package com.databricks.jdbc.dbclient.impl.common;

import com.databricks.jdbc.api.IDatabricksConnectionContext;
import com.databricks.jdbc.log.JdbcLogger;
import com.databricks.jdbc.log.JdbcLoggerFactory;
import com.databricks.sdk.core.DatabricksException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.http.config.Registry;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:com/databricks/jdbc/dbclient/impl/common/ConfiguratorUtilsTest.class */
public class ConfiguratorUtilsTest {
    private static final JdbcLogger LOGGER = JdbcLoggerFactory.getLogger(ConfiguratorUtilsTest.class);

    @Mock
    private IDatabricksConnectionContext mockContext;
    private static final String BASE_TRUST_STORE_PATH = "src/test/resources/";
    private static final String EMPTY_TRUST_STORE_PATH = "src/test/resources/empty-truststore.jks";
    private static final String DUMMY_TRUST_STORE_PATH = "src/test/resources/dummy-truststore.jks";
    private static final String CERTIFICATE_CN = "MinimalCertificate";
    private static final String TRUST_STORE_TYPE = "PKCS12";
    private static final String TRUST_STORE_PASSWORD = "changeit";

    @BeforeAll
    static void setup() throws Exception {
        createEmptyTrustStore();
        createDummyTrustStore();
    }

    private static void createEmptyTrustStore() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(TRUST_STORE_TYPE);
        keyStore.load(null, TRUST_STORE_PASSWORD.toCharArray());
        FileOutputStream fileOutputStream = new FileOutputStream(EMPTY_TRUST_STORE_PATH);
        try {
            keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static void createDummyTrustStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(TRUST_STORE_TYPE);
        keyStore.load(null, TRUST_STORE_PASSWORD.toCharArray());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        keyStore.setCertificateEntry("dummy-cert", generateBarebonesCertificate(keyPairGenerator.generateKeyPair()));
        FileOutputStream fileOutputStream = new FileOutputStream(DUMMY_TRUST_STORE_PATH);
        try {
            keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static X509Certificate generateBarebonesCertificate(KeyPair keyPair) throws Exception {
        X500Name x500Name = new X500Name("CN=MinimalCertificate");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Date date = new Date();
        X509CertificateHolder build = new JcaX509v3CertificateBuilder(x500Name, valueOf, date, new Date(date.getTime() + 31536000000L), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        return new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(build);
    }

    @AfterAll
    static void cleanup() {
        try {
            Files.delete(Path.of(EMPTY_TRUST_STORE_PATH, new String[0]));
        } catch (IOException e) {
            LOGGER.info("Failed to delete empty trust store file: " + e.getMessage());
        }
        try {
            Files.delete(Path.of(DUMMY_TRUST_STORE_PATH, new String[0]));
        } catch (IOException e2) {
            LOGGER.info("Failed to delete dummy trust store file: " + e2.getMessage());
        }
    }

    @Test
    void testGetConnectionSocketFactoryRegistry() {
        Mockito.when(this.mockContext.getSSLTrustStorePassword()).thenReturn(TRUST_STORE_PASSWORD);
        Mockito.when(this.mockContext.getSSLTrustStoreType()).thenReturn(TRUST_STORE_TYPE);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(EMPTY_TRUST_STORE_PATH);
        Assertions.assertThrows(DatabricksException.class, () -> {
            ConfiguratorUtils.getConnectionSocketFactoryRegistry(this.mockContext);
        }, "the trustAnchors parameter must be non-empty");
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(DUMMY_TRUST_STORE_PATH);
        Registry connectionSocketFactoryRegistry = ConfiguratorUtils.getConnectionSocketFactoryRegistry(this.mockContext);
        Assertions.assertInstanceOf(SSLConnectionSocketFactory.class, connectionSocketFactoryRegistry.lookup("https"));
        Assertions.assertInstanceOf(PlainConnectionSocketFactory.class, connectionSocketFactoryRegistry.lookup("http"));
    }

    @Test
    void testGetTrustAnchorsFromTrustStore() {
        Mockito.when(this.mockContext.getSSLTrustStorePassword()).thenReturn(TRUST_STORE_PASSWORD);
        Mockito.when(this.mockContext.getSSLTrustStoreType()).thenReturn(TRUST_STORE_TYPE);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(DUMMY_TRUST_STORE_PATH);
        Assertions.assertTrue(ConfiguratorUtils.getTrustAnchorsFromTrustStore(ConfiguratorUtils.loadTruststoreOrNull(this.mockContext)).stream().anyMatch(trustAnchor -> {
            return trustAnchor.getTrustedCert().getIssuerDN().toString().contains(CERTIFICATE_CN);
        }));
    }

    @Test
    void testGetBaseConnectionManager_NoSSLTrustStoreAndRevocationCheckEnabled() {
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.mockContext.checkCertificateRevocation())).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.mockContext.acceptUndeterminedCertificateRevocation())).thenReturn(false);
        MockedStatic mockStatic = Mockito.mockStatic(ConfiguratorUtils.class);
        try {
            mockStatic.when(() -> {
                ConfiguratorUtils.getBaseConnectionManager(this.mockContext);
            }).thenCallRealMethod();
            PoolingHttpClientConnectionManager baseConnectionManager = ConfiguratorUtils.getBaseConnectionManager(this.mockContext);
            mockStatic.verify(() -> {
                ConfiguratorUtils.getConnectionSocketFactoryRegistry(this.mockContext);
            }, Mockito.never());
            Assertions.assertNotNull(baseConnectionManager);
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void testGetBaseConnectionManager_WithSSLTrustStore() {
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn(DUMMY_TRUST_STORE_PATH);
        MockedStatic mockStatic = Mockito.mockStatic(ConfiguratorUtils.class);
        try {
            mockStatic.when(() -> {
                ConfiguratorUtils.getBaseConnectionManager(this.mockContext);
            }).thenCallRealMethod();
            mockStatic.when(() -> {
                ConfiguratorUtils.getConnectionSocketFactoryRegistry(this.mockContext);
            }).thenReturn(Mockito.mock(Registry.class));
            PoolingHttpClientConnectionManager baseConnectionManager = ConfiguratorUtils.getBaseConnectionManager(this.mockContext);
            mockStatic.verify(() -> {
                ConfiguratorUtils.getConnectionSocketFactoryRegistry(this.mockContext);
            }, Mockito.times(1));
            Assertions.assertNotNull(baseConnectionManager);
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
