic.xp.security.User;
import com.enonic.xp.security.acl.AccessControlEntry;
import com.enonic.xp.security.acl.AccessControlList;
import com.enonic.xp.security.auth.AuthenticationInfo;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true, service = {LicenseManager.class})
/* loaded from: input_file:com/enonic/lib/license/LicenseManagerImpl.class */
public final class LicenseManagerImpl implements LicenseManager {
    static final int KEY_SIZE = 2048;
    private static final String LICENSE_HEADER = "LICENSE";
    private static final String LIC_FILE_EXT = ".lic";
    private static final String LICENSE_DIR = "license";
    public static final String NODE_LICENSE_PROPERTY = "license";
    private NodeService nodeService;
    private RepositoryService repositoryService;
    private ResourceService resourceService;
    private ApplicationKey currentApp;
    private final Cache<String, Optional<LicenseDetails>> appValidationCache;
    private static final Logger LOG = LoggerFactory.getLogger(LicenseManagerImpl.class);
    public static final RepositoryId REPO_ID = RepositoryId.from("system-repo");
    public static final PrincipalKey MANAGER_ROLE = PrincipalKey.ofRole("com.enonic.app.licensemanager");
    private static final String INSTALLED_LICENSES = "licenses";
    public static final NodePath INSTALLED_LICENSES_PATH = NodePath.create(NodePath.ROOT, INSTALLED_LICENSES).build();

    public LicenseManagerImpl() {
        try {
            this.currentApp = ApplicationKey.from(getClass());
        } catch (NullPointerException e) {
            this.currentApp = null;
        }
        this.appValidationCache = CacheBuilder.newBuilder().maximumSize(10L).expireAfterWrite(20L, TimeUnit.SECONDS).build();
    }

    @Override // com.enonic.lib.license.LicenseManager
    public KeyPair generateKeyPair() {
        KeyPairGenerator rSAKeyPairGenerator = getRSAKeyPairGenerator();
        rSAKeyPairGenerator.initialize(2048);
        return new KeyPair(rSAKeyPairGenerator.genKeyPair());
    }

    @Override // com.enonic.lib.license.LicenseManager
    public String generateLicense(PrivateKey privateKey, LicenseDetails licenseDetails) {
        String encodeToString = Base64.getEncoder().withoutPadding().encodeToString(LicenseDetailsJSONConverter.serialize(licenseDetails).getBytes(StandardCharsets.UTF_8));
        return FormatHelper.asPEM(encodeToString + "." + sign(encodeToString, privateKey.getRsaKey()), LICENSE_HEADER);
    }

    @Override // com.enonic.lib.license.LicenseManager
    public LicenseDetails validateLicense(PublicKey publicKey, String str) {
        String unwrapLicense = unwrapLicense(str);
        int indexOf = unwrapLicense.indexOf(46);
        if (indexOf == -1) {
            return null;
        }
        String substring = unwrapLicense.substring(0, indexOf);
        if (!verify(substring, unwrapLicense.substring(indexOf + 1), publicKey.getRsaKey())) {
            return null;
        }
        try {
            return LicenseDetailsJSONConverter.parse(new String(Base64.getUrlDecoder().decode(substring), StandardCharsets.UTF_8));
        } catch (Exception e) {
            return null;
        }
    }

    @Override // com.enonic.lib.license.LicenseManager
    public LicenseDetails validateLicense(String str) {
        try {
            return (LicenseDetails) ((Optional) this.appValidationCache.get(str, () -> {
                LicenseDetails doValidateLicense = doValidateLicense(str);
                return doValidateLicense == null ? Optional.empty() : Optional.of(doValidateLicense);
            })).orElse(null);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private LicenseDetails doValidateLicense(String str) {
        PublicKey from;
        ApplicationKey applicationKey = this.currentApp;
        Resource resource = this.resourceService.getResource(ResourceKey.from(applicationKey, "/app.pub"));
        if (!resource.exists() || (from = PublicKey.from(resource.readString())) == null) {
            return null;
        }
        if (str == null) {
            str = applicationKey.toString();
        }
        String readLicenseFile = readLicenseFile(str);
        if (readLicenseFile == null) {
            readLicenseFile = readLicenseFromRepo(str);
        }
        if (readLicenseFile == null) {
            return null;
        }
        return validateLicense(from, readLicenseFile);
    }

    @Override // com.enonic.lib.license.LicenseManager
    public boolean installLicense(String str, PublicKey publicKey, String str2) {
        boolean doInstallLicense = doInstallLicense(str, publicKey, str2);
        this.appValidationCache.invalidate(str2);
        return doInstallLicense;
    }

    private boolean doInstallLicense(String str, PublicKey publicKey, String str2) {
        if (validateLicense(publicKey, str) == null) {
            return false;
        }
        Context current = ContextAccessor.current();
        if (!current.getAuthInfo().hasRole(RoleKeys.AUTHENTICATED)) {
            LOG.warn("License could not be installed, user not authenticated");
            return false;
        }
        if (!((Boolean) ContextBuilder.from(current).repositoryId(REPO_ID).branch(Branch.from("master")).authInfo(AuthenticationInfo.create().principals(new PrincipalKey[]{RoleKeys.ADMIN}).user(User.ANONYMOUS).build()).build().callWith(this::initializeRepo)).booleanValue()) {
            return false;
        }
        ContextBuilder.from(current).repositoryId(REPO_ID).branch(Branch.from("master")).build().runWith(() -> {
            storeLicense(str, str2);
        });
        return true;
    }

