package org.springframework.cloud.config.server.encryption;

import java.util.Map;
import org.assertj.core.api.AbstractBooleanAssert;
import org.assertj.core.api.AbstractStringAssert;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.http.MediaType;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.security.rsa.crypto.RsaSecretEncryptor;

/* loaded from: input_file:org/springframework/cloud/config/server/encryption/EncryptionControllerTests.class */
public class EncryptionControllerTests {
    private EncryptionController controller = new EncryptionController(new SingleTextEncryptorLocator(Encryptors.noOpText()));

    @Test
    public void cannotDecryptWithoutKey() {
        Assertions.assertThrows(EncryptionTooWeakException.class, () -> {
            this.controller.decrypt("foo", MediaType.TEXT_PLAIN);
        });
    }

    @Test
    public void cannotDecryptWithNoopEncryptor() {
        Assertions.assertThrows(EncryptionTooWeakException.class, () -> {
            this.controller.decrypt("foo", MediaType.TEXT_PLAIN);
        });
    }

    @Test
    public void shouldThrowExceptionOnDecryptInvalidData() {
        Assertions.assertThrows(InvalidCipherException.class, () -> {
            this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
            this.controller.decrypt("foo", MediaType.TEXT_PLAIN);
        });
    }

    @Test
    public void shouldThrowExceptionOnDecryptWrongKey() {
        Assertions.assertThrows(InvalidCipherException.class, () -> {
            RsaSecretEncryptor rsaSecretEncryptor = new RsaSecretEncryptor();
            this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
            this.controller.decrypt(rsaSecretEncryptor.encrypt("foo"), MediaType.TEXT_PLAIN);
        });
    }

    @Test
    public void sunnyDayRsaKey() {
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
        org.assertj.core.api.Assertions.assertThat(this.controller.decrypt(this.controller.encrypt("foo", MediaType.TEXT_PLAIN), MediaType.TEXT_PLAIN)).isEqualTo("foo");
    }

    @Test
    public void publicKey() {
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
        String publicKey = this.controller.getPublicKey();
        ((AbstractBooleanAssert) org.assertj.core.api.Assertions.assertThat(publicKey.startsWith("ssh-rsa")).as("Wrong key format: " + publicKey, new Object[0])).isTrue();
    }

    @Test
    public void appAndProfile() {
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
        String decrypt = this.controller.decrypt("app", "default", this.controller.encrypt("app", "default", "foo bar", MediaType.TEXT_PLAIN), MediaType.TEXT_PLAIN);
        ((AbstractStringAssert) org.assertj.core.api.Assertions.assertThat(decrypt).as("Wrong decrypted plaintext: " + decrypt, new Object[0])).isEqualTo("foo bar");
    }

    @Test
    public void formDataIn() {
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
        String decrypt = this.controller.decrypt(this.controller.encrypt("foo bar=", MediaType.APPLICATION_FORM_URLENCODED) + "=", MediaType.APPLICATION_FORM_URLENCODED);
        ((AbstractStringAssert) org.assertj.core.api.Assertions.assertThat(decrypt).as("Wrong decrypted plaintext: " + decrypt, new Object[0])).isEqualTo("foo bar");
    }

    @Test
    public void formDataInWithPrefix() {
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
        String decrypt = this.controller.decrypt(this.controller.encrypt("{key:test}foo bar=", MediaType.APPLICATION_FORM_URLENCODED) + "=", MediaType.APPLICATION_FORM_URLENCODED);
        ((AbstractStringAssert) org.assertj.core.api.Assertions.assertThat(decrypt).as("Wrong decrypted plaintext: " + decrypt, new Object[0])).isEqualTo("foo bar");
    }

    @Test
    public void prefixStrippedBeforeEncrypt() {
        TextEncryptor textEncryptor = (TextEncryptor) Mockito.mock(TextEncryptor.class);
        Mockito.when(textEncryptor.encrypt(ArgumentMatchers.anyString())).thenReturn("myEncryptedValue");
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(textEncryptor));
        this.controller.encrypt("{key:test}foo", MediaType.TEXT_PLAIN);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        ((TextEncryptor) Mockito.verify(textEncryptor, Mockito.atLeastOnce())).encrypt((String) forClass.capture());
        org.assertj.core.api.Assertions.assertThat((String) forClass.getValue()).doesNotContain(new CharSequence[]{"{key:test}"}).as("Prefix must be stripped prior to encrypt", new Object[0]);
    }

    @Test
    public void encryptDecyptTextWithCurlyBrace() {
        this.controller = new EncryptionController(new SingleTextEncryptorLocator(new RsaSecretEncryptor()));
        org.assertj.core.api.Assertions.assertThat(this.controller.decrypt(this.controller.encrypt("textwith}brace", MediaType.APPLICATION_FORM_URLENCODED), MediaType.APPLICATION_FORM_URLENCODED)).isEqualTo("textwith}brace");
    }

    @Test
    public void addEnvironment() {
        this.controller = new EncryptionController(new TextEncryptorLocator() { // from class: org.springframework.cloud.config.server.encryption.EncryptionControllerTests.1
            private final RsaSecretEncryptor encryptor = new RsaSecretEncryptor();

            public TextEncryptor locate(Map<String, String> map) {
                ((AbstractBooleanAssert) org.assertj.core.api.Assertions.assertThat(map.containsKey("key")).as("Missing encryptor key", new Object[0])).isTrue();
                ((AbstractStringAssert) org.assertj.core.api.Assertions.assertThat(map.get("key")).as("Bad encryptor key value", new Object[0])).isEqualTo("value");
                return this.encryptor;
            }
        });
        String encrypt = this.controller.encrypt("app", "default", "{key:value}foo bar", MediaType.TEXT_PLAIN);
        ((AbstractBooleanAssert) org.assertj.core.api.Assertions.assertThat(encrypt.contains("{name:app}")).as("Wrong cipher: " + encrypt, new Object[0])).isFalse();
        String decrypt = this.controller.decrypt("app", "default", encrypt, MediaType.TEXT_PLAIN);
        ((AbstractStringAssert) org.assertj.core.api.Assertions.assertThat(decrypt).as("Wrong decrypted plaintext: " + decrypt, new Object[0])).isEqualTo("foo bar");
    }
}
