package io.quarkus.vault.test;

import io.quarkus.vault.VaultException;
import io.quarkus.vault.VaultKVSecretEngine;
import io.quarkus.vault.runtime.VaultConfigHolder;
import io.quarkus.vault.runtime.client.VaultClientException;
import io.quarkus.vault.runtime.client.backend.VaultInternalSystemBackend;
import io.quarkus.vault.runtime.client.dto.sys.VaultInitResponse;
import io.quarkus.vault.runtime.client.dto.sys.VaultPolicyBody;
import io.quarkus.vault.runtime.config.VaultAuthenticationConfig;
import io.quarkus.vault.runtime.config.VaultBootstrapConfig;
import io.quarkus.vault.runtime.config.VaultEnterpriseConfig;
import io.quarkus.vault.runtime.config.VaultKubernetesAuthenticationConfig;
import io.quarkus.vault.runtime.config.VaultTlsConfig;
import io.quarkus.vault.test.client.TestVaultClient;
import io.quarkus.vault.test.client.dto.VaultAppRoleRoleIdData;
import io.quarkus.vault.test.client.dto.VaultAppRoleSecretIdData;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Optional;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.sql.DataSource;
import org.jboss.logging.Logger;
import org.junit.jupiter.api.Assertions;
import org.testcontainers.containers.BindMode;
import org.testcontainers.containers.Container;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.Network;
import org.testcontainers.containers.PostgreSQLContainer;

/* loaded from: input_file:io/quarkus/vault/test/VaultTestExtension.class */
public class VaultTestExtension {
    private static final Logger log = Logger.getLogger(VaultTestExtension.class.getName());
    static final String DB_NAME = "mydb";
    static final String DB_USERNAME = "postgres";
    public static final String DB_PASSWORD = "bar";
    public static final String SECRET_VALUE = "s€cr€t";
    static final int VAULT_PORT = 8200;
    static final int MAPPED_POSTGRESQL_PORT = 6543;
    public static final String VAULT_AUTH_USERPASS_USER = "bob";
    public static final String VAULT_AUTH_USERPASS_PASSWORD = "sinclair";
    public static final String VAULT_AUTH_APPROLE = "myapprole";
    public static final String SECRET_PATH_V1 = "secret-v1";
    public static final String SECRET_PATH_V2 = "secret";
    public static final String LIST_PATH = "hello";
    public static final String LIST_SUB_PATH = "world";
    public static final String EXPECTED_SUB_PATHS = "[world]";
    public static final String VAULT_DBROLE = "mydbrole";
    public static final String APP_SECRET_PATH = "foo";
    static final String APP_CONFIG_PATH = "config";
    static final String VAULT_POLICY = "mypolicy";
    static final String POSTGRESQL_HOST = "mypostgresdb";
    static final String VAULT_URL;
    public static final String SECRET_KEY = "secret";
    public static final String ENCRYPTION_KEY_NAME = "my-encryption-key";
    public static final String ENCRYPTION_KEY2_NAME = "my-encryption-key2";
    public static final String ENCRYPTION_DERIVED_KEY_NAME = "my-derivation-encryption-key";
    public static final String SIGN_KEY_NAME = "my-sign-key";
    public static final String SIGN_KEY2_NAME = "my-sign-key2";
    public static final String SIGN_DERIVATION_KEY_NAME = "my-derivation-sign-key";
    public static final String TMP_VAULT_POSTGRES_CREATION_SQL_FILE = "/tmp/vault-postgres-creation.sql";
    public static final String TMP_VAULT_CONFIG_JSON_FILE = "/tmp/vault-config.json";
    public static final String TMP_POSTGRES_INIT_SQL_FILE = "/tmp/postgres-init.sql";
    public static final String TEST_QUERY_STRING = "SELECT 1";
    public static final String CONTAINER_TMP_CMD = "/tmp/cmd";
    public static final String HOST_VAULT_TMP_CMD = "target/vault_cmd";
    public static final String HOST_POSTGRES_TMP_CMD = "target/postgres_cmd";
    public static final String OUT_FILE = "/out";
    public static final String WRAPPING_TEST_PATH = "wrapping-test";
    private static String CRUD_PATH;
    public GenericContainer vaultContainer;
    public PostgreSQLContainer postgresContainer;
    private TestVaultClient vaultClient;
    public String rootToken = null;
    public String appRoleSecretId = null;
    public String appRoleRoleId = null;
    public String appRoleSecretIdWrappingToken = null;
    public String clientTokenWrappingToken = null;
    public String passwordKvv1WrappingToken = null;
    public String passwordKvv2WrappingToken = null;
    public String anotherPasswordKvv2WrappingToken = null;
    private String db_default_ttl = "1m";
    private String db_max_ttl = "10m";

