package net.snowflake.client.util;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.HashMap;
import java.util.Map;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import net.snowflake.client.core.ObjectMapperFactory;
import org.apache.commons.lang3.RandomStringUtils;
import org.hamcrest.MatcherAssert;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:net/snowflake/client/util/SecretDetectorTest.class */
public class SecretDetectorTest {
    @Test
    public void testMaskAWSSecret() {
        MatcherAssert.assertThat("secret masked", "copy into 's3://xxxx/test' from \n(select seq1(), random()\n, random(), random(), random(), random()\n, random(), random(), random(), random()\n, random() , random(), random(), random()\n\tfrom table(generator(rowcount => 10000)))\ncredentials=(\n  aws_key_id='****'\n  aws_secret_key='****'\n  )\nOVERWRITE = TRUE \nMAX_FILE_SIZE = 500000000 \nHEADER = TRUE \nFILE_FORMAT = (TYPE = PARQUET SNAPPY_COMPRESSION = TRUE )\n;".compareTo(SecretDetector.maskSecrets("copy into 's3://xxxx/test' from \n(select seq1(), random()\n, random(), random(), random(), random()\n, random(), random(), random(), random()\n, random() , random(), random(), random()\n\tfrom table(generator(rowcount => 10000)))\ncredentials=(\n  aws_key_id='xxdsdfsafds'\n  aws_secret_key='safas+asfsad+safasf'\n  )\nOVERWRITE = TRUE \nMAX_FILE_SIZE = 500000000 \nHEADER = TRUE \nFILE_FORMAT = (TYPE = PARQUET SNAPPY_COMPRESSION = TRUE )\n;")) == 0);
    }

    @Test
    public void testMaskSASToken() {
        MatcherAssert.assertThat("Azure SAS token is not masked", "https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=****&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwl".equals(SecretDetector.maskSecrets("https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=iCvQmdZngZNW%2F4vw43j6%2BVz6fndHF5LI639QJba4r8o%3D&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwl")));
        MatcherAssert.assertThat("S3 SAS token is not masked", "https://somebucket.s3.amazonaws.com/vzy1-s-va_demo0/results/018b92f3-01c2-02dd-0000-03d5000c8066_0/main/data_0_0_1?x-amz-server-side-encryption-customer-algorithm=AES256&response-content-encoding=gzip&AWSAccessKeyId=****&Expires=1555481960&Signature=****".equals(SecretDetector.maskSecrets("https://somebucket.s3.amazonaws.com/vzy1-s-va_demo0/results/018b92f3-01c2-02dd-0000-03d5000c8066_0/main/data_0_0_1?x-amz-server-side-encryption-customer-algorithm=AES256&response-content-encoding=gzip&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Expires=1555481960&Signature=zFiRkdB9RtRRYomppVes4fQ%2ByWw%3D")));
        String random = RandomStringUtils.random(200);
        MatcherAssert.assertThat("Text without secrets is not unmodified", random.equals(SecretDetector.maskSecrets(random)));
        MatcherAssert.assertThat("Text with 2 Azure SAS tokens is not masked", "https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=****&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwlhttps://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=****&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwl".equals(SecretDetector.maskSecrets("https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=iCvQmdZngZNW%2F4vw43j6%2BVz6fndHF5LI639QJba4r8o%3D&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwlhttps://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=iCvQmdZngZNW%2F4vw43j6%2BVz6fndHF5LI639QJba4r8o%3D&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwl")));
        MatcherAssert.assertThat("Text with 2 S3 SAS tokens is not masked", "https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=****&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwlhttps://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=****&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwl".equals(SecretDetector.maskSecrets("https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=iCvQmdZngZNW%2F4vw43j6%2BVz6fndHF5LI639QJba4r8o%3D&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwlhttps://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=iCvQmdZngZNW%2F4vw43j6%2BVz6fndHF5LI639QJba4r8o%3D&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwl")));
        MatcherAssert.assertThat("Text with Azure and S3 SAS tokens is not masked", "https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=****&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwlhttps://somebucket.s3.amazonaws.com/vzy1-s-va_demo0/results/018b92f3-01c2-02dd-0000-03d5000c8066_0/main/data_0_0_1?x-amz-server-side-encryption-customer-algorithm=AES256&response-content-encoding=gzip&AWSAccessKeyId=****&Expires=1555481960&Signature=****".equals(SecretDetector.maskSecrets("https://someaccounts.blob.core.windows.net/results/018b90ab-0033-5f8e-0000-14f1000bd376_0/main/data_0_0_1?sv=2015-07-08&amp;sig=iCvQmdZngZNW%2F4vw43j6%2BVz6fndHF5LI639QJba4r8o%3D&amp;spr=https&amp;st=2016-04-12T03%3A24%3A31Z&amp;se=2016-04-13T03%3A29%3A31Z&amp;srt=s&amp;ss=bf&amp;sp=rwlhttps://somebucket.s3.amazonaws.com/vzy1-s-va_demo0/results/018b92f3-01c2-02dd-0000-03d5000c8066_0/main/data_0_0_1?x-amz-server-side-encryption-customer-algorithm=AES256&response-content-encoding=gzip&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Expires=1555481960&Signature=zFiRkdB9RtRRYomppVes4fQ%2ByWw%3D")));
    }

