package org.springframework.cloud.vault.config;

import java.net.URI;
import java.time.Duration;
import java.util.concurrent.atomic.AtomicLong;
import java.util.function.Function;
import org.assertj.core.api.Assertions;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.beans.factory.config.BeanDefinitionCustomizer;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.test.context.FilteredClassLoader;
import org.springframework.boot.test.context.assertj.ApplicationContextAssert;
import org.springframework.boot.test.context.runner.ApplicationContextRunner;
import org.springframework.cloud.vault.config.VaultAutoConfiguration;
import org.springframework.cloud.vault.config.VaultReactiveAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.vault.authentication.AuthenticationSteps;
import org.springframework.vault.authentication.AuthenticationStepsFactory;
import org.springframework.vault.authentication.CachingVaultTokenSupplier;
import org.springframework.vault.authentication.LifecycleAwareSessionManager;
import org.springframework.vault.authentication.ReactiveSessionManager;
import org.springframework.vault.authentication.SessionManager;
import org.springframework.vault.authentication.SimpleSessionManager;
import org.springframework.vault.authentication.VaultTokenSupplier;
import org.springframework.vault.client.ReactiveVaultEndpointProvider;
import org.springframework.vault.client.VaultEndpoint;
import org.springframework.vault.client.WebClientFactory;
import org.springframework.vault.core.ReactiveVaultOperations;
import org.springframework.vault.core.ReactiveVaultTemplate;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientRequestException;
import reactor.core.publisher.Mono;
import reactor.test.StepVerifier;

/* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveAutoConfigurationTests.class */
public class VaultReactiveAutoConfigurationTests {
    private final ApplicationContextRunner contextRunner = new ApplicationContextRunner().withConfiguration(AutoConfigurations.of(new Class[]{VaultReactiveAutoConfiguration.class}));

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveAutoConfigurationTests$AuthenticationFactoryConfiguration.class */
    static class AuthenticationFactoryConfiguration {
        AuthenticationFactoryConfiguration() {
        }

        @Bean
        AuthenticationStepsFactory authenticationStepsFactory() {
            return () -> {
                return AuthenticationSteps.just(VaultToken.of("foo"));
            };
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveAutoConfigurationTests$CustomConnector.class */
    static class CustomConnector {
        CustomConnector() {
        }

        @Bean
        VaultReactiveAutoConfiguration.ClientHttpConnectorWrapper myWrapper() {
            ClientHttpConnector clientHttpConnector = (ClientHttpConnector) Mockito.mock(ClientHttpConnector.class);
            Mockito.when(clientHttpConnector.connect((HttpMethod) ArgumentMatchers.any(), (URI) ArgumentMatchers.any(), (Function) ArgumentMatchers.any())).thenReturn(Mono.error(new UnsupportedOperationException()));
            return new VaultReactiveAutoConfiguration.ClientHttpConnectorWrapper(clientHttpConnector);
        }
    }

    @Configuration
    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveAutoConfigurationTests$CustomSessionManager.class */
    static class CustomSessionManager {
        CustomSessionManager() {
        }

        @Bean
        ReactiveSessionManager reactiveVaultSessionManager(VaultTokenSupplier vaultTokenSupplier) {
            vaultTokenSupplier.getClass();
            return vaultTokenSupplier::getVaultToken;
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveAutoConfigurationTests$ReactiveEndpointProviderConfiguration.class */
    static class ReactiveEndpointProviderConfiguration {
        ReactiveEndpointProviderConfiguration() {
        }

        @Bean
        ReactiveVaultEndpointProvider reactiveVaultEndpointProvider() {
            AtomicLong atomicLong = new AtomicLong();
            return () -> {
                return Mono.fromSupplier(() -> {
                    VaultEndpoint vaultEndpoint = new VaultEndpoint();
                    vaultEndpoint.setHost("foobar-" + atomicLong.incrementAndGet());
                    return vaultEndpoint;
                });
            };
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/vault/config/VaultReactiveAutoConfigurationTests$TokenSupplierConfiguration.class */
    static class TokenSupplierConfiguration {
        TokenSupplierConfiguration() {
        }

        @Bean
        VaultTokenSupplier vaultTokenSupplier() {
            AtomicLong atomicLong = new AtomicLong();
            return () -> {
                return Mono.just(VaultToken.of("token-" + atomicLong.incrementAndGet()));
            };
        }
    }

    @Test
    public void shouldConfigureTemplate() {
        this.contextRunner.withUserConfiguration(new Class[]{AuthenticationFactoryConfiguration.class}).withPropertyValues(new String[]{"spring.cloud.vault.session.lifecycle.enabled=false"}).run(assertableApplicationContext -> {
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).hasSingleBean(ReactiveVaultOperations.class);
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).hasSingleBean(AuthenticationStepsFactory.class);
            Assertions.assertThat(assertableApplicationContext.getBean(SessionManager.class)).isNotNull().isNotInstanceOf(LifecycleAwareSessionManager.class).isNotInstanceOf(SimpleSessionManager.class);
            Assertions.assertThat(assertableApplicationContext.getBeanNamesForType(WebClient.class)).isEmpty();
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).hasSingleBean(WebClientFactory.class);
        });
    }

    @Test
    public void shouldNotConfigureIfHttpClientIsMissing() {
        this.contextRunner.withUserConfiguration(new Class[]{AuthenticationFactoryConfiguration.class}).withClassLoader(new FilteredClassLoader(new String[]{"reactor.netty.http.client.HttpClient"})).run(assertableApplicationContext -> {
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).doesNotHaveBean(ReactiveVaultOperations.class);
        });
    }

