package org.keycloak.vault;

import java.io.File;
import java.lang.invoke.MethodHandles;
import java.util.List;
import java.util.Optional;
import org.jboss.logging.Logger;
import org.keycloak.vault.AbstractVaultProviderFactory;

/* loaded from: input_file:org/keycloak/vault/AbstractVaultProvider.class */
public abstract class AbstractVaultProvider implements VaultProvider {
    private static final Logger logger = Logger.getLogger(MethodHandles.lookup().lookupClass());
    protected final String realm;
    protected final List<VaultKeyResolver> resolvers;

    public AbstractVaultProvider(String str, List<VaultKeyResolver> list) {
        this.realm = str;
        this.resolvers = list;
    }

    public VaultRawSecret obtainSecret(String str) {
        for (VaultKeyResolver vaultKeyResolver : this.resolvers) {
            String str2 = (String) vaultKeyResolver.apply(this.realm, str);
            if (!validate(vaultKeyResolver, str, str2)) {
                logger.warnf("Validation failed for secret %s with resolved key %s", str, str2);
                return DefaultVaultRawSecret.forBuffer(Optional.empty());
            }
        }
        for (VaultKeyResolver vaultKeyResolver2 : this.resolvers) {
            String str3 = (String) vaultKeyResolver2.apply(this.realm, str);
            VaultRawSecret obtainSecretInternal = obtainSecretInternal(str3);
            if (obtainSecretInternal != null && obtainSecretInternal.get().isPresent()) {
                return obtainSecretInternal;
            }
            checkForLegacyKey(vaultKeyResolver2, str, str3);
        }
        return DefaultVaultRawSecret.forBuffer(Optional.empty());
    }

    private void checkForLegacyKey(VaultKeyResolver vaultKeyResolver, String str, String str2) {
        String replaceAll;
        VaultRawSecret obtainSecretInternal;
        if (vaultKeyResolver == AbstractVaultProviderFactory.AvailableResolvers.KEY_ONLY.getVaultKeyResolver() && str.contains("_") && (obtainSecretInternal = obtainSecretInternal((replaceAll = str.replaceAll("__", "_")))) != null && obtainSecretInternal.get().isPresent()) {
            logger.warnf("Secret was found using legacy key '%s'. Please rename the key to '%s' and repeat the action.", replaceAll, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validate(VaultKeyResolver vaultKeyResolver, String str, String str2) {
        if (!str.contains(File.separator)) {
            return true;
        }
        logger.warnf("Key %s contains invalid file separator character", str);
        return false;
    }

    protected abstract VaultRawSecret obtainSecretInternal(String str);
}
