package org.keycloak.vault;

import jakarta.annotation.Nonnull;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.nio.ByteBuffer;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Optional;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/keycloak/vault/FilesKeystoreVaultProvider.class */
public class FilesKeystoreVaultProvider extends AbstractVaultProvider {
    private static final Logger logger = Logger.getLogger(MethodHandles.lookup().lookupClass());
    private final Path keystorePath;
    private final String keystorePass;
    private final String keystoreType;

    public FilesKeystoreVaultProvider(@Nonnull Path path, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull List<VaultKeyResolver> list) {
        super(str3, list);
        this.keystorePath = path;
        this.keystorePass = str;
        this.keystoreType = str2;
        logger.debugf("KeystoreVaultProvider will operate in %s directory", path.toAbsolutePath());
    }

    @Override // org.keycloak.vault.AbstractVaultProvider
    protected VaultRawSecret obtainSecretInternal(String str) {
        try {
            if (!Files.exists(this.keystorePath.toRealPath(new LinkOption[0]), new LinkOption[0])) {
                throw new VaultNotFoundException("The keystore file for Keycloak Vault was not found");
            }
            KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
            keyStore.load(Files.newInputStream(this.keystorePath.toRealPath(new LinkOption[0]), new OpenOption[0]), this.keystorePass.toCharArray());
            Key key = keyStore.getKey(str, this.keystorePass.toCharArray());
            if (key != null) {
                return DefaultVaultRawSecret.forBuffer(Optional.of(ByteBuffer.wrap(new String(key.getEncoded()).getBytes())));
            }
            logger.warnf("Cannot find secret %s in %s", str, this.keystorePath);
            return DefaultVaultRawSecret.forBuffer(Optional.empty());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public void close() {
    }
}
