package com.google.cloud.bigquery.connector.common;

import com.google.api.client.json.GenericJson;
import com.google.api.client.json.gson.GsonFactory;
import com.google.auth.Credentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.ImpersonatedCredentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.common.truth.Truth;
import com.google.gson.stream.MalformedJsonException;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.UncheckedIOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/google/cloud/bigquery/connector/common/BigQueryCredentialsSupplierTest.class */
public class BigQueryCredentialsSupplierTest {
    static final String PRIVATE_KEY_PKCS8 = "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALX0PQoe1igW12ikv1bN/r9lN749y2ijmbc/mFHPyS3hNTyOCjDvBbXYbDhQJzWVUikh4mvGBA07qTj79Xc3yBDfKP2IeyYQIFe0t0zkd7R9Zdn98Y2rIQC47aAbDfubtkU1U72t4zL11kHvoa0/RuFZjncvlr42X7be7lYh4p3NAgMBAAECgYASk5wDw4Az2ZkmeuN6Fk/y9H+Lcb2pskJIXjrL533vrDWGOC48LrsThMQPv8cxBky8HFSEklPpkfTF95tpD43iVwJRB/GrCtGTw65IfJ4/tI09h6zGc4yqvIo1cHX/LQ+SxKLGyir/dQM925rGt/VojxY5ryJR7GLbCzxPnJm/oQJBANwOCO6D2hy1LQYJhXh7O+RLtA/tSnT1xyMQsGT+uUCMiKS2bSKx2wxo9k7h3OegNJIu1q6nZ6AbxDK8H3+d0dUCQQDTrPSXagBxzp8PecbaCHjzNRSQE2in81qYnrAFNB4o3DpHyMMY6s5ALLeHKscEWnqP8Ur6X4PvzZecCWU9BKAZAkAutLPknAuxSCsUOvUfS1i87ex77Ot+w6POp34pEX+UWb+u5iFn2cQacDTHLV1LtE80L8jVLSbrbrlH43H0DjU5AkEAgidhycxS86dxpEljnOMCw8CKoUBd5I880IUahEiUltk7OLJYS/Ts1wbn3kPOVX3wyJs8WBDtBkFrDHW2ezth2QJADj3e1YhMVdjJW5jqwlD/VNddGjgzyunmiZg0uOXsHXbytYmsA545S8KRQFaJKFXYYFo2kOjqOiC1T2cAzMDjCQ==\n-----END PRIVATE KEY-----\n";
    private static final String TYPE = "service_account";
    private static final String CLIENT_EMAIL = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr@developer.gserviceaccount.com";
    private static final String CLIENT_ID = "36680232662-vrd7ji19qe3nelgchd0ah2csanun6bnr.apps.googleusercontent.com";
    private static final String PRIVATE_KEY_ID = "d84a4fefcf50791d4a90f2d7af17469d6282df9d";
    private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
    private static final String QUOTA_PROJECT = "sample-quota-project-id";
    public static final String IMPERSONATED_GLOBAL = "impersonated-global@developer.gserviceaccount.com";
    public static final String IMPERSONATED_A = "impersonated-a@developer.gserviceaccount.com";
    public static final String IMPERSONATED_B = "impersonated-b@developer.gserviceaccount.com";
    private static final Collection<String> SCOPES = Collections.singletonList("dummy.scope");
    private static final Optional<URI> optionalProxyURI = Optional.of(URI.create("http://bq-connector-host:1234"));
    private static final Optional<String> optionalProxyUserName = Optional.of("credential-user");
    private static final Optional<String> optionalProxyPassword = Optional.of("credential-password");

    @Test
    public void testCredentialsFromAccessToken() {
        Arrays.asList(new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.of(ACCESS_TOKEN), Optional.empty(), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty()).getCredentials(), new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.of(ACCESS_TOKEN), Optional.empty(), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, optionalProxyUserName, optionalProxyPassword).getCredentials()).stream().forEach(credentials -> {
            Truth.assertThat(credentials).isInstanceOf(GoogleCredentials.class);
            Truth.assertThat(((GoogleCredentials) credentials).getAccessToken().getTokenValue()).isEqualTo(ACCESS_TOKEN);
        });
    }

    @Test
    public void testCredentialsFromKey() throws Exception {
        String encodeToString = Base64.getEncoder().encodeToString(createServiceAccountJson("key").getBytes(StandardCharsets.UTF_8));
        Arrays.asList(new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(encodeToString), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty()).getCredentials(), new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(encodeToString), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, optionalProxyUserName, optionalProxyPassword).getCredentials()).stream().forEach(credentials -> {
            Truth.assertThat(credentials).isInstanceOf(ServiceAccountCredentials.class);
            ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) credentials;
            Truth.assertThat(serviceAccountCredentials.getProjectId()).isEqualTo("key");
            Truth.assertThat(serviceAccountCredentials.getClientEmail()).isEqualTo(CLIENT_EMAIL);
            Truth.assertThat(serviceAccountCredentials.getClientId()).isEqualTo(CLIENT_ID);
            Truth.assertThat(serviceAccountCredentials.getQuotaProjectId()).isEqualTo(QUOTA_PROJECT);
        });
    }

