package org.apache.beam.it.gcp.kms;

import com.google.api.gax.core.CredentialsProvider;
import com.google.api.resourcenames.ResourceName;
import com.google.cloud.kms.v1.CryptoKey;
import com.google.cloud.kms.v1.CryptoKeyName;
import com.google.cloud.kms.v1.DecryptResponse;
import com.google.cloud.kms.v1.EncryptResponse;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.cloud.kms.v1.KeyRing;
import com.google.cloud.kms.v1.KeyRingName;
import com.google.cloud.kms.v1.LocationName;
import com.google.common.truth.Truth;
import com.google.protobuf.ByteString;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.apache.beam.vendor.guava.v32_1_2_jre.com.google.common.collect.ImmutableList;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
import org.mockito.Answers;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;

@RunWith(JUnit4.class)
/* loaded from: input_file:org/apache/beam/it/gcp/kms/KMSResourceManagerTest.class */
public class KMSResourceManagerTest {

    @Rule
    public final MockitoRule mockito = MockitoJUnit.rule();
    private static final String PROJECT_ID = "test-project";
    private static final String REGION = "us-central1";
    private static final String KEYRING_ID = "test-keyring";
    private static final String KEY_ID = "test-key";

    @Mock
    private KMSClientFactory kmsClientFactory;

    @Mock(answer = Answers.RETURNS_DEEP_STUBS)
    private KeyManagementServiceClient serviceClient;
    private KMSResourceManager testManager;

    @Before
    public void setUp() {
        this.testManager = new KMSResourceManager(this.kmsClientFactory, KMSResourceManager.builder(PROJECT_ID, (CredentialsProvider) null).setRegion(REGION));
    }

    @Test
    public void testGetOrCreateCryptoKeyShouldThrowErrorWhenClientFailsToConnect() {
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenThrow(KMSResourceManagerException.class);
        Assert.assertThrows(KMSResourceManagerException.class, () -> {
            this.testManager.getOrCreateCryptoKey(KEYRING_ID, KEY_ID);
        });
    }

    @Test
    public void testGetOrCreateCryptoKeyShouldCreateKeyRingWhenItDoesNotExist() {
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenReturn(this.serviceClient);
        Mockito.when(this.serviceClient.listKeyRings((LocationName) ArgumentMatchers.any(LocationName.class)).iterateAll()).thenReturn(ImmutableList.of());
        this.testManager.getOrCreateCryptoKey(KEYRING_ID, KEY_ID);
        ((KeyManagementServiceClient) Mockito.verify(this.serviceClient)).createKeyRing((LocationName) ArgumentMatchers.any(LocationName.class), ArgumentMatchers.anyString(), (KeyRing) ArgumentMatchers.any(KeyRing.class));
    }

    @Test
    public void testGetOrCreateCryptoKeyShouldNotCreateKeyRingWhenItAlreadyExists() {
        KeyRing build = KeyRing.newBuilder().setName(KeyRingName.of(PROJECT_ID, REGION, KEYRING_ID).toString()).build();
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenReturn(this.serviceClient);
        Mockito.when(this.serviceClient.listKeyRings((LocationName) ArgumentMatchers.any(LocationName.class)).iterateAll()).thenReturn(ImmutableList.of(build));
        this.testManager.getOrCreateCryptoKey(KEYRING_ID, KEY_ID);
        ((KeyManagementServiceClient) Mockito.verify(this.serviceClient, Mockito.never())).createKeyRing((LocationName) ArgumentMatchers.any(LocationName.class), ArgumentMatchers.anyString(), (KeyRing) ArgumentMatchers.any(KeyRing.class));
    }

    @Test
    public void testGetOrCreateCryptoKeyShouldCreateCryptoKeyWhenItDoesNotExist() {
        KeyRing build = KeyRing.newBuilder().setName(KeyRingName.of(PROJECT_ID, REGION, KEYRING_ID).toString()).build();
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenReturn(this.serviceClient);
        Mockito.when(this.serviceClient.createKeyRing((LocationName) ArgumentMatchers.any(LocationName.class), ArgumentMatchers.anyString(), (KeyRing) ArgumentMatchers.any(KeyRing.class))).thenReturn(build);
        Mockito.when(this.serviceClient.listCryptoKeys(KEYRING_ID).iterateAll()).thenReturn(ImmutableList.of());
        this.testManager.getOrCreateCryptoKey(KEYRING_ID, KEY_ID);
        ((KeyManagementServiceClient) Mockito.verify(this.serviceClient)).createCryptoKey(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (CryptoKey) ArgumentMatchers.any(CryptoKey.class));
    }

