package org.apache.hadoop.ozone.s3.remote.vault;

import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.api.Logical;
import com.bettercloud.vault.response.LogicalResponse;
import com.bettercloud.vault.rest.RestResponse;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/hadoop/ozone/s3/remote/vault/TestVaultS3SecretStore.class */
public class TestVaultS3SecretStore {
    private static final String TOKEN = "token";
    private static final AtomicInteger AUTH_OPERATION_PROVIDER = new AtomicInteger(0);
    private static final AtomicInteger SUCCESS_OPERATION_LIMIT = new AtomicInteger(0);
    private static final Map<String, Map<String, String>> STORE = new HashMap();
    private static VaultConfig config;
    private static VaultS3SecretStore s3SecretStore;

    /* loaded from: input_file:org/apache/hadoop/ozone/s3/remote/vault/TestVaultS3SecretStore$LogicalMock.class */
    private static class LogicalMock extends Logical {
        LogicalMock() {
            super(TestVaultS3SecretStore.config);
        }

        public LogicalResponse read(String str) {
            return TestVaultS3SecretStore.SUCCESS_OPERATION_LIMIT.getAndDecrement() <= 0 ? new LogicalResponseMock(str, 401) : new LogicalResponseMock(str);
        }

        public LogicalResponse write(String str, Map<String, Object> map) {
            if (TestVaultS3SecretStore.SUCCESS_OPERATION_LIMIT.getAndDecrement() <= 0) {
                return new LogicalResponseMock(str, 401);
            }
            TestVaultS3SecretStore.STORE.put(str, map);
            return new LogicalResponseMock(str);
        }

        public LogicalResponse delete(String str) {
            if (TestVaultS3SecretStore.SUCCESS_OPERATION_LIMIT.getAndDecrement() <= 0) {
                return new LogicalResponseMock(str, 401);
            }
            TestVaultS3SecretStore.STORE.remove(str);
            return new LogicalResponseMock(str);
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ozone/s3/remote/vault/TestVaultS3SecretStore$LogicalResponseMock.class */
    private static class LogicalResponseMock extends LogicalResponse {
        private final String key;

        LogicalResponseMock(String str) {
            this(str, 200);
        }

        LogicalResponseMock(String str, int i) {
            super(new RestResponse(i, "application/json", new byte[0]), 1, Logical.logicalOperations.readV1);
            this.key = str;
        }

        public Map<String, String> getData() {
            Map<String, String> map = (Map) TestVaultS3SecretStore.STORE.get(this.key);
            return map == null ? Collections.emptyMap() : map;
        }
    }

    @BeforeAll
    static void setup() throws IOException {
        Vault vault = (Vault) Mockito.mock(Vault.class);
        s3SecretStore = new VaultS3SecretStore("local", "namespace", "secretPath", 1, vaultConfig -> {
            int i = AUTH_OPERATION_PROVIDER.get();
            if (i > 0) {
                SUCCESS_OPERATION_LIMIT.set(i);
            }
            vaultConfig.token(TOKEN);
            config = vaultConfig;
            return vault;
        }, (SslConfig) null);
        Mockito.when(vault.logical()).thenReturn(new LogicalMock());
    }

    @BeforeEach
    public void clean() {
        AUTH_OPERATION_PROVIDER.set(0);
        SUCCESS_OPERATION_LIMIT.set(0);
        STORE.clear();
    }

    @Test
    public void testReadWrite() throws IOException {
        SUCCESS_OPERATION_LIMIT.set(2);
        S3SecretValue s3SecretValue = new S3SecretValue("id", "value");
        s3SecretStore.storeSecret("id", s3SecretValue);
        Assertions.assertEquals(s3SecretValue, s3SecretStore.getSecret("id"));
    }

    @Test
    public void testReAuth() throws IOException {
        SUCCESS_OPERATION_LIMIT.set(1);
        AUTH_OPERATION_PROVIDER.set(1);
        S3SecretValue s3SecretValue = new S3SecretValue("id", "value");
        s3SecretStore.storeSecret("id", s3SecretValue);
        Assertions.assertEquals(s3SecretValue, s3SecretStore.getSecret("id"));
        Assertions.assertDoesNotThrow(() -> {
            s3SecretStore.revokeSecret("id");
        });
    }

    @Test
    public void testAuthFail() throws IOException {
        SUCCESS_OPERATION_LIMIT.set(1);
        s3SecretStore.storeSecret("id", new S3SecretValue("id", "value"));
        Assertions.assertThrows(IOException.class, () -> {
            s3SecretStore.getSecret("id");
        });
        Assertions.assertThrows(IOException.class, () -> {
            s3SecretStore.revokeSecret("id");
        });
    }
}