    @Test
    public void testCredentialsFromKeyWithErrors() throws Exception {
        String encodeToString = Base64.getEncoder().encodeToString(createServiceAccountJson("key").getBytes(StandardCharsets.UTF_8));
        Arrays.asList((IllegalArgumentException) Assert.assertThrows(IllegalArgumentException.class, () -> {
            new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(encodeToString), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, Optional.empty(), optionalProxyPassword).getCredentials();
        }), (IllegalArgumentException) Assert.assertThrows(IllegalArgumentException.class, () -> {
            new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(encodeToString), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, optionalProxyUserName, Optional.empty()).getCredentials();
        })).stream().forEach(illegalArgumentException -> {
            Truth.assertThat(illegalArgumentException).hasMessageThat().contains("Both proxyUsername and proxyPassword should be defined or not defined together");
        });
    }

    @Test
    public void testCredentialsFromFile() throws Exception {
        String createServiceAccountJson = createServiceAccountJson("file");
        File createTempFile = File.createTempFile("dummy-credentials", ".json");
        createTempFile.deleteOnExit();
        Files.write(createTempFile.toPath(), createServiceAccountJson.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
        Arrays.asList(new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(createTempFile.getAbsolutePath()), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty()).getCredentials(), new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(createTempFile.getAbsolutePath()), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, optionalProxyUserName, optionalProxyPassword).getCredentials()).stream().forEach(credentials -> {
            Truth.assertThat(credentials).isInstanceOf(ServiceAccountCredentials.class);
            ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) credentials;
            Truth.assertThat(serviceAccountCredentials.getProjectId()).isEqualTo("file");
            Truth.assertThat(serviceAccountCredentials.getClientEmail()).isEqualTo(CLIENT_EMAIL);
            Truth.assertThat(serviceAccountCredentials.getClientId()).isEqualTo(CLIENT_ID);
            Truth.assertThat(serviceAccountCredentials.getQuotaProjectId()).isEqualTo(QUOTA_PROJECT);
        });
    }

    @Test
    public void testCredentialsFromFileWithErrors() throws Exception {
        String createServiceAccountJson = createServiceAccountJson("file");
        File createTempFile = File.createTempFile("dummy-credentials", ".json");
        createTempFile.deleteOnExit();
        Files.write(createTempFile.toPath(), createServiceAccountJson.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
        Arrays.asList((IllegalArgumentException) Assert.assertThrows(IllegalArgumentException.class, () -> {
            new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(createTempFile.getAbsolutePath()), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, Optional.empty(), optionalProxyPassword).getCredentials();
        }), (IllegalArgumentException) Assert.assertThrows(IllegalArgumentException.class, () -> {
            new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.of(createTempFile.getAbsolutePath()), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), optionalProxyURI, optionalProxyUserName, Optional.empty()).getCredentials();
        })).stream().forEach(illegalArgumentException -> {
            Truth.assertThat(illegalArgumentException).hasMessageThat().contains("Both proxyUsername and proxyPassword should be defined or not defined together");
        });
    }

    private String createServiceAccountJson(String str) throws Exception {
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(GsonFactory.getDefaultInstance());
        genericJson.put("type", TYPE);
        genericJson.put("client_id", CLIENT_ID);
        genericJson.put("client_email", CLIENT_EMAIL);
        genericJson.put("private_key", PRIVATE_KEY_PKCS8);
        genericJson.put("private_key_id", PRIVATE_KEY_ID);
        genericJson.put("project_id", str);
        genericJson.put("quota_project_id", QUOTA_PROJECT);
        return genericJson.toPrettyString();
    }

    Credentials createImpersonatedCredentials(String str, Set<String> set, Map<String, String> map, Map<String, String> map2, String str2) {
        return new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), str, set, Optional.ofNullable(map), Optional.ofNullable(map2), Optional.ofNullable(str2), Optional.empty(), Optional.empty(), Optional.empty()).getCredentials();
    }

    @Test
    public void testSingleServiceAccountImpersonation() throws Exception {
        ImpersonatedCredentials createImpersonatedCredentials = createImpersonatedCredentials(null, null, null, null, IMPERSONATED_GLOBAL);
        Truth.assertThat(createImpersonatedCredentials.getSourceCredentials()).isEqualTo(GoogleCredentials.getApplicationDefault());
        Truth.assertThat(createImpersonatedCredentials.getAccount()).isEqualTo(IMPERSONATED_GLOBAL);
    }

