package io.confluent.dekregistry.web.rest;

import com.google.common.collect.ImmutableList;
import com.google.common.testing.FakeTicker;
import io.confluent.dekregistry.DekRegistryResourceExtension;
import io.confluent.dekregistry.client.CachedDekRegistryClient;
import io.confluent.dekregistry.client.rest.DekRegistryRestService;
import io.confluent.dekregistry.client.rest.entities.Dek;
import io.confluent.dekregistry.client.rest.entities.Kek;
import io.confluent.kafka.schemaregistry.ClusterTestHarness;
import io.confluent.kafka.schemaregistry.avro.AvroSchema;
import io.confluent.kafka.schemaregistry.avro.AvroUtils;
import io.confluent.kafka.schemaregistry.client.rest.entities.Rule;
import io.confluent.kafka.schemaregistry.client.rest.entities.RuleKind;
import io.confluent.kafka.schemaregistry.client.rest.entities.RuleMode;
import io.confluent.kafka.schemaregistry.client.rest.entities.requests.ConfigUpdateRequest;
import io.confluent.kafka.schemaregistry.client.rest.entities.requests.RegisterSchemaRequest;
import io.confluent.kafka.schemaregistry.client.rest.exceptions.RestClientException;
import io.confluent.kafka.schemaregistry.encryption.tink.Cryptor;
import io.confluent.kafka.schemaregistry.encryption.tink.DekFormat;
import io.confluent.kafka.schemaregistry.storage.RuleSet;
import io.confluent.kafka.schemaregistry.storage.RuleSetHandler;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SortedMap;
import java.util.concurrent.TimeUnit;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/confluent/dekregistry/web/rest/RestApiTest.class */
public class RestApiTest extends ClusterTestHarness {
    FakeTicker fakeTicker;
    CachedDekRegistryClient client;

    public RestApiTest() {
        super(1, true);
    }

    public Properties getSchemaRegistryProperties() throws Exception {
        Properties properties = new Properties();
        properties.put("resource.extension.class", DekRegistryResourceExtension.class.getName());
        properties.put("inter.instance.headers.whitelist", "X-Forward");
        return properties;
    }

    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.fakeTicker = new FakeTicker();
        this.client = new CachedDekRegistryClient(new DekRegistryRestService(this.restApp.restClient.getBaseUrls().urls()), 1000, 60, (Map) null, (Map) null, this.fakeTicker);
        this.restApp.schemaRegistry().setRuleSetHandler(new RuleSetHandler() { // from class: io.confluent.dekregistry.web.rest.RestApiTest.1
            public void handle(String str, ConfigUpdateRequest configUpdateRequest) {
            }

            public void handle(String str, boolean z, RegisterSchemaRequest registerSchemaRequest) {
            }

            public RuleSet transform(io.confluent.kafka.schemaregistry.client.rest.entities.RuleSet ruleSet) {
                if (ruleSet != null) {
                    return new RuleSet(ruleSet);
                }
                return null;
            }
        });
    }

    @Test
    public void testBasic() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/vnd.schemaregistry.v1+json");
        testBasic(hashMap, false);
    }

    @Test
    public void testForwarding() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/vnd.schemaregistry.v1+json");
        hashMap.put("X-Forward", "false");
        testBasic(hashMap, false);
    }

    @Test
    public void testBasicImport() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/vnd.schemaregistry.v1+json");
        testBasic(hashMap, true);
    }

