package io.airlift.secrets.keystore;

import com.google.inject.Inject;
import io.airlift.spi.secrets.SecretProvider;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:io/airlift/secrets/keystore/KeystoreSecretProvider.class */
public class KeystoreSecretProvider implements SecretProvider {
    private final KeyStore keyStore;
    private final char[] keystorePassword;

    @Inject
    public KeystoreSecretProvider(KeystoreSecretProviderConfig keystoreSecretProviderConfig) throws GeneralSecurityException, IOException {
        this.keystorePassword = keystoreSecretProviderConfig.getKeyStorePassword().toCharArray();
        this.keyStore = KeyStore.getInstance(keystoreSecretProviderConfig.getKeyStoreType());
        this.keyStore.load(new FileInputStream(keystoreSecretProviderConfig.getKeyStoreFilePath()), this.keystorePassword);
    }

    public String resolveSecretValue(String str) {
        try {
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) this.keyStore.getEntry(str, new KeyStore.PasswordProtection(this.keystorePassword));
            if (secretKeyEntry == null) {
                throw new RuntimeException("Key not found in keystore: " + str);
            }
            return new String(((PBEKeySpec) SecretKeyFactory.getInstance("PBE").getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class)).getPassword());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }
}
