package net.snowflake.client.core;

import com.amazonaws.util.StringUtils;
import java.net.URI;
import java.time.Duration;
import net.snowflake.client.category.TestTags;
import net.snowflake.client.core.SessionUtilExternalBrowser;
import net.snowflake.client.core.auth.oauth.AccessTokenProvider;
import net.snowflake.client.core.auth.oauth.OAuthAuthorizationCodeAccessTokenProvider;
import net.snowflake.client.core.auth.oauth.StateProvider;
import net.snowflake.client.jdbc.BaseWiremockTest;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@Tag(TestTags.CORE)
/* loaded from: input_file:net/snowflake/client/core/OAuthAuthorizationCodeFlowLatestIT.class */
public class OAuthAuthorizationCodeFlowLatestIT extends BaseWiremockTest {
    private static final String SCENARIOS_BASE_DIR = "/wiremock/mappings/oauth/authorization_code";
    private static final String SUCCESSFUL_FLOW_SCENARIO_MAPPINGS = "/wiremock/mappings/oauth/authorization_code/successful_flow.json";
    private static final String SUCCESSFUL_DPOP_FLOW_SCENARIO_MAPPINGS = "/wiremock/mappings/oauth/authorization_code/successful_dpop_flow.json";
    private static final String DPOP_NONCE_ERROR_SCENARIO_MAPPINGS = "/wiremock/mappings/oauth/authorization_code/dpop_nonce_error_flow.json";
    private static final String BROWSER_TIMEOUT_SCENARIO_MAPPING = "/wiremock/mappings/oauth/authorization_code/browser_timeout_authorization_error.json";
    private static final String INVALID_SCOPE_SCENARIO_MAPPING = "/wiremock/mappings/oauth/authorization_code/invalid_scope_error.json";
    private static final String INVALID_STATE_SCENARIO_MAPPING = "/wiremock/mappings/oauth/authorization_code/invalid_state_error.json";
    private static final String TOKEN_REQUEST_ERROR_SCENARIO_MAPPING = "/wiremock/mappings/oauth/authorization_code/token_request_error.json";
    private static final String CUSTOM_URLS_SCENARIO_MAPPINGS = "/wiremock/mappings/oauth/authorization_code/external_idp_custom_urls.json";
    private static final SFLogger logger = SFLoggerFactory.getLogger(OAuthAuthorizationCodeFlowLatestIT.class);
    private final SessionUtilExternalBrowser.AuthExternalBrowserHandlers wiremockProxyRequestBrowserHandler = new WiremockProxyRequestBrowserHandler();
    private final AccessTokenProvider provider = new OAuthAuthorizationCodeAccessTokenProvider(this.wiremockProxyRequestBrowserHandler, new MockStateProvider(), 30);

    /* loaded from: input_file:net/snowflake/client/core/OAuthAuthorizationCodeFlowLatestIT$MockStateProvider.class */
    static class MockStateProvider implements StateProvider<String> {
        MockStateProvider() {
        }

        /* renamed from: getState, reason: merged with bridge method [inline-methods] */
        public String m8getState() {
            return "abc123";
        }
    }

    /* loaded from: input_file:net/snowflake/client/core/OAuthAuthorizationCodeFlowLatestIT$WiremockProxyRequestBrowserHandler.class */
    static class WiremockProxyRequestBrowserHandler implements SessionUtilExternalBrowser.AuthExternalBrowserHandlers {
        WiremockProxyRequestBrowserHandler() {
        }

        public HttpPost build(URI uri) {
            return null;
        }

        public void openBrowser(String str) {
            try {
                CloseableHttpClient createDefault = HttpClients.createDefault();
                try {
                    OAuthAuthorizationCodeFlowLatestIT.logger.debug("executing browser request to redirect uri: {}", new Object[]{str});
                    if (createDefault.execute(new HttpGet(str)).getStatusLine().getStatusCode() != 200) {
                        throw new RuntimeException("Invalid response from " + str);
                    }
                    if (createDefault != null) {
                        createDefault.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        public void output(String str) {
        }
    }

    @Test
    public void successfulFlowScenario() throws SFException {
        importMappingFromResources(SUCCESSFUL_FLOW_SCENARIO_MAPPINGS);
        String accessToken = this.provider.getAccessToken(createLoginInputStub("http://localhost:8009/snowflake/oauth-redirect", null, null)).getAccessToken();
        Assertions.assertFalse(StringUtils.isNullOrEmpty(accessToken));
        Assertions.assertEquals("access-token-123", accessToken);
    }