    /* JADX WARN: Failed to calculate best type for var: r7v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r7v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x00c7: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:65:0x00c7 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00cb: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:67:0x00cb */
    /* JADX WARN: Type inference failed for: r7v1, types: [java.sql.Statement] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    public static void testDataSource(DataSource dataSource) throws SQLException {
        ?? r7;
        ?? r8;
        Connection connection = dataSource.getConnection();
        Throwable th = null;
        try {
            try {
                Statement createStatement = connection.createStatement();
                Throwable th2 = null;
                ResultSet executeQuery = createStatement.executeQuery(TEST_QUERY_STRING);
                Throwable th3 = null;
                try {
                    try {
                        Assertions.assertTrue(executeQuery.next());
                        Assertions.assertEquals(1, executeQuery.getInt(1));
                        if (executeQuery != null) {
                            if (0 != 0) {
                                try {
                                    executeQuery.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                executeQuery.close();
                            }
                        }
                        if (createStatement != null) {
                            if (0 != 0) {
                                try {
                                    createStatement.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                createStatement.close();
                            }
                        }
                        if (connection != null) {
                            if (0 == 0) {
                                connection.close();
                                return;
                            }
                            try {
                                connection.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        }
                    } catch (Throwable th7) {
                        th3 = th7;
                        throw th7;
                    }
                } catch (Throwable th8) {
                    if (executeQuery != null) {
                        if (th3 != null) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th9) {
                                th3.addSuppressed(th9);
                            }
                        } else {
                            executeQuery.close();
                        }
                    }
                    throw th8;
                }
            } catch (Throwable th10) {
                if (r7 != 0) {
                    if (r8 != 0) {
                        try {
                            r7.close();
                        } catch (Throwable th11) {
                            r8.addSuppressed(th11);
                        }
                    } else {
                        r7.close();
                    }
                }
                throw th10;
            }
        } catch (Throwable th12) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th13) {
                        th.addSuppressed(th13);
                    }
                } else {
                    connection.close();
                }
            }
            throw th12;
        }
    }

    public static void assertCrudSecret(VaultKVSecretEngine vaultKVSecretEngine) {
        Assertions.assertEquals(EXPECTED_SUB_PATHS, vaultKVSecretEngine.listSecrets(LIST_PATH).toString());
        assertDeleteSecret(vaultKVSecretEngine);
        assertDeleteSecret(vaultKVSecretEngine);
        HashMap hashMap = new HashMap();
        hashMap.put("first", "one");
        hashMap.put("second", "two");
        vaultKVSecretEngine.writeSecret(CRUD_PATH, hashMap);
        Assertions.assertEquals("{first=one, second=two}", readSecretAsString(vaultKVSecretEngine, CRUD_PATH));
        hashMap.put("first", "un");
        hashMap.put("third", "tres");
        vaultKVSecretEngine.writeSecret(CRUD_PATH, hashMap);
        Assertions.assertEquals("{first=un, second=two, third=tres}", readSecretAsString(vaultKVSecretEngine, CRUD_PATH));
        assertDeleteSecret(vaultKVSecretEngine);
    }

    private static void assertDeleteSecret(VaultKVSecretEngine vaultKVSecretEngine) {
        vaultKVSecretEngine.deleteSecret(CRUD_PATH);
        try {
            readSecretAsString(vaultKVSecretEngine, CRUD_PATH);
        } catch (VaultClientException e) {
            Assertions.assertEquals(404, e.getStatus());
        }
    }

    private static String readSecretAsString(VaultKVSecretEngine vaultKVSecretEngine, String str) {
        return new TreeMap(vaultKVSecretEngine.readSecret(str)).toString();
    }

    private TestVaultClient createVaultClient() {
        VaultBootstrapConfig vaultBootstrapConfig = new VaultBootstrapConfig();
        vaultBootstrapConfig.tls = new VaultTlsConfig();
        vaultBootstrapConfig.url = getVaultUrl();
        vaultBootstrapConfig.enterprise = new VaultEnterpriseConfig();
        vaultBootstrapConfig.enterprise.namespace = Optional.empty();
        vaultBootstrapConfig.tls.skipVerify = Optional.of(true);
        vaultBootstrapConfig.tls.caCert = Optional.empty();
        vaultBootstrapConfig.connectTimeout = Duration.ofSeconds(5L);
        vaultBootstrapConfig.readTimeout = Duration.ofSeconds(1L);
        vaultBootstrapConfig.authentication = new VaultAuthenticationConfig();
        vaultBootstrapConfig.authentication.kubernetes = new VaultKubernetesAuthenticationConfig();
        return new TestVaultClient(new VaultConfigHolder().setVaultBootstrapConfig(vaultBootstrapConfig));
    }

