package com.google.auth.oauth2;

import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.IdentityPoolCredentials;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/google/auth/oauth2/IdentityPoolCredentialsTest.class */
class IdentityPoolCredentialsTest {
    private static final Map<String, Object> FILE_CREDENTIAL_SOURCE_MAP = new HashMap<String, Object>() { // from class: com.google.auth.oauth2.IdentityPoolCredentialsTest.1
        {
            put("file", "file");
        }
    };
    private static final IdentityPoolCredentials.IdentityPoolCredentialSource FILE_CREDENTIAL_SOURCE = new IdentityPoolCredentials.IdentityPoolCredentialSource(FILE_CREDENTIAL_SOURCE_MAP);
    private static final String STS_URL = "https://sts.googleapis.com";
    private static final IdentityPoolCredentials FILE_SOURCED_CREDENTIAL = IdentityPoolCredentials.newBuilder().setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience("//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("tokenInfoUrl").setCredentialSource(FILE_CREDENTIAL_SOURCE).build();

    /* loaded from: input_file:com/google/auth/oauth2/IdentityPoolCredentialsTest$MockExternalAccountCredentialsTransportFactory.class */
    static class MockExternalAccountCredentialsTransportFactory implements HttpTransportFactory {
        MockExternalAccountCredentialsTransport transport = new MockExternalAccountCredentialsTransport();

        public HttpTransport create() {
            return this.transport;
        }
    }

    IdentityPoolCredentialsTest() {
    }

    @Test
    void createdScoped_clonedCredentialWithAddedScopes() {
        IdentityPoolCredentials build = IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").setQuotaProjectId("quotaProjectId").setClientId("clientId").setClientSecret("clientSecret").build();
        List asList = Arrays.asList("scope1", "scope2");
        IdentityPoolCredentials createScoped = build.createScoped(asList);
        Assertions.assertEquals(build.getAudience(), createScoped.getAudience());
        Assertions.assertEquals(build.getSubjectTokenType(), createScoped.getSubjectTokenType());
        Assertions.assertEquals(build.getTokenUrl(), createScoped.getTokenUrl());
        Assertions.assertEquals(build.getTokenInfoUrl(), createScoped.getTokenInfoUrl());
        Assertions.assertEquals(build.getServiceAccountImpersonationUrl(), createScoped.getServiceAccountImpersonationUrl());
        Assertions.assertEquals(build.getCredentialSource(), createScoped.getCredentialSource());
        Assertions.assertEquals(asList, createScoped.getScopes());
        Assertions.assertEquals(build.getQuotaProjectId(), createScoped.getQuotaProjectId());
        Assertions.assertEquals(build.getClientId(), createScoped.getClientId());
        Assertions.assertEquals(build.getClientSecret(), createScoped.getClientSecret());
    }

    @Test
    void retrieveSubjectToken_fileSourced() throws IOException {
        File createTempFile = File.createTempFile("RETRIEVE_SUBJECT_TOKEN", null, null);
        createTempFile.deleteOnExit();
        OAuth2Utils.writeInputStreamToFile(new ByteArrayInputStream("credential".getBytes(StandardCharsets.UTF_8)), createTempFile.getAbsolutePath());
        HashMap hashMap = new HashMap();
        hashMap.put("file", createTempFile.getAbsolutePath());
        Assertions.assertEquals("credential", IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setCredentialSource(new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap)).build().retrieveSubjectToken());
    }

    @Test
    void retrieveSubjectToken_fileSourcedWithJsonFormat() throws IOException {
        File createTempFile = File.createTempFile("RETRIEVE_SUBJECT_TOKEN", null, null);
        createTempFile.deleteOnExit();
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        mockExternalAccountCredentialsTransportFactory.transport.setMetadataServerContentType("json");
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("type", "json");
        hashMap2.put("subject_token_field_name", "subjectToken");
        hashMap.put("file", createTempFile.getAbsolutePath());
        hashMap.put("format", hashMap2);
        IdentityPoolCredentials.IdentityPoolCredentialSource identityPoolCredentialSource = new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap);
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(OAuth2Utils.JSON_FACTORY);
        genericJson.put("subjectToken", "subjectToken");
        OAuth2Utils.writeInputStreamToFile(new ByteArrayInputStream(genericJson.toString().getBytes(StandardCharsets.UTF_8)), createTempFile.getAbsolutePath());
        Assertions.assertEquals("subjectToken", IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(identityPoolCredentialSource).build().retrieveSubjectToken());
    }

    @Test
    void retrieveSubjectToken_fileSourcedWithNullFormat_throws() throws IOException {
        File createTempFile = File.createTempFile("RETRIEVE_SUBJECT_TOKEN", null, null);
        createTempFile.deleteOnExit();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("type", null);
        hashMap.put("file", createTempFile.getAbsolutePath());
        hashMap.put("format", hashMap2);
        Assertions.assertEquals("Invalid credential source format type: null.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap);
        }, "Exception should be thrown due to null format.")).getMessage());
    }

