package org.graylog.integrations.aws;

import java.net.URI;
import org.graylog.integrations.aws.resources.requests.AWSRequest;
import org.graylog2.Configuration;
import org.graylog2.security.encryption.EncryptedValue;
import org.graylog2.security.encryption.EncryptedValueService;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.BDDMockito;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.IamClientBuilder;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/graylog/integrations/aws/AwsClientBuilderUtilTest.class */
public class AwsClientBuilderUtilTest {

    @Mock
    private IamClientBuilder mockIamClientBuilder;

    @Mock
    private AWSRequest mockAwsRequest;

    @Mock
    private EncryptedValueService encryptedValueService;

    @Mock
    private EncryptedValue encryptedValue;
    private IamClient iamClient;
    private AWSClientBuilderUtil awsClientBuilderUtil;

    @Before
    public void setUp() throws Exception {
        this.awsClientBuilderUtil = new AWSClientBuilderUtil(this.encryptedValueService, (Configuration) Mockito.mock(Configuration.class));
    }

    @Test
    public void buildClient_returnsNonGovIamClient_whenNonGovRegionNullEndpoint() {
        givenNonGovAwsRegion();
        givenGoodCredentialsProvider();
        givenNullEndpoint();
        givenBuilderSucceeds();
        whenBuildClientIsCalledForIam();
        thenIamClientIsReturned();
        thenIamClientConstructedWitoutEndpoint();
        thenIamClientConstructedWithNonGovGlobalRegion();
    }

    @Test
    public void buildClient_returnsGovIamClient_whenGovRegionNullEndpoint() {
        givenGovAwsRegion();
        givenGoodCredentialsProvider();
        givenNullEndpoint();
        givenBuilderSucceeds();
        whenBuildClientIsCalledForIam();
        thenIamClientIsReturned();
        thenIamClientConstructedWitoutEndpoint();
        thenIamClientConstructedWithGovGlobalRegion();
    }

    @Test
    public void buildClient_returnsNonGovIamClient_whenNonGovRegionEmptyEndpoint() {
        givenNonGovAwsRegion();
        givenGoodCredentialsProvider();
        givenNullEndpoint();
        givenBuilderSucceeds();
        whenBuildClientIsCalledForIam();
        thenIamClientIsReturned();
        thenIamClientConstructedWitoutEndpoint();
        thenIamClientConstructedWithNonGovGlobalRegion();
    }

    @Test
    public void buildClient_returnsGovIamClient_whenGovRegionProvidedEndpoint() {
        givenGovAwsRegion();
        givenGoodCredentialsProvider();
        givenGoodIamEndpoint();
        givenBuilderSucceeds();
        whenBuildClientIsCalledForIam();
        thenIamClientIsReturned();
        thenIamClientConstructedWithGovGlobalRegion();
    }

    private void givenNonGovAwsRegion() {
        BDDMockito.given(this.mockAwsRequest.region()).willReturn("us-east-1");
    }

    private void givenGovAwsRegion() {
        BDDMockito.given(this.mockAwsRequest.region()).willReturn("us-gov-west-1");
    }

    private void givenGoodCredentialsProvider() {
        BDDMockito.given(this.mockAwsRequest.awsAccessKeyId()).willReturn("AKTESTTESTTEST");
        BDDMockito.given(this.mockAwsRequest.awsSecretAccessKey()).willReturn(this.encryptedValue);
    }

    private void givenNullEndpoint() {
        BDDMockito.given(this.mockAwsRequest.iamEndpoint()).willReturn((Object) null);
    }

    private void givenGoodIamEndpoint() {
        BDDMockito.given(this.mockAwsRequest.iamEndpoint()).willReturn("https://iam.amazonaws.com");
    }

    private void givenBuilderSucceeds() {
        BDDMockito.given((IamClient) this.mockIamClientBuilder.build()).willReturn((IamClient) Mockito.mock(IamClient.class));
    }

    private void whenBuildClientIsCalledForIam() {
        this.iamClient = this.awsClientBuilderUtil.buildClient(this.mockIamClientBuilder, this.mockAwsRequest);
    }

    private void thenIamClientIsReturned() {
        MatcherAssert.assertThat(this.iamClient, CoreMatchers.notNullValue());
    }

    private void thenIamClientConstructedWithNonGovGlobalRegion() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Region.class);
        ((IamClientBuilder) Mockito.verify(this.mockIamClientBuilder, Mockito.times(1))).region((Region) forClass.capture());
        MatcherAssert.assertThat((Region) forClass.getValue(), CoreMatchers.notNullValue());
        MatcherAssert.assertThat((Region) forClass.getValue(), CoreMatchers.is(Region.AWS_GLOBAL));
    }

    private void thenIamClientConstructedWithGovGlobalRegion() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Region.class);
        ((IamClientBuilder) Mockito.verify(this.mockIamClientBuilder, Mockito.times(1))).region((Region) forClass.capture());
        MatcherAssert.assertThat((Region) forClass.getValue(), CoreMatchers.notNullValue());
        MatcherAssert.assertThat((Region) forClass.getValue(), CoreMatchers.is(Region.AWS_US_GOV_GLOBAL));
    }

    private void thenIamClientConstructedWitoutEndpoint() {
        ((IamClientBuilder) Mockito.verify(this.mockIamClientBuilder, Mockito.times(0))).endpointOverride((URI) ArgumentCaptor.forClass(URI.class).capture());
    }
}