    private static Optional<URL> getVaultUrl() {
        try {
            return Optional.of(new URL(VAULT_URL));
        } catch (MalformedURLException e) {
            throw new VaultException(e);
        }
    }

    public void start() throws InterruptedException, IOException {
        log.info("start containers on " + System.getProperty("os.name"));
        new File(HOST_POSTGRES_TMP_CMD).mkdirs();
        Network newNetwork = Network.newNetwork();
        this.postgresContainer = new PostgreSQLContainer().withDatabaseName(DB_NAME).withUsername(DB_USERNAME).withPassword(DB_PASSWORD).withNetwork(newNetwork).withFileSystemBind(HOST_POSTGRES_TMP_CMD, CONTAINER_TMP_CMD).withNetworkAliases(new String[]{POSTGRESQL_HOST}).withExposedPorts(new Integer[]{PostgreSQLContainer.POSTGRESQL_PORT}).withClasspathResourceMapping("postgres-init.sql", TMP_POSTGRES_INIT_SQL_FILE, BindMode.READ_ONLY);
        this.postgresContainer.setPortBindings(Arrays.asList("6543:" + PostgreSQLContainer.POSTGRESQL_PORT));
        String str = useTls() ? "vault-config-tls.json" : "vault-config.json";
        String vaultImage = getVaultImage();
        log.info("starting " + vaultImage + " with url=" + VAULT_URL + " and config file=" + str);
        new File(HOST_VAULT_TMP_CMD).mkdirs();
        this.vaultContainer = new GenericContainer(vaultImage).withExposedPorts(new Integer[]{Integer.valueOf(VAULT_PORT)}).withEnv("SKIP_SETCAP", "true").withEnv("VAULT_SKIP_VERIFY", "true").withEnv("VAULT_ADDR", VAULT_URL).withNetwork(newNetwork).withFileSystemBind(HOST_VAULT_TMP_CMD, CONTAINER_TMP_CMD).withClasspathResourceMapping(str, TMP_VAULT_CONFIG_JSON_FILE, BindMode.READ_ONLY).withClasspathResourceMapping("vault-tls.key", "/tmp/vault-tls.key", BindMode.READ_ONLY).withClasspathResourceMapping("vault-tls.crt", "/tmp/vault-tls.crt", BindMode.READ_ONLY).withClasspathResourceMapping("vault-postgres-creation.sql", TMP_VAULT_POSTGRES_CREATION_SQL_FILE, BindMode.READ_ONLY).withCommand(new String[]{"server", "-log-level=debug", "-config=/tmp/vault-config.json"});
        this.vaultContainer.setPortBindings(Arrays.asList("8200:8200"));
        this.postgresContainer.start();
        execPostgres(String.format("psql -U %s -d %s -f %s", DB_USERNAME, DB_NAME, TMP_POSTGRES_INIT_SQL_FILE));
        this.vaultContainer.setLogConsumers(Arrays.asList(outputFrame -> {
            System.out.print("VAULT >> " + outputFrame.getUtf8String());
        }));
        this.vaultContainer.start();
        initVault();
        log.info("vault has started with root token: " + this.rootToken);
    }

