package io.airlift.secrets.keystore;

import io.airlift.testing.TempFile;
import java.io.FileOutputStream;
import java.security.KeyStore;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
/* loaded from: input_file:io/airlift/secrets/keystore/TestKeystoreSecretProvider.class */
final class TestKeystoreSecretProvider {
    private TempFile keystoreFile;
    private KeystoreSecretProvider secretProvider;

    TestKeystoreSecretProvider() {
    }

    @BeforeAll
    public void setup() throws Exception {
        this.keystoreFile = new TempFile();
        char[] charArray = "password".toCharArray();
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(null, charArray);
        keyStore.setEntry("key", new KeyStore.SecretKeyEntry(SecretKeyFactory.getInstance("PBE").generateSecret(new PBEKeySpec("value".toCharArray()))), new KeyStore.PasswordProtection(charArray));
        FileOutputStream fileOutputStream = new FileOutputStream(this.keystoreFile.file());
        try {
            keyStore.store(fileOutputStream, charArray);
            fileOutputStream.close();
            this.secretProvider = new KeystoreSecretProvider(new KeystoreSecretProviderConfig().setKeyStoreType("jks").setKeyStoreFilePath(this.keystoreFile.file().getAbsolutePath()).setKeyStorePassword("password"));
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @AfterAll
    public void teardown() {
        if (this.keystoreFile != null) {
            this.keystoreFile.close();
        }
    }

    @Test
    public void testConfigurationResolver() {
        Assertions.assertThat(this.secretProvider.resolveSecretValue("key")).isEqualTo("value");
    }

    @Test
    public void testConfigurationResolverWithInvalidKey() {
        Assertions.assertThatThrownBy(() -> {
            this.secretProvider.resolveSecretValue("invalid_key");
        }).hasMessageContaining("Key not found in keystore: invalid_key");
    }

    @Test
    public void testKeystoreWithInvalidPassword() {
        Assertions.assertThatThrownBy(() -> {
            new KeystoreSecretProvider(new KeystoreSecretProviderConfig().setKeyStoreType("jks").setKeyStoreFilePath(this.keystoreFile.file().getAbsolutePath()).setKeyStorePassword("invalid_password")).resolveSecretValue("key");
        }).hasMessageContaining("Failed PKCS12 integrity checking");
    }
}
