package net.snowflake.client.core.auth.wif;

import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/* loaded from: input_file:net/snowflake/client/core/auth/wif/AwsIdentityAttestationCreatorTest.class */
public class AwsIdentityAttestationCreatorTest {
    @Test
    public void shouldReturnNullWhenNoCredentialsFound() {
        AwsAttestationService awsAttestationService = (AwsAttestationService) Mockito.mock(AwsAttestationService.class);
        Mockito.when(awsAttestationService.getAWSCredentials()).thenReturn((Object) null);
        Mockito.when(awsAttestationService.getAWSRegion()).thenReturn("us-east-1");
        Mockito.when(awsAttestationService.getArn()).thenReturn("arn:aws:attestation:abc");
        Assertions.assertNull(new AwsIdentityAttestationCreator(awsAttestationService).createAttestation());
    }

    @Test
    public void shouldReturnNullWhenNoRegion() {
        AwsAttestationService awsAttestationService = (AwsAttestationService) Mockito.mock(AwsAttestationService.class);
        Mockito.when(awsAttestationService.getAWSCredentials()).thenReturn(new BasicAWSCredentials("abc", "abc"));
        Mockito.when(awsAttestationService.getAWSRegion()).thenReturn((Object) null);
        Mockito.when(awsAttestationService.getArn()).thenReturn("arn:aws:attestation:abc");
        Assertions.assertNull(new AwsIdentityAttestationCreator(awsAttestationService).createAttestation());
    }

    @Test
    public void shouldReturnNullWhenNoCallerIdentity() {
        AwsAttestationService awsAttestationService = (AwsAttestationService) Mockito.mock(AwsAttestationService.class);
        Mockito.when(awsAttestationService.getAWSCredentials()).thenReturn(new BasicSessionCredentials("abc", "abc", "aws-session-token"));
        Mockito.when(awsAttestationService.getAWSRegion()).thenReturn("eu-west-1");
        Mockito.when(awsAttestationService.getArn()).thenReturn((Object) null);
        Assertions.assertNull(new AwsIdentityAttestationCreator(awsAttestationService).createAttestation());
    }

    @Test
    public void shouldReturnProperAttestationWithSignedRequestCredential() throws JsonProcessingException {
        AwsAttestationService awsAttestationService = (AwsAttestationService) Mockito.spy(AwsAttestationService.class);
        ((AwsAttestationService) Mockito.doReturn(new BasicSessionCredentials("abc", "abc", "aws-session-token")).when(awsAttestationService)).getAWSCredentials();
        ((AwsAttestationService) Mockito.doReturn("eu-west-1").when(awsAttestationService)).getAWSRegion();
        ((AwsAttestationService) Mockito.doReturn("arn:aws:attestation:abc").when(awsAttestationService)).getArn();
        WorkloadIdentityAttestation createAttestation = new AwsIdentityAttestationCreator(awsAttestationService).createAttestation();
        Assertions.assertNotNull(createAttestation);
        Assertions.assertEquals(WorkloadIdentityProviderType.AWS, createAttestation.getProvider());
        Assertions.assertEquals("arn:aws:attestation:abc", createAttestation.getUserIdentifierComponents().get("arn"));
        Assertions.assertNotNull(createAttestation.getCredential());
        Map map = (Map) new ObjectMapper().readValue(new String(Base64.getDecoder().decode(createAttestation.getCredential())), HashMap.class);
        Assertions.assertEquals(3, map.size());
        Assertions.assertEquals("https://sts.eu-west-1.amazonaws.com/?Action=GetCallerIdentity&Version=2011-06-15", map.get("url"));
        Assertions.assertEquals("POST", map.get("method"));
        Assertions.assertNotNull(map.get("headers"));
        Map map2 = (Map) map.get("headers");
        Assertions.assertEquals(5, map2.size());
        Assertions.assertEquals("sts.eu-west-1.amazonaws.com", map2.get("Host"));
        Assertions.assertEquals("snowflakecomputing.com", map2.get("X-Snowflake-Audience"));
        Assertions.assertNotNull(map2.get("X-Amz-Date"));
        Assertions.assertTrue(((String) map2.get("Authorization")).matches("^AWS4-HMAC-SHA256 Credential=.*"));
        Assertions.assertEquals("aws-session-token", map2.get("X-Amz-Security-Token"));
    }
}