    @Test
    void retrieveSubjectToken_noFile_throws() {
        HashMap hashMap = new HashMap();
        hashMap.put("file", "badPath");
        IdentityPoolCredentials build = IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setCredentialSource(new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap)).build();
        build.getClass();
        Assertions.assertEquals(String.format("Invalid credential location. The file at %s does not exist.", "badPath"), ((IOException) Assertions.assertThrows(IOException.class, build::retrieveSubjectToken, "Exception should be thrown.")).getMessage());
    }

    @Test
    void retrieveSubjectToken_urlSourced() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        Assertions.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getSubjectToken(), IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(buildUrlBasedCredentialSource(mockExternalAccountCredentialsTransportFactory.transport.getMetadataUrl())).build().retrieveSubjectToken());
    }

    @Test
    void retrieveSubjectToken_urlSourcedWithJsonFormat() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        mockExternalAccountCredentialsTransportFactory.transport.setMetadataServerContentType("json");
        HashMap hashMap = new HashMap();
        hashMap.put("type", "json");
        hashMap.put("subject_token_field_name", "subjectToken");
        Assertions.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getSubjectToken(), IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(buildUrlBasedCredentialSource(mockExternalAccountCredentialsTransportFactory.transport.getMetadataUrl(), hashMap)).build().retrieveSubjectToken());
    }

    @Test
    void retrieveSubjectToken_urlSourcedCredential_throws() {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        IOException iOException = new IOException();
        mockExternalAccountCredentialsTransportFactory.transport.addResponseErrorSequence(iOException);
        IdentityPoolCredentials build = IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(buildUrlBasedCredentialSource(mockExternalAccountCredentialsTransportFactory.transport.getMetadataUrl())).build();
        build.getClass();
        Assertions.assertEquals(String.format("Error getting subject token from metadata server: %s", iOException.getMessage()), ((IOException) Assertions.assertThrows(IOException.class, build::retrieveSubjectToken, "Exception should be thrown.")).getMessage());
    }

    @Test
    void refreshAccessToken_withoutServiceAccountImpersonation() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        Assertions.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getAccessToken(), IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setTokenUrl(mockExternalAccountCredentialsTransportFactory.transport.getStsUrl()).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(buildUrlBasedCredentialSource(mockExternalAccountCredentialsTransportFactory.transport.getMetadataUrl())).build().refreshAccessToken().getTokenValue());
    }

    @Test
    void refreshAccessToken_internalOptionsSet() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        Assertions.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getAccessToken(), IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setWorkforcePoolUserProject("userProject").setAudience("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider").setTokenUrl(mockExternalAccountCredentialsTransportFactory.transport.getStsUrl()).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(buildUrlBasedCredentialSource(mockExternalAccountCredentialsTransportFactory.transport.getMetadataUrl())).build().refreshAccessToken().getTokenValue());
        Map<String, String> parseQuery = TestUtils.parseQuery(mockExternalAccountCredentialsTransportFactory.transport.getRequest().getContentAsString());
        Assertions.assertNotNull(parseQuery.get("options"));
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(OAuth2Utils.JSON_FACTORY);
        genericJson.put("userProject", "userProject");
        Assertions.assertEquals(genericJson.toString(), parseQuery.get("options"));
    }

    @Test
    void refreshAccessToken_withServiceAccountImpersonation() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        mockExternalAccountCredentialsTransportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
        Assertions.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getServiceAccountAccessToken(), IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL).setTokenUrl(mockExternalAccountCredentialsTransportFactory.transport.getStsUrl()).setServiceAccountImpersonationUrl(mockExternalAccountCredentialsTransportFactory.transport.getServiceAccountImpersonationUrl()).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setCredentialSource(buildUrlBasedCredentialSource(mockExternalAccountCredentialsTransportFactory.transport.getMetadataUrl())).build().refreshAccessToken().getTokenValue());
    }

    @Test
    void identityPoolCredentialSource_invalidSourceType() {
        Assertions.assertEquals("Missing credential source file location or URL. At least one must be specified.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new IdentityPoolCredentials.IdentityPoolCredentialSource(new HashMap());
        }, "Exception should be thrown.")).getMessage());
    }

    @Test
    void identityPoolCredentialSource_invalidFormatType() {
        HashMap hashMap = new HashMap();
        hashMap.put("url", "url");
        HashMap hashMap2 = new HashMap();
        hashMap2.put("type", "unsupportedType");
        hashMap.put("format", hashMap2);
        Assertions.assertEquals("Invalid credential source format type: unsupportedType.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap);
        }, "Exception should be thrown.")).getMessage());
    }

