package org.springframework.cloud.config.server.environment.vault;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.cloud.config.server.environment.VaultEnvironmentProperties;
import org.springframework.cloud.config.server.environment.vault.SpringVaultClientConfiguration;
import org.springframework.cloud.config.server.environment.vault.authentication.AppRoleClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.AwsEc2ClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.AwsIamClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.AzureMsiClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.CertificateClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.CubbyholeClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.GcpGceClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.GcpIamClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.KubernetesClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.PcfClientAuthenticationProvider;
import org.springframework.cloud.config.server.environment.vault.authentication.TokenClientAuthenticationProvider;
import org.springframework.core.io.ClassPathResource;
import org.springframework.vault.authentication.AppRoleAuthentication;
import org.springframework.vault.authentication.AwsEc2Authentication;
import org.springframework.vault.authentication.AwsIamAuthentication;
import org.springframework.vault.authentication.AzureMsiAuthentication;
import org.springframework.vault.authentication.ClientAuthentication;
import org.springframework.vault.authentication.ClientCertificateAuthentication;
import org.springframework.vault.authentication.CubbyholeAuthentication;
import org.springframework.vault.authentication.GcpComputeAuthentication;
import org.springframework.vault.authentication.GcpIamAuthentication;
import org.springframework.vault.authentication.KubernetesAuthentication;
import org.springframework.vault.authentication.PcfAuthentication;
import org.springframework.vault.authentication.TokenAuthentication;
import org.springframework.vault.support.SslConfiguration;

/* loaded from: input_file:org/springframework/cloud/config/server/environment/vault/SpringVaultClientConfigurationTests.class */
class SpringVaultClientConfigurationTests {
    private VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
    private List<SpringVaultClientAuthenticationProvider> authProviders;

    SpringVaultClientConfigurationTests() {
    }

    @BeforeEach
    public void setUp() {
        this.authProviders = Arrays.asList(new AppRoleClientAuthenticationProvider(), new AwsEc2ClientAuthenticationProvider(), new AwsIamClientAuthenticationProvider(), new AzureMsiClientAuthenticationProvider(), new CertificateClientAuthenticationProvider(), new CubbyholeClientAuthenticationProvider(), new GcpGceClientAuthenticationProvider(), new GcpIamClientAuthenticationProvider(), new KubernetesClientAuthenticationProvider(), new PcfClientAuthenticationProvider(), new TokenClientAuthenticationProvider());
    }

    @Test
    public void defaultAuthentication() {
        assertClientAuthenticationOfType(this.properties, SpringVaultClientConfiguration.ConfigTokenProviderAuthentication.class);
    }

    @Test
    public void appRoleAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.APPROLE);
        this.properties.getAppRole().setRoleId("role-id");
        assertClientAuthenticationOfType(this.properties, AppRoleAuthentication.class);
    }

    @Test
    public void awsEc2Authentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.AWS_EC2);
        this.properties.getAwsEc2().setRole("server");
        this.properties.getAwsEc2().setAwsEc2Path("aws-ec2");
        assertClientAuthenticationOfType(this.properties, AwsEc2Authentication.class);
    }

    @Test
    public void awsIamAuthentication() {
        System.setProperty("aws.accessKeyId", "access-key-id");
        System.setProperty("aws.secretKey", "secret-key");
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.AWS_IAM);
        this.properties.getAwsIam().setRole("server");
        this.properties.getAwsIam().setAwsPath("aws-iam");
        assertClientAuthenticationOfType(this.properties, AwsIamAuthentication.class);
    }

    @Test
    public void azureMsiAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.AZURE_MSI);
        this.properties.getAzureMsi().setRole("server");
        this.properties.getAzureMsi().setAzurePath("azure-msi");
        assertClientAuthenticationOfType(this.properties, AzureMsiAuthentication.class);
    }

    @Test
    public void clientCertificateAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.CERT);
        assertClientAuthenticationOfType(this.properties, ClientCertificateAuthentication.class);
    }

    @Test
    public void cubbyholeAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.CUBBYHOLE);
        this.properties.setToken("token");
        assertClientAuthenticationOfType(this.properties, CubbyholeAuthentication.class);
    }

