package com.databricks.client.jdbc;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Collections;
import java.util.Iterator;
import java.util.logging.Logger;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/databricks/client/jdbc/SSLTest.class */
public class SSLTest {
    private static final Logger LOGGER = Logger.getLogger(SSLTest.class.getName());
    private static String patToken;
    private static String host;
    private static String httpPath;
    private static String httpProxyUrl;
    private static String httpsProxyUrl;
    private static String trustStorePath;
    private static String trustStorePassword;

    @BeforeAll
    public static void setupEnv() {
        patToken = System.getenv("DATABRICKS_TOKEN");
        host = System.getenv("DATABRICKS_HOST");
        httpPath = System.getenv("DATABRICKS_HTTP_PATH");
        httpProxyUrl = System.getenv("HTTP_PROXY_URL");
        httpsProxyUrl = System.getenv("HTTPS_PROXY_URL");
        trustStorePath = System.getenv("TRUSTSTORE_PATH");
        trustStorePassword = System.getenv("TRUSTSTORE_PASSWORD");
    }

    private String buildJdbcUrl(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6) {
        String str = "localhost";
        String str2 = "3128";
        if (httpProxyUrl != null && httpProxyUrl.startsWith("http")) {
            String[] split = httpProxyUrl.replace("http://", "").replace("https://", "").split(":");
            if (split.length > 1) {
                str = split[0];
                str2 = split[1];
            }
        }
        String str3 = "localhost";
        String str4 = "3129";
        if (httpsProxyUrl != null && httpsProxyUrl.startsWith("http")) {
            String[] split2 = httpsProxyUrl.replace("http://", "").replace("https://", "").split(":");
            if (split2.length > 1) {
                str3 = split2[0];
                str4 = split2[1];
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("jdbc:databricks://").append(host).append("/default").append(";httpPath=").append(httpPath).append(";AuthMech=3").append(";usethriftclient=").append(z ? "true" : "false").append(";");
        if (z2) {
            sb.append("useproxy=1;").append("ProxyHost=").append(str).append(";").append("ProxyPort=").append(str2).append(";");
        } else {
            sb.append("useproxy=0;");
        }
        if (z3) {
            sb.append("ProxyHost=").append(str3).append(";").append("ProxyPort=").append(str4).append(";");
        }
        sb.append("AllowSelfSignedCerts=").append(z4 ? "1" : "0").append(";").append("UseSystemTrustStore=").append(z5 ? "1" : "0").append(";");
        sb.append("CheckCertRevocation=0;");
        if (z6 && trustStorePath != null && !trustStorePath.isEmpty()) {
            sb.append("SSLTrustStore=").append(trustStorePath).append(";");
            if (trustStorePassword != null && !trustStorePassword.isEmpty()) {
                sb.append("SSLTrustStorePwd=").append(trustStorePassword).append(";");
                sb.append("SSLTrustStoreType=").append("JKS").append(";");
            }
        }
        sb.append("ssl=1;");
        return sb.toString();
    }

    private void verifyConnect(String str) throws Exception {
        LOGGER.info("Attempting to connect with URL: " + str);
        Connection connection = DriverManager.getConnection(str, "token", patToken);
        try {
            ResultSet executeQuery = connection.createStatement().executeQuery("SELECT 1");
            Assertions.assertTrue(executeQuery.next(), "Should get at least one row");
            Assertions.assertEquals(1, executeQuery.getInt(1), "Value should be 1");
            LOGGER.info("Success!");
            if (connection != null) {
                connection.close();
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testDirectConnectionDefaultSSL() {
        LOGGER.info("Scenario: Direct connection with default SSL settings");
        for (boolean z : new boolean[]{true, false}) {
            try {
                verifyConnect(buildJdbcUrl(z, false, false, false, false, false));
            } catch (Exception e) {
                Assertions.fail("Direct connection test failed (thrift=" + z + "): " + e.getMessage());
            }
        }
    }

    @Test
    public void testHttpProxyDefaultSSL() {
        LOGGER.info("Scenario: HTTP Proxy with default SSL settings");
        for (boolean z : new boolean[]{true, false}) {
            try {
                verifyConnect(buildJdbcUrl(z, true, false, false, false, false));
            } catch (Exception e) {
                Assertions.fail("HTTP proxy test failed (thrift=" + z + "): " + e.getMessage());
            }
        }
    }