    @Test
    void identityPoolCredentialSource_nullFormatType() {
        HashMap hashMap = new HashMap();
        hashMap.put("url", "url");
        HashMap hashMap2 = new HashMap();
        hashMap2.put("type", null);
        hashMap.put("format", hashMap2);
        Assertions.assertEquals("Invalid credential source format type: null.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap);
        }, "Exception should be thrown.")).getMessage());
    }

    @Test
    void identityPoolCredentialSource_subjectTokenFieldNameUnset() {
        HashMap hashMap = new HashMap();
        hashMap.put("url", "url");
        HashMap hashMap2 = new HashMap();
        hashMap2.put("type", "json");
        hashMap.put("format", hashMap2);
        Assertions.assertEquals("When specifying a JSON credential type, the subject_token_field_name must be set.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap);
        }, "Exception should be thrown.")).getMessage());
    }

    @Test
    void builder() {
        List asList = Arrays.asList("scope1", "scope2");
        IdentityPoolCredentials build = IdentityPoolCredentials.newBuilder().setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience("audience").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("tokenInfoUrl").setCredentialSource(FILE_CREDENTIAL_SOURCE).setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").setQuotaProjectId("quotaProjectId").setClientId("clientId").setClientSecret("clientSecret").setScopes(asList).build();
        Assertions.assertEquals("audience", build.getAudience());
        Assertions.assertEquals("subjectTokenType", build.getSubjectTokenType());
        Assertions.assertEquals(build.getTokenUrl(), STS_URL);
        Assertions.assertEquals(build.getTokenInfoUrl(), "tokenInfoUrl");
        Assertions.assertEquals(build.getServiceAccountImpersonationUrl(), "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken");
        Assertions.assertEquals(build.getCredentialSource(), FILE_CREDENTIAL_SOURCE);
        Assertions.assertEquals(build.getQuotaProjectId(), "quotaProjectId");
        Assertions.assertEquals(build.getClientId(), "clientId");
        Assertions.assertEquals(build.getClientSecret(), "clientSecret");
        Assertions.assertEquals(build.getScopes(), asList);
        Assertions.assertEquals(build.getEnvironmentProvider(), SystemEnvironmentProvider.getInstance());
    }

    @Test
    void builder_invalidWorkforceAudiences_throws() {
        for (String str : Arrays.asList("", "//iam.googleapis.com/projects/x23/locations/global/workloadIdentityPools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers", "//iam.googleapis.com/locations/global/workforcePools/", "//iam.googleapis.com/locations//workforcePools/providers", "//iam.googleapis.com/notlocations/global/workforcePools/providers", "//iam.googleapis.com/locations/global/workforce/providers")) {
            Assertions.assertEquals("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                IdentityPoolCredentials.newBuilder().setWorkforcePoolUserProject("workforcePoolUserProject").setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience(str).setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("tokenInfoUrl").setCredentialSource(FILE_CREDENTIAL_SOURCE).setQuotaProjectId("quotaProjectId").build();
            }, "Exception should be thrown.")).getMessage());
        }
    }

    @Test
    void builder_emptyWorkforceUserProjectWithWorkforceAudience_throws() {
        Assertions.assertEquals("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            IdentityPoolCredentials.newBuilder().setWorkforcePoolUserProject("").setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience("//iam.googleapis.com/locations/global/workforcePools/providers/provider").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("tokenInfoUrl").setCredentialSource(FILE_CREDENTIAL_SOURCE).setQuotaProjectId("quotaProjectId").build();
        }, "Exception should be thrown.")).getMessage());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InputStream writeIdentityPoolCredentialsStream(String str, String str2, @Nullable String str3) throws IOException {
        GenericJson genericJson = new GenericJson();
        genericJson.put("audience", "audience");
        genericJson.put("subject_token_type", "subjectTokenType");
        genericJson.put("token_url", str);
        genericJson.put("token_info_url", "tokenInfoUrl");
        genericJson.put("type", "external_account");
        if (str3 != null) {
            genericJson.put("service_account_impersonation_url", str3);
        }
        GenericJson genericJson2 = new GenericJson();
        GenericJson genericJson3 = new GenericJson();
        genericJson3.put("Metadata-Flavor", "Google");
        genericJson2.put("url", str2);
        genericJson2.put("headers", genericJson3);
        genericJson.put("credential_source", genericJson2);
        return TestUtils.jsonToInputStream(genericJson);
    }

    private static IdentityPoolCredentials.IdentityPoolCredentialSource buildUrlBasedCredentialSource(String str) {
        return buildUrlBasedCredentialSource(str, null);
    }

    private static IdentityPoolCredentials.IdentityPoolCredentialSource buildUrlBasedCredentialSource(String str, Map<String, String> map) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("Metadata-Flavor", "Google");
        hashMap.put("url", str);
        hashMap.put("headers", hashMap2);
        hashMap.put("format", map);
        return new IdentityPoolCredentials.IdentityPoolCredentialSource(hashMap);
    }
}
