package net.snowflake.client.core.auth.wif;

import java.time.Duration;
import net.snowflake.client.category.TestTags;
import net.snowflake.client.core.HttpClientSettingsKey;
import net.snowflake.client.core.OCSPMode;
import net.snowflake.client.core.SFLoginInput;
import net.snowflake.client.jdbc.BaseWiremockTest;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

@Tag(TestTags.AUTHENTICATION)
/* loaded from: input_file:net/snowflake/client/core/auth/wif/AzureIdentityAttestationCreatorLatestIT.class */
public class AzureIdentityAttestationCreatorLatestIT extends BaseWiremockTest {
    private static final String SCENARIOS_BASE_DIR = "/wiremock/mappings/wif/azure";
    private static final String SUCCESSFUL_FLOW_BASIC_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/successful_flow_basic.json";
    private static final String SUCCESSFUL_FLOW_V2_ISSUER_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/successful_flow_v2_issuer.json";
    private static final String SUCCESSFUL_FLOW_AZURE_FUNCTIONS_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/successful_flow_azure_functions.json";
    private static final String SUCCESSFUL_FLOW_AZURE_FUNCTIONS_V2_ISSUER_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/successful_flow_azure_functions_v2_issuer.json";
    private static final String SUCCESSFUL_FLOW_AZURE_FUNCTIONS_NO_CLIENT_ID_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/successful_flow_azure_functions_no_client_id.json";
    private static final String SUCCESSFUL_FLOW_AZURE_FUNCTIONS_CUSTOM_ENTRA_RESOURCE_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/successful_flow_azure_functions_custom_entra_resource.json";
    private static final String INVALID_ISSUER_FLOW_SCENARIO = "/wiremock/mappings/wif/azure/invalid_issuer_flow.json";
    private static final String MISSING_ISSUER_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/missing_issuer_claim.json";
    private static final String MISSING_SUB_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/missing_sub_claim.json";
    private static final String JSON_PARSE_ERROR_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/non_json_response.json";
    private static final String TOKEN_PARSE_ERROR_SCENARIO_MAPPINGS = "/wiremock/mappings/wif/azure/unparsable_token.json";
    private static final String HTTP_ERROR_MAPPINGS = "/wiremock/mappings/wif/azure/http_error.json";

    @Test
    public void successfulFlowBasicScenario() {
        importMappingFromResources(SUCCESSFUL_FLOW_BASIC_SCENARIO_MAPPINGS);
        executeAndAssertCorrectAttestation(createAttestationServiceSpyForBasicFLow(), createLoginInputStub());
    }

    @Test
    public void successfulFlowV2IssuerScenario() {
        importMappingFromResources(SUCCESSFUL_FLOW_V2_ISSUER_SCENARIO_MAPPINGS);
        executeAndAssertCorrectAttestationWithIssuer(createAttestationServiceSpyForBasicFLow(), createLoginInputStub(), "https://login.microsoftonline.com/fa15d692-e9c7-4460-a743-29f29522229/");
    }

    @Test
    public void successfulFlowAzureFunctionsScenario() {
        importMappingFromResources(SUCCESSFUL_FLOW_AZURE_FUNCTIONS_SCENARIO_MAPPINGS);
        SFLoginInput createLoginInputStub = createLoginInputStub();
        AzureAttestationService azureAttestationService = (AzureAttestationService) Mockito.spy(AzureAttestationService.class);
        Mockito.when(azureAttestationService.getIdentityEndpoint()).thenReturn(getBaseUrl() + "metadata/identity/endpoint/from/env");
        Mockito.when(azureAttestationService.getIdentityHeader()).thenReturn("some-identity-header-from-env");
        Mockito.when(azureAttestationService.getClientId()).thenReturn("managed-client-id-from-env");
        executeAndAssertCorrectAttestation(azureAttestationService, createLoginInputStub);
    }

    @Test
    public void successfulFlowAzureFunctionsWithV2IssuerScenario() {
        importMappingFromResources(SUCCESSFUL_FLOW_AZURE_FUNCTIONS_V2_ISSUER_SCENARIO_MAPPINGS);
        SFLoginInput createLoginInputStub = createLoginInputStub();
        AzureAttestationService azureAttestationService = (AzureAttestationService) Mockito.spy(AzureAttestationService.class);
        Mockito.when(azureAttestationService.getIdentityEndpoint()).thenReturn(getBaseUrl() + "metadata/identity/endpoint/from/env");
        Mockito.when(azureAttestationService.getIdentityHeader()).thenReturn("some-identity-header-from-env");
        Mockito.when(azureAttestationService.getClientId()).thenReturn("managed-client-id-from-env");
        executeAndAssertCorrectAttestationWithIssuer(azureAttestationService, createLoginInputStub, "https://login.microsoftonline.com/fa15d692-e9c7-4460-a743-29f29522229/");
    }

    @Test
    public void successfulFlowAzureFunctionsNoClientIdScenario() {
        importMappingFromResources(SUCCESSFUL_FLOW_AZURE_FUNCTIONS_NO_CLIENT_ID_SCENARIO_MAPPINGS);
        SFLoginInput createLoginInputStub = createLoginInputStub();
        AzureAttestationService azureAttestationService = (AzureAttestationService) Mockito.spy(AzureAttestationService.class);
        Mockito.when(azureAttestationService.getIdentityEndpoint()).thenReturn(getBaseUrl() + "metadata/identity/endpoint/from/env");
        Mockito.when(azureAttestationService.getIdentityHeader()).thenReturn("some-identity-header-from-env");
        Mockito.when(azureAttestationService.getClientId()).thenReturn((Object) null);
        executeAndAssertCorrectAttestation(azureAttestationService, createLoginInputStub);
    }