    @Test
    public void testMaskSecrets() {
        String maskSecrets = SecretDetector.maskSecrets("create stage mystage URL = 's3://mybucket/mypath/' credentials = (aws_key_id = 'AKIAIOSFODNN7EXAMPLE' aws_secret_key = 'frJIUN8DYpKDtOLCwo//yllqDzg='); create stage mystage2 URL = 'azure//mystorage.blob.core.windows.net/cont' credentials = (azure_sas_token = '?sv=2016-05-31&ss=b&srt=sco&sp=rwdl&se=2018-06-27T10:05:50Z&st=2017-06-27T02:05:50Z&spr=https,http&sig=bgqQwoXwxzuD2GJfagRg7VOS8hzNr3QLT7rhS8OFRLQ%3D')");
        System.out.println(maskSecrets);
        System.out.println("create stage mystage URL = 's3://mybucket/mypath/' credentials = (aws_key_id = '****' aws_secret_key = '****'); create stage mystage2 URL = 'azure//mystorage.blob.core.windows.net/cont' credentials = (azure_sas_token = '?sv=2016-05-31&ss=b&srt=sco&sp=rwdl&se=2018-06-27T10:05:50Z&st=2017-06-27T02:05:50Z&spr=https,http&sig=****')");
        MatcherAssert.assertThat("Text with AWS secret and Azure SAS token is not masked", "create stage mystage URL = 's3://mybucket/mypath/' credentials = (aws_key_id = '****' aws_secret_key = '****'); create stage mystage2 URL = 'azure//mystorage.blob.core.windows.net/cont' credentials = (azure_sas_token = '?sv=2016-05-31&ss=b&srt=sco&sp=rwdl&se=2018-06-27T10:05:50Z&st=2017-06-27T02:05:50Z&spr=https,http&sig=****')".equals(maskSecrets));
        String random = RandomStringUtils.random(500);
        MatcherAssert.assertThat("Text without secrets is not unmodified", random.equals(SecretDetector.maskSecrets(random)));
    }

    @Test
    public void testMaskPasswordFromConnectionString() {
        MatcherAssert.assertThat("Text with password is not masked", "\"jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&password=**** ".equals(SecretDetector.maskSecrets("\"jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&password=xxxxxx&role=xxx\"")));
        MatcherAssert.assertThat("Text with password is not masked", "jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&password=**** ".equals(SecretDetector.maskSecrets("jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&password=xxxxxx")));
        MatcherAssert.assertThat("Text with password is not masked", "jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&passcode=**** ".equals(SecretDetector.maskSecrets("jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&passcode=xxxxxx")));
        MatcherAssert.assertThat("Text with password is not masked", "jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&passWord=**** ".equals(SecretDetector.maskSecrets("jdbc:snowflake://xxx.snowflakecomputing.com/?user=xxx&passWord=xxxxxx")));
    }

