package com.databricks.jdbc.dbclient.impl.common;

import com.databricks.jdbc.api.IDatabricksConnectionContext;
import com.databricks.jdbc.api.impl.DatabricksConnectionContextFactory;
import com.databricks.jdbc.auth.PrivateKeyClientCredentialProvider;
import com.databricks.jdbc.exception.DatabricksParsingException;
import com.databricks.jdbc.exception.DatabricksSQLException;
import com.databricks.jdbc.log.JdbcLogger;
import com.databricks.jdbc.log.JdbcLoggerFactory;
import com.databricks.sdk.WorkspaceClient;
import com.databricks.sdk.core.CredentialsProvider;
import com.databricks.sdk.core.DatabricksConfig;
import com.databricks.sdk.core.DatabricksException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Properties;
import org.apache.http.config.Registry;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:com/databricks/jdbc/dbclient/impl/common/ClientConfiguratorTest.class */
public class ClientConfiguratorTest {
    private static final JdbcLogger LOGGER = JdbcLoggerFactory.getLogger(ClientConfiguratorTest.class);

    @Mock
    private IDatabricksConnectionContext mockContext;
    private ClientConfigurator configurator;
    private static final String BASE_TRUST_STORE_PATH = "src/test/resources/";
    private static final String EMPTY_TRUST_STORE_PATH = "src/test/resources/empty-truststore.jks";
    private static final String DUMMY_TRUST_STORE_PATH = "src/test/resources/dummy-truststore.jks";
    private static final String CERTIFICATE_CN = "MinimalCertificate";
    private static final String TRUST_STORE_TYPE = "PKCS12";
    private static final String TRUST_STORE_PASSWORD = "changeit";

    @BeforeAll
    static void setup() throws Exception {
        createEmptyTrustStore();
        createDummyTrustStore();
    }

    public static void createEmptyTrustStore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(TRUST_STORE_TYPE);
        keyStore.load(null, TRUST_STORE_PASSWORD.toCharArray());
        FileOutputStream fileOutputStream = new FileOutputStream(EMPTY_TRUST_STORE_PATH);
        try {
            keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void createDummyTrustStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(TRUST_STORE_TYPE);
        keyStore.load(null, TRUST_STORE_PASSWORD.toCharArray());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        keyStore.setCertificateEntry("dummy-cert", generateBarebonesCertificate(keyPairGenerator.generateKeyPair()));
        FileOutputStream fileOutputStream = new FileOutputStream(DUMMY_TRUST_STORE_PATH);
        try {
            keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static X509Certificate generateBarebonesCertificate(KeyPair keyPair) throws Exception {
        X500Name x500Name = new X500Name("CN=MinimalCertificate");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Date date = new Date();
        X509CertificateHolder build = new JcaX509v3CertificateBuilder(x500Name, valueOf, date, new Date(date.getTime() + 31536000000L), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        return new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(build);
    }

    @AfterAll
    static void cleanup() {
        try {
            Files.delete(Path.of(EMPTY_TRUST_STORE_PATH, new String[0]));
        } catch (IOException e) {
            LOGGER.info("Failed to delete empty trust store file: " + e.getMessage());
        }
        try {
            Files.delete(Path.of(DUMMY_TRUST_STORE_PATH, new String[0]));
        } catch (IOException e2) {
            LOGGER.info("Failed to delete dummy trust store file: " + e2.getMessage());
        }
    }

    @Test
    void getWorkspaceClient_PAT_AuthenticatesWithAccessToken() throws DatabricksParsingException {
        Mockito.when(this.mockContext.getAuthMech()).thenReturn(IDatabricksConnectionContext.AuthMech.PAT);
        Mockito.when(this.mockContext.getHostUrl()).thenReturn("https://pat.databricks.com");
        Mockito.when(this.mockContext.getToken()).thenReturn("pat-token");
        this.configurator = new ClientConfigurator(this.mockContext);
        WorkspaceClient workspaceClient = this.configurator.getWorkspaceClient();
        Assertions.assertNotNull(workspaceClient);
        DatabricksConfig config = workspaceClient.config();
        Assertions.assertEquals("https://pat.databricks.com", config.getHost());
        Assertions.assertEquals("pat-token", config.getToken());
        Assertions.assertEquals("pat", config.getAuthType());
    }

