package org.openmetadata.service.secrets;

import java.util.List;
import java.util.Map;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.openmetadata.schema.api.services.CreateDatabaseService;
import org.openmetadata.schema.api.services.DatabaseConnection;
import org.openmetadata.schema.auth.JWTAuthMechanism;
import org.openmetadata.schema.auth.JWTTokenExpiry;
import org.openmetadata.schema.entity.automations.TestServiceConnectionRequest;
import org.openmetadata.schema.entity.automations.Workflow;
import org.openmetadata.schema.entity.automations.WorkflowType;
import org.openmetadata.schema.entity.services.ServiceType;
import org.openmetadata.schema.entity.teams.AuthenticationMechanism;
import org.openmetadata.schema.security.secrets.Parameters;
import org.openmetadata.schema.services.connections.database.MysqlConnection;
import org.openmetadata.schema.services.connections.database.common.basicAuth;
import org.openmetadata.service.OpenMetadataApplicationTest;
import org.openmetadata.service.exception.SecretsManagerException;
import org.openmetadata.service.fernet.Fernet;
import org.openmetadata.service.secrets.SecretsManager;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.TestUtils;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/openmetadata/service/secrets/SecretsManagerLifecycleTest.class */
public class SecretsManagerLifecycleTest {
    private static final String ENCRYPTED_VALUE = "fernet:abcdef";
    private static final String DECRYPTED_VALUE = "123456";
    private static InMemorySecretsManager secretsManager;

    @BeforeAll
    static void setUp() {
        secretsManager = InMemorySecretsManager.getInstance(new SecretsManager.SecretsConfig(OpenMetadataApplicationTest.ELASTIC_SEARCH_CLUSTER_ALIAS, "prefix", List.of("key1:value1", "key2:value2"), (Parameters) null));
        Fernet fernet = (Fernet) Mockito.mock(Fernet.class);
        Mockito.lenient().when(fernet.decrypt(ArgumentMatchers.anyString())).thenReturn(DECRYPTED_VALUE);
        Mockito.lenient().when(fernet.decryptIfApplies(ArgumentMatchers.anyString())).thenReturn(DECRYPTED_VALUE);
        Mockito.lenient().when(fernet.encrypt(ArgumentMatchers.anyString())).thenReturn(ENCRYPTED_VALUE);
        secretsManager.setFernet(fernet);
    }

    @Test
    void testJWTTokenEncryption() {
        AuthenticationMechanism authenticationMechanism = (AuthenticationMechanism) secretsManager.encryptAuthenticationMechanism(TestUtils.INGESTION_BOT, new AuthenticationMechanism().withAuthType(AuthenticationMechanism.AuthType.JWT).withConfig(new JWTAuthMechanism().withJWTToken("token").withJWTTokenExpiry(JWTTokenExpiry.Unlimited)));
        Assertions.assertEquals(ENCRYPTED_VALUE, ((JWTAuthMechanism) authenticationMechanism.getConfig()).getJWTToken());
        Assertions.assertEquals(DECRYPTED_VALUE, ((JWTAuthMechanism) secretsManager.decryptAuthenticationMechanism(TestUtils.INGESTION_BOT, authenticationMechanism).getConfig()).getJWTToken());
    }

