package org.graylog.aws.migrations;

import org.assertj.core.api.Assertions;
import org.graylog.aws.migrations.V20200505121200_EncryptAWSSecretKey;
import org.graylog2.Configuration;
import org.graylog2.migrations.Migration;
import org.graylog2.plugin.cluster.ClusterConfigService;
import org.graylog2.security.AESTools;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;

/* loaded from: input_file:org/graylog/aws/migrations/V20200505121200_EncryptAWSSecretKeyTest.class */
public class V20200505121200_EncryptAWSSecretKeyTest {
    public static final String PLUGIN_CONFIG_CLASS_NAME = "org.graylog.aws.config.AWSPluginConfiguration";

    @Rule
    public MockitoRule rule = MockitoJUnit.rule();

    @Mock
    private ClusterConfigService clusterConfigService;

    @Mock
    private Configuration configuration;
    private Migration migration;

    @Before
    public void setUp() {
        this.migration = new V20200505121200_EncryptAWSSecretKey(this.clusterConfigService, this.configuration);
    }

    @Test
    public void doesNotDoAnyThingForMissingPluginConfig() {
        mockExistingConfig(null);
        this.migration.upgrade();
        ((ClusterConfigService) Mockito.verify(this.clusterConfigService, Mockito.never())).write(ArgumentMatchers.anyString(), ArgumentMatchers.any());
        ((ClusterConfigService) Mockito.verify(this.clusterConfigService, Mockito.times(1))).write((V20200505121200_EncryptAWSSecretKey.MigrationCompleted) ArgumentMatchers.any(V20200505121200_EncryptAWSSecretKey.MigrationCompleted.class));
    }

    @Test
    public void doesNotDoAnyThingForExistingPluginConfigWithoutSecretKey() {
        mockExistingConfig(V20200505121200_EncryptAWSSecretKey.LegacyAWSPluginConfiguration.create(true, "lookupRegions", "something", "", true));
        this.migration.upgrade();
        ((ClusterConfigService) Mockito.verify(this.clusterConfigService, Mockito.never())).write(ArgumentMatchers.anyString(), ArgumentMatchers.any());
        ((ClusterConfigService) Mockito.verify(this.clusterConfigService, Mockito.times(1))).write((V20200505121200_EncryptAWSSecretKey.MigrationCompleted) ArgumentMatchers.any(V20200505121200_EncryptAWSSecretKey.MigrationCompleted.class));
    }

    @Test
    public void encryptsSecretKeyIfPresent() {
        mockExistingConfig(V20200505121200_EncryptAWSSecretKey.LegacyAWSPluginConfiguration.create(true, "lookupRegions", "something", "verySecretKey", true));
        Mockito.when(this.configuration.getPasswordSecret()).thenReturn("systemSecret1234");
        this.migration.upgrade();
        ArgumentCaptor forClass = ArgumentCaptor.forClass(V20200505121200_EncryptAWSSecretKey.AWSPluginConfiguration.class);
        ((ClusterConfigService) Mockito.verify(this.clusterConfigService, Mockito.times(1))).write((String) ArgumentMatchers.eq(PLUGIN_CONFIG_CLASS_NAME), (V20200505121200_EncryptAWSSecretKey.AWSPluginConfiguration) forClass.capture());
        ((ClusterConfigService) Mockito.verify(this.clusterConfigService, Mockito.times(1))).write((V20200505121200_EncryptAWSSecretKey.MigrationCompleted) ArgumentMatchers.any(V20200505121200_EncryptAWSSecretKey.MigrationCompleted.class));
        V20200505121200_EncryptAWSSecretKey.AWSPluginConfiguration aWSPluginConfiguration = (V20200505121200_EncryptAWSSecretKey.AWSPluginConfiguration) forClass.getValue();
        Assertions.assertThat(AESTools.decrypt(aWSPluginConfiguration.encryptedSecretKey(), "systemSecret1234", aWSPluginConfiguration.secretKeySalt())).isEqualTo("verySecretKey");
    }

    private void mockExistingConfig(V20200505121200_EncryptAWSSecretKey.LegacyAWSPluginConfiguration legacyAWSPluginConfiguration) {
        Mockito.when(this.clusterConfigService.get((String) ArgumentMatchers.eq(PLUGIN_CONFIG_CLASS_NAME), (Class) ArgumentMatchers.any())).thenReturn(legacyAWSPluginConfiguration);
    }
}
