package com.databricks.jdbc.auth;

import com.databricks.jdbc.api.impl.DatabricksConnectionContext;
import com.databricks.jdbc.api.internal.IDatabricksConnectionContext;
import com.databricks.jdbc.common.util.SocketFactoryUtil;
import com.databricks.jdbc.dbclient.impl.common.ConfiguratorUtils;
import com.databricks.jdbc.exception.DatabricksHttpException;
import com.databricks.jdbc.exception.DatabricksSQLException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.net.ssl.X509TrustManager;
import org.apache.http.config.Registry;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.Mockito;

/* loaded from: input_file:com/databricks/jdbc/auth/SSLConnectionParametersTest.class */
public class SSLConnectionParametersTest {

    @Mock
    private IDatabricksConnectionContext mockContext;
    private Properties properties;

    @BeforeEach
    public void setUp() {
        this.mockContext = (IDatabricksConnectionContext) Mockito.mock(IDatabricksConnectionContext.class);
        this.properties = new Properties();
    }

    @Test
    public void testGetBaseConnectionManagerWithDefaultSettings() throws DatabricksHttpException {
        Mockito.when(Boolean.valueOf(this.mockContext.allowSelfSignedCerts())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.mockContext.useSystemTrustStore())).thenReturn(false);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.mockContext.checkCertificateRevocation())).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.mockContext.acceptUndeterminedCertificateRevocation())).thenReturn(false);
        Assertions.assertNotNull(ConfiguratorUtils.getBaseConnectionManager(this.mockContext), "Connection manager should not be null");
    }

    @Test
    public void testGetBaseConnectionManagerWithSelfSignedCerts() throws DatabricksHttpException {
        Mockito.when(Boolean.valueOf(this.mockContext.allowSelfSignedCerts())).thenReturn(true);
        Assertions.assertNotNull(ConfiguratorUtils.getBaseConnectionManager(this.mockContext), "Connection manager should not be null");
    }

    @Test
    public void testGetBaseConnectionManagerWithCustomTrustStore() {
        Mockito.when(Boolean.valueOf(this.mockContext.allowSelfSignedCerts())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.mockContext.useSystemTrustStore())).thenReturn(false);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn("/path/to/truststore.jks");
        Mockito.when(this.mockContext.getSSLTrustStorePassword()).thenReturn("password");
        Mockito.when(this.mockContext.getSSLTrustStoreType()).thenReturn("JKS");
        Mockito.when(Boolean.valueOf(this.mockContext.checkCertificateRevocation())).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.mockContext.acceptUndeterminedCertificateRevocation())).thenReturn(false);
        try {
            ConfiguratorUtils.getBaseConnectionManager(this.mockContext);
            Assertions.fail("Should throw exception for non-existent trust store");
        } catch (DatabricksHttpException e) {
            Assertions.assertTrue(e.getMessage().contains("Error while setting up custom trust store: /path/to/truststore.jks"), "Exception should mention that there is an error while setting up custom trust store");
        }
    }

    @Test
    public void testGetTrustAllSocketFactoryRegistry() {
        Registry trustAllSocketFactoryRegistry = SocketFactoryUtil.getTrustAllSocketFactoryRegistry();
        Assertions.assertNotNull(trustAllSocketFactoryRegistry, "Trust-all socket factory registry should not be null");
        Assertions.assertNotNull(trustAllSocketFactoryRegistry.lookup("https"), "Registry should have entry for https");
        Assertions.assertNotNull(trustAllSocketFactoryRegistry.lookup("http"), "Registry should have entry for http");
    }

    @Test
    public void testGetConnectionSocketFactoryRegistryWithSelfSignedCerts() throws DatabricksHttpException {
        Mockito.when(Boolean.valueOf(this.mockContext.allowSelfSignedCerts())).thenReturn(true);
        Assertions.assertNotNull(ConfiguratorUtils.createConnectionSocketFactoryRegistry(this.mockContext), "Socket factory registry should not be null");
    }

    @Test
    public void testGetConnectionSocketFactoryRegistryWithSystemTrustStore() {
        Mockito.when(Boolean.valueOf(this.mockContext.allowSelfSignedCerts())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.mockContext.useSystemTrustStore())).thenReturn(true);
        Mockito.when(this.mockContext.getSSLTrustStore()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.mockContext.checkCertificateRevocation())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.mockContext.acceptUndeterminedCertificateRevocation())).thenReturn(false);
        try {
            Assertions.assertNotNull(ConfiguratorUtils.createConnectionSocketFactoryRegistry(this.mockContext), "Socket factory registry should not be null");
        } catch (Exception e) {
            Assertions.fail("Should not throw exception with valid configuration: " + e.getMessage());
        }
    }

    @Test
    public void testAllPermutationsOfParameters() throws DatabricksSQLException {
        IDatabricksConnectionContext parse = DatabricksConnectionContext.parse("jdbc:databricks://hostname:443/default;httpPath=/sql/1.0/warehouses/123", new Properties());
        Assertions.assertFalse(parse.allowSelfSignedCerts());
        Assertions.assertFalse(parse.useSystemTrustStore());
        Properties properties = new Properties();
        properties.setProperty("AllowSelfSignedCerts", "1");
        IDatabricksConnectionContext parse2 = DatabricksConnectionContext.parse("jdbc:databricks://hostname:443/default;httpPath=/sql/1.0/warehouses/123", properties);
        Assertions.assertTrue(parse2.allowSelfSignedCerts());
        Assertions.assertFalse(parse2.useSystemTrustStore());
        Properties properties2 = new Properties();
        properties2.setProperty("UseSystemTrustStore", "0");
        IDatabricksConnectionContext parse3 = DatabricksConnectionContext.parse("jdbc:databricks://hostname:443/default;httpPath=/sql/1.0/warehouses/123", properties2);
        Assertions.assertFalse(parse3.allowSelfSignedCerts());
        Assertions.assertFalse(parse3.useSystemTrustStore());
        Properties properties3 = new Properties();
        properties3.setProperty("AllowSelfSignedCerts", "1");
        properties3.setProperty("UseSystemTrustStore", "0");
        IDatabricksConnectionContext parse4 = DatabricksConnectionContext.parse("jdbc:databricks://hostname:443/default;httpPath=/sql/1.0/warehouses/123", properties3);
        Assertions.assertTrue(parse4.allowSelfSignedCerts());
        Assertions.assertFalse(parse4.useSystemTrustStore());
    }

    @Test
    public void testTrustAllTrustManagerAcceptsAnyCertificate() throws NoSuchFieldException, IllegalAccessException {
        Mockito.when(Boolean.valueOf(this.mockContext.allowSelfSignedCerts())).thenReturn(true);
        Registry trustAllSocketFactoryRegistry = SocketFactoryUtil.getTrustAllSocketFactoryRegistry();
        Assertions.assertNotNull(trustAllSocketFactoryRegistry, "Trust-all socket factory registry should not be null");
        Assertions.assertNotNull(trustAllSocketFactoryRegistry.lookup("https"), "Registry should have entry for https");
        X509TrustManager x509TrustManager = (X509TrustManager) SocketFactoryUtil.getTrustManagerThatTrustsAllCertificates()[0];
        Assertions.assertArrayEquals(x509TrustManager.getAcceptedIssuers(), new X509Certificate[0], "Trust-all manager should return no accepted issuer");
        try {
            x509TrustManager.checkServerTrusted(null, "RSA");
        } catch (Exception e) {
            Assertions.fail("Trust-all manager should not validate certificates");
        }
    }
}
