package io.prestosql.plugin.password.salesforce;

import com.google.common.base.Strings;
import com.google.common.net.MediaType;
import io.airlift.http.client.HttpStatus;
import io.airlift.http.client.jetty.JettyHttpClient;
import io.airlift.http.client.testing.TestingHttpClient;
import io.airlift.http.client.testing.TestingResponse;
import io.airlift.units.Duration;
import io.prestosql.spi.security.AccessDeniedException;
import java.util.concurrent.TimeUnit;
import org.testng.Assert;
import org.testng.SkipException;
import org.testng.annotations.BeforeSuite;
import org.testng.annotations.Test;

/* loaded from: input_file:io/prestosql/plugin/password/salesforce/TestSalesforceBasicAuthenticator.class */
public class TestSalesforceBasicAuthenticator {
    private boolean forReal;
    private final String successResponse = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>";
    private final String failedResponse = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:sf=\"urn:fault.partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><soapenv:Fault><faultcode>sf:INVALID_LOGIN</faultcode><faultstring>INVALID_LOGIN: Invalid username, password, security token; or user locked out.</faultstring><detail><sf:LoginFault xsi:type=\"sf:LoginFault\"><sf:exceptionCode>INVALID_LOGIN</sf:exceptionCode><sf:exceptionMessage>Invalid username, password, security token; or user locked out.</sf:exceptionMessage></sf:LoginFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>";

    @BeforeSuite
    void initOnce() {
        this.forReal = false;
        String str = System.getenv("SALESFORCE_TEST_FORREAL");
        if (str == null || !str.equalsIgnoreCase("TRUE")) {
            return;
        }
        this.forReal = true;
    }

    @Test
    public void createAuthenticatedPrincipalSuccess() throws InterruptedException {
        SalesforceConfig cacheExpireDuration = new SalesforceConfig().setAllowedOrganizations("my18CharOrgId").setCacheExpireDuration(Duration.succinctDuration(1.0d, TimeUnit.SECONDS));
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "my18CharOrgId", "user@salesforce.com");
        SalesforceBasicAuthenticator salesforceBasicAuthenticator = new SalesforceBasicAuthenticator(cacheExpireDuration, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        }));
        Assert.assertEquals(salesforceBasicAuthenticator.createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName(), "user@salesforce.com", "Test principal name.");
        Assert.assertEquals(salesforceBasicAuthenticator.createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName(), "user@salesforce.com", "Test principal name from cache.");
        Thread.sleep(2000L);
        Assert.assertEquals(salesforceBasicAuthenticator.createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName(), "user@salesforce.com", "Test principal name from expired cache.");
    }

    @Test(expectedExceptions = {AccessDeniedException.class})
    public void createAuthenticatedPrincipalWrongOrg() {
        SalesforceConfig allowedOrganizations = new SalesforceConfig().setAllowedOrganizations("my18CharOrgId");
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "NotMyOrg", "user@salesforce.com");
        new SalesforceBasicAuthenticator(allowedOrganizations, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        })).createAuthenticatedPrincipal("user@salesforce.com", "passtoken");
    }

    @Test(expectedExceptions = {AccessDeniedException.class})
    public void createAuthenticatedPrincipalBadPass() {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:sf=\"urn:fault.partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><soapenv:Fault><faultcode>sf:INVALID_LOGIN</faultcode><faultstring>INVALID_LOGIN: Invalid username, password, security token; or user locked out.</faultstring><detail><sf:LoginFault xsi:type=\"sf:LoginFault\"><sf:exceptionCode>INVALID_LOGIN</sf:exceptionCode><sf:exceptionMessage>Invalid username, password, security token; or user locked out.</sf:exceptionMessage></sf:LoginFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>";
        new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations("my18CharOrgId"), new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.INTERNAL_SERVER_ERROR, MediaType.ANY_TEXT_TYPE, str);
        })).createAuthenticatedPrincipal("user@salesforce.com", "passtoken");
    }

    @Test
    public void createAuthenticatedPrincipalAllOrgs() {
        SalesforceConfig allowedOrganizations = new SalesforceConfig().setAllowedOrganizations("all");
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "some18CharOrgId", "user@salesforce.com");
        Assert.assertEquals(new SalesforceBasicAuthenticator(allowedOrganizations, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        })).createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName(), "user@salesforce.com", "Test allowing all orgs.");
    }

    @Test
    public void createAuthenticatedPrincipalFewOrgs() {
        SalesforceConfig allowedOrganizations = new SalesforceConfig().setAllowedOrganizations("my18CharOrgId,your18CharOrgId, his18CharOrgId ,her18CharOrgId");
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "my18CharOrgId", "user@salesforce.com");
        Assert.assertEquals(new SalesforceBasicAuthenticator(allowedOrganizations, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        })).createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName(), "user@salesforce.com", "Test allowing a few orgs.");
    }

    @Test(description = "Test principal name for real, yo!")
    void createAuthenticatedPrincipalRealSuccess() {
        if (!this.forReal) {
            throw new SkipException("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_ORG");
        if (Strings.emptyToNull(str) == null) {
            Assert.fail("Must set SALESFORCE_TEST_ORG environment variable.");
        }
        String str2 = System.getenv("SALESFORCE_TEST_USERNAME");
        String str3 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str2) == null || Strings.emptyToNull(str3) == null) {
            Assert.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        Assert.assertEquals(new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations(str), new JettyHttpClient()).createAuthenticatedPrincipal(str2, str3).getName(), str2, "Test principal name for real, yo!");
    }

    @Test(expectedExceptions = {AccessDeniedException.class}, description = "Test got wrong org for real, yo!")
    void createAuthenticatedPrincipalRealWrongOrg() {
        if (!this.forReal) {
            throw new SkipException("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_USERNAME");
        String str2 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str) == null || Strings.emptyToNull(str2) == null) {
            Assert.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations("NotMyOrg"), new JettyHttpClient()).createAuthenticatedPrincipal(str, str2);
    }

    @Test
    void createAuthenticatedPrincipalRealAllOrgs() {
        if (!this.forReal) {
            throw new SkipException("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_USERNAME");
        String str2 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str) == null || Strings.emptyToNull(str2) == null) {
            Assert.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        Assert.assertEquals(new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations("all"), new JettyHttpClient()).createAuthenticatedPrincipal(str, str2).getName(), str, "Test no org check for real, yo!");
    }

    @Test(expectedExceptions = {AccessDeniedException.class}, description = "Test bad password for real, yo!")
    void createAuthenticatedPrincipalRealBadPassword() {
        if (!this.forReal) {
            throw new SkipException("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_ORG");
        if (Strings.emptyToNull(str) == null) {
            Assert.fail("Must set SALESFORCE_TEST_ORG environment variable.");
        }
        String str2 = System.getenv("SALESFORCE_TEST_USERNAME");
        String str3 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str2) == null || Strings.emptyToNull(str3) == null) {
            Assert.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations(str), new JettyHttpClient()).createAuthenticatedPrincipal(str2, "NotMyPassword");
    }
}
