package com.databricks.jdbc.auth;

import com.databricks.jdbc.TestConstants;
import com.databricks.jdbc.api.impl.DatabricksConnectionContextFactory;
import com.databricks.jdbc.api.internal.IDatabricksConnectionContext;
import com.databricks.sdk.core.DatabricksConfig;
import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.commons.CommonsHttpClient;
import com.databricks.sdk.core.http.Request;
import com.databricks.sdk.core.http.Response;
import com.databricks.sdk.core.oauth.OAuthResponse;
import com.databricks.sdk.core.oauth.OpenIDConnectEndpoints;
import com.databricks.sdk.core.oauth.Token;
import java.io.IOException;
import java.net.URL;
import java.util.Objects;
import java.util.Properties;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:com/databricks/jdbc/auth/OAuthRefreshCredentialsProviderTest.class */
public class OAuthRefreshCredentialsProviderTest {

    @Mock
    IDatabricksConnectionContext context;

    @Mock
    DatabricksConfig databricksConfig;

    @Mock
    CommonsHttpClient httpClient;

    @Mock
    Response httpResponse;

    @Mock
    OAuthResponse oAuthResponse;

    @Mock
    Response response;
    private OAuthRefreshCredentialsProvider credentialsProvider;
    private static final String REFRESH_TOKEN_URL_DEFAULT = "jdbc:databricks://host:4423/default;transportMode=http;ssl=1;AuthMech=11;AuthFlow=0;httpPath=/sql/1.0/warehouses/99999999;OAuthRefreshToken=refresh-token";
    private static final String REFRESH_TOKEN_URL_OVERRIDE_CLIENT_ID = "jdbc:databricks://host:4423/default;transportMode=http;ssl=1;AuthMech=11;AuthFlow=0;httpPath=/sql/1.0/warehouses/99999999;OAuthRefreshToken=refresh-token;OAuth2ClientID=client_id";
    private static final String REFRESH_TOKEN_URL_OVERRIDE_CLIENT_ID_CLIENT_SECRET = "jdbc:databricks://host:4423/default;transportMode=http;ssl=1;AuthMech=11;AuthFlow=0;httpPath=/sql/1.0/warehouses/99999999;OAuthRefreshToken=refresh-token;OAuth2ClientID=client_id;OAuth2Secret=client_secret";
    private static final String REFRESH_TOKEN_URL_OVERRIDE_TOKEN_URL = "jdbc:databricks://host:4423/default;transportMode=http;ssl=1;AuthMech=11;AuthFlow=0;httpPath=/sql/1.0/warehouses/99999999;OAuthRefreshToken=refresh-token;OAuth2TokenEndpoint=token_endpoint";
    private static final String REFRESH_TOKEN_URL_OVERRIDE_EVERYTHING = "jdbc:databricks://host:4423/default;transportMode=http;ssl=1;AuthMech=11;AuthFlow=0;httpPath=/sql/1.0/warehouses/99999999;OAuthRefreshToken=refresh-token;OAuth2TokenEndpoint=token_endpoint;OAuth2ClientID=client_id;OAuth2Secret=client_secret";

    @Test
    void testRefreshThrowsExceptionWhenRefreshTokenIsNotSet() throws Exception {
        IDatabricksConnectionContext create = DatabricksConnectionContextFactory.create(REFRESH_TOKEN_URL_DEFAULT, new Properties());
        Mockito.when(this.databricksConfig.getOidcEndpoints()).thenReturn(new OpenIDConnectEndpoints("https://oauth.example.com/oidc/v1/token", "https://oauth.example.com/oidc/v1/authorize"));
        this.credentialsProvider = new OAuthRefreshCredentialsProvider(create, this.databricksConfig);
        Mockito.when(this.context.getOAuthRefreshToken()).thenReturn((Object) null);
        OAuthRefreshCredentialsProvider oAuthRefreshCredentialsProvider = new OAuthRefreshCredentialsProvider(this.context, this.databricksConfig);
        Objects.requireNonNull(oAuthRefreshCredentialsProvider);
        Assertions.assertEquals("oauth2: token expired and refresh token is not set", Assertions.assertThrows(DatabricksException.class, oAuthRefreshCredentialsProvider::refresh).getMessage());
    }

    @Test
    void testRefreshThrowsExceptionWhenOIDCFetchFails() throws Exception {
        IDatabricksConnectionContext create = DatabricksConnectionContextFactory.create(REFRESH_TOKEN_URL_DEFAULT, new Properties());
        Mockito.when(this.databricksConfig.getOidcEndpoints()).thenThrow(new Throwable[]{new IOException()});
        Assertions.assertThrows(DatabricksException.class, () -> {
            new OAuthRefreshCredentialsProvider(create, this.databricksConfig);
        });
    }

    @ValueSource(strings = {REFRESH_TOKEN_URL_DEFAULT, REFRESH_TOKEN_URL_OVERRIDE_EVERYTHING, REFRESH_TOKEN_URL_OVERRIDE_CLIENT_ID, REFRESH_TOKEN_URL_OVERRIDE_CLIENT_ID_CLIENT_SECRET, REFRESH_TOKEN_URL_OVERRIDE_TOKEN_URL})
    @ParameterizedTest
    void testRefreshSuccess(String str) throws Exception {
        IDatabricksConnectionContext create = DatabricksConnectionContextFactory.create(str, (String) null, (String) null);
        if (create.getTokenEndpoint() == null) {
            Mockito.when(this.databricksConfig.getOidcEndpoints()).thenReturn(new OpenIDConnectEndpoints(TestConstants.TEST_TOKEN_URL, TestConstants.TEST_AUTH_URL));
        }
        this.credentialsProvider = new OAuthRefreshCredentialsProvider(create, this.databricksConfig);
        Assertions.assertEquals("oauth-refresh", this.credentialsProvider.authType());
        Mockito.when(this.databricksConfig.getHttpClient()).thenReturn(this.httpClient);
        Mockito.when(this.httpClient.execute((Request) ArgumentMatchers.any())).thenReturn(new Response("{\"access_token\":\"access-token\",\"token_type\":\"token-type\",\"expires_in\":360,\"refresh_token\":\"refresh-token\"}", new URL(TestConstants.TEST_TOKEN_URL)));
        Assertions.assertNotNull(this.credentialsProvider.configure(this.databricksConfig).headers().get("Authorization"));
        Token token = this.credentialsProvider.getToken();
        Assertions.assertEquals("token-type", token.getTokenType());
        Assertions.assertEquals("access-token", token.getAccessToken());
        Assertions.assertEquals("refresh-token", token.getRefreshToken());
        Assertions.assertFalse(token.isExpired());
    }
}