    private void testBasic(Map<String, String> map, boolean z) throws Exception {
        DekFormat dekFormat = DekFormat.AES256_GCM;
        Kek kek = new Kek("kek1", "test-kms", "myid", (Map) null, (String) null, false, (Long) null, (Boolean) null);
        if (z) {
            this.client.setMode("IMPORT");
        }
        Assert.assertEquals(kek, this.client.createKek(map, "kek1", "test-kms", "myid", (Map) null, (String) null, false, false));
        this.client.deleteKek(map, "kek1", false);
        Assert.assertEquals(kek, this.client.createKek(map, "kek1", "test-kms", "myid", (Map) null, (String) null, false, false));
        Assert.assertEquals(kek, this.client.getKek("kek1", false));
        Assert.assertEquals(Collections.singletonList("kek1"), this.client.listKeks(false));
        try {
            this.client.deleteKek(map, "kek1", true);
            Assert.fail();
        } catch (RestClientException e) {
            Assert.assertEquals(40471L, e.getErrorCode());
        }
        this.client.deleteKek(map, "kek1", false);
        Map singletonMap = Collections.singletonMap("hi", "there");
        try {
            this.client.updateKek(map, "kek1", singletonMap, "mydoc", true);
            Assert.fail();
        } catch (RestClientException e2) {
            Assert.assertEquals(40470L, e2.getErrorCode());
        }
        Assert.assertEquals(Collections.emptyList(), this.client.listKeks(false));
        Assert.assertEquals(Collections.singletonList("kek1"), this.client.listKeks(true));
        try {
            this.client.getKek("kek1", false);
            Assert.fail();
        } catch (RestClientException e3) {
            Assert.assertEquals(40470L, e3.getErrorCode());
        }
        Assert.assertEquals(kek, this.client.getKek("kek1", true));
        this.client.deleteKek(map, "kek1", true);
        try {
            this.client.getKek("kek1", false);
            Assert.fail();
        } catch (RestClientException e4) {
            Assert.assertEquals(40470L, e4.getErrorCode());
        }
        try {
            this.client.getKek("kek1", true);
            Assert.fail();
        } catch (RestClientException e5) {
            Assert.assertEquals(40470L, e5.getErrorCode());
        }
        Assert.assertEquals(Collections.emptyList(), this.client.listKeks(false));
        Assert.assertEquals(Collections.emptyList(), this.client.listKeks(true));
        Assert.assertEquals(kek, this.client.createKek(map, "kek1", "test-kms", "myid", (Map) null, (String) null, false, false));
        Assert.assertEquals(kek, this.client.getKek("kek1", false));
        byte[] generateKey = new Cryptor(dekFormat).generateKey();
        String str = new String(Base64.getEncoder().encode(generateKey), StandardCharsets.UTF_8);
        String str2 = new String(Base64.getEncoder().encode(kek.toAead(Collections.emptyMap()).encrypt(generateKey, new byte[0])), StandardCharsets.UTF_8);
        Dek dek = new Dek("kek1", "mysubject", 1, dekFormat, str2, (String) null, (Long) null, (Boolean) null);
        Assert.assertEquals(dek, this.client.createDek(map, "kek1", "mysubject", (Integer) null, dekFormat, str2, false));
        this.client.deleteDek(map, "kek1", "mysubject", dekFormat, false);
        Assert.assertEquals(dek, this.client.createDek(map, "kek1", "mysubject", (Integer) null, dekFormat, str2, false));
        Dek dek2 = this.client.getDek("kek1", "mysubject", dekFormat, false);
        Assert.assertEquals(dek, dek2);
        Assert.assertNotNull(dek2.getTimestamp());
        try {
            this.client.createDek(map, "kek1", "badSubject", (Integer) null, dekFormat, (String) null, false);
            Assert.fail();
        } catch (RestClientException e6) {
            Assert.assertEquals(42271L, e6.getErrorCode());
        }
        Dek dek3 = this.client.getDek("kek1", "mysubject", dekFormat, false);
        Assert.assertEquals(dek, dek3);
        Assert.assertNotNull(dek3.getTimestamp());
        Kek kek2 = new Kek("kek1", "test-kms", "myid", singletonMap, "mydoc", true, (Long) null, (Boolean) null);
        Assert.assertEquals(kek2, this.client.updateKek(map, "kek1", singletonMap, "mydoc", true));
        this.fakeTicker.advance(61L, TimeUnit.SECONDS);
        Dek dek4 = new Dek("kek1", "mysubject", 1, dekFormat, str2, str, (Long) null, (Boolean) null);
        Dek dek5 = this.client.getDek("kek1", "mysubject", dekFormat, true);
        Assert.assertEquals(dek4, dek5);
        Assert.assertNotNull(dek5.getTimestamp());
        Dek createDek = this.client.createDek(map, "kek1", "mysubject2", (Integer) null, dekFormat, (String) null, false);
        Assert.assertNotNull(createDek.getEncryptedKeyMaterial());
        if (z) {
            Assert.assertNull(createDek.getKeyMaterial());
        } else {
            Assert.assertNotNull(createDek.getKeyMaterial());
        }
        Assert.assertNotNull(createDek.getTimestamp());
        Assert.assertEquals(2L, this.client.createDek(map, "kek1", "mysubject2", 2, dekFormat, (String) null, false).getVersion());
        Assert.assertEquals(ImmutableList.of("mysubject", "mysubject2"), this.client.listDeks("kek1", false));
        Assert.assertEquals(ImmutableList.of(1, 2), this.client.listDekVersions("kek1", "mysubject2", (DekFormat) null, false));
        try {
            this.client.deleteKek(map, "kek1", false);
            Assert.fail();
        } catch (RestClientException e7) {
            Assert.assertEquals(42272L, e7.getErrorCode());
        }
        try {
            this.client.deleteDek(map, "kek1", "mysubject", dekFormat, true);
            Assert.fail();
        } catch (RestClientException e8) {
            Assert.assertEquals(40471L, e8.getErrorCode());
        }
        this.client.deleteDek(map, "kek1", "mysubject", dekFormat, false);
        try {
            this.client.getDek("kek1", "mysubject", dekFormat, false);
            Assert.fail();
        } catch (RestClientException e9) {
            Assert.assertEquals(40470L, e9.getErrorCode());
        }
        Dek dek6 = this.client.getDek("kek1", "mysubject", dekFormat, true);
        Assert.assertEquals(dek4, dek6);
        Assert.assertNotNull(dek6.getTimestamp());
        Assert.assertEquals(ImmutableList.of("mysubject2"), this.client.listDeks("kek1", false));
        Assert.assertEquals(ImmutableList.of("mysubject", "mysubject2"), this.client.listDeks("kek1", true));
        this.client.deleteDekVersion(map, "kek1", "mysubject2", 2, (DekFormat) null, false);
        Assert.assertEquals(ImmutableList.of(1), this.client.listDekVersions("kek1", "mysubject2", (DekFormat) null, false));
        this.client.undeleteDekVersion(map, "kek1", "mysubject2", 2, (DekFormat) null);
        Assert.assertEquals(ImmutableList.of(1, 2), this.client.listDekVersions("kek1", "mysubject2", (DekFormat) null, false));
        this.client.deleteDek(map, "kek1", "mysubject2", dekFormat, false);
        this.client.deleteKek(map, "kek1", false);
        try {
            this.client.listDeks("kek1", false);
            Assert.fail();
        } catch (RestClientException e10) {
            Assert.assertEquals(40470L, e10.getErrorCode());
        }
        Assert.assertEquals(ImmutableList.of("mysubject", "mysubject2"), this.client.listDeks("kek1", true));
        try {
            this.client.undeleteDek(map, "kek1", "mysubject2", dekFormat);
            Assert.fail();
        } catch (RestClientException e11) {
            Assert.assertEquals(40472L, e11.getErrorCode());
        }
        this.client.undeleteKek(map, "kek1");
        Assert.assertEquals(kek2, this.client.getKek("kek1", false));
        this.client.undeleteDek(map, "kek1", "mysubject2", dekFormat);
        Assert.assertEquals(ImmutableList.of("mysubject2"), this.client.listDeks("kek1", false));
        this.client.deleteDek(map, "kek1", "mysubject2", dekFormat, false);
        this.client.deleteKek(map, "kek1", false);
        try {
            this.client.deleteKek(map, "kek1", true);
            Assert.fail();
        } catch (RestClientException e12) {
            Assert.assertEquals(42272L, e12.getErrorCode());
        }
        this.client.deleteDek(map, "kek1", "mysubject", dekFormat, true);
        try {
            this.client.deleteDek(map, "kek1", "mysubject", dekFormat, true);
            Assert.fail();
        } catch (RestClientException e13) {
            Assert.assertEquals(40470L, e13.getErrorCode());
        }
        this.client.deleteDek(map, "kek1", "mysubject2", dekFormat, true);
        try {
            this.client.listDeks("kek1", false);
            Assert.fail();
        } catch (RestClientException e14) {
            Assert.assertEquals(40470L, e14.getErrorCode());
        }
        Assert.assertEquals(Collections.emptyList(), this.client.listDeks("kek1", true));
        this.client.deleteKek(map, "kek1", true);
        try {
            this.client.deleteKek(map, "kek1", true);
            Assert.fail();
        } catch (RestClientException e15) {
            Assert.assertEquals(40470L, e15.getErrorCode());
        }
    }