    private String getVaultImage() {
        return "vault:1.6.3";
    }

    private void initVault() throws InterruptedException, IOException {
        this.vaultClient = createVaultClient();
        VaultInternalSystemBackend vaultInternalSystemBackend = new VaultInternalSystemBackend();
        vaultInternalSystemBackend.setVaultClient(this.vaultClient);
        VaultInitResponse init = vaultInternalSystemBackend.init(1, 1);
        String str = (String) init.keys.get(0);
        this.rootToken = init.rootToken;
        waitForContainerToStart();
        try {
            vaultInternalSystemBackend.systemHealthStatus(false, false);
        } catch (VaultClientException e) {
            Assertions.assertEquals(503, e.getStatus());
        }
        execVault("vault operator unseal " + str);
        Assertions.assertFalse(vaultInternalSystemBackend.systemSealStatus().sealed);
        execVault("vault auth enable userpass");
        execVault(String.format("vault write auth/userpass/users/%s password=%s policies=%s", VAULT_AUTH_USERPASS_USER, VAULT_AUTH_USERPASS_PASSWORD, VAULT_POLICY));
        execVault("vault auth enable kubernetes");
        execVault("vault auth enable approle");
        execVault(String.format("vault write auth/approle/role/%s policies=%s", VAULT_AUTH_APPROLE, VAULT_POLICY));
        this.appRoleSecretId = ((VaultAppRoleSecretIdData) this.vaultClient.generateAppRoleSecretId(this.rootToken, VAULT_AUTH_APPROLE).data).secretId;
        this.appRoleRoleId = ((VaultAppRoleRoleIdData) this.vaultClient.getAppRoleRoleId(this.rootToken, VAULT_AUTH_APPROLE).data).roleId;
        log.info(String.format("generated role_id=%s secret_id=%s for approle=%s", this.appRoleRoleId, this.appRoleSecretId, VAULT_AUTH_APPROLE));
        vaultInternalSystemBackend.createUpdatePolicy(this.rootToken, VAULT_POLICY, new VaultPolicyBody(readResourceContent("vault.policy")));
        execVault(String.format("vault secrets enable -path=%s kv", SECRET_PATH_V1));
        execVault(String.format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, APP_SECRET_PATH, "secret", SECRET_VALUE));
        execVault(String.format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, "hello/world", "secret", SECRET_VALUE));
        execVault(String.format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, APP_CONFIG_PATH, "password", DB_PASSWORD));
        execVault(String.format("vault secrets enable -path=%s -version=2 kv", "secret"));
        execVault(String.format("vault kv put %s/%s %s=%s", "secret", APP_SECRET_PATH, "secret", SECRET_VALUE));
        execVault(String.format("vault kv put %s/%s %s=%s", "secret", "hello/world", "secret", SECRET_VALUE));
        execVault(String.format("vault kv put %s/%s %s=%s", "secret", APP_CONFIG_PATH, "password", DB_PASSWORD));
        execVault(String.format("vault kv put %s/multi/default1 color=blue size=XL", "secret"));
        execVault(String.format("vault kv put %s/multi/default2 color=red weight=3", "secret"));
        execVault(String.format("vault kv put %s/multi/singer1 firstname=paul lastname=shaffer", "secret"));
        execVault(String.format("vault kv put %s/multi/singer2 lastname=simon age=78 color=green", "secret"));
        this.appRoleSecretIdWrappingToken = fetchWrappingToken(execVault(String.format("vault write -wrap-ttl=120s -f auth/approle/role/%s/secret-id", VAULT_AUTH_APPROLE)));
        log.info("appRoleSecretIdWrappingToken=" + this.appRoleSecretIdWrappingToken);
        this.clientTokenWrappingToken = fetchWrappingToken(execVault(String.format("vault token create -wrap-ttl=120s -ttl=10m -policy=%s", VAULT_POLICY)));
        log.info("clientTokenWrappingToken=" + this.clientTokenWrappingToken);
        execVault(String.format("vault kv put %s/%s %s=%s", SECRET_PATH_V1, WRAPPING_TEST_PATH, "password", VAULT_AUTH_USERPASS_PASSWORD));
        this.passwordKvv1WrappingToken = fetchWrappingToken(execVault(String.format("vault kv get -wrap-ttl=120s %s/%s", SECRET_PATH_V1, WRAPPING_TEST_PATH)));
        log.info("passwordKvv1WrappingToken=" + this.passwordKvv1WrappingToken);
        execVault(String.format("vault kv put %s/%s %s=%s", "secret", WRAPPING_TEST_PATH, "password", VAULT_AUTH_USERPASS_PASSWORD));
        this.passwordKvv2WrappingToken = fetchWrappingToken(execVault(String.format("vault kv get -wrap-ttl=120s %s/%s", "secret", WRAPPING_TEST_PATH)));
        log.info("passwordKvv2WrappingToken=" + this.passwordKvv2WrappingToken);
        this.anotherPasswordKvv2WrappingToken = fetchWrappingToken(execVault(String.format("vault kv get -wrap-ttl=120s %s/%s", "secret", WRAPPING_TEST_PATH)));
        log.info("anotherPasswordKvv2WrappingToken=" + this.anotherPasswordKvv2WrappingToken);
        execVault("vault secrets enable database");
        execVault(String.format("vault write database/config/%s plugin_name=postgresql-database-plugin allowed_roles=%s connection_url=postgresql://{{username}}:{{password}}@%s:%s/%s?sslmode=disable username=%s password=%s", DB_NAME, VAULT_DBROLE, POSTGRESQL_HOST, PostgreSQLContainer.POSTGRESQL_PORT, DB_NAME, DB_USERNAME, DB_PASSWORD));
        execVault(String.format("vault write database/roles/%s db_name=%s creation_statements=@%s default_ttl=%s max_ttl=%s revocation_statements=\"ALTER ROLE \\\"{{name}}\\\" NOLOGIN;\" renew_statements=\"ALTER ROLE \\\"{{name}}\\\" VALID UNTIL '{{expiration}}';\"", VAULT_DBROLE, DB_NAME, TMP_VAULT_POSTGRES_CREATION_SQL_FILE, this.db_default_ttl, this.db_max_ttl));
        execVault("vault secrets enable transit");
        execVault(String.format("vault write -f transit/keys/%s", ENCRYPTION_KEY_NAME));
        execVault(String.format("vault write -f transit/keys/%s", ENCRYPTION_KEY2_NAME));
        execVault(String.format("vault write transit/keys/%s derived=true", ENCRYPTION_DERIVED_KEY_NAME));
        execVault(String.format("vault write transit/keys/%s type=ecdsa-p256", SIGN_KEY_NAME));
        execVault(String.format("vault write transit/keys/%s type=ecdsa-p256", SIGN_KEY2_NAME));
        execVault(String.format("vault write transit/keys/%s type=ed25519 derived=true", SIGN_DERIVATION_KEY_NAME));
        execVault("vault write transit/keys/jws type=ecdsa-p256");
        execVault("vault secrets enable totp");
    }

