package net.snowflake.client.core.auth.oauth;

import java.util.Arrays;
import net.snowflake.client.core.SFException;
import net.snowflake.client.core.SFLoginInput;
import net.snowflake.client.core.SFOauthLoginInput;
import net.snowflake.client.core.SessionUtilExternalBrowser;
import net.snowflake.client.core.auth.AuthenticatorType;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.MockedStatic;
import org.mockito.Mockito;

/* loaded from: input_file:net/snowflake/client/core/auth/oauth/OAuthAccessTokenProviderFactoryTest.class */
public class OAuthAccessTokenProviderFactoryTest {
    private final OAuthAccessTokenProviderFactory providerFactory = new OAuthAccessTokenProviderFactory((SessionUtilExternalBrowser.AuthExternalBrowserHandlers) null, 30);

    @Test
    public void shouldProperlyReturnIfAuthenticatorIsEligible() {
        Arrays.stream(AuthenticatorType.values()).forEach(authenticatorType -> {
            if (authenticatorType == AuthenticatorType.OAUTH_CLIENT_CREDENTIALS || authenticatorType.equals(AuthenticatorType.OAUTH_AUTHORIZATION_CODE)) {
                Assertions.assertTrue(OAuthAccessTokenProviderFactory.isEligible(authenticatorType));
            } else {
                Assertions.assertFalse(OAuthAccessTokenProviderFactory.isEligible(authenticatorType));
            }
        });
    }

    @Test
    public void shouldProperlyCreateClientCredentialsAccessTokenProvider() throws SFException {
        AccessTokenProvider createAccessTokenProvider = this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_CLIENT_CREDENTIALS, createLoginInputStub("123", "123", null, "some/url", null));
        Assertions.assertNotNull(createAccessTokenProvider);
        Assertions.assertInstanceOf(OAuthClientCredentialsAccessTokenProvider.class, createAccessTokenProvider);
    }

    @Test
    public void shouldProperlyCreateAuthzCodeAccessTokenProvider() throws SFException {
        AccessTokenProvider createAccessTokenProvider = this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub("123", "123", null, null, null));
        Assertions.assertNotNull(createAccessTokenProvider);
        Assertions.assertInstanceOf(OAuthAuthorizationCodeAccessTokenProvider.class, createAccessTokenProvider);
    }

    @Test
    public void shouldProperlyCreateAuthzCodeAccessTokenProviderForExternalIdp() throws SFException {
        AccessTokenProvider createAccessTokenProvider = this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub("123", "123", "https://some.ext.idp.com/authz", "https://some.ext.idp.com/token", "http://localhost:12345/authz-code"));
        Assertions.assertNotNull(createAccessTokenProvider);
        Assertions.assertInstanceOf(OAuthAuthorizationCodeAccessTokenProvider.class, createAccessTokenProvider);
    }

    @Test
    public void shouldFailToCreateClientCredentialsAccessTokenProviderWithoutClientId() {
        SFLoginInput createLoginInputStub = createLoginInputStub(null, "123", null, "some/url", null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_CLIENT_CREDENTIALS, createLoginInputStub);
        }).getMessage().contains("passing oauthClientId is required for OAUTH_CLIENT_CREDENTIALS authentication."));
    }

    @Test
    public void shouldFailToCreateClientCredentialsAccessTokenProviderWithoutClientSecret() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", null, null, "some/url", null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_CLIENT_CREDENTIALS, createLoginInputStub);
        }).getMessage().contains("passing oauthClientSecret is required for OAUTH_CLIENT_CREDENTIALS authentication."));
    }

    @Test
    public void shouldFailToCreateClientCredentialsAccessTokenProviderWithoutExtTokenUrl() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", null, null, null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_CLIENT_CREDENTIALS, createLoginInputStub);
        }).getMessage().contains("passing oauthTokenRequestUrl is required for OAUTH_CLIENT_CREDENTIALS authentication."));
    }

