package org.springframework.cloud.vault.config;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.util.Objects;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowableTypeAssert;
import org.junit.Test;
import org.springframework.boot.system.SystemProperties;
import org.springframework.cloud.vault.config.VaultProperties;
import org.springframework.core.io.ClassPathResource;
import org.springframework.vault.authentication.AppRoleAuthenticationOptions;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.ClientCertificateAuthentication;
import org.springframework.vault.authentication.PcfAuthentication;
import org.springframework.vault.authentication.TokenAuthentication;
import org.springframework.vault.support.VaultToken;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/springframework/cloud/vault/config/ClientAuthenticationFactoryUnitTests.class */
public class ClientAuthenticationFactoryUnitTests {
    @Test
    public void shouldSupportAppRoleRoleIdProvidedSecretIdProvided() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.getAppRole().setRoleId("foo");
        vaultProperties.getAppRole().setSecretId("bar");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.provided("foo").getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.provided("bar").getClass());
    }

    @Test
    public void shouldSupportAppRoleRoleIdProvidedSecretIdAbsent() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.getAppRole().setRoleId("foo");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.provided("foo").getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.absent().getClass());
    }

    @Test
    public void shouldSupportAppRoleRoleIdProvidedSecretIdPull() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setToken("token");
        vaultProperties.getAppRole().setRoleId("foo");
        vaultProperties.getAppRole().setRole("my-role");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getAppRole()).isEqualTo("my-role");
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.provided("foo").getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.pull(VaultToken.of("token")).getClass());
    }

    @Test
    public void shouldSupportAppRoleFullPull() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setToken("token");
        vaultProperties.getAppRole().setRole("my-role");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getAppRole()).isEqualTo("my-role");
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.pull(VaultToken.of("token")).getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.pull(VaultToken.of("token")).getClass());
    }

    @Test
    public void shouldSupportAppRoleFullWrapped() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setToken("token");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.wrapped(VaultToken.of("token")).getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.wrapped(VaultToken.of("token")).getClass());
    }

    @Test
    public void shouldSupportAppRoleRoleIdWrappedSecretIdProvided() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setToken("token");
        vaultProperties.getAppRole().setSecretId("bar");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.wrapped(VaultToken.of("token")).getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.provided("bar").getClass());
    }

    @Test
    public void shouldSupportAppRoleRoleIdProvidedSecretIdWrapped() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setToken("token");
        vaultProperties.getAppRole().setRoleId("foo");
        AppRoleAuthenticationOptions appRoleAuthenticationOptions = ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        Assertions.assertThat(appRoleAuthenticationOptions.getRoleId()).isInstanceOf(AppRoleAuthenticationOptions.RoleId.provided("foo").getClass());
        Assertions.assertThat(appRoleAuthenticationOptions.getSecretId()).isInstanceOf(AppRoleAuthenticationOptions.SecretId.wrapped(VaultToken.of("token")).getClass());
    }

    @Test
    public void shouldRejectUnconfiguredRoleId() {
        VaultProperties vaultProperties = new VaultProperties();
        Assertions.assertThatThrownBy(() -> {
            ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        }).isInstanceOf(IllegalArgumentException.class);
    }

    @Test
    public void shouldRejectUnconfiguredRoleIdIfRoleNameSet() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.getAppRole().setRole("my-role");
        Assertions.assertThatThrownBy(() -> {
            ClientAuthenticationFactory.getAppRoleAuthenticationOptions(vaultProperties);
        }).isInstanceOf(IllegalArgumentException.class);
    }

    @Test
    public void shouldSupportPcfAuthentication() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setAuthentication(VaultProperties.AuthenticationMethod.PCF);
        vaultProperties.getPcf().setRole("my-role");
        vaultProperties.getPcf().setInstanceKey(new ClassPathResource("bootstrap.yml"));
        vaultProperties.getPcf().setInstanceCertificate(new ClassPathResource("bootstrap.yml"));
        Assertions.assertThat(new ClientAuthenticationFactory(vaultProperties, new RestTemplate(), new RestTemplate()).createClientAuthentication()).isInstanceOf(PcfAuthentication.class);
    }

    @Test
    public void shouldSupportSslCertificateAuthentication() {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setAuthentication(VaultProperties.AuthenticationMethod.CERT);
        vaultProperties.getSsl().setCertAuthPath("bert");
        Assertions.assertThat(new ClientAuthenticationFactory(vaultProperties, new RestTemplate(), new RestTemplate()).createClientAuthentication()).isInstanceOf(ClientCertificateAuthentication.class);
    }

    @Test
    public void shouldSupportTokenFromFile() throws IOException {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setAuthentication(VaultProperties.AuthenticationMethod.TOKEN);
        Path path = Paths.get(SystemProperties.get(new String[]{"user.home"}), ".vault-token");
        Files.write(path, "hello".getBytes(StandardCharsets.UTF_8), StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.CREATE);
        try {
            ClientAuthentication createClientAuthentication = new ClientAuthenticationFactory(vaultProperties, new RestTemplate(), new RestTemplate()).createClientAuthentication();
            Assertions.assertThat(createClientAuthentication).isInstanceOf(TokenAuthentication.class);
            Assertions.assertThat(new String(createClientAuthentication.login().toCharArray())).isEqualTo("hello");
            Files.deleteIfExists(path);
        } catch (Throwable th) {
            Files.deleteIfExists(path);
            throw th;
        }
    }

    @Test
    public void tokenAuthShouldFailIfTokenFileNotExistsAndTokenEmpty() throws IOException {
        VaultProperties vaultProperties = new VaultProperties();
        vaultProperties.setAuthentication(VaultProperties.AuthenticationMethod.TOKEN);
        Files.deleteIfExists(Paths.get(SystemProperties.get(new String[]{"user.home"}), ".vault-token"));
        ClientAuthenticationFactory clientAuthenticationFactory = new ClientAuthenticationFactory(vaultProperties, new RestTemplate(), new RestTemplate());
        ThrowableTypeAssert assertThatIllegalStateException = Assertions.assertThatIllegalStateException();
        Objects.requireNonNull(clientAuthenticationFactory);
        assertThatIllegalStateException.isThrownBy(clientAuthenticationFactory::createClientAuthentication);
    }
}