    @Test
    public void testGetOrCreateCryptoKeyShouldNotCreateCryptoKeyWhenItAlreadyExists() {
        String keyRingName = KeyRingName.of(PROJECT_ID, REGION, KEYRING_ID).toString();
        KeyRing build = KeyRing.newBuilder().setName(keyRingName).build();
        CryptoKey build2 = CryptoKey.newBuilder().setName(CryptoKeyName.of(PROJECT_ID, REGION, KEYRING_ID, KEY_ID).toString()).build();
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenReturn(this.serviceClient);
        Mockito.when(this.serviceClient.createKeyRing((LocationName) ArgumentMatchers.any(LocationName.class), ArgumentMatchers.anyString(), (KeyRing) ArgumentMatchers.any(KeyRing.class))).thenReturn(build);
        Mockito.when(this.serviceClient.listCryptoKeys(keyRingName).iterateAll()).thenReturn(ImmutableList.of(build2));
        this.testManager.getOrCreateCryptoKey(KEYRING_ID, KEY_ID);
        ((KeyManagementServiceClient) Mockito.verify(this.serviceClient, Mockito.never())).createCryptoKey(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (CryptoKey) ArgumentMatchers.any(CryptoKey.class));
    }

    @Test
    public void testEncryptShouldThrowErrorWhenClientFailsToConnect() {
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenThrow(KMSResourceManagerException.class);
        Assert.assertThrows(KMSResourceManagerException.class, () -> {
            this.testManager.encrypt(KEYRING_ID, KEY_ID, "test message");
        });
    }

    @Test
    public void testEncryptShouldEncodeEncryptedMessageWithBase64() {
        EncryptResponse build = EncryptResponse.newBuilder().setCiphertext(ByteString.copyFromUtf8("ciphertext")).build();
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenReturn(this.serviceClient);
        Mockito.when(this.serviceClient.encrypt((ResourceName) ArgumentMatchers.any(CryptoKeyName.class), (ByteString) ArgumentMatchers.any(ByteString.class))).thenReturn(build);
        Truth.assertThat(new String(Base64.getDecoder().decode(this.testManager.encrypt(KEYRING_ID, KEY_ID, "test message").getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8)).isEqualTo("ciphertext");
    }

    @Test
    public void testDecryptShouldThrowErrorWhenClientFailsToConnect() {
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenThrow(KMSResourceManagerException.class);
        Assert.assertThrows(KMSResourceManagerException.class, () -> {
            this.testManager.decrypt(KEYRING_ID, KEY_ID, "ciphertext");
        });
    }

    @Test
    public void testDecryptShouldEncodeEncryptedMessageWithUTF8() {
        DecryptResponse build = DecryptResponse.newBuilder().setPlaintext(ByteString.copyFromUtf8("ciphertext")).build();
        String str = new String(Base64.getEncoder().encode("ciphertext".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
        Mockito.when(this.kmsClientFactory.getKMSClient()).thenReturn(this.serviceClient);
        Mockito.when(this.serviceClient.decrypt((CryptoKeyName) ArgumentMatchers.any(CryptoKeyName.class), (ByteString) ArgumentMatchers.any(ByteString.class))).thenReturn(build);
        String decrypt = this.testManager.decrypt(KEYRING_ID, KEY_ID, str);
        ((KeyManagementServiceClient) Mockito.verify(this.serviceClient)).decrypt((CryptoKeyName) ArgumentMatchers.any(CryptoKeyName.class), (ByteString) ArgumentMatchers.eq(ByteString.copyFromUtf8("ciphertext")));
        Truth.assertThat(decrypt).isEqualTo("ciphertext");
    }
}