    @Test
    public void successfulFlowDPoPScenario() throws SFException {
        importMappingFromResources(SUCCESSFUL_DPOP_FLOW_SCENARIO_MAPPINGS);
        String accessToken = this.provider.getAccessToken(createLoginInputStubWithDPoPEnabled("http://localhost:8012/snowflake/oauth-redirect", null, null)).getAccessToken();
        Assertions.assertFalse(StringUtils.isNullOrEmpty(accessToken));
        Assertions.assertEquals("access-token-123", accessToken);
    }

    @Test
    public void successfulFlowDPoPScenarioWithNonce() throws SFException {
        importMappingFromResources(DPOP_NONCE_ERROR_SCENARIO_MAPPINGS);
        String accessToken = this.provider.getAccessToken(createLoginInputStubWithDPoPEnabled("http://localhost:8013/snowflake/oauth-redirect", null, null)).getAccessToken();
        Assertions.assertFalse(StringUtils.isNullOrEmpty(accessToken));
        Assertions.assertEquals("access-token-123", accessToken);
    }

    @Test
    public void customUrlsScenario() throws SFException {
        importMappingFromResources(CUSTOM_URLS_SCENARIO_MAPPINGS);
        String accessToken = this.provider.getAccessToken(createLoginInputStub("http://localhost:8007/snowflake/oauth-redirect", String.format("http://%s:%d/authorization", "localhost", Integer.valueOf(wiremockHttpPort)), String.format("http://%s:%d/tokenrequest", "localhost", Integer.valueOf(wiremockHttpPort)))).getAccessToken();
        Assertions.assertFalse(StringUtils.isNullOrEmpty(accessToken));
        Assertions.assertEquals("access-token-123", accessToken);
    }

    @Test
    public void browserTimeoutFlowScenario() throws SFException {
        importMappingFromResources(BROWSER_TIMEOUT_SCENARIO_MAPPING);
        SFLoginInput createLoginInputStub = createLoginInputStub("http://localhost:8004/snowflake/oauth-redirect", null, null);
        OAuthAuthorizationCodeAccessTokenProvider oAuthAuthorizationCodeAccessTokenProvider = new OAuthAuthorizationCodeAccessTokenProvider(this.wiremockProxyRequestBrowserHandler, new MockStateProvider(), 1L);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            oAuthAuthorizationCodeAccessTokenProvider.getAccessToken(createLoginInputStub);
        }).getMessage().contains("Authorization request timed out. Snowflake driver did not receive authorization code back to the redirect URI. Verify your security integration and driver configuration."));
    }

    @Test
    public void invalidScopeFlowScenario() {
        importMappingFromResources(INVALID_SCOPE_SCENARIO_MAPPING);
        SFLoginInput createLoginInputStub = createLoginInputStub("http://localhost:8002/snowflake/oauth-redirect", null, null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.provider.getAccessToken(createLoginInputStub);
        }).getMessage().contains("Error during authorization: invalid_scope, One or more scopes are not configured for the authorization server resource."));
    }

    @Test
    public void invalidStateFlowScenario() {
        importMappingFromResources(INVALID_STATE_SCENARIO_MAPPING);
        SFLoginInput createLoginInputStub = createLoginInputStub("http://localhost:8010/snowflake/oauth-redirect", null, null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.provider.getAccessToken(createLoginInputStub);
        }).getMessage().contains("Error during OAuth Authorization Code authentication: Invalid authorization request redirection state: invalidstate, expected: abc123"));
    }

    @Test
    public void tokenRequestErrorFlowScenario() {
        importMappingFromResources(TOKEN_REQUEST_ERROR_SCENARIO_MAPPING);
        SFLoginInput createLoginInputStub = createLoginInputStub("http://localhost:8003/snowflake/oauth-redirect", null, null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.provider.getAccessToken(createLoginInputStub);
        }).getMessage().contains("JDBC driver encountered communication error. Message: HTTP status=400"));
    }

    private SFLoginInput createLoginInputStub(String str, String str2, String str3) {
        SFLoginInput sFLoginInput = new SFLoginInput();
        sFLoginInput.setServerUrl(String.format("http://%s:%d/", "localhost", Integer.valueOf(wiremockHttpPort)));
        sFLoginInput.setOauthLoginInput(new SFOauthLoginInput("123", "123", str, str2, str3, "session:role:ANALYST"));
        sFLoginInput.setSocketTimeout(Duration.ofMinutes(5L));
        sFLoginInput.setHttpClientSettingsKey(new HttpClientSettingsKey(OCSPMode.FAIL_OPEN));
        return sFLoginInput;
    }

    private SFLoginInput createLoginInputStubWithDPoPEnabled(String str, String str2, String str3) {
        SFLoginInput createLoginInputStub = createLoginInputStub(str, str2, str3);
        createLoginInputStub.setDPoPEnabled(true);
        return createLoginInputStub;
    }
}
