package io.jenkins.plugins.casc.vault;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import java.io.IOException;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.utility.MountableFile;
import org.testcontainers.utility.TestEnvironment;
import org.testcontainers.vault.VaultContainer;

/* loaded from: input_file:io/jenkins/plugins/casc/vault/VaultTestUtil.class */
class VaultTestUtil {
    private static final String VAULT_DOCKER_IMAGE = "vault:1.0.3";
    public static final String VAULT_ROOT_TOKEN = "root-token";
    public static final String VAULT_USER = "admin";
    public static final String VAULT_PW = "admin";
    public static final String VAULT_PATH_KV1_1 = "kv-v1/admin";
    public static final String VAULT_PATH_KV1_2 = "kv-v1/dev";
    public static final String VAULT_PATH_KV2_1 = "kv-v2/admin";
    public static final String VAULT_PATH_KV2_2 = "kv-v2/dev";
    public static final String VAULT_PATH_KV2_3 = "kv-v2/qa";
    public static final String VAULT_PATH_KV2_AUTH_TEST = "kv-v2/auth-test";
    private static final Logger LOGGER = Logger.getLogger(VaultTestUtil.class.getName());
    public static String VAULT_APPROLE_ID = "";
    public static String VAULT_APPROLE_SECRET = "";

    VaultTestUtil() {
    }

    public static void runCommand(VaultContainer vaultContainer, String... strArr) throws IOException, InterruptedException {
        LOGGER.log(Level.FINE, String.join(" ", strArr));
        vaultContainer.execInContainer(strArr);
    }

    public static boolean hasDockerDaemon() {
        try {
            return TestEnvironment.dockerApiAtLeast("1.10");
        } catch (IllegalStateException e) {
            return false;
        }
    }

    public static VaultContainer createVaultContainer() {
        if (hasDockerDaemon()) {
            return new VaultContainer(VAULT_DOCKER_IMAGE).withVaultToken(VAULT_ROOT_TOKEN).withCopyFileToContainer(MountableFile.forHostPath(VaultTestUtil.class.getResource("vaultTest_adminPolicy.hcl").getPath()), "/admin.hcl").withVaultPort(8200).waitingFor(Wait.forHttp("/v1/sys/seal-status").forStatusCode(200));
        }
        return null;
    }

    public static void configureVaultContainer(VaultContainer vaultContainer) {
        try {
            runCommand(vaultContainer, "vault", "secrets", "enable", "-path=kv-v2", "-version=2", "kv");
            runCommand(vaultContainer, "vault", "secrets", "enable", "-path=kv-v1", "-version=1", "kv");
            runCommand(vaultContainer, "vault", "auth", "enable", "userpass");
            runCommand(vaultContainer, "vault", "write", "auth/userpass/users/admin", "password=admin", "policies=admin");
            runCommand(vaultContainer, "vault", "policy", "write", "admin", "/admin.hcl");
            runCommand(vaultContainer, "vault", "auth", "enable", "approle");
            runCommand(vaultContainer, "vault", "write", "auth/approle/role/admin", "secret_id_ttl=10m", "token_num_uses=0", "token_ttl=4s", "token_max_ttl=4s", "secret_id_num_uses=1000", "policies=admin");
            Vault vault = new Vault(new VaultConfig().address("http://localhost:8200").token(VAULT_ROOT_TOKEN).engineVersion(1).build());
            VAULT_APPROLE_ID = (String) vault.logical().read("auth/approle/role/admin/role-id").getData().get("role_id");
            VAULT_APPROLE_SECRET = (String) vault.logical().write("auth/approle/role/admin/secret-id", new HashMap()).getData().get("secret_id");
            runCommand(vaultContainer, "vault", "kv", "put", VAULT_PATH_KV1_1, "key1=123", "key2=456");
            runCommand(vaultContainer, "vault", "kv", "put", VAULT_PATH_KV1_2, "key3=789");
            runCommand(vaultContainer, "vault", "kv", "put", VAULT_PATH_KV2_1, "key1=123", "key2=456");
            runCommand(vaultContainer, "vault", "kv", "put", VAULT_PATH_KV2_2, "key3=789");
            runCommand(vaultContainer, "vault", "kv", "put", VAULT_PATH_KV2_3, "key2=321");
            runCommand(vaultContainer, "vault", "kv", "put", VAULT_PATH_KV2_AUTH_TEST, "key1=auth-test");
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, e.getMessage());
        }
    }
}