    @Test
    public void gcpComputeAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.GCP_GCE);
        this.properties.getGcpGce().setRole("server");
        this.properties.getGcpGce().setServiceAccount("service-account");
        assertClientAuthenticationOfType(this.properties, GcpComputeAuthentication.class);
    }

    @Test
    public void gcpIamAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.GCP_IAM);
        this.properties.getGcpIam().setRole("server");
        this.properties.getGcpIam().setProjectId("project");
        this.properties.getGcpIam().setServiceAccountId("service-account");
        this.properties.getGcpIam().getCredentials().setEncodedKey(base64("{  \"type\": \"service_account\",  \"project_id\": \"project\",  \"private_key_id\": \"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\",  \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5qHafKgP/FAKE\\nxfRl0i47zXKbGQJvGAGpcmiXRgeWkZp+kwNwBguOYNwO1qDcmewKvMPazj7EL0hV\\nXMkPxgshZ9ZSxPwg7/XHHcyGCYBJhDc2hyunQvc2WGUOlQKg/nOlq3Dg8d9c/0yF\\nmFOh2K+IrbV6Vqs3nXsupV1q2FbUCVg6NGB0HCdTBZO4e36tmcaWgC1cKTv/Nh+j\\nf2Bf7qBTk0GOL9AjKoa/HP24Yto5zFoOFLU+2ZkVbb8hhO8OMUKW8dLIynqqRqwv\\noI8e4oiHX3dBvwcS0zZkEUtQiDI80OCbU7ZhPgn5xQpndanD9dZ4TYSgKuXRVTzr\\n1cyoyP7HAgMBAAECggEAV2fOYOSg+V60WvYhN4aaKaFxoT9G/BJrReENCJr5m5N1\\nDr4b0jOmYSOMtpepJ/J3RB7Wfj63Ihm4jieeqQRt3Q5Lwq/mm4MdTN7kmP4EHZhX\\nfh5pGNfYFwfKm/DfSfhBbe+mtuBobhnrZsHuLbYb/db6J1yCQy6q/azwrAqp5iyq\\nGjNN+WiDIcrydPKKiaszMnb9mNH+Y6Ianx1mvSLT35nBEF6Z4rJVERl26diOoo3I\\nF6WadIwTqcoLo5duUO3SaHKKLcoSEEaGkutuTCHcFOzhvZrXbuIyD567Vp5oVFe9\\nSHN10vceQQdWPh2UsKrVQfIdc70+9tlslka5X6BbIQKBgQDss/APs65NNev2lPdb\\nJzdd+0YwKEQXeENWkU1xJJkNH/wF0ZGuYxoKafZR0efs1LnrbaPfHveFCnUcDuXU\\nyDnzG2zMw1Q72F8eGHpLItPSh0ZkfSlN58uM1oYMdTFUE6ezlOYEnKIYdhjmQWiE\\nuEa1G4ZW0aX0NLICet597GnLKQKBgQDIyzRVbOOzOxGUgrWT0RPT12VVNCn7edn1\\nUWLKDl4L2uF8vE4g8WW7gwNkVbuO3VPKqdGuCBDfVyyysOOOCDN0IxSxDk3458VY\\n4I3jAuBcgDsixwC28l0QtFnz2yRuD2fsBhLnoSfsM/T2hNbf7atDtMQhbbgU37me\\nX+Ewtr+obwKBgCdbb/IcbUH3UknI0Sw95A3jZvNA7rl8TK4LMPY8IJq3E7+f7foy\\nDjVnEwbdwRN294b2zwWdb4iWiYxlyb9Mn54VlEyjudDNlFs7tLHjk5bw2TqCOSjz\\n/rtnPBi8L7yMHBlXC7v+k1E/6bn3bDqNLWyVrAuphk+Jp4OUDIShl6GpAoGAFIAC\\nmNIkMTFPqyzpIu1Oq+sq0lcgDiezpAMqJdzvpyAys0x6YYyjyVAn8X97Rau9GUzb\\nNnxmVJcO3jOHGAIoVqwaObVvKoFnOZq7gbjSdT82Smes4ADAlasEIAx4nK//+S3p\\nkjJ24/ut/9kyIuyd9qym9Y7BI4hv6AZ79EBEMwsCgYEAgXzq5+NCfJIi6Zduugym\\niUU3y/3CWc/pLhnw3XZ5r3M5fLXokLhLU6FsNflTpdcf2QoNL58mE0tanPqg09Xh\\n7fHWR/8rISt2TsMlqFjc5rQxWg8yRpdd5Ti/Ln8v7EV3RGbhFlOqlC9hiyqfyd7V\\nqZjZg4zUxPO1I8ae8hbGMWs=\\n-----END PRIVATE KEY-----\\n\",  \"client_email\": \"test@example.com\",  \"client_id\": \"111111111111111111111\",  \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",  \"token_uri\": \"https://accounts.google.com/o/oauth2/token\",  \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",  \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/toolsmiths-pcf-sa%40cf-spinnaker.iam.gserviceaccount.com\"}"));
        assertClientAuthenticationOfType(this.properties, GcpIamAuthentication.class);
    }

