package com.atlassian.studio.confluence.maintainer;

import com.atlassian.bandana.BandanaManager;
import com.atlassian.confluence.security.persistence.dao.hibernate.AliasedKey;
import com.atlassian.confluence.security.trust.ConfluenceTrustedApplication;
import com.atlassian.confluence.security.trust.KeyStore;
import com.atlassian.confluence.security.trust.TrustedApplicationIpRestriction;
import com.atlassian.confluence.security.trust.TrustedApplicationsManager;
import com.atlassian.confluence.setup.bandana.ConfluenceBandanaContext;
import com.atlassian.hibernate.PluginHibernateSessionFactory;
import com.atlassian.sal.api.transaction.TransactionCallback;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import com.atlassian.security.auth.trustedapps.EncryptionProvider;
import com.atlassian.spring.container.ContainerManager;
import com.atlassian.studio.core.setup.TrustedAppsMaintainer;
import com.atlassian.studio.host.common.DataSetupException;
import com.atlassian.studio.host.common.StudioInfo;
import com.atlassian.studio.host.common.initialdata.InitialDataService;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Iterator;
import net.sf.hibernate.HibernateException;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/atlassian/studio/confluence/maintainer/ConfluenceTrustedAppsMaintainer.class */
public class ConfluenceTrustedAppsMaintainer implements TrustedAppsMaintainer {
    private final InitialDataService initialDataService;
    private final BandanaManager bandanaManager;
    private final EncryptionProvider encryptionProvider;
    private final TrustedApplicationsManager trustedApplicationsManager;
    private final StudioInfo studioInfo;
    private final TransactionTemplate transactionTemplate;
    private final PluginHibernateSessionFactory pluginHibernateSessionFactory;

    public ConfluenceTrustedAppsMaintainer(InitialDataService initialDataService, BandanaManager bandanaManager, EncryptionProvider encryptionProvider, TrustedApplicationsManager trustedApplicationsManager, StudioInfo studioInfo, TransactionTemplate transactionTemplate, PluginHibernateSessionFactory pluginHibernateSessionFactory) {
        this.initialDataService = initialDataService;
        this.bandanaManager = bandanaManager;
        this.encryptionProvider = encryptionProvider;
        this.trustedApplicationsManager = trustedApplicationsManager;
        this.studioInfo = studioInfo;
        this.transactionTemplate = transactionTemplate;
        this.pluginHibernateSessionFactory = pluginHibernateSessionFactory;
    }

    public synchronized void maintainTrustedApps() throws DataSetupException {
        KeyStore keyStore = (KeyStore) ContainerManager.getComponent("keyStoreDao");
        try {
            Iterator it = this.trustedApplicationsManager.getAllTrustedApplications().iterator();
            while (it.hasNext()) {
                this.trustedApplicationsManager.deleteTrustedApplication((ConfluenceTrustedApplication) it.next());
            }
            this.transactionTemplate.execute(new TransactionCallback() { // from class: com.atlassian.studio.confluence.maintainer.ConfluenceTrustedAppsMaintainer.1
                public Object doInTransaction() {
                    try {
                        ConfluenceTrustedAppsMaintainer.this.pluginHibernateSessionFactory.getSession().delete("from AliasedKey");
                        return null;
                    } catch (HibernateException e) {
                        throw new RuntimeException("Error removing keys from the keystore", e);
                    }
                }
            });
            PublicKey publicKey = this.encryptionProvider.toPublicKey(Base64.decodeBase64(this.initialDataService.getInitialData().getTrustedApps().getPublicKey().getBytes()));
            keyStore.storeKeyPair(this.initialDataService.getDerivedData().getDomain(), new KeyPair(publicKey, this.encryptionProvider.toPrivateKey(Base64.decodeBase64(this.initialDataService.getInitialData().getTrustedApps().getPrivateKey().getBytes()))));
            ConfluenceTrustedApplication confluenceTrustedApplication = new ConfluenceTrustedApplication();
            confluenceTrustedApplication.setName("studio");
            AliasedKey aliasedKey = new AliasedKey();
            aliasedKey.setAlias(this.initialDataService.getDerivedData().getDomain());
            aliasedKey.setKey(publicKey);
            confluenceTrustedApplication.setPublicKey(aliasedKey);
            confluenceTrustedApplication.setRequestTimeout(10000);
            confluenceTrustedApplication.addRestriction(new TrustedApplicationIpRestriction("127.0.0.*"));
            this.trustedApplicationsManager.saveTrustedApplication(confluenceTrustedApplication);
            this.bandanaManager.setValue(ConfluenceBandanaContext.GLOBAL_CONTEXT, "studio.trustedapps.current.application.id", this.initialDataService.getDerivedData().getDomain());
        } catch (GeneralSecurityException e) {
            throw new DataSetupException("Error configuring trusted apps keys", e);
        }
    }

    public KeyPair getKeyPair() {
        return ((KeyStore) ContainerManager.getComponent("keyStoreDao")).getKeyPair(this.studioInfo.getStudioDomain());
    }
}