    @Test
    public void testWithAllowSelfSigned() {
        LOGGER.info("Scenario: Testing with AllowSelfSignedCerts=1");
        String property = System.getProperty("javax.net.ssl.trustStore");
        String property2 = System.getProperty("javax.net.ssl.trustStorePassword");
        String property3 = System.getProperty("javax.net.ssl.trustStoreType");
        try {
            try {
                File createTempFile = File.createTempFile("empty-trust", ".jks");
                createTempFile.deleteOnExit();
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, "changeit".toCharArray());
                FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    keyStore.store(fileOutputStream, "changeit".toCharArray());
                    fileOutputStream.close();
                    System.setProperty("javax.net.ssl.trustStore", createTempFile.getAbsolutePath());
                    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
                    System.setProperty("javax.net.ssl.trustStoreType", "JKS");
                    for (boolean z : new boolean[]{true, false}) {
                        String str = (((buildJdbcUrl(z, true, false, false, false, false) + ";LogLevel=TRACE;") + "SSLTrustStore=" + createTempFile.getAbsolutePath() + ";") + "SSLTrustStorePwd=changeit;") + "SSLTrustStoreType=JKS;";
                        try {
                            LOGGER.info("\n\n==== TEST 1: Connection with empty trust store ====");
                            LOGGER.info("URL: " + str);
                            LOGGER.info("Trust store: " + System.getProperty("javax.net.ssl.trustStore"));
                            verifyConnect(str);
                            Assertions.fail("Connection with empty trust store should have failed");
                        } catch (Exception e) {
                            LOGGER.info("Connection correctly failed with empty trust store: " + e.getMessage());
                        }
                        String str2 = (buildJdbcUrl(z, true, false, false, false, false) + ";LogLevel=TRACE;") + "SSLTrustStore=" + "/path/to/nonexistent" + ";";
                        try {
                            LOGGER.info("\n\n==== TEST 2: Connection with non-existent trust store ====");
                            LOGGER.info("URL: " + str2);
                            LOGGER.info("Trust store: " + "/path/to/nonexistent");
                            verifyConnect(str2);
                            Assertions.fail("Connection with non-existent trust store should have failed");
                        } catch (SQLException e2) {
                            LOGGER.info("Connection correctly failed with non-existent trust store: " + e2.getMessage());
                            Assertions.assertTrue(e2.getMessage().contains("trust store"), "Error message should mention trust store issues");
                        } catch (Exception e3) {
                            LOGGER.info("Connection correctly failed with non-existent trust store: " + e3.getMessage());
                            Assertions.assertTrue(e3.getMessage().contains("trust store") || e3.getMessage().contains("truststore"), "Error message should mention trust store issues");
                        }
                        System.setProperty("javax.net.ssl.trustStore", createTempFile.getAbsolutePath());
                        String str3 = buildJdbcUrl(z, true, false, true, false, false) + ";LogLevel=TRACE;";
                        try {
                            LOGGER.info("\n\n==== TEST 3: Connection with AllowSelfSignedCerts=1 ====");
                            LOGGER.info("URL: " + str3);
                            LOGGER.info("Trust store: " + System.getProperty("javax.net.ssl.trustStore"));
                            verifyConnect(str3);
                            LOGGER.info("Connection succeeded with AllowSelfSignedCerts=1 as expected");
                        } catch (Exception e4) {
                            LOGGER.info("Connection failed with AllowSelfSignedCerts=1: " + e4.getMessage());
                            Assertions.fail("Connection with AllowSelfSignedCerts=1 should have succeeded: " + e4.getMessage());
                        }
                    }
                    if (property != null) {
                        System.setProperty("javax.net.ssl.trustStore", property);
                    } else {
                        System.clearProperty("javax.net.ssl.trustStore");
                    }
                    if (property2 != null) {
                        System.setProperty("javax.net.ssl.trustStorePassword", property2);
                    } else {
                        System.clearProperty("javax.net.ssl.trustStorePassword");
                    }
                    if (property3 != null) {
                        System.setProperty("javax.net.ssl.trustStoreType", property3);
                    } else {
                        System.clearProperty("javax.net.ssl.trustStoreType");
                    }
                } catch (Throwable th) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (property != null) {
                    System.setProperty("javax.net.ssl.trustStore", property);
                } else {
                    System.clearProperty("javax.net.ssl.trustStore");
                }
                if (property2 != null) {
                    System.setProperty("javax.net.ssl.trustStorePassword", property2);
                } else {
                    System.clearProperty("javax.net.ssl.trustStorePassword");
                }
                if (property3 != null) {
                    System.setProperty("javax.net.ssl.trustStoreType", property3);
                } else {
                    System.clearProperty("javax.net.ssl.trustStoreType");
                }
                throw th3;
            }
        } catch (Exception e5) {
            Assertions.fail("Test setup failed: " + e5.getMessage());
            if (property != null) {
                System.setProperty("javax.net.ssl.trustStore", property);
            } else {
                System.clearProperty("javax.net.ssl.trustStore");
            }
            if (property2 != null) {
                System.setProperty("javax.net.ssl.trustStorePassword", property2);
            } else {
                System.clearProperty("javax.net.ssl.trustStorePassword");
            }
            if (property3 != null) {
                System.setProperty("javax.net.ssl.trustStoreType", property3);
            } else {
                System.clearProperty("javax.net.ssl.trustStoreType");
            }
        }
    }