    @Test
    public void shouldProperlyCreateAuthorizationCodeAccessTokenProvider() throws SFException {
        AccessTokenProvider createAccessTokenProvider = this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub("123", "123", null, null, null));
        Assertions.assertNotNull(createAccessTokenProvider);
        Assertions.assertInstanceOf(OAuthAuthorizationCodeAccessTokenProvider.class, createAccessTokenProvider);
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithoutClientId() {
        SFLoginInput createLoginInputStub = createLoginInputStub(null, "123", "some/url", "some/url", null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("passing oauthClientId is required for OAUTH_AUTHORIZATION_CODE authentication."));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithoutClientSecret() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", null, null, null, null);
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("passing oauthClientSecret is required for OAUTH_AUTHORIZATION_CODE authentication."));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithHttpsRedirectUri() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", null, null, "https://localhost:1234/");
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("provided redirect URI should start with \"http\", not \"https\""));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithJustExtAuthzUrl() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", "https://some.ext.idp.com/authz", null, "http://localhost:1234/");
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("Error during OAuth Authorization Code authentication: For OAUTH_AUTHORIZATION_CODE authentication with external IdP, both oauthAuthorizationUrl and oauthTokenRequestUrl must be specified"));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithJustExtTokenUrl() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", null, "https://some.ext.idp.com/token", "http://localhost:1234/");
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("Error during OAuth Authorization Code authentication: For OAUTH_AUTHORIZATION_CODE authentication with external IdP, both oauthAuthorizationUrl and oauthTokenRequestUrl must be specified"));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithInvalidAuthzUrl() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", "invalid/url/format", "https://some.ext.idp.com/token", "http://localhost:1234/");
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("Error during OAuth Authorization Code authentication: OAuth authorization URL and token URL must be specified in proper format; oauthAuthorizationUrl=invalid/url/format oauthTokenRequestUrl=https://some.ext.idp.com/token"));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithInvalidTokenUrl() {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", "https://some.ext.idp.com/authz", "invalid-token-format", "http://localhost:1234/");
        Assertions.assertTrue(Assertions.assertThrows(SFException.class, () -> {
            this.providerFactory.createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
        }).getMessage().contains("Error during OAuth Authorization Code authentication: OAuth authorization URL and token URL must be specified in proper format; oauthAuthorizationUrl=https://some.ext.idp.com/authz oauthTokenRequestUrl=invalid-token-format"));
    }

    @Test
    public void shouldFailToCreateAuthzCodeAccessTokenProviderWithDifferentUrlDomains() throws SFException {
        SFLoginInput createLoginInputStub = createLoginInputStub("123", "123", "https://malicious.ext.idp.com/authz-url", "https://some.ext.idp.com/token-url", "http://localhost:1234/");
        SFLogger sFLogger = (SFLogger) Mockito.mock(SFLogger.class);
        MockedStatic mockStatic = Mockito.mockStatic(SFLoggerFactory.class);
        try {
            mockStatic.when(() -> {
                SFLoggerFactory.getLogger(OAuthAccessTokenProviderFactory.class);
            }).thenReturn(sFLogger);
            new OAuthAccessTokenProviderFactory((SessionUtilExternalBrowser.AuthExternalBrowserHandlers) null, 30L).createAccessTokenProvider(AuthenticatorType.OAUTH_AUTHORIZATION_CODE, createLoginInputStub);
            ((SFLogger) Mockito.verify(sFLogger)).warn("Both oauthAuthorizationUrl and oauthTokenRequestUrl should belong to the same host; oauthAuthorizationUrl=https://malicious.ext.idp.com/authz-url oauthTokenRequestUrl=https://some.ext.idp.com/token-url", new Object[0]);
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private SFLoginInput createLoginInputStub(String str, String str2, String str3, String str4, String str5) {
        SFLoginInput sFLoginInput = new SFLoginInput();
        sFLoginInput.setOauthLoginInput(new SFOauthLoginInput(str, str2, str5, str3, str4, (String) null));
        return sFLoginInput;
    }
}
