package acceptance;

import com.google.common.collect.ImmutableList;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import utils.CommandStatus;
import utils.TestUtils;

/* loaded from: input_file:acceptance/ShIT.class */
public class ShIT {

    @Rule
    public TemporaryFolder folder = new TemporaryFolder();
    private Path projectDir;
    private Path config;
    private Path outfile;

    @Before
    public void setUp() throws Exception {
        Assume.assumeThat(Boolean.valueOf(runEcho()), Matchers.is(true));
        this.projectDir = this.folder.getRoot().toPath().toAbsolutePath().normalize();
        this.config = this.folder.newFile().toPath();
        this.outfile = this.projectDir.resolve("outfile");
    }

    @Test
    public void verifyEnvVars() throws Exception {
        Files.write(this.config, (Iterable<? extends CharSequence>) ImmutableList.of("secrets.my_secrets.d = secret-shared", "secrets.my_secrets.e = secret-only"), new OpenOption[0]);
        TestUtils.copyResource("acceptance/sh/env.dig", this.projectDir.resolve("workflow.dig"));
        CommandStatus main = TestUtils.main("run", "-o", this.projectDir.toString(), "--config", this.config.toString(), "--project", this.projectDir.toString(), "-p", "cmd=command-line", "-p", "outfile=" + this.outfile, "workflow.dig");
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.is(0));
        MatcherAssert.assertThat(Files.readAllLines(this.outfile, StandardCharsets.UTF_8).get(0), Matchers.is("exported 1 command-line secret-shared secret-only"));
    }

    @Test
    public void verifySecretOnlyAccess() throws Exception {
        TestUtils.copyResource("acceptance/sh/env_secret_only_reject.dig", this.projectDir.resolve("workflow.dig"));
        CommandStatus main = TestUtils.main("run", "-o", this.projectDir.toString(), "--config", this.config.toString(), "--project", this.projectDir.toString(), "workflow.dig");
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.not(Matchers.is(0)));
        MatcherAssert.assertThat(main.errUtf8(), Matchers.containsString("Secret not found"));
    }

    private boolean runEcho() throws Exception {
        boolean z;
        ProcessBuilder processBuilder = new ProcessBuilder("/bin/sh", "-c", "echo $var");
        processBuilder.environment().put("var", "unix");
        try {
            Process start = processBuilder.start();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream(), StandardCharsets.UTF_8));
            try {
                if (bufferedReader.readLine().trim().equals("unix")) {
                    if (start.waitFor() == 0) {
                        z = true;
                        boolean z2 = z;
                        bufferedReader.close();
                        return z2;
                    }
                }
                z = false;
                boolean z22 = z;
                bufferedReader.close();
                return z22;
            } finally {
            }
        } catch (IOException e) {
            return false;
        }
    }
}