    @Test
    void getWorkspaceClient_OAuthWithTokenPassthrough_AuthenticatesCorrectly() throws DatabricksParsingException {
        Mockito.when(this.mockContext.getAuthMech()).thenReturn(IDatabricksConnectionContext.AuthMech.OAUTH);
        Mockito.when(this.mockContext.getAuthFlow()).thenReturn(IDatabricksConnectionContext.AuthFlow.TOKEN_PASSTHROUGH);
        Mockito.when(this.mockContext.getHostUrl()).thenReturn("https://oauth-token.databricks.com");
        Mockito.when(this.mockContext.getPassThroughAccessToken()).thenReturn("oauth-token");
        this.configurator = new ClientConfigurator(this.mockContext);
        WorkspaceClient workspaceClient = this.configurator.getWorkspaceClient();
        Assertions.assertNotNull(workspaceClient);
        DatabricksConfig config = workspaceClient.config();
        Assertions.assertEquals("https://oauth-token.databricks.com", config.getHost());
        Assertions.assertEquals("oauth-token", config.getToken());
        Assertions.assertEquals("pat", config.getAuthType());
    }

    @Test
    void getWorkspaceClient_OAuthWithClientCredentials_AuthenticatesCorrectly() throws DatabricksParsingException {
        Mockito.when(this.mockContext.getAuthMech()).thenReturn(IDatabricksConnectionContext.AuthMech.OAUTH);
        Mockito.when(this.mockContext.getAuthFlow()).thenReturn(IDatabricksConnectionContext.AuthFlow.CLIENT_CREDENTIALS);
        Mockito.when(this.mockContext.getHostForOAuth()).thenReturn("https://oauth-client.databricks.com");
        Mockito.when(this.mockContext.getClientId()).thenReturn("client-id");
        Mockito.when(this.mockContext.getClientSecret()).thenReturn("client-secret");
        this.configurator = new ClientConfigurator(this.mockContext);
        WorkspaceClient workspaceClient = this.configurator.getWorkspaceClient();
        Assertions.assertNotNull(workspaceClient);
        DatabricksConfig config = workspaceClient.config();
        Assertions.assertEquals("https://oauth-client.databricks.com", config.getHost());
        Assertions.assertEquals("client-id", config.getClientId());
        Assertions.assertEquals("client-secret", config.getClientSecret());
        Assertions.assertEquals("oauth-m2m", config.getAuthType());
    }

    @Test
    void testM2MWithJWT() throws DatabricksSQLException {
        this.configurator = new ClientConfigurator(DatabricksConnectionContextFactory.create("jdbc:databricks://adb-565757575.18.azuredatabricks.net:123/default;ssl=1;port=123;AuthMech=11;httpPath=/sql/1.0/endpoints/erg6767gg;auth_flow=1;UseJWTAssertion=1;auth_scope=test_scope;OAuth2ClientId=test-client;auth_kid=test_kid;Auth_JWT_Key_Passphrase=test_phrase;Auth_JWT_Key_File=test_key_file;Auth_JWT_Alg=test_algo;Oauth2TokenEndpoint=token_endpoint", new Properties()));
        DatabricksConfig databricksConfig = this.configurator.getDatabricksConfig();
        CredentialsProvider credentialsProvider = databricksConfig.getCredentialsProvider();
        Assertions.assertEquals("https://adb-565757575.18.azuredatabricks.net", databricksConfig.getHost());
        Assertions.assertEquals("test-client", databricksConfig.getClientId());
        Assertions.assertEquals("custom-oauth-m2m", credentialsProvider.authType());
        Assertions.assertEquals("oauth-m2m", databricksConfig.getAuthType());
        Assertions.assertEquals(PrivateKeyClientCredentialProvider.class, credentialsProvider.getClass());
    }

