package io.vertx.config.vault.tests.utils;

import io.vertx.config.vault.tests.VaultConfigStoreTestBase;
import io.vertx.core.json.JsonObject;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.PemKeyCertOptions;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Consumer;
import org.apache.commons.exec.CommandLine;
import org.apache.commons.exec.DefaultExecuteResultHandler;
import org.apache.commons.exec.DefaultExecutor;
import org.apache.commons.exec.ExecuteWatchdog;
import org.apache.commons.exec.PumpStreamHandler;
import org.apache.commons.io.FileUtils;

/* loaded from: input_file:io/vertx/config/vault/tests/utils/VaultProcess.class */
public class VaultProcess {
    public static final String VAULT_VERSION = "1.1.2";
    public static final String CA_CERT_ARG = "-ca-cert=target/vault/config/ssl/cert.pem";
    private File executable = VaultDownloader.download();
    private String unseal;
    private String token;
    private ExecuteWatchdog watchDog;
    private String backend;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vertx/config/vault/tests/utils/VaultProcess$VaultOutputStream.class */
    public class VaultOutputStream extends OutputStream {
        StringBuilder last = new StringBuilder();
        List<Consumer<String>> extractors = new ArrayList();

        private VaultOutputStream() {
        }

        public VaultOutputStream addExtractor(Consumer<String> consumer) {
            this.extractors.add(consumer);
            return this;
        }

        @Override // java.io.OutputStream
        public synchronized void write(int i) throws IOException {
            this.last.append((char) i);
            if (((char) i) == '\n') {
                String sb = this.last.toString();
                System.out.println(sb);
                Iterator<Consumer<String>> it = this.extractors.iterator();
                while (it.hasNext()) {
                    it.next().accept(sb);
                }
                this.last = new StringBuilder();
            }
        }
    }

    public VaultProcess() {
        try {
            Certificates.createVaultCertAndKey();
            Certificates.createClientCertAndKey();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void initAndUnsealVault() {
        this.backend = null;
        FileUtils.deleteQuietly(new File("target/vault/file"));
        startServer();
        init();
        unseal();
        login();
        enableSecretEngineKvV1();
        enableSecretEngineKvV2();
    }

    private void init() {
        String str = this.executable.getAbsolutePath() + " operator init -key-shares=1 -key-threshold=1 -ca-cert=target/vault/config/ssl/cert.pem";
        System.out.println(">> " + str);
        CommandLine parse = CommandLine.parse(str);
        DefaultExecutor defaultExecutor = new DefaultExecutor();
        PumpStreamHandler pumpStreamHandler = new PumpStreamHandler(new VaultOutputStream().addExtractor(str2 -> {
            if (str2.contains("Unseal Key 1:")) {
                this.unseal = str2.replace("Unseal Key 1: ", "").trim();
            } else if (str2.contains("Initial Root Token:")) {
                this.token = str2.replace("Initial Root Token: ", "").trim();
            }
        }), System.err);
        defaultExecutor.setWatchdog(new ExecuteWatchdog(-1L));
        defaultExecutor.setStreamHandler(pumpStreamHandler);
        try {
            defaultExecutor.execute(parse);
            System.out.println("Vault Server initialized (but sealed)");
            System.out.println("Root token: " + this.token);
            System.out.println("Unseal key: " + this.unseal);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void unseal() {
        run("operator unseal -ca-cert=target/vault/config/ssl/cert.pem " + this.unseal);
        System.out.println("Vault Server ready !");
    }

    public void login() {
        run("login -ca-cert=target/vault/config/ssl/cert.pem " + this.token);
        System.out.println("Vault secret engine V1 is enabled !");
    }

    public void enableSecretEngineKvV1() {
        run("secrets enable -ca-cert=target/vault/config/ssl/cert.pem -path=secret kv");
        System.out.println("Vault secret engine V1 is enabled !");
    }

    public void enableSecretEngineKvV2() {
        run("secrets enable -ca-cert=target/vault/config/ssl/cert.pem -path=secret-v2 kv-v2");
        System.out.println("Vault secret engine V2 is enabled !");
    }