    @Test
    public void testImpersonationForUsers() throws Exception {
        HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: com.google.cloud.bigquery.connector.common.BigQueryCredentialsSupplierTest.1
            {
                put("alice", BigQueryCredentialsSupplierTest.IMPERSONATED_A);
                put("bob", BigQueryCredentialsSupplierTest.IMPERSONATED_B);
            }
        };
        for (Map.Entry<String, String> entry : new HashMap<String, String>() { // from class: com.google.cloud.bigquery.connector.common.BigQueryCredentialsSupplierTest.2
            {
                put("alice", BigQueryCredentialsSupplierTest.IMPERSONATED_A);
                put("bob", BigQueryCredentialsSupplierTest.IMPERSONATED_B);
                put("charlie", BigQueryCredentialsSupplierTest.IMPERSONATED_GLOBAL);
            }
        }.entrySet()) {
            ImpersonatedCredentials createImpersonatedCredentials = createImpersonatedCredentials(entry.getKey(), null, hashMap, null, IMPERSONATED_GLOBAL);
            Truth.assertThat(createImpersonatedCredentials.getSourceCredentials()).isEqualTo(GoogleCredentials.getApplicationDefault());
            Truth.assertThat(createImpersonatedCredentials.getAccount()).isEqualTo(entry.getValue());
        }
    }

    @Test
    public void testImpersonationForGroups() throws Exception {
        HashMap<String, String> hashMap = new HashMap<String, String>() { // from class: com.google.cloud.bigquery.connector.common.BigQueryCredentialsSupplierTest.3
            {
                put("group1", BigQueryCredentialsSupplierTest.IMPERSONATED_A);
                put("group2", BigQueryCredentialsSupplierTest.IMPERSONATED_B);
            }
        };
        for (Map.Entry<String, String> entry : new HashMap<String, String>() { // from class: com.google.cloud.bigquery.connector.common.BigQueryCredentialsSupplierTest.4
            {
                put("group1", BigQueryCredentialsSupplierTest.IMPERSONATED_A);
                put("group2", BigQueryCredentialsSupplierTest.IMPERSONATED_B);
                put("group3", BigQueryCredentialsSupplierTest.IMPERSONATED_GLOBAL);
            }
        }.entrySet()) {
            ImpersonatedCredentials createImpersonatedCredentials = createImpersonatedCredentials(null, new HashSet(Arrays.asList(entry.getKey())), null, hashMap, IMPERSONATED_GLOBAL);
            Truth.assertThat(createImpersonatedCredentials.getSourceCredentials()).isEqualTo(GoogleCredentials.getApplicationDefault());
            Truth.assertThat(createImpersonatedCredentials.getAccount()).isEqualTo(entry.getValue());
        }
    }

    @Test
    public void testImpersonationForUsersAndGroups() throws Exception {
        ImpersonatedCredentials createImpersonatedCredentials = createImpersonatedCredentials("alice", new HashSet(Arrays.asList("group1")), new HashMap<String, String>() { // from class: com.google.cloud.bigquery.connector.common.BigQueryCredentialsSupplierTest.5
            {
                put("alice", BigQueryCredentialsSupplierTest.IMPERSONATED_A);
            }
        }, new HashMap<String, String>() { // from class: com.google.cloud.bigquery.connector.common.BigQueryCredentialsSupplierTest.6
            {
                put("group1", BigQueryCredentialsSupplierTest.IMPERSONATED_B);
            }
        }, IMPERSONATED_GLOBAL);
        Truth.assertThat(createImpersonatedCredentials.getSourceCredentials()).isEqualTo(GoogleCredentials.getApplicationDefault());
        Truth.assertThat(createImpersonatedCredentials.getAccount()).isEqualTo(IMPERSONATED_A);
    }

    @Test
    public void testFallbackToDefault() throws Exception {
        Truth.assertThat(new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty()).getCredentials()).isEqualTo(GoogleCredentials.getApplicationDefault());
    }

    @Test
    public void testExceptionIsThrownOnFile() throws Exception {
        UncheckedIOException uncheckedIOException = (UncheckedIOException) Assert.assertThrows(UncheckedIOException.class, () -> {
            new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.of("/no/such/file"), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty());
        });
        Truth.assertThat(uncheckedIOException.getMessage()).isEqualTo("Failed to create Credentials from file");
        Truth.assertThat(uncheckedIOException.getCause()).isInstanceOf(FileNotFoundException.class);
    }

    @Test
    public void testExceptionIsThrownOnKey() throws Exception {
        UncheckedIOException uncheckedIOException = (UncheckedIOException) Assert.assertThrows(UncheckedIOException.class, () -> {
            new BigQueryCredentialsSupplier(Optional.empty(), Optional.empty(), Optional.empty(), Optional.of("bm8ga2V5IGhlcmU="), Optional.empty(), (String) null, (Set) null, Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty());
        });
        Truth.assertThat(uncheckedIOException.getMessage()).isEqualTo("Failed to create Credentials from key");
        Truth.assertThat(uncheckedIOException.getCause()).isInstanceOf(MalformedJsonException.class);
    }
}