    @Test
    public void sasTokenFilterTest() throws Exception {
        Assert.assertEquals("\"privateKeyData\": \"XXXX\"", SecretDetector.maskSecrets("\"privateKeyData\": \"aslkjdflasjf\""));
    }

    @Test
    public void testMaskParameterValue() {
        HashMap hashMap = new HashMap();
        hashMap.put("passcodeInPassword", "test");
        hashMap.put("passcode", "test");
        hashMap.put("id_token", "test");
        hashMap.put("private_key_pwd", "test");
        hashMap.put("proxyPassword", "test");
        hashMap.put("proxyUser", "test");
        hashMap.put("privatekey", "test");
        hashMap.put("private_key_base64", "test");
        hashMap.put("privateKeyBase64", "test");
        hashMap.put("id_token_password", "test");
        hashMap.put("masterToken", "test");
        hashMap.put("mfaToken", "test");
        hashMap.put("password", "test");
        hashMap.put("sessionToken", "test");
        hashMap.put("token", "test");
        HashMap hashMap2 = new HashMap();
        hashMap2.put("oktausername", "test");
        hashMap2.put("authenticator", "test");
        hashMap2.put("proxyHost", "test");
        hashMap2.put("user", "test");
        hashMap2.put("private_key_file", "test");
        for (Map.Entry entry : hashMap.entrySet()) {
            Assert.assertEquals("****", SecretDetector.maskParameterValue((String) entry.getKey(), (String) entry.getValue()));
        }
        for (Map.Entry entry2 : hashMap2.entrySet()) {
            Assert.assertEquals("test", SecretDetector.maskParameterValue((String) entry2.getKey(), (String) entry2.getValue()));
        }
    }

    @Test
    public void testMaskconnectionToken() {
        MatcherAssert.assertThat("Text with connection token is not masked", "\"Authorization: Snowflake Token=\"****\"\"".equals(SecretDetector.maskSecrets("\"Authorization: Snowflake Token=\"XXXXXXXXXX\"\"")));
        MatcherAssert.assertThat("Text with connection token is not masked", "\"{\"requestType\":\"ISSUE\",\"idToken\":\"****\"}\"".equals(SecretDetector.maskSecrets("\"{\"requestType\":\"ISSUE\",\"idToken\":\"XXXXXXXX\"}\"")));
    }

    private JSONObject generateJsonObject() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("hello", "world");
        jSONObject.put("number", 256);
        jSONObject.put("boolean", true);
        return jSONObject;
    }

    @Test
    public void testMaskJsonObject() {
        JSONObject generateJsonObject = generateJsonObject();
        generateJsonObject.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=fakepassword&USER=fakeuser");
        JSONObject generateJsonObject2 = generateJsonObject();
        generateJsonObject2.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=**** ");
        MatcherAssert.assertThat("JSONObject is not masked successfully", generateJsonObject2.equals(SecretDetector.maskJsonObject(generateJsonObject)));
        generateJsonObject.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=fakepassword&USER=fakeuser");
        JSONObject generateJsonObject3 = generateJsonObject();
        generateJsonObject3.put("subJson", generateJsonObject);
        JSONObject generateJsonObject4 = generateJsonObject();
        generateJsonObject4.put("subJson", generateJsonObject2);
        MatcherAssert.assertThat("nested JSONObject is not masked successfully", generateJsonObject4.equals(SecretDetector.maskJsonObject(generateJsonObject3)));
    }