    @Test
    public void testWithSystemTrustStore() {
        LOGGER.info("Scenario: Testing with UseSystemTrustStore=1");
        for (boolean z : new boolean[]{true, false}) {
            try {
                verifyConnect(buildJdbcUrl(z, true, false, false, true, false));
            } catch (Exception e) {
                Assertions.fail("UseSystemTrustStore=1 test failed (thrift=" + z + "): " + e.getMessage());
            }
        }
    }

    @Test
    public void testDirectConnectionSystemTrustStoreFallback() {
        LOGGER.info("Scenario: UseSystemTrustStore=1 with no system property -> fallback to cacerts (direct)");
        String property = System.getProperty("javax.net.ssl.trustStore");
        try {
            System.clearProperty("javax.net.ssl.trustStore");
            for (boolean z : new boolean[]{true, false}) {
                try {
                    verifyConnect(buildJdbcUrl(z, false, false, false, true, false));
                } catch (Exception e) {
                    Assertions.fail("Fallback‑to‑cacerts direct connect failed (thrift=" + z + "): " + e.getMessage());
                }
            }
        } finally {
            if (property != null) {
                System.setProperty("javax.net.ssl.trustStore", property);
            }
        }
    }

    @Test
    public void testIgnoreSystemPropertyWhenUseSystemTrustStoreDisabled() {
        LOGGER.info("Scenario: bogus javax.net.ssl.trustStore present but UseSystemTrustStore=0 (driver must ignore)");
        String property = System.getProperty("javax.net.ssl.trustStore");
        try {
            System.setProperty("javax.net.ssl.trustStore", "/path/that/does/not/exist.jks");
            for (boolean z : new boolean[]{true, false}) {
                try {
                    verifyConnect(buildJdbcUrl(z, false, false, false, false, false));
                } catch (Exception e) {
                    Assertions.fail("Driver failed to ignore bogus system trust store (thrift=" + z + "): " + e.getMessage());
                }
            }
        } finally {
            if (property != null) {
                System.setProperty("javax.net.ssl.trustStore", property);
            } else {
                System.clearProperty("javax.net.ssl.trustStore");
            }
        }
    }

