package net.snowflake.client.core;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
import javax.net.ssl.SSLHandshakeException;
import net.snowflake.client.SystemPropertyOverrider;
import net.snowflake.client.category.TestTags;
import net.snowflake.client.jdbc.BaseJDBCTest;
import net.snowflake.client.jdbc.SnowflakeConnectionV1;
import net.snowflake.client.jdbc.telemetryOOB.TelemetryService;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.awaitility.Awaitility;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.AnyOf;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.extension.ExtensionContext;
import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.ArgumentsProvider;
import org.junit.jupiter.params.provider.ArgumentsSource;
import org.junit.jupiter.params.provider.CsvSource;

@Tag(TestTags.CORE)
/* loaded from: input_file:net/snowflake/client/core/SFTrustManagerIT.class */
public class SFTrustManagerIT extends BaseJDBCTest {
    private static final SFLogger logger = SFLoggerFactory.getLogger(SFTrustManagerIT.class);
    private boolean defaultState;

    @TempDir
    File tmpFolder;

    /* loaded from: input_file:net/snowflake/client/core/SFTrustManagerIT$HostProvider.class */
    private static class HostProvider implements ArgumentsProvider {
        private HostProvider() {
        }

        public Stream<? extends Arguments> provideArguments(ExtensionContext extensionContext) throws Exception {
            return Stream.of((Object[]) new Arguments[]{Arguments.of(new Object[]{"ocspssd.us-east-1.snowflakecomputing.com/ocsp/fetch"}), Arguments.of(new Object[]{"sfcsupport.snowflakecomputing.com"}), Arguments.of(new Object[]{"sfcsupport.us-east-1.snowflakecomputing.com"}), Arguments.of(new Object[]{"sfcsupport.eu-central-1.snowflakecomputing.com"}), Arguments.of(new Object[]{"sfc-dev1-regression.s3.amazonaws.com"}), Arguments.of(new Object[]{"sfc-ds2-customer-stage.s3.amazonaws.com"}), Arguments.of(new Object[]{"snowflake.okta.com"}), Arguments.of(new Object[]{"sfcdev2.blob.core.windows.net"})});
        }
    }

    @BeforeEach
    public void setUp() {
        TelemetryService telemetryService = TelemetryService.getInstance();
        telemetryService.updateContextForIT(getConnectionParameters());
        this.defaultState = telemetryService.isEnabled();
        telemetryService.setNumOfRetryToTriggerTelemetry(3);
        TelemetryService.enable();
    }

    @AfterEach
    public void tearDown() throws InterruptedException {
        TelemetryService.getInstance();
        TimeUnit.SECONDS.sleep(5L);
        if (this.defaultState) {
            TelemetryService.enable();
        } else {
            TelemetryService.disable();
        }
        System.clearProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED");
        System.clearProperty("SF_OCSP_RESPONSE_CACHE_SERVER_URL");
    }

    @ArgumentsSource(HostProvider.class)
    @ParameterizedTest
    public void testOcsp(String str) throws Throwable {
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.TRUE.toString());
        SFTrustManager.setOCSPResponseCacheServerURL(String.format("http://%s", str));
        accessHost(str, HttpUtil.buildHttpClient(new HttpClientSettingsKey(OCSPMode.FAIL_CLOSED), (File) null, false));
    }

    @ArgumentsSource(HostProvider.class)
    @ParameterizedTest
    public void testOcspWithFileCache(String str) throws Throwable {
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        File file = new File(this.tmpFolder, "ocsp-cache");
        file.createNewFile();
        accessHost(str, HttpUtil.buildHttpClient(new HttpClientSettingsKey(OCSPMode.FAIL_CLOSED), file, false));
    }

    @ArgumentsSource(HostProvider.class)
    @ParameterizedTest
    public void testOcspWithServerCache(String str) throws Throwable {
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.TRUE.toString());
        File file = new File(this.tmpFolder, "ocsp-cache");
        file.createNewFile();
        accessHost(str, HttpUtil.buildHttpClient(new HttpClientSettingsKey(OCSPMode.FAIL_CLOSED), file, false));
    }

    @ArgumentsSource(HostProvider.class)
    @ParameterizedTest
    public void testOcspWithoutServerCache(String str) throws Throwable {
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        File file = new File(this.tmpFolder, "ocsp-cache");
        file.createNewFile();
        accessHost(str, HttpUtil.buildHttpClient(new HttpClientSettingsKey(OCSPMode.FAIL_OPEN), file, false));
    }

