package com.databricks.jdbc.auth;

import com.databricks.jdbc.TestConstants;
import com.databricks.jdbc.api.internal.IDatabricksConnectionContext;
import com.databricks.jdbc.dbclient.IDatabricksHttpClient;
import com.databricks.jdbc.exception.DatabricksHttpException;
import com.databricks.jdbc.model.telemetry.enums.DatabricksDriverErrorCode;
import com.databricks.sdk.core.DatabricksConfig;
import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.HeaderFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:com/databricks/jdbc/auth/AzureMSICredentialProviderTest.class */
public class AzureMSICredentialProviderTest {

    @Mock
    private IDatabricksConnectionContext mockConnectionContext;

    @Mock
    private IDatabricksHttpClient mockHttpClient;

    @Mock
    DatabricksConfig config;

    @Mock
    CloseableHttpResponse mockHttpResponse;

    @Mock
    HttpEntity mockEntity;
    private static final String TEST_CLIENT_ID = "test-client-id";
    private static final String TEST_RESOURCE_ID = "test-resource-id";
    private final String TEST_ACCESS_TOKEN = TestConstants.TEST_ACCESS_TOKEN;
    private final String TEST_MANAGEMENT_TOKEN = "test-management-token";
    private final String AZURE_DATABRICKS_SCOPE = "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d";
    private final String AZURE_MANAGEMENT_ENDPOINT = "https://management.core.windows.net/";
    private final String METADATA_SERVICE_URL = "http://169.254.169.254/metadata/identity/oauth2/token";

    private AzureMSICredentialProvider setupProvider() {
        Mockito.when(this.mockConnectionContext.getNullableClientId()).thenReturn("test-client-id");
        Mockito.when(this.mockConnectionContext.getAzureWorkspaceResourceId()).thenReturn(TEST_RESOURCE_ID);
        return new AzureMSICredentialProvider(this.mockConnectionContext, this.mockHttpClient);
    }

    @Test
    public void testCredentialProviderAuthType() {
        Mockito.when(this.mockConnectionContext.getNullableClientId()).thenReturn("test-client-id");
        Mockito.when(this.mockConnectionContext.getAzureWorkspaceResourceId()).thenReturn(TEST_RESOURCE_ID);
        Mockito.when(this.mockConnectionContext.getConnectionUuid()).thenReturn(TestConstants.TEST_STRING);
        Assertions.assertEquals("azure-msi", new AzureMSICredentialProvider(this.mockConnectionContext).authType());
    }

    @Test
    public void testConfigure() throws DatabricksHttpException, IOException {
        AzureMSICredentialProvider azureMSICredentialProvider = setupProvider();
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpGet.class);
        Mockito.when(this.mockHttpClient.execute((HttpUriRequest) forClass.capture())).thenReturn(this.mockHttpResponse);
        Mockito.when(this.mockHttpResponse.getEntity()).thenReturn(this.mockEntity);
        Mockito.when(this.mockEntity.getContent()).thenAnswer(invocationOnMock -> {
            return new ByteArrayInputStream((((HttpGet) forClass.getValue()).getURI().toString().contains("resource=" + "https://management.core.windows.net/".replace(":", "%3A").replace("/", "%2F")) ? createJsonResponse("test-management-token") : createJsonResponse(TestConstants.TEST_ACCESS_TOKEN)).getBytes());
        });
        Map headers = azureMSICredentialProvider.configure(this.config).headers();
        Assertions.assertEquals("Bearer test-access-token", headers.get("Authorization"));
        Assertions.assertEquals(TEST_RESOURCE_ID, headers.get("X-Databricks-Azure-Workspace-Resource-Id"));
        Assertions.assertEquals("test-management-token", headers.get("X-Databricks-Azure-SP-Management-Token"));
        Assertions.assertEquals(2, forClass.getAllValues().size());
        boolean z = false;
        boolean z2 = false;
        for (HttpGet httpGet : forClass.getAllValues()) {
            String uri = httpGet.getURI().toString();
            Assertions.assertTrue(uri.startsWith("http://169.254.169.254/metadata/identity/oauth2/token"));
            Assertions.assertTrue(uri.contains("api-version=2021-10-01"));
            Assertions.assertTrue(uri.contains("client_id=test-client-id"));
            Assertions.assertEquals("true", httpGet.getFirstHeader("Metadata").getValue());
            if (uri.contains("resource=" + "https://management.core.windows.net/".replace(":", "%3A").replace("/", "%2F"))) {
                z = true;
            } else if (uri.contains("resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d")) {
                z2 = true;
            }
        }
        Assertions.assertTrue(z, "Management endpoint request was not made");
        Assertions.assertTrue(z2, "Databricks scope request was not made");
    }