    @Test
    public void testWithCustomTrustStore() {
        LOGGER.info("Scenario: Testing with custom trust store");
        if (trustStorePath == null || trustStorePath.isEmpty()) {
            LOGGER.info("Skipping custom trust store test - no trust store path provided");
            return;
        }
        File file = new File(trustStorePath);
        if (!file.exists() || !file.canRead()) {
            LOGGER.info("Skipping custom trust store test - trust store does not exist or is not readable: " + trustStorePath);
            return;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(trustStorePath);
            try {
                keyStore.load(fileInputStream, trustStorePassword.toCharArray());
                int size = Collections.list(keyStore.aliases()).size();
                LOGGER.info("Trust store contains " + size + " entries");
                Assertions.assertTrue(size > 0, "Trust store must contain at least one certificate");
                boolean z = false;
                Iterator it = Collections.list(keyStore.aliases()).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str = (String) it.next();
                    if (keyStore.isCertificateEntry(str)) {
                        z = true;
                        LOGGER.info("Found trusted certificate: " + str);
                        break;
                    }
                }
                Assertions.assertTrue(z, "Trust store must contain at least one trusted certificate entry");
                fileInputStream.close();
                for (boolean z2 : new boolean[]{true, false}) {
                    try {
                        verifyConnect(buildJdbcUrl(z2, true, false, false, false, true) + ";LogLevel=TRACE;");
                        LOGGER.info("Connection established using custom trust store validation");
                    } catch (Exception e) {
                        LOGGER.info("Connection failed with custom trust store, trying with AllowSelfSignedCerts=1: " + e.getMessage());
                        try {
                            verifyConnect(buildJdbcUrl(z2, true, false, true, false, false) + ";LogLevel=TRACE;");
                            LOGGER.info("Connection succeeded with AllowSelfSignedCerts=1 fallback");
                        } catch (Exception e2) {
                            Assertions.fail("Custom trust store test failed with both approaches: " + e2.getMessage());
                        }
                    }
                }
            } finally {
            }
        } catch (Exception e3) {
            LOGGER.info("Custom trust store test setup failed: " + e3.getMessage());
            for (boolean z3 : new boolean[]{true}) {
                try {
                    verifyConnect(buildJdbcUrl(z3, true, false, true, false, false) + ";LogLevel=TRACE;");
                    LOGGER.info("Fallback connection succeeded with AllowSelfSignedCerts=1");
                    return;
                } catch (Exception e4) {
                    Assertions.fail("Custom trust store test failed completely: " + e4.getMessage());
                }
            }
        }
    }

    @Test
    public void testWithSystemProperties() {
        LOGGER.info("Scenario: Using system properties for SSL configuration");
        String property = System.getProperty("javax.net.ssl.trustStore");
        String property2 = System.getProperty("javax.net.ssl.trustStorePassword");
        String property3 = System.getProperty("javax.net.ssl.trustStoreType");
        try {
            if (trustStorePath == null || !new File(trustStorePath).exists()) {
                LOGGER.info("Skipping system properties test - trust store not found: " + trustStorePath);
                if (property != null) {
                    System.setProperty("javax.net.ssl.trustStore", property);
                } else {
                    System.clearProperty("javax.net.ssl.trustStore");
                }
                if (property2 != null) {
                    System.setProperty("javax.net.ssl.trustStorePassword", property2);
                } else {
                    System.clearProperty("javax.net.ssl.trustStorePassword");
                }
                if (property3 != null) {
                    System.setProperty("javax.net.ssl.trustStoreType", property3);
                    return;
                } else {
                    System.clearProperty("javax.net.ssl.trustStoreType");
                    return;
                }
            }
            System.setProperty("javax.net.ssl.trustStore", trustStorePath);
            System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
            System.setProperty("javax.net.ssl.trustStoreType", "JKS");
            LOGGER.info("Trust store path: " + System.getProperty("javax.net.ssl.trustStore"));
            LOGGER.info("Trust store exists: " + new File(trustStorePath).exists());
            LOGGER.info("Trust store password set: " + (System.getProperty("javax.net.ssl.trustStorePassword") != null));
            LOGGER.info("Trust store type: " + System.getProperty("javax.net.ssl.trustStoreType"));
            for (boolean z : new boolean[]{true, false}) {
                try {
                    verifyConnect(buildJdbcUrl(z, false, false, false, false, false));
                } catch (Exception e) {
                    LOGGER.info("Connection with system properties failed, trying with AllowSelfSignedCerts=1: " + e.getMessage());
                    try {
                        verifyConnect(buildJdbcUrl(z, false, false, true, false, false));
                        LOGGER.info("Successfully connected with AllowSelfSignedCerts=1 fallback");
                    } catch (Exception e2) {
                        Assertions.fail("Both system properties and AllowSelfSignedCerts approaches failed: " + e2.getMessage());
                    }
                }
            }
        } finally {
            if (property != null) {
                System.setProperty("javax.net.ssl.trustStore", property);
            } else {
                System.clearProperty("javax.net.ssl.trustStore");
            }
            if (property2 != null) {
                System.setProperty("javax.net.ssl.trustStorePassword", property2);
            } else {
                System.clearProperty("javax.net.ssl.trustStorePassword");
            }
            if (property3 != null) {
                System.setProperty("javax.net.ssl.trustStoreType", property3);
            } else {
                System.clearProperty("javax.net.ssl.trustStoreType");
            }
        }
    }