    @Test
    void getWorkspaceClient_OAuthWithBrowserBasedAuthentication_AuthenticatesCorrectly() throws DatabricksParsingException {
        Mockito.when(this.mockContext.getAuthMech()).thenReturn(IDatabricksConnectionContext.AuthMech.OAUTH);
        Mockito.when(this.mockContext.getAuthFlow()).thenReturn(IDatabricksConnectionContext.AuthFlow.BROWSER_BASED_AUTHENTICATION);
        Mockito.when(this.mockContext.getHostForOAuth()).thenReturn("https://oauth-browser.databricks.com");
        Mockito.when(this.mockContext.getClientId()).thenReturn("browser-client-id");
        Mockito.when(this.mockContext.getClientSecret()).thenReturn("browser-client-secret");
        Mockito.when(this.mockContext.getOAuthScopesForU2M()).thenReturn(List.of((Object[]) new String[]{"scope1", "scope2"}));
        this.configurator = new ClientConfigurator(this.mockContext);
        WorkspaceClient workspaceClient = this.configurator.getWorkspaceClient();
        Assertions.assertNotNull(workspaceClient);
        DatabricksConfig config = workspaceClient.config();
        Assertions.assertEquals("https://oauth-browser.databricks.com", config.getHost());
        Assertions.assertEquals("browser-client-id", config.getClientId());
        Assertions.assertEquals("browser-client-secret", config.getClientSecret());
        Assertions.assertEquals(List.of((Object[]) new String[]{"scope1", "scope2"}), config.getScopes());
        Assertions.assertEquals("http://localhost:8020", config.getOAuthRedirectUrl());
        Assertions.assertEquals("external-browser", config.getAuthType());
    }

    @Test
    void testNonOauth() {
        Mockito.when(this.mockContext.getAuthMech()).thenReturn(IDatabricksConnectionContext.AuthMech.OTHER);
        this.configurator = new ClientConfigurator(this.mockContext);
        Assertions.assertEquals("pat", this.configurator.getDatabricksConfig().getAuthType());
    }

    @Test
    void testNonProxyHostsFormatConversion() {
        Assertions.assertEquals("*.example.com|*.blabla.net|*.xyz.abc", ClientConfigurator.convertNonProxyHostConfigToBeSystemPropertyCompliant(".example.com,.blabla.net,.xyz.abc"));
        Assertions.assertEquals("example.com|*.blabla.net|123.xyz.abc", ClientConfigurator.convertNonProxyHostConfigToBeSystemPropertyCompliant("example.com,.blabla.net,123.xyz.abc"));
        Assertions.assertEquals("staging.example.*|blabla.net|*.xyz.abc", ClientConfigurator.convertNonProxyHostConfigToBeSystemPropertyCompliant("staging.example.*|blabla.net|*.xyz.abc"));
    }

    @Test
    void testGetConnectionSocketFactoryRegistry() {
        Mockito.when(this.mockContext.getSSLTrustStorePassword()).thenReturn(TRUST_STORE_PASSWORD);
        Mockito.when(this.mockContext.getSSLTrustStoreType()).thenReturn(TRUST_STORE_TYPE);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(EMPTY_TRUST_STORE_PATH);
        Assertions.assertThrows(DatabricksException.class, () -> {
            ClientConfigurator.getConnectionSocketFactoryRegistry(this.mockContext);
        }, "the trustAnchors parameter must be non-empty");
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(DUMMY_TRUST_STORE_PATH);
        Registry connectionSocketFactoryRegistry = ClientConfigurator.getConnectionSocketFactoryRegistry(this.mockContext);
        Assertions.assertInstanceOf(SSLConnectionSocketFactory.class, connectionSocketFactoryRegistry.lookup("https"));
        Assertions.assertInstanceOf(PlainConnectionSocketFactory.class, connectionSocketFactoryRegistry.lookup("http"));
    }

    @Test
    void testGetTrustAnchorsFromTrustStore() {
        Mockito.when(this.mockContext.getSSLTrustStorePassword()).thenReturn(TRUST_STORE_PASSWORD);
        Mockito.when(this.mockContext.getSSLTrustStoreType()).thenReturn(TRUST_STORE_TYPE);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(DUMMY_TRUST_STORE_PATH);
        Assertions.assertTrue(ClientConfigurator.getTrustAnchorsFromTrustStore(ClientConfigurator.loadTruststoreOrNull(this.mockContext)).stream().anyMatch(trustAnchor -> {
            return trustAnchor.getTrustedCert().getIssuerDN().toString().contains(CERTIFICATE_CN);
        }));
    }
}