    @Test
    public void testUnknownKmsType() throws Exception {
        DekFormat dekFormat = DekFormat.AES256_GCM;
        Kek kek = new Kek("kek1", "unknown-kms", "myid", (Map) null, (String) null, false, (Long) null, (Boolean) null);
        Assert.assertEquals(kek, this.client.createKek("kek1", "unknown-kms", "myid", (Map) null, (String) null, false));
        Assert.assertEquals(kek, this.client.getKek("kek1", false));
        Assert.assertEquals(Collections.singletonList("kek1"), this.client.listKeks(false));
        String str = new String(Base64.getEncoder().encode(new Kek("kek1", "test-kms", "myid", (Map) null, (String) null, false, (Long) null, (Boolean) null).toAead(Collections.emptyMap()).encrypt(new Cryptor(dekFormat).generateKey(), new byte[0])), StandardCharsets.UTF_8);
        Dek dek = new Dek("kek1", "mysubject", 1, dekFormat, str, (String) null, (Long) null, (Boolean) null);
        Assert.assertEquals(dek, this.client.createDek("kek1", "mysubject", dekFormat, str));
        Dek dek2 = this.client.getDek("kek1", "mysubject", dekFormat, false);
        Assert.assertEquals(dek, dek2);
        Assert.assertNotNull(dek2.getTimestamp());
        try {
            this.client.createDek("kek1", "mysubject2", dekFormat, (String) null);
            Assert.fail();
        } catch (RestClientException e) {
            Assert.assertEquals(42271L, e.getErrorCode());
        }
        Map singletonMap = Collections.singletonMap("hi", "there");
        Assert.assertEquals(new Kek("kek1", "unknown-kms", "myid", singletonMap, "mydoc", true, (Long) null, (Boolean) null), this.client.updateKek("kek1", singletonMap, "mydoc", true));
        this.fakeTicker.advance(61L, TimeUnit.SECONDS);
        new Dek("kek1", "mysubject", 1, dekFormat, str, (String) null, (Long) null, (Boolean) null);
        try {
            this.client.getDek("kek1", "mysubject", dekFormat, true);
            Assert.fail();
        } catch (RestClientException e2) {
            Assert.assertEquals(50070L, e2.getErrorCode());
        }
    }