    private void startServer() {
        String str = this.executable.getAbsolutePath() + " server -config=src/test/resources/config.json";
        System.out.println(">> " + str);
        CommandLine parse = CommandLine.parse(str);
        DefaultExecutor defaultExecutor = new DefaultExecutor();
        DefaultExecuteResultHandler defaultExecuteResultHandler = new DefaultExecuteResultHandler();
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        PumpStreamHandler pumpStreamHandler = new PumpStreamHandler(new VaultOutputStream().addExtractor(str2 -> {
            if (str2.contains("Vault server started!")) {
                atomicBoolean.set(true);
            }
        }), System.err);
        this.watchDog = new ExecuteWatchdog(-1L);
        defaultExecutor.setWatchdog(this.watchDog);
        defaultExecutor.setStreamHandler(pumpStreamHandler);
        try {
            defaultExecutor.execute(parse, defaultExecuteResultHandler);
            VaultConfigStoreTestBase.awaitUntil(() -> {
                return atomicBoolean.get();
            });
            System.out.println("Vault Server ready - but not yet initialized");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void shutdown() {
        if (this.watchDog != null) {
            this.watchDog.destroyProcess();
        }
    }

    public boolean run(String str) {
        String str2 = this.executable.getAbsolutePath() + " " + str;
        System.out.println(">> " + str2);
        CommandLine parse = CommandLine.parse(str2);
        DefaultExecutor defaultExecutor = new DefaultExecutor();
        defaultExecutor.setExitValue(0);
        try {
            return defaultExecutor.execute(parse) == 0;
        } catch (IOException e) {
            e.printStackTrace();
            return false;
        }
    }

    public boolean isRunning() {
        return run("status -ca-cert=target/vault/config/ssl/cert.pem");
    }

    public String getHost() {
        return "127.0.0.1";
    }

    public int getPort() {
        return 8200;
    }

    public JsonObject getConfiguration() {
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("host", getHost());
        jsonObject.put("port", Integer.valueOf(getPort()));
        jsonObject.put("ssl", true);
        jsonObject.put("pemKeyCertOptions", new PemKeyCertOptions().addCertPath("target/vault/config/ssl/client-cert.pem").addKeyPath("target/vault/config/ssl/client-privatekey.pem").toJson());
        jsonObject.put("trustStoreOptions", new JksOptions().setPath("target/vault/config/ssl/truststore.jks").toJson());
        return jsonObject;
    }

    public JsonObject getConfigurationWithRootToken() {
        return getConfiguration().put("token", this.token);
    }

    public void setupBackendAppRole() {
        if ("appRole".equals(this.backend)) {
            return;
        }
        run("policy write -ca-cert=target/vault/config/ssl/cert.pem user src/test/resources/acl.hcl");
        run("auth enable -ca-cert=target/vault/config/ssl/cert.pem approle");
        run("write -ca-cert=target/vault/config/ssl/cert.pem auth/approle/role/testrole secret_id_ttl=10m token_ttlc=20m token_max_ttl=30m secret_id_num_users=40 policies=user");
        this.backend = "appRole";
    }

    public void setupBackendCert() {
        if ("cert".equalsIgnoreCase(this.backend)) {
            return;
        }
        run("policy write -ca-cert=target/vault/config/ssl/cert.pem user src/test/resources/acl.hcl");
        run("auth enable -ca-cert=target/vault/config/ssl/cert.pem cert");
        run("write -ca-cert=target/vault/config/ssl/cert.pem auth/cert/certs/web display_name=web policies=web,prod,user certificate=@target/vault/config/ssl/client-cert.pem ttl=3600");
        this.backend = "cert";
    }

    public void setupBackendUserPass() {
        if ("userpass".equalsIgnoreCase(this.backend)) {
            return;
        }
        run("policy write -ca-cert=target/vault/config/ssl/cert.pem user src/test/resources/acl.hcl");
        run("auth enable -ca-cert=target/vault/config/ssl/cert.pem userpass");
        run("write -ca-cert=target/vault/config/ssl/cert.pem auth/userpass/users/fake-user password=fake-password policies=user");
        this.backend = "userpass";
    }

    public String getToken() {
        return this.token;
    }

    public String getUnsealKey() {
        return this.unseal;
    }

    public void runAndProcess(String str, Consumer<String> consumer) {
        String str2 = this.executable.getAbsolutePath() + " " + str;
        System.out.println(">> " + str2);
        CommandLine parse = CommandLine.parse(str2);
        DefaultExecutor defaultExecutor = new DefaultExecutor();
        PumpStreamHandler pumpStreamHandler = new PumpStreamHandler(new VaultOutputStream().addExtractor(consumer), System.err);
        defaultExecutor.setWatchdog(new ExecuteWatchdog(-1L));
        defaultExecutor.setStreamHandler(pumpStreamHandler);
        try {
            defaultExecutor.execute(parse);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