    @Test
    public void testMaskJsonArray() {
        JSONObject generateJsonObject = generateJsonObject();
        generateJsonObject.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=fakepassword&USER=fakeuser");
        JSONObject generateJsonObject2 = generateJsonObject();
        generateJsonObject2.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=**** ");
        JSONArray jSONArray = new JSONArray();
        jSONArray.add(generateJsonObject);
        jSONArray.add("password=ThisShouldBeMasked");
        JSONArray jSONArray2 = new JSONArray();
        jSONArray2.add(generateJsonObject2);
        jSONArray2.add("password=****");
        MatcherAssert.assertThat("jsonArray is not masked successfully", jSONArray2.equals(SecretDetector.maskJsonArray(jSONArray)));
        JSONObject generateJsonObject3 = generateJsonObject();
        generateJsonObject3.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=fakepassword&USER=fakeuser");
        JSONObject generateJsonObject4 = generateJsonObject();
        generateJsonObject4.put("connStr", "https://snowflake.fakehostname.local:fakeport?LOGINTIMEOUT=20&ACCOUNT=fakeaccount&PASSWORD=**** ");
        JSONArray jSONArray3 = new JSONArray();
        jSONArray3.add(generateJsonObject3);
        jSONArray3.add("password=ThisShouldBeMasked");
        JSONArray jSONArray4 = new JSONArray();
        jSONArray4.add(generateJsonObject4);
        jSONArray4.add("password=****");
        JSONObject generateJsonObject5 = generateJsonObject();
        generateJsonObject5.put("array", jSONArray3);
        JSONObject generateJsonObject6 = generateJsonObject();
        generateJsonObject6.put("array", jSONArray4);
        MatcherAssert.assertThat("JSONArray within JSONObject is not masked successfully", generateJsonObject6.equals(SecretDetector.maskJsonObject(generateJsonObject5)));
    }

    @Test
    public void testMaskJacksonObject() {
        ObjectMapper objectMapper = ObjectMapperFactory.getObjectMapper();
        ObjectNode createObjectNode = objectMapper.createObjectNode();
        createObjectNode.put("testInfo", "pwd=HelloWorld!");
        MatcherAssert.assertThat("Jackson ObjectNode is not masked successfully", "{\"testInfo\":\"pwd=**** \"}".equals(SecretDetector.maskJacksonNode(createObjectNode).toString()));
        ObjectNode createObjectNode2 = objectMapper.createObjectNode();
        createObjectNode2.put("testInfo", "pwd=HelloWorld!");
        ObjectNode createObjectNode3 = objectMapper.createObjectNode();
        createObjectNode3.put("dummy", "dummy");
        createObjectNode3.put("testInfo2", "sig=ajwAWD45%+ajrH92knKfsfakj");
        createObjectNode2.set("testNested", createObjectNode3);
        MatcherAssert.assertThat("Nested Jackson ObjectNode is not masked successfully", "{\"testInfo\":\"pwd=**** \",\"testNested\":{\"dummy\":\"dummy\",\"testInfo2\":\"sig=****\"}}".equals(SecretDetector.maskJacksonNode(createObjectNode2).toString()));
        ObjectNode createObjectNode4 = objectMapper.createObjectNode();
        createObjectNode4.put("testInfo", "aws_secret_key= 'fakeAWSsecretKey!123'");
        ArrayNode createArrayNode = objectMapper.createArrayNode();
        createArrayNode.add(createObjectNode4);
        createArrayNode.add("fake token: SDFADAVN4ASD28ASFG3234x");
        MatcherAssert.assertThat("Jackson ArrayNode is not masked successfully", "[{\"testInfo\":\"aws_secret_key= '****'\"},\"fake token: ****\"]".equals(SecretDetector.maskJacksonNode(createArrayNode).toString()));
        ObjectNode createObjectNode5 = objectMapper.createObjectNode();
        createObjectNode5.put("testInfo", "\"privateKeyData\": \"abcdefg012345/=+\"");
        ArrayNode createArrayNode2 = objectMapper.createArrayNode();
        createArrayNode2.add(createObjectNode5);
        ObjectNode createObjectNode6 = objectMapper.createObjectNode();
        createObjectNode6.set("testArrayNode", createArrayNode2);
        createObjectNode6.put("hello", "world");
        createObjectNode6.put("password", "password = HelloWorld!");
        SecretDetector.maskJacksonNode(createObjectNode6);
        MatcherAssert.assertThat("Nested Jackson array node is not masked successfully", "{\"testArrayNode\":[{\"testInfo\":\"\\\"privateKeyData\\\": \\\"XXXX\\\"\"}],\"hello\":\"world\",\"password\":\"password = **** \"}".equals(SecretDetector.maskJacksonNode(createObjectNode6).toString()));
    }
}