    @Test
    public void testRegisterCreatesKmsDefaults() throws Exception {
        AvroSchema parseSchema = AvroUtils.parseSchema("{\"type\":\"record\",\"name\":\"myrecord\",\"fields\":[{\"type\":\"string\",\"name\":\"f1\"}]}");
        io.confluent.kafka.schemaregistry.client.rest.entities.RuleSet ruleSet = new io.confluent.kafka.schemaregistry.client.rest.entities.RuleSet((List) null, Collections.singletonList(new Rule("foo", (String) null, (RuleKind) null, RuleMode.WRITEREAD, "ENCRYPT", (Set) null, Collections.singletonMap("encrypt.kms.key.id", "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"), (String) null, (String) null, (String) null, false)));
        new RegisterSchemaRequest(parseSchema).setRuleSet(ruleSet);
        Assert.assertEquals("Registering should succeed", 1, this.restApp.restClient.registerSchema(r0, "testSubject", false).getId());
        SortedMap params = ((Rule) this.restApp.restClient.getId(1, "testSubject").getRuleSet().getDomainRules().get(0)).getParams();
        Assert.assertEquals("aws-kms-us-west-2-111122223333-key-1234abcd-12ab-34cd-56ef-1234567890ab", params.get("encrypt.kek.name"));
        Assert.assertEquals("aws-kms", params.get("encrypt.kms.type"));
    }
}
