package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.model.NullConfigModelRegistry;
import com.yahoo.config.model.api.EndpointCertificateSecrets;
import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.config.model.deploy.TestProperties;
import com.yahoo.config.model.test.MockApplicationPackage;
import com.yahoo.config.model.test.TestUtil;
import com.yahoo.config.provision.CertificateNotReadyException;
import com.yahoo.config.provision.Environment;
import com.yahoo.config.provision.RegionName;
import com.yahoo.config.provision.Zone;
import com.yahoo.vespa.model.VespaModel;
import java.util.Optional;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidatorTest.class */
public class EndpointCertificateSecretsValidatorTest {
    private static String servicesXml() {
        return TestUtil.joinLines(new CharSequence[]{"<services version='1.0'>", "  <container id='default' version='1.0'>", "  </container>", "</services>"});
    }

    private static String deploymentXml() {
        return TestUtil.joinLines(new CharSequence[]{"<deployment version='1.0' >", "  <prod />", "</deployment>"});
    }

    @Test
    void missing_certificate_fails_validation() throws Exception {
        Assertions.assertTrue(Assertions.assertThrows(CertificateNotReadyException.class, () -> {
            DeployState deployState = deployState(servicesXml(), deploymentXml(), Optional.of(EndpointCertificateSecrets.missing(1)));
            new EndpointCertificateSecretsValidator().validate(new VespaModel(new NullConfigModelRegistry(), deployState), deployState);
        }).getMessage().contains("TLS enabled, but could not yet retrieve certificate version 1 for application default:default:default"));
    }

    @Test
    void validation_succeeds_with_certificate() throws Exception {
        DeployState deployState = deployState(servicesXml(), deploymentXml(), Optional.of(new EndpointCertificateSecrets("cert", "key")));
        new EndpointCertificateSecretsValidator().validate(new VespaModel(new NullConfigModelRegistry(), deployState), deployState);
    }

    @Test
    void validation_succeeds_without_certificate() throws Exception {
        DeployState deployState = deployState(servicesXml(), deploymentXml(), Optional.empty());
        new EndpointCertificateSecretsValidator().validate(new VespaModel(new NullConfigModelRegistry(), deployState), deployState);
    }

    private static DeployState deployState(String str, String str2, Optional<EndpointCertificateSecrets> optional) {
        DeployState build = new DeployState.Builder().applicationPackage(new MockApplicationPackage.Builder().withServices(str).withDeploymentSpec(str2).build()).zone(new Zone(Environment.prod, RegionName.from("foo"))).properties(new TestProperties().setHostedVespa(true).setEndpointCertificateSecrets(optional)).build();
        Assertions.assertTrue(build.isHosted(), "Test must emulate a hosted deployment.");
        return build;
    }
}
