package io.quarkus.it.vault;

import io.quarkus.vault.VaultAppRoleAuthService;
import io.quarkus.vault.VaultKVSecretEngine;
import io.quarkus.vault.VaultTransitSecretEngine;
import io.quarkus.vault.auth.VaultAppRoleAuthRole;
import io.quarkus.vault.auth.VaultAppRoleSecretId;
import io.quarkus.vault.auth.VaultAppRoleSecretIdAccessor;
import io.quarkus.vault.auth.VaultAppRoleSecretIdRequest;
import io.quarkus.vault.client.VaultClientException;
import io.quarkus.vault.transit.KeyConfigRequestDetail;
import io.quarkus.vault.transit.KeyCreationRequestDetail;
import io.quarkus.vault.transit.SigningInput;
import io.quarkus.vault.transit.TransitContext;
import io.quarkus.vault.transit.VaultTransitExportKeyType;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.persistence.EntityManager;
import jakarta.transaction.Transactional;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.config.spi.ConfigProviderResolver;
import org.jboss.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/it/vault/VaultTestService.class */
public class VaultTestService {
    private static final Logger log = Logger.getLogger(VaultTestService.class);
    private static final String KEY_NAME = "mykey";
    private static final String TEST_APP_ROLE = "MyRole";

    @Inject
    EntityManager entityManager;

    @ConfigProperty(name = "password")
    String someSecret;

    @Inject
    VaultKVSecretEngine kv;

    @Inject
    VaultTransitSecretEngine transit;

    @Inject
    VaultAppRoleAuthService appRoleAuthService;