    @Test
    void testDatabaseServiceConnectionConfigLifecycle() {
        String str = "/prefix/openmetadata/database/test/authtype/password";
        Map of = Map.of("authType", Map.of(OpenMetadataApplicationTest.ELASTIC_PASSWORD, "openmetadata-test"));
        MysqlConnection mysqlConnection = (MysqlConnection) secretsManager.encryptServiceConnectionConfig(of, CreateDatabaseService.DatabaseServiceType.Mysql.value(), TestUtils.TEST_USER_NAME, ServiceType.DATABASE);
        Assertions.assertNotEquals("openmetadata-test", ((basicAuth) JsonUtils.convertValue(mysqlConnection.getAuthType(), basicAuth.class)).getPassword());
        Assertions.assertEquals(DECRYPTED_VALUE, ((basicAuth) JsonUtils.convertValue(((MysqlConnection) secretsManager.decryptServiceConnectionConfig(mysqlConnection, CreateDatabaseService.DatabaseServiceType.Mysql.value(), ServiceType.DATABASE)).getAuthType(), basicAuth.class)).getPassword());
        Assertions.assertEquals(DECRYPTED_VALUE, secretsManager.getSecret("/prefix/openmetadata/database/test/authtype/password"));
        secretsManager.deleteSecretsFromServiceConnectionConfig(of, "Mysql", TestUtils.TEST_USER_NAME, ServiceType.DATABASE);
        Assertions.assertEquals(Assertions.assertThrows(SecretsManagerException.class, () -> {
            secretsManager.getSecret(str);
        }).getMessage(), String.format("Key [%s] not found in in-memory secrets manager", "/prefix/openmetadata/database/test/authtype/password"));
    }

    @Test
    void testWorkflowLifecycle() {
        String str = "/prefix/openmetadata/workflow/test-connection/request/connection/config/authtype/password";
        Workflow withRequest = new Workflow().withName("test-connection").withWorkflowType(WorkflowType.TEST_CONNECTION).withRequest(new TestServiceConnectionRequest().withServiceType(ServiceType.DATABASE).withConnectionType("Mysql").withConnection(new DatabaseConnection().withConfig(new MysqlConnection().withHostPort("mysql:3306").withUsername("openmetadata_user").withAuthType(new basicAuth().withPassword("openmetadata_password")))));
        Workflow encryptWorkflow = secretsManager.encryptWorkflow(withRequest);
        Assertions.assertNotEquals("openmetadata_password", ((basicAuth) JsonUtils.convertValue(((MysqlConnection) ((DatabaseConnection) ((TestServiceConnectionRequest) encryptWorkflow.getRequest()).getConnection()).getConfig()).getAuthType(), basicAuth.class)).getPassword());
        Assertions.assertEquals(DECRYPTED_VALUE, ((basicAuth) JsonUtils.convertValue(((MysqlConnection) ((DatabaseConnection) ((TestServiceConnectionRequest) secretsManager.decryptWorkflow(encryptWorkflow).getRequest()).getConnection()).getConfig()).getAuthType(), basicAuth.class)).getPassword());
        Assertions.assertEquals(DECRYPTED_VALUE, secretsManager.getSecret("/prefix/openmetadata/workflow/test-connection/request/connection/config/authtype/password"));
        secretsManager.deleteSecretsFromWorkflow(withRequest);
        Assertions.assertEquals(Assertions.assertThrows(SecretsManagerException.class, () -> {
            secretsManager.getSecret(str);
        }).getMessage(), String.format("Key [%s] not found in in-memory secrets manager", "/prefix/openmetadata/workflow/test-connection/request/connection/config/authtype/password"));
    }

    @Test
    void test_buildSecretId() {
        Assertions.assertEquals("/prefix/openmetadata/database/test_name", secretsManager.buildSecretId(true, new String[]{"Database", "test_name"}));
        Assertions.assertEquals("database/test_name", secretsManager.buildSecretId(false, new String[]{"Database", "test_name"}));
        Assertions.assertEquals("/something/new/test_name", secretsManager.buildSecretId(false, new String[]{"/something/new", "test_name"}));
        Assertions.assertEquals("/prefix/openmetadata/database/test_name", secretsManager.buildSecretId(true, new String[]{"Database", "test name"}));
        Assertions.assertEquals("/something/new/test_name", secretsManager.buildSecretId(false, new String[]{"/something/new", "test name"}));
    }

    @Test
    void test_getTags() {
        Assertions.assertEquals(Map.of("key1", "value1", "key2", "value2"), SecretsManager.getTags(secretsManager.getSecretsConfig()));
        Assertions.assertEquals(Map.of("key", "value"), SecretsManager.getTags(new SecretsManager.SecretsConfig((String) null, (String) null, List.of("random", "key:value", "random"), (Parameters) null)));
    }
}
