package net.snowflake.client.core;

import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.snowflake.client.annotations.RunOnLinuxOrMac;
import net.snowflake.client.category.TestTags;
import net.snowflake.client.jdbc.BaseJDBCTest;
import net.snowflake.client.jdbc.SnowflakeUtil;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;
import org.mockito.ArgumentMatchers;
import org.mockito.MockedStatic;
import org.mockito.Mockito;

@Tag(TestTags.CORE)
@Nested
/* loaded from: input_file:net/snowflake/client/core/FileCacheManagerTest.class */
class FileCacheManagerTest extends BaseJDBCTest {
    private static final String CACHE_FILE_NAME = "credential_cache_v1.json.json";
    private static final String CACHE_DIR_PROP = "net.snowflake.jdbc.temporaryCredentialCacheDir";
    private static final String CACHE_DIR_ENV = "SF_TEMPORARY_CREDENTIAL_CACHE_DIR";
    private static final long CACHE_FILE_LOCK_EXPIRATION_IN_SECONDS = 60;
    private FileCacheManager fileCacheManager;
    private File cacheFile;

    FileCacheManagerTest() {
    }

    @BeforeEach
    public void setup() throws IOException {
        this.fileCacheManager = FileCacheManager.builder().setCacheDirectorySystemProperty(CACHE_DIR_PROP).setCacheDirectoryEnvironmentVariable(CACHE_DIR_ENV).setBaseCacheFileName(CACHE_FILE_NAME).setCacheFileLockExpirationInSeconds(CACHE_FILE_LOCK_EXPIRATION_IN_SECONDS).build();
        this.cacheFile = createCacheFile();
    }

    @AfterEach
    public void clean() throws IOException {
        if (Files.exists(this.cacheFile.toPath(), new LinkOption[0])) {
            Files.delete(this.cacheFile.toPath());
        }
        if (Files.exists(this.cacheFile.getParentFile().toPath(), new LinkOption[0])) {
            Files.delete(this.cacheFile.getParentFile().toPath());
        }
    }

    @RunOnLinuxOrMac
    @ParameterizedTest
    @CsvSource({"rwx------,rwx------,false", "rw-------,rwx------,true", "rw-------,rwx--xrwx,true", "r-x------,rwx------,false", "r--------,rwx------,true", "rwxrwx---,rwx------,false", "rwxrw----,rwx------,false", "rwxr-x---,rwx------,false", "rwxr-----,rwx------,false", "rwx-wx---,rwx------,false", "rwx-w----,rwx------,false", "rwx--x---,rwx------,false", "rwx---rwx,rwx------,false", "rwx---rw-,rwx------,false", "rwx---r-x,rwx------,false", "rwx---r--,rwx------,false", "rwx----wx,rwx------,false", "rwx----w-,rwx------,false", "rwx-----x,rwx------,false"})
    public void throwWhenReadCacheFileWithPermissionDifferentThanReadWriteForUserTest(String str, String str2, boolean z) throws IOException {
        this.fileCacheManager.overrideCacheFile(this.cacheFile);
        Files.setPosixFilePermissions(this.cacheFile.toPath(), PosixFilePermissions.fromString(str));
        Files.setPosixFilePermissions(this.cacheFile.getParentFile().toPath(), PosixFilePermissions.fromString(str2));
        if (z) {
            Assertions.assertDoesNotThrow(() -> {
                return this.fileCacheManager.readCacheFile();
            });
        } else {
            Assertions.assertTrue(((SecurityException) Assertions.assertThrows(SecurityException.class, () -> {
                this.fileCacheManager.readCacheFile();
            })).getMessage().contains("is wider than allowed."));
        }
    }