    @Test
    public void shouldConfigureTemplateWithTokenSupplier() {
        this.contextRunner.withUserConfiguration(new Class[]{TokenSupplierConfiguration.class}).withPropertyValues(new String[]{"spring.cloud.vault.session.lifecycle.enabled=false"}).run(assertableApplicationContext -> {
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).hasSingleBean(ReactiveVaultOperations.class);
            Assertions.assertThat(assertableApplicationContext.getBean(SessionManager.class)).isNotNull().isNotInstanceOf(LifecycleAwareSessionManager.class).isNotInstanceOf(SimpleSessionManager.class);
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).doesNotHaveBean(WebClient.class);
        });
    }

    @Test
    public void shouldNotConfigureReactiveSupport() {
        this.contextRunner.withUserConfiguration(new Class[]{VaultAutoConfiguration.class}).withPropertyValues(new String[]{"spring.cloud.vault.reactive.enabled=false", "spring.cloud.vault.token=foo"}).run(assertableApplicationContext -> {
            ((ApplicationContextAssert) Assertions.assertThat(assertableApplicationContext)).doesNotHaveBean(ReactiveVaultTemplate.class).doesNotHaveBean(ReactiveVaultOperations.class);
            Assertions.assertThat(assertableApplicationContext.getBean(SessionManager.class)).isInstanceOf(LifecycleAwareSessionManager.class);
        });
    }

    @Test
    public void sessionManagerBridgeShouldNotCacheTokens() {
        this.contextRunner.withUserConfiguration(new Class[]{TokenSupplierConfiguration.class, CustomSessionManager.class}).run(assertableApplicationContext -> {
            SessionManager sessionManager = (SessionManager) assertableApplicationContext.getBean(SessionManager.class);
            Assertions.assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-1");
            Assertions.assertThat(sessionManager.getSessionToken().getToken()).isEqualTo("token-2");
        });
    }

    @Test
    public void shouldDisableSessionManagement() {
        this.contextRunner.withPropertyValues(new String[]{"spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo", "spring.cloud.vault.session.lifecycle.enabled=false"}).withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> {
            return Mono::empty;
        }, new BeanDefinitionCustomizer[0]).withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class, () -> {
            return new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler());
        }, new BeanDefinitionCustomizer[0]).run(assertableApplicationContext -> {
            Assertions.assertThat((ReactiveSessionManager) assertableApplicationContext.getBean(ReactiveSessionManager.class)).isExactlyInstanceOf(CachingVaultTokenSupplier.class);
        });
    }

    @Test
    public void shouldConfigureSessionManagement() {
        this.contextRunner.withPropertyValues(new String[]{"spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo", "spring.cloud.vault.session.lifecycle.refresh-before-expiry=11s", "spring.cloud.vault.session.lifecycle.expiry-threshold=12s"}).withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> {
            return Mono::empty;
        }, new BeanDefinitionCustomizer[0]).withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class, () -> {
            return new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler());
        }, new BeanDefinitionCustomizer[0]).run(assertableApplicationContext -> {
            Assertions.assertThat(ReflectionTestUtils.getField((ReactiveSessionManager) assertableApplicationContext.getBean(ReactiveSessionManager.class), "refreshTrigger")).hasFieldOrPropertyWithValue("duration", Duration.ofSeconds(11L)).hasFieldOrPropertyWithValue("expiryThreshold", Duration.ofSeconds(12L));
        });
    }

    @Test
    public void shouldConfigureEndpointProvider() {
        this.contextRunner.withPropertyValues(new String[]{"spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo", "spring.cloud.vault.session.lifecycle.enabled=false"}).withUserConfiguration(new Class[]{ReactiveEndpointProviderConfiguration.class}).withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> {
            return Mono::empty;
        }, new BeanDefinitionCustomizer[0]).withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class, () -> {
            return new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler());
        }, new BeanDefinitionCustomizer[0]).run(assertableApplicationContext -> {
            WebClient create = ((WebClientFactory) assertableApplicationContext.getBean(WebClientFactory.class)).create();
            ((StepVerifier.FirstStep) create.get().uri("foo", new Object[0]).retrieve().bodyToMono(String.class).as((v0) -> {
                return StepVerifier.create(v0);
            })).verifyErrorMatches(th -> {
                return th.getMessage().contains("foobar-1");
            });
            ((StepVerifier.FirstStep) create.get().uri("foo", new Object[0]).retrieve().bodyToMono(String.class).as((v0) -> {
                return StepVerifier.create(v0);
            })).verifyErrorMatches(th2 -> {
                return th2.getMessage().contains("foobar-2");
            });
        });
    }

    @Test
    public void shouldConsiderCustomConnector() {
        this.contextRunner.withPropertyValues(new String[]{"spring.cloud.vault.kv.enabled=false", "spring.cloud.vault.token=foo", "spring.cloud.vault.session.lifecycle.enabled=false"}).withUserConfiguration(new Class[]{CustomConnector.class}).withBean("vaultTokenSupplier", VaultTokenSupplier.class, () -> {
            return () -> {
                return Mono.just(VaultToken.of("foo".toCharArray()));
            };
        }, new BeanDefinitionCustomizer[0]).withBean("taskSchedulerWrapper", VaultAutoConfiguration.TaskSchedulerWrapper.class, () -> {
            return new VaultAutoConfiguration.TaskSchedulerWrapper(new ThreadPoolTaskScheduler());
        }, new BeanDefinitionCustomizer[0]).run(assertableApplicationContext -> {
            ((StepVerifier.FirstStep) ((ReactiveVaultOperations) assertableApplicationContext.getBean(ReactiveVaultOperations.class)).delete("foo").as((v0) -> {
                return StepVerifier.create(v0);
            })).verifyError(WebClientRequestException.class);
        });
    }
}
