package com.neo4j.gds.licensing;

import com.neo4j.gds.shaded.io.jsonwebtoken.ClaimJwtException;
import com.neo4j.gds.shaded.io.jsonwebtoken.Claims;
import com.neo4j.gds.shaded.io.jsonwebtoken.ExpiredJwtException;
import com.neo4j.gds.shaded.io.jsonwebtoken.Jwts;
import com.neo4j.gds.shaded.org.bouncycastle.util.io.pem.PemReader;
import com.neo4j.gds.shaded.org.jetbrains.annotations.NotNull;
import com.neo4j.gds.shaded.org.jetbrains.annotations.Nullable;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import org.neo4j.gds.annotation.ValueClass;
import org.neo4j.gds.utils.StringFormatting;

/* loaded from: input_file:com/neo4j/gds/licensing/SignatureTool.class */
public final class SignatureTool {
    private static final String ENCRYPTION_ALGORITHM = "RSA";

    @ValueClass
    /* loaded from: input_file:com/neo4j/gds/licensing/SignatureTool$LicenseCheckResult.class */
    public interface LicenseCheckResult {
        boolean isValid();

        String message();

        @Nullable
        ZonedDateTime expirationTime();
    }

    public static LicenseCheckResult verify(@NotNull String str) {
        try {
            Claims payload = Jwts.parser().verifyWith(getPublicKey()).build().parseSignedClaims(str).getPayload();
            ZonedDateTime expirationTime = getExpirationTime(payload);
            return !payload.getSubject().equals("neo4j-gds") ? ImmutableLicenseCheckResult.of(false, "License is not valid for the Graph Data Science library. Please contact your system administrator.", expirationTime) : ImmutableLicenseCheckResult.of(true, StringFormatting.formatWithLocale("License valid, %d days left", Long.valueOf(ChronoUnit.DAYS.between(ZonedDateTime.now(ZoneId.systemDefault()), expirationTime))), expirationTime);
        } catch (ExpiredJwtException e) {
            return ImmutableLicenseCheckResult.of(false, StringFormatting.formatWithLocale("License expired on %s", e.getClaims().getExpiration()), getExpirationTime(e.getClaims()));
        } catch (ClaimJwtException e2) {
            return ImmutableLicenseCheckResult.of(false, StringFormatting.formatWithLocale("Could not validate license. Cause: %s", e2.getMessage()), getExpirationTime(e2.getClaims()));
        } catch (Exception e3) {
            return ImmutableLicenseCheckResult.of(false, StringFormatting.formatWithLocale("Could not validate license. Cause: %s", e3.getMessage()), null);
        }
    }

    @NotNull
    private static ZonedDateTime getExpirationTime(Claims claims) {
        return claims.getExpiration().toInstant().atZone(ZoneId.systemDefault());
    }

    private static PublicKey getPublicKey() throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        return KeyFactory.getInstance(ENCRYPTION_ALGORITHM).generatePublic(new X509EncodedKeySpec(new PemReader(new InputStreamReader(SignatureTool.class.getResourceAsStream("/signing-keys/public_key.pem"), StandardCharsets.UTF_8)).readPemObject().getContent()));
    }

    private SignatureTool() {
    }
}