    private String readResourceContent(String str) throws IOException {
        byte[] bArr = new byte[512];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        while (true) {
            try {
                int read = resourceAsStream.read(bArr);
                if (read <= 0) {
                    return new String(byteArrayOutputStream.toByteArray());
                }
                byteArrayOutputStream.write(bArr, 0, read);
            } finally {
                resourceAsStream.close();
            }
        }
    }

    private String fetchWrappingToken(String str) {
        Matcher matcher = Pattern.compile("^wrapping_token:\\s+([^\\s]+)$", 8).matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        throw new RuntimeException("unable to find wrapping_token in " + str);
    }

    public static boolean useTls() {
        return System.getProperty("vault-test-extension.use-tls", Boolean.TRUE.toString()).equals(Boolean.TRUE.toString());
    }

    private void waitForContainerToStart() throws InterruptedException, IOException {
        Instant now = Instant.now();
        while (Instant.now().isBefore(now.plusSeconds(20L))) {
            if (this.vaultContainer.execInContainer(createVaultCommand("vault status")).getExitCode() == 2) {
                return;
            }
        }
        Assertions.fail("vault failed to start");
    }

    private String execPostgres(String str) throws IOException, InterruptedException {
        return exec(this.postgresContainer, str, new String[]{"/bin/sh", "-c", str + " > " + CONTAINER_TMP_CMD + OUT_FILE}, "target/postgres_cmd/out");
    }

    private String execVault(String str) throws IOException, InterruptedException {
        return exec(this.vaultContainer, str, createVaultCommand(str + " > " + CONTAINER_TMP_CMD + OUT_FILE), "target/vault_cmd/out");
    }

    private String exec(GenericContainer genericContainer, String str, String[] strArr, String str2) throws IOException, InterruptedException {
        exec(genericContainer, strArr);
        String str3 = new String(Files.readAllBytes(Paths.get(str2, new String[0])), StandardCharsets.UTF_8);
        log.info("> " + str + "\n" + str3);
        return str3;
    }

    private static Container.ExecResult exec(GenericContainer genericContainer, String[] strArr) throws IOException, InterruptedException {
        Container.ExecResult execInContainer = genericContainer.execInContainer(strArr);
        if (execInContainer.getExitCode() != 0) {
            throw new RuntimeException("command " + Arrays.asList(strArr) + " failed with exit code " + execInContainer.getExitCode() + "\n" + execInContainer.getStderr());
        }
        return execInContainer;
    }

    private String[] createVaultCommand(String str) {
        return new String[]{"/bin/sh", "-c", (this.rootToken != null ? "export VAULT_TOKEN=" + this.rootToken + " && " : "") + str};
    }

    public void close() {
        log.info("stop containers");
        if (this.vaultContainer != null && this.vaultContainer.isRunning()) {
            this.vaultContainer.stop();
        }
        if (this.postgresContainer == null || !this.postgresContainer.isRunning()) {
            return;
        }
        this.postgresContainer.stop();
    }

    static {
        VAULT_URL = (useTls() ? "https" : "http") + "://localhost:" + VAULT_PORT;
        CRUD_PATH = "crud";
    }
}