    @Test
    public void testEmptyTrustStore() {
        LOGGER.info("Scenario: Testing with manually created empty trust store");
        try {
            File createTempFile = File.createTempFile("empty-test-trust", ".jks");
            createTempFile.deleteOnExit();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, "changeit".toCharArray());
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            try {
                keyStore.store(fileOutputStream, "changeit".toCharArray());
                fileOutputStream.close();
                for (boolean z : new boolean[]{true, false}) {
                    try {
                        verifyConnect(((buildJdbcUrl(z, false, false, false, false, false) + ";SSLTrustStore=" + createTempFile.getAbsolutePath() + ";") + "SSLTrustStorePwd=changeit;") + "SSLTrustStoreType=JKS;");
                        Assertions.fail("Connection with empty trust store should have failed");
                    } catch (Exception e) {
                        LOGGER.info("Connection correctly failed with empty trust store: " + e.getMessage());
                        Assertions.assertTrue(e.getMessage().contains("no trust anchors") || e.getMessage().contains("trust store") || e.getMessage().contains("truststore"), "Error message should mention trust store or anchor issues");
                    }
                }
            } finally {
            }
        } catch (Exception e2) {
            Assertions.fail("Test setup failed: " + e2.getMessage());
        }
    }

    @Test
    public void testNonExistentTrustStore() {
        LOGGER.info("Scenario: Testing with non-existent trust store");
        for (boolean z : new boolean[]{true, false}) {
            try {
                verifyConnect(buildJdbcUrl(z, false, false, false, false, false) + ";SSLTrustStore=" + "/path/to/nonexistent/truststore.jks" + ";");
                Assertions.fail("Connection with non-existent trust store should have failed");
            } catch (Exception e) {
                LOGGER.info("Connection correctly failed with non-existent trust store: " + e.getMessage());
                Assertions.assertTrue(e.getMessage().contains("trust store") || e.getMessage().contains("truststore"), "Error message should mention trust store issues");
            }
        }
    }

    @Test
    public void testNoCustomTrustStoreWithUseSystemTrustStoreFalse() {
        LOGGER.info("Scenario: No custom trust store with UseSystemTrustStore=false");
        for (boolean z : new boolean[]{true, false}) {
            String buildJdbcUrl = buildJdbcUrl(z, false, false, false, false, false);
            try {
                LOGGER.info("\n==== Testing connection with UseSystemTrustStore=0 and no custom trust store ====");
                LOGGER.info("URL: " + buildJdbcUrl);
                verifyConnect(buildJdbcUrl);
                LOGGER.info("Connection succeeded using default trust store with UseSystemTrustStore=0");
            } catch (Exception e) {
                LOGGER.info("Connection attempt with UseSystemTrustStore=0 failed: " + e.getMessage());
                LOGGER.info("This may be expected if the default trust store doesn't have the required certificates");
            }
        }
    }

    @Test
    public void testCustomTrustStorePrecedence() {
        LOGGER.info("Scenario: Custom trust store takes precedence over system property");
        if (trustStorePath == null || trustStorePath.isEmpty()) {
            LOGGER.info("Skipping this test - no trust store path provided");
            return;
        }
        File file = new File(trustStorePath);
        if (!file.exists() || !file.canRead()) {
            LOGGER.info("Skipping this test - trust store does not exist or is not readable: " + trustStorePath);
            return;
        }
        String property = System.getProperty("javax.net.ssl.trustStore");
        try {
            System.setProperty("javax.net.ssl.trustStore", trustStorePath);
            for (boolean z : new boolean[]{true}) {
                String buildJdbcUrl = buildJdbcUrl(z, false, false, false, true, true);
                try {
                    LOGGER.info("\n==== Testing custom trust store precedence ====");
                    LOGGER.info("URL: " + buildJdbcUrl);
                    LOGGER.info("System property trust store: " + System.getProperty("javax.net.ssl.trustStore"));
                    LOGGER.info("Custom trust store: " + trustStorePath);
                    verifyConnect(buildJdbcUrl);
                    LOGGER.info("Connection succeeded - custom trust store took precedence as expected");
                } catch (Exception e) {
                    LOGGER.info("Connection failed, but not necessarily due to trust store precedence: " + e.getMessage());
                }
            }
        } finally {
            if (property != null) {
                System.setProperty("javax.net.ssl.trustStore", property);
            } else {
                System.clearProperty("javax.net.ssl.trustStore");
            }
        }
    }
}
