package org.openmetadata.service.secrets;

import java.util.List;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.openmetadata.schema.api.services.CreateDatabaseService;
import org.openmetadata.schema.api.services.CreateMlModelService;
import org.openmetadata.schema.entity.services.ServiceType;
import org.openmetadata.schema.security.secrets.Parameters;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.schema.services.connections.database.MysqlConnection;
import org.openmetadata.schema.services.connections.database.common.basicAuth;
import org.openmetadata.schema.services.connections.mlmodel.SklearnConnection;
import org.openmetadata.service.OpenMetadataApplicationTest;
import org.openmetadata.service.fernet.Fernet;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.TestUtils;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/openmetadata/service/secrets/DBSecretsManagerTest.class */
public class DBSecretsManagerTest {
    private static final String ENCRYPTED_VALUE = "fernet:abcdef";
    private static final String DECRYPTED_VALUE = "123456";
    private static DBSecretsManager secretsManager;

    @BeforeAll
    static void setUp() {
        secretsManager = DBSecretsManager.getInstance(new SecretsManager.SecretsConfig(OpenMetadataApplicationTest.ELASTIC_SEARCH_CLUSTER_ALIAS, "prefix", List.of("key:value", "key2:value2"), (Parameters) null));
        Fernet fernet = (Fernet) Mockito.mock(Fernet.class);
        Mockito.lenient().when(fernet.decrypt(ArgumentMatchers.anyString())).thenReturn(DECRYPTED_VALUE);
        Mockito.lenient().when(fernet.decryptIfApplies(ArgumentMatchers.anyString())).thenReturn(DECRYPTED_VALUE);
        Mockito.lenient().when(fernet.encrypt(ArgumentMatchers.anyString())).thenReturn(ENCRYPTED_VALUE);
        secretsManager.setFernet(fernet);
    }

    @AfterAll
    static void teardown() {
        secretsManager.setFernet(Fernet.getInstance());
    }

    @Test
    void testEncryptDatabaseServiceConnectionConfig() {
        testEncryptServiceConnection();
    }

    @Test
    void testDecryptDatabaseServiceConnectionConfig() {
        testDecryptServiceConnection();
    }

    @Test
    void testEncryptServiceConnectionWithoutPassword() {
        SklearnConnection sklearnConnection = new SklearnConnection();
        Assertions.assertNotSame(sklearnConnection, secretsManager.encryptServiceConnectionConfig(sklearnConnection, CreateMlModelService.MlModelServiceType.Sklearn.value(), TestUtils.TEST_USER_NAME, ServiceType.ML_MODEL));
    }

    @Test
    void testDecryptServiceConnectionWithoutPassword() {
        SklearnConnection sklearnConnection = new SklearnConnection();
        Assertions.assertNotSame(sklearnConnection, secretsManager.decryptServiceConnectionConfig(sklearnConnection, CreateMlModelService.MlModelServiceType.Sklearn.value(), ServiceType.ML_MODEL));
    }

    @Test
    void testReturnsExpectedSecretManagerProvider() {
        Assertions.assertEquals(SecretsManagerProvider.DB, secretsManager.getSecretsManagerProvider());
    }

    private void testEncryptServiceConnection() {
        MysqlConnection withAuthType = new MysqlConnection().withAuthType(new basicAuth().withPassword(ENCRYPTED_VALUE));
        Object encryptServiceConnectionConfig = secretsManager.encryptServiceConnectionConfig(withAuthType, CreateDatabaseService.DatabaseServiceType.Mysql.value(), TestUtils.TEST_USER_NAME, ServiceType.DATABASE);
        Assertions.assertEquals(ENCRYPTED_VALUE, ((basicAuth) JsonUtils.convertValue(((MysqlConnection) encryptServiceConnectionConfig).getAuthType(), basicAuth.class)).getPassword());
        Assertions.assertNotSame(withAuthType, encryptServiceConnectionConfig);
    }

    private void testDecryptServiceConnection() {
        MysqlConnection withAuthType = new MysqlConnection().withAuthType(new basicAuth().withPassword(DECRYPTED_VALUE));
        Object decryptServiceConnectionConfig = secretsManager.decryptServiceConnectionConfig(withAuthType, CreateDatabaseService.DatabaseServiceType.Mysql.value(), ServiceType.DATABASE);
        Assertions.assertEquals(DECRYPTED_VALUE, ((basicAuth) JsonUtils.convertValue(((MysqlConnection) decryptServiceConnectionConfig).getAuthType(), basicAuth.class)).getPassword());
        Assertions.assertNotSame(withAuthType, decryptServiceConnectionConfig);
    }
}
