package io.vertx.config.vault;

import io.vertx.config.ConfigRetriever;
import io.vertx.config.ConfigRetrieverOptions;
import io.vertx.config.ConfigStoreOptions;
import io.vertx.config.impl.ConfigurationProvider;
import io.vertx.config.vault.client.SlimVaultClient;
import io.vertx.config.vault.utils.VaultProcess;
import io.vertx.core.CompositeFuture;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import java.io.IOException;
import java.util.concurrent.atomic.AtomicBoolean;
import org.awaitility.Awaitility;
import org.hamcrest.core.Is;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:io/vertx/config/vault/VaultConfigStoreTestBase.class */
public abstract class VaultConfigStoreTestBase {
    protected static VaultProcess process;
    protected Vertx vertx;
    SlimVaultClient client;
    ConfigRetriever retriever;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public static void setupClass() throws IOException, InterruptedException {
        process = new VaultProcess();
        process.initAndUnsealVault();
        if (!$assertionsDisabled && !process.isRunning()) {
            throw new AssertionError();
        }
    }

    @AfterClass
    public static void tearDownClass() {
        process.shutdown();
    }

    @Before
    public void setup(TestContext testContext) {
        Async async = testContext.async();
        this.vertx = Vertx.vertx();
        this.client = new SlimVaultClient(this.vertx, process.getConfigurationWithRootToken());
        JsonObject put = new JsonObject().put("message", "hello").put("counter", 10).put("nested", new JsonObject().put("foo", "bar")).put("props", "key=val\nkey2=5\n");
        Promise promise = Promise.promise();
        this.client.write("secret/app/foo", put, asyncResult -> {
            if (asyncResult.failed()) {
                asyncResult.cause().printStackTrace();
            }
            testContext.assertTrue(asyncResult.succeeded());
            this.client.write("secret/app/update", put, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                promise.complete();
            });
        });
        Promise promise2 = Promise.promise();
        this.client.write("secret-v2/data/app/foo", new JsonObject().put("data", put), asyncResult2 -> {
            if (asyncResult2.failed()) {
                asyncResult2.cause().printStackTrace();
            }
            testContext.assertTrue(asyncResult2.succeeded());
            this.client.write("secret-v2/data/app/update", new JsonObject().put("data", put), asyncResult2 -> {
                testContext.assertTrue(asyncResult2.succeeded());
                promise2.complete();
            });
        });
        CompositeFuture.all(promise.future(), promise2.future()).setHandler(asyncResult3 -> {
            this.vertx.executeBlocking(promise3 -> {
                configureVault();
                promise3.complete();
            }, asyncResult3 -> {
                async.complete();
            });
        });
    }

    protected void configureVault() {
    }

    @After
    public void tearDown(TestContext testContext) {
        if (this.retriever != null) {
            this.retriever.close();
        }
        this.vertx.close(testContext.asyncAssertSuccess());
    }

    @Test
    public void testAccessToSecretV1(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            JsonObject jsonObject = (JsonObject) asyncResult.result();
            testContext.assertEquals("hello", jsonObject.getString("message"));
            testContext.assertEquals(10, jsonObject.getInteger("counter"));
            async.complete();
        });
    }

    @Test
    public void testAccessToSecretV2(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret-v2/data/app/foo"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            JsonObject jsonObject = (JsonObject) asyncResult.result();
            testContext.assertEquals("hello", jsonObject.getString("message"));
            testContext.assertEquals(10, jsonObject.getInteger("counter"));
            async.complete();
        });
    }

    @Test
    public void testAccessToNestedContentFromSecretV1(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo").put("key", "nested"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            if (asyncResult.failed()) {
                asyncResult.cause().printStackTrace();
            }
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertEquals(((JsonObject) asyncResult.result()).getString("foo"), "bar");
            async.complete();
        });
    }

    @Test
    public void testAccessToNestedContentFromSecretV2(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret-v2/data/app/foo").put("key", "nested"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            if (asyncResult.failed()) {
                asyncResult.cause().printStackTrace();
            }
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertEquals(((JsonObject) asyncResult.result()).getString("foo"), "bar");
            async.complete();
        });
    }

    @Test
    public void testAccessToNestedContentAsPropertiesFromSecretV1(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setFormat("properties").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo").put("key", "props"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            JsonObject jsonObject = (JsonObject) asyncResult.result();
            testContext.assertEquals(jsonObject.getString("key"), "val");
            testContext.assertEquals(jsonObject.getInteger("key2"), 5);
            async.complete();
        });
    }