    @RunOnLinuxOrMac
    @Test
    public void throwWhenOverrideCacheFileHasDifferentOwnerThanCurrentUserTest() {
        MockedStatic mockStatic = Mockito.mockStatic(FileUtil.class, Mockito.CALLS_REAL_METHODS);
        try {
            mockStatic.when(() -> {
                FileUtil.getFileOwnerName((Path) ArgumentMatchers.isA(Path.class));
            }).thenReturn("anotherUser");
            Assertions.assertTrue(((SecurityException) Assertions.assertThrows(SecurityException.class, () -> {
                this.fileCacheManager.readCacheFile();
            })).getMessage().contains("The file owner is different than current user"));
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @RunOnLinuxOrMac
    @Test
    public void notThrowForToWidePermissionsWhenOnlyOwnerPermissionsSetFalseTest() throws IOException {
        this.fileCacheManager.setOnlyOwnerPermissions(false);
        Files.setPosixFilePermissions(this.cacheFile.toPath(), PosixFilePermissions.fromString("rwxrwx---"));
        Assertions.assertDoesNotThrow(() -> {
            return this.fileCacheManager.readCacheFile();
        });
    }

    @RunOnLinuxOrMac
    @Test
    public void throwWhenOverrideCacheFileNotFound() {
        Path path = Paths.get(SnowflakeUtil.systemGetProperty("user.home"), ".cache", "snowflake2", "wrongFileName");
        Assertions.assertTrue(((SecurityException) Assertions.assertThrows(SecurityException.class, () -> {
            this.fileCacheManager.overrideCacheFile(path.toFile());
        })).getMessage().contains("Unable to access the file/directory to check the permissions. Error: java.nio.file.NoSuchFileException:"));
    }

    @RunOnLinuxOrMac
    @Test
    public void throwWhenSymlinkAsCache() throws IOException {
        Path createSymlink = createSymlink();
        try {
            Assertions.assertTrue(((SecurityException) Assertions.assertThrows(SecurityException.class, () -> {
                this.fileCacheManager.overrideCacheFile(createSymlink.toFile());
            })).getMessage().contains("Symbolic link is not allowed for file cache"));
            if (Files.exists(createSymlink, new LinkOption[0])) {
                Files.delete(createSymlink);
            }
        } catch (Throwable th) {
            if (Files.exists(createSymlink, new LinkOption[0])) {
                Files.delete(createSymlink);
            }
            throw th;
        }
    }

    private File createCacheFile() {
        Path path = Paths.get(SnowflakeUtil.systemGetProperty("user.home"), ".cache", "snowflake_cache", CACHE_FILE_NAME);
        try {
            if (Files.exists(path, new LinkOption[0])) {
                Files.delete(path);
            }
            if (Files.exists(path.getParent(), new LinkOption[0])) {
                Files.delete(path.getParent());
            }
            if (SnowflakeUtil.isWindows()) {
                Files.createDirectories(path.getParent(), new FileAttribute[0]);
            } else {
                Files.createDirectories(path.getParent(), PosixFilePermissions.asFileAttribute((Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet())));
            }
            if (SnowflakeUtil.isWindows()) {
                Files.createFile(path, new FileAttribute[0]);
            } else {
                Files.createFile(path, PosixFilePermissions.asFileAttribute((Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE}).collect(Collectors.toSet())));
            }
            ObjectNode createObjectNode = StmtUtil.mapper.createObjectNode();
            createObjectNode.put("token", "tokenValue");
            this.fileCacheManager.overrideCacheFile(path.toFile());
            this.fileCacheManager.writeCacheFile(createObjectNode);
            return path.toFile();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private Path createSymlink() throws IOException {
        Path path = Paths.get(this.cacheFile.getParent(), "symlink_credential_cache_v1.json.json");
        if (Files.exists(path, new LinkOption[0])) {
            Files.delete(path);
        }
        return Files.createSymbolicLink(path, this.cacheFile.toPath(), new FileAttribute[0]);
    }

    @Test
    void shouldCreateDirAndFile() {
        String property = System.getProperty("java.io.tmpdir");
        System.setProperty("FILE_CACHE_MANAGER_SHOULD_CREATE_DIR_AND_FILE", property + File.separator + "snowflake-cache-dir");
        FileCacheManager.builder().setOnlyOwnerPermissions(false).setCacheDirectorySystemProperty("FILE_CACHE_MANAGER_SHOULD_CREATE_DIR_AND_FILE").setBaseCacheFileName("cache-file").build();
        Assertions.assertTrue(new File(property).exists());
    }
}