    @ArgumentsSource(HostProvider.class)
    @ParameterizedTest
    public void testInvalidCacheFile(String str) throws Throwable {
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.TRUE.toString());
        accessHost(str, HttpUtil.buildHttpClient(new HttpClientSettingsKey(OCSPMode.FAIL_CLOSED), new File("NEVER_EXISTS", "NEVER_EXISTS"), false));
    }

    private static void accessHost(String str, HttpClient httpClient) throws IOException, InterruptedException {
        HttpResponse executeWithRetries = executeWithRetries(str, httpClient);
        Awaitility.await().atMost(Duration.ofSeconds(10L)).until(() -> {
            return Integer.valueOf(executeWithRetries.getStatusLine().getStatusCode());
        }, CoreMatchers.not(CoreMatchers.equalTo(-1)));
        MatcherAssert.assertThat(String.format("response code for %s", str), Integer.valueOf(executeWithRetries.getStatusLine().getStatusCode()), AnyOf.anyOf(new Matcher[]{CoreMatchers.equalTo(200), CoreMatchers.equalTo(400), CoreMatchers.equalTo(403), CoreMatchers.equalTo(404), CoreMatchers.equalTo(513)}));
    }

    private static HttpResponse executeWithRetries(String str, HttpClient httpClient) throws IOException, InterruptedException {
        int i = str.equals("storage.googleapis.com") ? 5 : 0;
        int i2 = 0;
        HttpGet httpGet = new HttpGet(String.format("https://%s:443/", str));
        while (true) {
            try {
                return httpClient.execute(httpGet);
            } catch (SSLHandshakeException e) {
                logger.warn("SSL handshake failed (host = {}, retries={}}", new Object[]{str, Integer.valueOf(i2), e});
                i2++;
                if (i2 >= i) {
                    throw e;
                }
                Thread.sleep(i2 * 1000);
            }
        }
    }

    private List<X509Certificate> getX509CertificatesFromFile(String str) throws Throwable {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList();
        Iterator<? extends Certificate> it = certificateFactory.generateCertificates(getFile(str)).iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return arrayList;
    }

    private InputStream getFile(String str) throws Throwable {
        URL resource = getClass().getClassLoader().getResource(str);
        if (resource != null) {
            return resource.openStream();
        }
        return null;
    }

    @ParameterizedTest
    @CsvSource({"jdbc:snowflake://someaccount.snowflakecomputing.com:443,http://ocsp.snowflakecomputing.com/ocsp_response_cache.json", "jdbc:snowflake://someaccount.snowflakecomputing.cn:443,http://ocsp.snowflakecomputing.cn/ocsp_response_cache.json"})
    void testOCSPCacheServerUrlWithoutProxy(String str, String str2) throws Exception {
        Properties properties = new Properties();
        properties.setProperty(SFSessionProperty.USER.getPropertyKey(), "testUser");
        properties.setProperty(SFSessionProperty.PASSWORD.getPropertyKey(), "testPassword");
        properties.setProperty(SFSessionProperty.LOGIN_TIMEOUT.getPropertyKey(), "1");
        try {
            new SnowflakeConnectionV1(str, properties);
        } catch (Exception e) {
        }
        Assertions.assertEquals(SFTrustManager.SF_OCSP_RESPONSE_CACHE_SERVER_URL_VALUE, str2);
    }

    @ParameterizedTest
    @CsvSource({"jdbc:snowflake://someaccount.snowflakecomputing.com:443,http://ocsp.snowflakecomputing.com/ocsp_response_cache.json", "jdbc:snowflake://someaccount.snowflakecomputing.cn:443,http://ocsp.snowflakecomputing.cn/ocsp_response_cache.json"})
    void testOCSPCacheServerUrlWithProxy(String str, String str2) {
        SystemPropertyOverrider systemPropertyOverrider = new SystemPropertyOverrider("http.useProxy", "true");
        SystemPropertyOverrider systemPropertyOverrider2 = new SystemPropertyOverrider("http.proxyHost", "localhost");
        SystemPropertyOverrider systemPropertyOverrider3 = new SystemPropertyOverrider("http.proxyPort", "8080");
        try {
            Properties properties = new Properties();
            properties.setProperty(SFSessionProperty.USER.getPropertyKey(), "testUser");
            properties.setProperty(SFSessionProperty.PASSWORD.getPropertyKey(), "testPassword");
            properties.setProperty(SFSessionProperty.LOGIN_TIMEOUT.getPropertyKey(), "1");
            try {
                new SnowflakeConnectionV1(str, properties);
            } catch (Exception e) {
            }
            Assertions.assertEquals(SFTrustManager.SF_OCSP_RESPONSE_CACHE_SERVER_URL_VALUE, str2);
            Arrays.asList(systemPropertyOverrider, systemPropertyOverrider2, systemPropertyOverrider3).forEach((v0) -> {
                v0.rollback();
            });
        } catch (Throwable th) {
            Arrays.asList(systemPropertyOverrider, systemPropertyOverrider2, systemPropertyOverrider3).forEach((v0) -> {
                v0.rollback();
            });
            throw th;
        }
    }

    @BeforeEach
    @AfterEach
    void cleanup() {
        SFTrustManager.SF_OCSP_RESPONSE_CACHE_SERVER_URL_VALUE = null;
    }
}