    @Override // com.enonic.lib.license.LicenseManager
    public boolean uninstallLicense(String str) {
        boolean doUninstallLicense = doUninstallLicense(str);
        this.appValidationCache.invalidate(str);
        return doUninstallLicense;
    }

    private boolean doUninstallLicense(String str) {
        Context current = ContextAccessor.current();
        if (current.getAuthInfo().hasRole(RoleKeys.AUTHENTICATED)) {
            ContextBuilder.from(current).repositoryId(REPO_ID).branch(Branch.from("master")).authInfo(AuthenticationInfo.create().principals(new PrincipalKey[]{RoleKeys.ADMIN}).user(User.ANONYMOUS).build()).build().runWith(() -> {
                if (this.repositoryService.isInitialized(REPO_ID)) {
                    deleteLicense(str);
                }
            });
            return true;
        }
        LOG.warn("License could not be uninstalled, user not authenticated");
        return false;
    }

    private void deleteLicense(String str) {
        this.nodeService.deleteByPath(NodePath.create(INSTALLED_LICENSES_PATH, str).build());
    }

    private void storeLicense(String str, String str2) {
        PropertyTree propertyTree = new PropertyTree();
        propertyTree.setString("license", str);
        NodePath build = NodePath.create(INSTALLED_LICENSES_PATH, str2).build();
        if (this.nodeService.nodeExists(build)) {
            this.nodeService.update(UpdateNodeParams.create().path(build).editor(editableNode -> {
                editableNode.data = propertyTree;
            }).build());
        } else {
            this.nodeService.create(CreateNodeParams.create().parent(INSTALLED_LICENSES_PATH).name(str2).data(propertyTree).inheritPermissions(true).build());
        }
    }

    private boolean initializeRepo() {
        if (!this.repositoryService.isInitialized(REPO_ID)) {
            this.repositoryService.createRepository(CreateRepositoryParams.create().repositoryId(REPO_ID).rootPermissions(AccessControlList.create().add(AccessControlEntry.create().principal(RoleKeys.ADMIN).allowAll().build()).add(AccessControlEntry.create().principal(MANAGER_ROLE).allowAll().build()).build()).build());
        }
        try {
            if (this.nodeService.nodeExists(INSTALLED_LICENSES_PATH)) {
                return true;
            }
            this.nodeService.create(CreateNodeParams.create().name(INSTALLED_LICENSES_PATH.getName()).inheritPermissions(true).parent(NodePath.ROOT).build());
            return true;
        } catch (Exception e) {
            LOG.warn("Could not initialize license repo", e);
            return false;
        }
    }

    private String unwrapLicense(String str) {
        if (str == null) {
            return "";
        }
        List list = (List) Arrays.stream(str.split("\\r?\\n")).map((v0) -> {
            return v0.trim();
        }).filter(str2 -> {
            return !str2.isEmpty();
        }).collect(Collectors.toList());
        if (list.size() < 3) {
            return "";
        }
        String str3 = (String) list.get(0);
        String str4 = (String) list.get(list.size() - 1);
        list.remove(0);
        list.remove(list.size() - 1);
        return (FormatHelper.isPEMHeader(str3, LICENSE_HEADER) && FormatHelper.isPEMFooter(str4, LICENSE_HEADER)) ? (String) list.stream().collect(Collectors.joining("")) : "";
    }

    private String sign(String str, java.security.PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(privateKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return Base64.getEncoder().withoutPadding().encodeToString(signature.sign());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean verify(String str, String str2, java.security.PublicKey publicKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(publicKey);
            signature.update(str.getBytes(StandardCharsets.UTF_8));
            return signature.verify(Base64.getDecoder().decode(str2));
        } catch (Exception e) {
            return false;
        }
    }

    private KeyPairGenerator getRSAKeyPairGenerator() {
        try {
            return KeyPairGenerator.getInstance("RSA");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private String readLicenseFile(String str) {
        Path resolve = HomeDir.get().toFile().toPath().resolve("license").resolve(str + ".lic");
        if (!resolve.toFile().isFile()) {
            return null;
        }
        try {
            return new String(Files.readAllBytes(resolve), StandardCharsets.UTF_8);
        } catch (Exception e) {
            return null;
        }
    }

    private String readLicenseFromRepo(String str) {
        return (String) ContextBuilder.from(ContextAccessor.current()).repositoryId(REPO_ID).branch(Branch.from("master")).authInfo(AuthenticationInfo.create().principals(new PrincipalKey[]{RoleKeys.ADMIN}).user(User.ANONYMOUS).build()).build().callWith(() -> {
            return loadLicense(str);
        });
    }

    private String loadLicense(String str) {
        try {
            Node byPath = this.nodeService.getByPath(NodePath.create(INSTALLED_LICENSES_PATH, str).build());
            if (byPath == null) {
                return null;
            }
            return byPath.data().getString("license");
        } catch (Exception e) {
            return null;
        }
    }

    public void setCurrentApp(ApplicationKey applicationKey) {
        this.currentApp = applicationKey;
    }

    @Reference
    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    @Reference
    public void setResourceService(ResourceService resourceService) {
        this.resourceService = resourceService;
    }

    @Reference
    public void setRepositoryService(RepositoryService repositoryService) {
        this.repositoryService = repositoryService;
    }
}