    @Transactional
    public String test() {
        if (!"bar".equals(this.someSecret)) {
            return "someSecret=" + this.someSecret + "; expected: " + "bar";
        }
        String str = (String) ConfigProviderResolver.instance().getConfig().getValue("password", String.class);
        if (!"bar".equals(str)) {
            return "password=" + str + "; expected: " + "bar";
        }
        Map readSecret = this.kv.readSecret("foo");
        if (!"{secret=s€cr€t}".equals(readSecret.toString())) {
            return "/foo=" + String.valueOf(readSecret) + "; expected: " + "{secret=s€cr€t}";
        }
        this.kv.writeSecret("crud", readSecret);
        Map readSecret2 = this.kv.readSecret("crud");
        if (!"{secret=s€cr€t}".equals(readSecret2.toString())) {
            return "/crud=" + String.valueOf(readSecret2) + "; expected: " + "{secret=s€cr€t}";
        }
        this.kv.deleteSecret("crud");
        try {
            return "/crud=" + String.valueOf(this.kv.readSecret("crud")) + "; expected 404";
        } catch (VaultClientException e) {
            if (e.getStatus().intValue() != 404) {
                return "http response code=" + e.getStatus() + "; expected: 404";
            }
            try {
                log.info("found " + this.entityManager.createQuery("select g from Gift g").getResultList().size() + " gifts");
                SigningInput signingInput = new SigningInput("coucou");
                String encrypt = this.transit.encrypt("my-encryption-key", "coucou");
                if ("coucou".equals(this.transit.decrypt("my-encryption-key", encrypt).asString()) && "coucou".equals(this.transit.decrypt("my-encryption-key", this.transit.rewrap("my-encryption-key", encrypt, (TransitContext) null)).asString())) {
                    String sign = this.transit.sign("my-sign-key", signingInput, (TransitContext) null);
                    if (!sign.startsWith("vault:v1:")) {
                        return "invalid signature " + sign;
                    }
                    this.transit.verifySignature("my-sign-key", sign, signingInput, (TransitContext) null);
                    keyAdminTest();
                    this.appRoleAuthService.createOrUpdateAppRole(TEST_APP_ROLE, new VaultAppRoleAuthRole());
                    List appRoles = this.appRoleAuthService.getAppRoles();
                    if (appRoles == null || appRoles.size() != 2) {
                        return "invalid approles number after creation " + String.valueOf(appRoles == null ? "null" : Integer.valueOf(appRoles.size())) + ", expexted: 2";
                    }
                    VaultAppRoleAuthRole appRole = this.appRoleAuthService.getAppRole(TEST_APP_ROLE);
                    if (appRole == null) {
                        return "failed to retrieve approle";
                    }
                    if ((((((((((((((((0 != 0 || !appRole.bindSecretId.booleanValue()) || appRole.secretIdBoundCidrs != null) || appRole.secretIdNumUses.intValue() != 0) || !appRole.secretIdTtl.equals("0")) || appRole.localSecretIds.booleanValue()) || appRole.tokenTtl.intValue() != 0) || appRole.tokenMaxTtl.intValue() != 0) || appRole.tokenPolicies == null) || appRole.tokenPolicies.size() != 0) || appRole.tokenBoundCidrs == null) || appRole.tokenBoundCidrs.size() != 0) || appRole.tokenExplicitMaxTtl.intValue() != 0) || appRole.tokenNoDefaultPolicy.booleanValue()) || appRole.tokenNumUses.intValue() != 0) || appRole.tokenPeriod.intValue() != 0) || !"default".equals(appRole.tokenType)) {
                        return "Approle not created with default: " + String.valueOf(appRole);
                    }
                    VaultAppRoleAuthRole tokenType = new VaultAppRoleAuthRole().setBindSecretId(false).setSecretIdBoundCidrs(Arrays.asList("192.168.1.1/24", "192.168.0.1/24")).setSecretIdNumUses(5).setSecretIdTtl("60m").setTokenTtl(10).setTokenMaxTtl(15).setTokenPolicies(Arrays.asList("policy1", "policy2")).setTokenBoundCidrs(Arrays.asList("192.168.0.0/24", "192.168.1.0/24")).setTokenExplicitMaxTtl(20).setTokenNoDefaultPolicy(true).setTokenNumUses(1).setTokenPeriod(30).setTokenType("service");
                    this.appRoleAuthService.createOrUpdateAppRole(TEST_APP_ROLE, tokenType);
                    List appRoles2 = this.appRoleAuthService.getAppRoles();
                    if (appRoles2 == null || appRoles2.size() != 2) {
                        return ("invalid approles number after update " + String.valueOf(appRoles2)) == null ? "null" : appRoles2.size() + ", expexted: 2";
                    }
                    VaultAppRoleAuthRole appRole2 = this.appRoleAuthService.getAppRole(TEST_APP_ROLE);
                    if ((((((((((((((0 != 0 || appRole2.bindSecretId.booleanValue()) || appRole2.secretIdBoundCidrs == null || appRole2.secretIdBoundCidrs.size() != 2) || appRole2.secretIdNumUses.intValue() != 5) || !appRole2.secretIdTtl.equals("3600")) || appRole2.localSecretIds.booleanValue()) || appRole2.tokenTtl.intValue() != 10) || appRole2.tokenMaxTtl.intValue() != 15) || appRole2.tokenPolicies == null || appRole2.tokenPolicies.size() != 2) || appRole2.tokenBoundCidrs == null || appRole2.tokenBoundCidrs.size() != 2) || appRole2.tokenExplicitMaxTtl.intValue() != 20) || !appRole2.tokenNoDefaultPolicy.booleanValue()) || appRole2.tokenNumUses.intValue() != 1) || appRole2.tokenPeriod.intValue() != 30) || !"service".equals(appRole2.tokenType)) {
                        return "Approle not overriden: " + String.valueOf(appRole2);
                    }
                    if (this.appRoleAuthService.getAppRoleRoleId(TEST_APP_ROLE) == null) {
                        return "approle role Id not correctly created";
                    }
                    String uuid = UUID.randomUUID().toString();
                    this.appRoleAuthService.setAppRoleRoleId(TEST_APP_ROLE, String.valueOf(uuid));
                    String appRoleRoleId = this.appRoleAuthService.getAppRoleRoleId(TEST_APP_ROLE);
                    if (!uuid.equals(appRoleRoleId)) {
                        return "Bad role Id, expected:" + uuid + ", actual: " + appRoleRoleId;
                    }
                    this.appRoleAuthService.createOrUpdateAppRole(TEST_APP_ROLE, tokenType.setBindSecretId(Boolean.TRUE));
                    VaultAppRoleSecretId createNewSecretId = this.appRoleAuthService.createNewSecretId(TEST_APP_ROLE, new VaultAppRoleSecretIdRequest());
                    if (createNewSecretId == null || createNewSecretId.secretId == null || createNewSecretId.secretIdAccessor == null) {
                        return ("secret ID creation failed, secretId: " + String.valueOf(createNewSecretId) + String.valueOf(createNewSecretId)) == null ? "" : ", secretId.secretId:" + createNewSecretId.secretId + ", secretId.secretIdAccessor:" + createNewSecretId.secretIdAccessor;
                    }
                    List secretIdAccessors = this.appRoleAuthService.getSecretIdAccessors(TEST_APP_ROLE);
                    if (secretIdAccessors == null || !secretIdAccessors.contains(createNewSecretId.secretIdAccessor)) {
                        return "new secretAccesssorId doesn't appear in list";
                    }
                    VaultAppRoleSecretIdAccessor secretId = this.appRoleAuthService.getSecretId(TEST_APP_ROLE, createNewSecretId.secretId);
                    if (!secretId.secretIdAccessor.equals(secretIdAccessors.get(0))) {
                        return "wrong secretIdAccessor, expected:" + ((String) secretIdAccessors.get(0)) + ", actual:" + secretId.secretIdAccessor;
                    }
                    VaultAppRoleSecretId createCustomSecretId = this.appRoleAuthService.createCustomSecretId(TEST_APP_ROLE, new VaultAppRoleSecretIdRequest().setSecretId("HelloWorld"));
                    if (createCustomSecretId == null || !"HelloWorld".equals(createCustomSecretId.secretId)) {
                        return "bad custom secretId, expected: HelloWorld, actual:" + createCustomSecretId.secretId;
                    }
                    List secretIdAccessors2 = this.appRoleAuthService.getSecretIdAccessors(TEST_APP_ROLE);
                    if (secretIdAccessors2 == null || !secretIdAccessors2.contains(createCustomSecretId.secretIdAccessor)) {
                        return "new custom secretAccesssorId doesn't appear in list";
                    }
                    this.appRoleAuthService.deleteSecretId(TEST_APP_ROLE, createNewSecretId.secretId);
                    return this.appRoleAuthService.getSecretId(TEST_APP_ROLE, createNewSecretId.secretId) != null ? "secretId should have been deleted" : "OK";
                }
                return "decrypted=" + str + "; expected: " + "coucou";
            } catch (Exception e2) {
                StringWriter stringWriter = new StringWriter();
                e2.printStackTrace(new PrintWriter(stringWriter));
                return stringWriter.toString();
            }
        }
    }

    protected void keyAdminTest() {
        this.transit.createKey(KEY_NAME, new KeyCreationRequestDetail().setExportable(true));
        this.transit.readKey(KEY_NAME);
        this.transit.listKeys();
        this.transit.exportKey(KEY_NAME, VaultTransitExportKeyType.encryption, (String) null);
        this.transit.updateKeyConfiguration(KEY_NAME, new KeyConfigRequestDetail().setDeletionAllowed(true));
        this.transit.deleteKey(KEY_NAME);
    }
}