    @Test
    public void testConfigureWithoutClientId() throws DatabricksHttpException, IOException {
        Mockito.when(this.mockConnectionContext.getNullableClientId()).thenReturn((Object) null);
        Mockito.when(this.mockConnectionContext.getAzureWorkspaceResourceId()).thenReturn(TEST_RESOURCE_ID);
        AzureMSICredentialProvider azureMSICredentialProvider = new AzureMSICredentialProvider(this.mockConnectionContext, this.mockHttpClient);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpGet.class);
        Mockito.when(this.mockHttpClient.execute((HttpUriRequest) forClass.capture())).thenReturn(this.mockHttpResponse);
        Mockito.when(this.mockHttpResponse.getEntity()).thenReturn(this.mockEntity);
        Mockito.when(this.mockEntity.getContent()).thenAnswer(invocationOnMock -> {
            return new ByteArrayInputStream((((HttpGet) forClass.getValue()).getURI().toString().contains("resource=" + "https://management.core.windows.net/".replace(":", "%3A").replace("/", "%2F")) ? createJsonResponse("test-management-token") : createJsonResponse(TestConstants.TEST_ACCESS_TOKEN)).getBytes());
        });
        Assertions.assertEquals("Bearer test-access-token", azureMSICredentialProvider.configure(this.config).headers().get("Authorization"));
        Iterator it = forClass.getAllValues().iterator();
        while (it.hasNext()) {
            Assertions.assertFalse(((HttpGet) it.next()).getURI().toString().contains("client_id="), "Request should not contain client_id parameter");
        }
    }

    @Test
    public void testExceptionHandling() throws DatabricksHttpException {
        AzureMSICredentialProvider azureMSICredentialProvider = setupProvider();
        Mockito.when(this.mockHttpClient.execute((HttpUriRequest) Mockito.any(HttpGet.class))).thenThrow(new Throwable[]{new DatabricksHttpException("Connection failed", DatabricksDriverErrorCode.INVALID_STATE)});
        HeaderFactory configure = azureMSICredentialProvider.configure(this.config);
        Objects.requireNonNull(configure);
        Exception exc = (Exception) Assertions.assertThrows(DatabricksException.class, configure::headers);
        Assertions.assertTrue(exc.getMessage().contains("Failed to retrieve Azure MSI token"));
        Assertions.assertTrue(exc.getMessage().contains("Connection failed"));
        Assertions.assertTrue(exc.getCause() instanceof DatabricksHttpException);
    }

    @Test
    public void testConfigureWithNullResourceId() throws DatabricksHttpException, IOException {
        Mockito.when(this.mockConnectionContext.getNullableClientId()).thenReturn("test-client-id");
        Mockito.when(this.mockConnectionContext.getAzureWorkspaceResourceId()).thenReturn((Object) null);
        AzureMSICredentialProvider azureMSICredentialProvider = new AzureMSICredentialProvider(this.mockConnectionContext, this.mockHttpClient);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpGet.class);
        Mockito.when(this.mockHttpClient.execute((HttpUriRequest) forClass.capture())).thenReturn(this.mockHttpResponse);
        Mockito.when(this.mockHttpResponse.getEntity()).thenReturn(this.mockEntity);
        Mockito.when(this.mockEntity.getContent()).thenAnswer(invocationOnMock -> {
            return new ByteArrayInputStream(createJsonResponse(TestConstants.TEST_ACCESS_TOKEN).getBytes());
        });
        Map headers = azureMSICredentialProvider.configure(this.config).headers();
        Assertions.assertEquals("Bearer test-access-token", headers.get("Authorization"));
        Assertions.assertNull(headers.get("X-Databricks-Azure-Workspace-Resource-Id"), "Resource ID header should not be present");
        Assertions.assertNull(headers.get("X-Databricks-Azure-SP-Management-Token"), "Management token header should not be present");
        Assertions.assertEquals(1, forClass.getAllValues().size(), "Only one request should be made when resource ID is null");
        Assertions.assertTrue(((HttpGet) forClass.getValue()).getURI().toString().contains("resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"), "Request should be for Databricks scope");
    }

    private String createJsonResponse(String str) {
        return "{\"access_token\": \"" + str + "\",\"expires_in\": 3600,\"token_type\": \"Bearer\"}";
    }
}