    @Test
    public void successfulFlowAzureFunctionsCustomEntraResourceScenario() {
        importMappingFromResources(SUCCESSFUL_FLOW_AZURE_FUNCTIONS_CUSTOM_ENTRA_RESOURCE_SCENARIO_MAPPINGS);
        SFLoginInput createLoginInputStub = createLoginInputStub();
        createLoginInputStub.setWorkloadIdentityEntraResource("api://1111111-2222-3333-44444-55555555");
        AzureAttestationService azureAttestationService = (AzureAttestationService) Mockito.spy(AzureAttestationService.class);
        Mockito.when(azureAttestationService.getIdentityEndpoint()).thenReturn(getBaseUrl() + "metadata/identity/endpoint/from/env");
        Mockito.when(azureAttestationService.getIdentityHeader()).thenReturn("some-identity-header-from-env");
        Mockito.when(azureAttestationService.getClientId()).thenReturn("managed-client-id-from-env");
        executeAndAssertCorrectAttestation(azureAttestationService, createLoginInputStub);
    }

    @Test
    public void azureFunctionsFlowErrorNoIdentityHeader() {
        SFLoginInput createLoginInputStub = createLoginInputStub();
        AzureAttestationService azureAttestationService = (AzureAttestationService) Mockito.mock(AzureAttestationService.class);
        Mockito.when(azureAttestationService.getIdentityEndpoint()).thenReturn(getBaseUrl() + "metadata/identity/endpoint/from/env");
        Mockito.when(azureAttestationService.getIdentityHeader()).thenReturn((Object) null);
        Mockito.when(azureAttestationService.getClientId()).thenReturn((Object) null);
        executeAndAssertNullAttestation(azureAttestationService, createLoginInputStub);
    }

    @Test
    public void basicFlowErrorInvalidIssuer() {
        executeErrorScenarioAndAssertNullAttestation(INVALID_ISSUER_FLOW_SCENARIO);
    }

    @Test
    public void basicFlowErrorMissingIssuer() {
        executeErrorScenarioAndAssertNullAttestation(MISSING_ISSUER_SCENARIO_MAPPINGS);
    }

    @Test
    public void basicFlowErrorMissingSub() {
        executeErrorScenarioAndAssertNullAttestation(MISSING_SUB_SCENARIO_MAPPINGS);
    }

    @Test
    public void basicFlowErrorUnparsableToken() {
        executeErrorScenarioAndAssertNullAttestation(TOKEN_PARSE_ERROR_SCENARIO_MAPPINGS);
    }

    @Test
    public void basicFlowUnparsableJsonError() {
        executeErrorScenarioAndAssertNullAttestation(JSON_PARSE_ERROR_SCENARIO_MAPPINGS);
    }

    @Test
    public void basicFlowHttpError() {
        executeErrorScenarioAndAssertNullAttestation(HTTP_ERROR_MAPPINGS);
    }

    private void executeErrorScenarioAndAssertNullAttestation(String str) {
        importMappingFromResources(str);
        executeAndAssertNullAttestation(createAttestationServiceSpyForBasicFLow(), createLoginInputStub());
    }

    private static AzureAttestationService createAttestationServiceSpyForBasicFLow() {
        AzureAttestationService azureAttestationService = (AzureAttestationService) Mockito.spy(AzureAttestationService.class);
        Mockito.when(azureAttestationService.getIdentityEndpoint()).thenReturn((Object) null);
        Mockito.when(azureAttestationService.getIdentityHeader()).thenReturn((Object) null);
        Mockito.when(azureAttestationService.getClientId()).thenReturn((Object) null);
        return azureAttestationService;
    }

    private void executeAndAssertCorrectAttestation(AzureAttestationService azureAttestationService, SFLoginInput sFLoginInput) {
        executeAndAssertCorrectAttestationWithIssuer(azureAttestationService, sFLoginInput, "https://sts.windows.net/fa15d692-e9c7-4460-a743-29f29522229/");
    }

    private void executeAndAssertCorrectAttestationWithIssuer(AzureAttestationService azureAttestationService, SFLoginInput sFLoginInput, String str) {
        WorkloadIdentityAttestation createAttestation = new AzureIdentityAttestationCreator(azureAttestationService, sFLoginInput, getBaseUrl()).createAttestation();
        Assertions.assertNotNull(createAttestation);
        Assertions.assertEquals(WorkloadIdentityProviderType.AZURE, createAttestation.getProvider());
        Assertions.assertEquals("77213E30-E8CB-4595-B1B6-5F050E8308FD", createAttestation.getUserIdentifierComponents().get("sub"));
        Assertions.assertEquals(str, createAttestation.getUserIdentifierComponents().get("iss"));
        Assertions.assertNotNull(createAttestation.getCredential());
    }

    private void executeAndAssertNullAttestation(AzureAttestationService azureAttestationService, SFLoginInput sFLoginInput) {
        Assertions.assertNull(new AzureIdentityAttestationCreator(azureAttestationService, sFLoginInput, getBaseUrl()).createAttestation());
    }

    private String getBaseUrl() {
        return String.format("http://%s:%d/", "localhost", Integer.valueOf(wiremockHttpPort));
    }

    private SFLoginInput createLoginInputStub() {
        SFLoginInput sFLoginInput = new SFLoginInput();
        sFLoginInput.setSocketTimeout(Duration.ofMinutes(5L));
        sFLoginInput.setHttpClientSettingsKey(new HttpClientSettingsKey(OCSPMode.FAIL_OPEN));
        return sFLoginInput;
    }
}