    @Test
    public void testAccessToNestedContentAsPropertiesFromSecretV2(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setFormat("properties").setConfig(getRetrieverConfiguration().copy().put("path", "secret-v2/data/app/foo").put("key", "props"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            JsonObject jsonObject = (JsonObject) asyncResult.result();
            testContext.assertEquals(jsonObject.getString("key"), "val");
            testContext.assertEquals(jsonObject.getInteger("key2"), 5);
            async.complete();
        });
    }

    @Test
    public void testConfigurationUpdates(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/update"))).setScanPeriod(1000L));
        Async async = testContext.async();
        this.retriever.configStream().handler(jsonObject -> {
            if (jsonObject.getString("message").equals("bonjour") && jsonObject.getInteger("counter").intValue() == 11 && jsonObject.getBoolean("enabled").booleanValue()) {
                async.complete();
            }
        });
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertEquals("hello", ((JsonObject) asyncResult.result()).getString("message"));
            atomicBoolean.set(true);
        });
        Awaitility.await().untilAtomic(atomicBoolean, Is.is(true));
        process.run("write -ca-cert=target/vault/config/ssl/cert.pem secret/app/update @src/test/resources/some-secret.json");
    }

    @Test
    public void testRetrievingAMissingSecret(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/missing"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertTrue(((JsonObject) asyncResult.result()).isEmpty());
            async.complete();
        });
    }

    @Test
    public void testRetrievingAKeyFromAMissingSecret(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/missing").put("key", "missing"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertTrue(((JsonObject) asyncResult.result()).isEmpty());
            async.complete();
        });
    }

    @Test
    public void testRetrievingAMissingKey(TestContext testContext) {
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo").put("key", "missing"))));
        Async async = testContext.async();
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertTrue(((JsonObject) asyncResult.result()).isEmpty());
            async.complete();
        });
    }

    @Test
    public void testWithRevokedRootToken(TestContext testContext) {
        Async async = testContext.async();
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo"))));
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertEquals("hello", ((JsonObject) asyncResult.result()).getString("message"));
            this.vertx.executeBlocking(promise -> {
                process.run("token revoke -ca-cert=target/vault/config/ssl/cert.pem -self");
                process.shutdown();
                process.initAndUnsealVault();
                promise.complete();
            }, asyncResult -> {
                this.retriever.getConfig(asyncResult -> {
                    testContext.assertTrue(asyncResult.failed());
                    String message = asyncResult.cause().getMessage();
                    testContext.assertTrue(message.contains("permission denied"), "Was expected <" + message + "> to contain <permission denied>");
                    async.complete();
                });
            });
        });
    }

    @Test
    public void testWithSealedVault(TestContext testContext) {
        Async async = testContext.async();
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo"))));
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertEquals("hello", ((JsonObject) asyncResult.result()).getString("message"));
            this.vertx.executeBlocking(promise -> {
                process.run("operator seal -ca-cert=target/vault/config/ssl/cert.pem");
                promise.complete();
            }, asyncResult -> {
                this.retriever.getConfig(asyncResult -> {
                    testContext.assertTrue(asyncResult.failed());
                    testContext.assertTrue(asyncResult.cause().getMessage().contains("Vault is sealed"));
                    this.vertx.executeBlocking(promise2 -> {
                        process.unseal();
                        promise2.complete();
                    }, asyncResult -> {
                        testContext.assertTrue(asyncResult.succeeded());
                        async.complete();
                    });
                });
            });
        });
    }

    @Test
    public void testWithRevokedToken(TestContext testContext) {
        Async async = testContext.async();
        this.retriever = ConfigRetriever.create(this.vertx, new ConfigRetrieverOptions().addStore(new ConfigStoreOptions().setType("vault").setConfig(getRetrieverConfiguration().copy().put("path", "secret/app/foo"))));
        this.retriever.getConfig(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertEquals("hello", ((JsonObject) asyncResult.result()).getString("message"));
            this.vertx.executeBlocking(promise -> {
                process.run("token revoke -ca-cert=target/vault/config/ssl/cert.pem " + extractCurrentToken());
                promise.complete();
            }, asyncResult -> {
                this.retriever.getConfig(asyncResult -> {
                    testContext.assertTrue(asyncResult.failed());
                    testContext.assertTrue(asyncResult.cause().getMessage().contains("permission denied"));
                    async.complete();
                });
            });
        });
    }

    private String extractCurrentToken() {
        for (ConfigurationProvider configurationProvider : this.retriever.getProviders()) {
            if (configurationProvider.getStore() instanceof VaultConfigStore) {
                return configurationProvider.getStore().getVaultClient().getToken();
            }
        }
        return null;
    }

    protected abstract JsonObject getRetrieverConfiguration();

    static {
        $assertionsDisabled = !VaultConfigStoreTestBase.class.desiredAssertionStatus();
    }
}