    @Test
    public void kuberneteAuthentication() throws IOException {
        Files.write(Paths.get("target", "token"), "token".getBytes(), new OpenOption[0]);
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.KUBERNETES);
        this.properties.getKubernetes().setRole("server");
        this.properties.getKubernetes().setServiceAccountTokenFile("target/token");
        assertClientAuthenticationOfType(this.properties, KubernetesAuthentication.class);
    }

    @Test
    public void pcfAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.PCF);
        this.properties.getPcf().setRole("my-role");
        this.properties.getPcf().setInstanceKey(new ClassPathResource("configserver-test.yml"));
        this.properties.getPcf().setInstanceCertificate(new ClassPathResource("configserver-test.yml"));
        assertClientAuthenticationOfType(this.properties, PcfAuthentication.class);
    }

    @Test
    public void tokenAuthentication() {
        this.properties.setAuthentication(VaultEnvironmentProperties.AuthenticationMethod.TOKEN);
        this.properties.setToken("token");
        assertClientAuthenticationOfType(this.properties, TokenAuthentication.class);
    }

    @Test
    public void defaultSslConfiguration() {
        SslConfiguration sslConfiguration = getConfiguration(new VaultEnvironmentProperties()).sslConfiguration();
        Assertions.assertThat(sslConfiguration.getKeyStoreConfiguration()).isEqualTo(SslConfiguration.KeyStoreConfiguration.unconfigured());
        Assertions.assertThat(sslConfiguration.getTrustStoreConfiguration()).isEqualTo(SslConfiguration.KeyStoreConfiguration.unconfigured());
    }

    @Test
    public void customSslConfiguration() {
        VaultEnvironmentProperties vaultEnvironmentProperties = new VaultEnvironmentProperties();
        vaultEnvironmentProperties.getSsl().setKeyStore(new ClassPathResource("ssl-test.jks"));
        vaultEnvironmentProperties.getSsl().setKeyStorePassword("password");
        vaultEnvironmentProperties.getSsl().setTrustStore(new ClassPathResource("ssl-test.jks"));
        vaultEnvironmentProperties.getSsl().setTrustStorePassword("password");
        SslConfiguration sslConfiguration = getConfiguration(vaultEnvironmentProperties).sslConfiguration();
        SslConfiguration.KeyStoreConfiguration keyStoreConfiguration = sslConfiguration.getKeyStoreConfiguration();
        SslConfiguration.KeyStoreConfiguration trustStoreConfiguration = sslConfiguration.getTrustStoreConfiguration();
        Assertions.assertThat(keyStoreConfiguration.isPresent()).isTrue();
        Assertions.assertThat(new String(keyStoreConfiguration.getStorePassword())).isEqualTo("password");
        Assertions.assertThat(trustStoreConfiguration.isPresent()).isTrue();
        Assertions.assertThat(new String(trustStoreConfiguration.getStorePassword())).isEqualTo("password");
    }

    private void assertClientAuthenticationOfType(VaultEnvironmentProperties vaultEnvironmentProperties, Class<? extends ClientAuthentication> cls) {
        Assertions.assertThat(getConfiguration(vaultEnvironmentProperties).clientAuthentication()).isInstanceOf(cls);
    }

    private SpringVaultClientConfiguration getConfiguration(VaultEnvironmentProperties vaultEnvironmentProperties) {
        return new SpringVaultClientConfiguration(vaultEnvironmentProperties, () -> {
            return null;
        }, this.authProviders);
    }

    private String base64(String str) {
        return new String(Base64.getEncoder().encode(str.getBytes()));
    }
}
