package com.google.auth.oauth2.functional;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdToken;
import com.google.auth.oauth2.IdTokenCredentials;
import java.io.IOException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/google/auth/oauth2/functional/FTServiceAccountCredentialsTest.class */
class FTServiceAccountCredentialsTest {
    private final String cloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform";
    private final String cloudTasksUrl = "https://cloudtasks.googleapis.com/v2/projects/gcloud-devel/locations";
    private final String storageUrl = "https://storage.googleapis.com/storage/v1/b?project=gcloud-devel";
    private final String bigQueryUrl = "https://bigquery.googleapis.com/bigquery/v2/projects/gcloud-devel/datasets";
    private final String computeUrl = "https://compute.googleapis.com/compute/v1/projects/gcloud-devel/zones/us-central1-a/instances";

    FTServiceAccountCredentialsTest() {
    }

    @Test
    void NoScopeNoAudienceComputeTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithoutScope("https://compute.googleapis.com/compute/v1/projects/gcloud-devel/zones/us-central1-a/instances").getStatusCode());
    }

    @Test
    void NoScopeNoAudienceBigQueryTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithoutScope("https://bigquery.googleapis.com/bigquery/v2/projects/gcloud-devel/datasets").getStatusCode());
    }

    @Test
    void NoScopeNoAudienceOnePlatformTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithoutScope("https://cloudtasks.googleapis.com/v2/projects/gcloud-devel/locations").getStatusCode());
    }

    @Test
    void AudienceSetNoScopeTest() throws Exception {
        IdTokenCredentials build = IdTokenCredentials.newBuilder().setIdTokenProvider(GoogleCredentials.getApplicationDefault()).setTargetAudience("https://cloudtasks.googleapis.com/v2/projects/gcloud-devel/locations").build();
        Assertions.assertNull(build.getIdToken());
        build.refresh();
        IdToken idToken = build.getIdToken();
        Assertions.assertNotNull(idToken);
        Assertions.assertTrue(idToken.getExpirationTime().getTime() > System.currentTimeMillis());
        JsonWebSignature parse = JsonWebSignature.parse(GsonFactory.getDefaultInstance(), idToken.getTokenValue());
        Assertions.assertEquals("https://cloudtasks.googleapis.com/v2/projects/gcloud-devel/locations", parse.getPayload().get("aud"));
        Assertions.assertEquals("https://accounts.google.com", parse.getPayload().get("iss"));
    }

    @Test
    void ScopeSetNoAudienceStorageTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithScope("https://storage.googleapis.com/storage/v1/b?project=gcloud-devel", "https://www.googleapis.com/auth/cloud-platform").getStatusCode());
    }

    @Test
    void ScopeSetNoAudienceComputeTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithScope("https://compute.googleapis.com/compute/v1/projects/gcloud-devel/zones/us-central1-a/instances", "https://www.googleapis.com/auth/cloud-platform").getStatusCode());
    }

    @Test
    void ScopeSetNoAudienceBigQueryTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithScope("https://bigquery.googleapis.com/bigquery/v2/projects/gcloud-devel/datasets", "https://www.googleapis.com/auth/cloud-platform").getStatusCode());
    }

    @Test
    void ScopeSetNoAudienceOnePlatformTest() throws Exception {
        Assertions.assertEquals(200, executeRequestWithCredentialsWithScope("https://cloudtasks.googleapis.com/v2/projects/gcloud-devel/locations", "https://www.googleapis.com/auth/cloud-platform").getStatusCode());
    }

    @Test
    void WrongScopeComputeTest() throws Exception {
        executeRequestWrongScope("https://compute.googleapis.com/compute/v1/projects/gcloud-devel/zones/us-central1-a/instances");
    }

    @Test
    void WrongScopeStorageTest() throws Exception {
        executeRequestWrongScope("https://storage.googleapis.com/storage/v1/b?project=gcloud-devel");
    }

    @Test
    void WrongScopeBigQueryTest() throws Exception {
        executeRequestWrongScope("https://bigquery.googleapis.com/bigquery/v2/projects/gcloud-devel/datasets");
    }

    @Test
    void WrongScopeOnePlatformTest() throws Exception {
        executeRequestWrongScope("https://cloudtasks.googleapis.com/v2/projects/gcloud-devel/locations");
    }

    private void executeRequestWrongScope(String str) {
        Assertions.assertTrue(((IOException) Assertions.assertThrows(IOException.class, () -> {
            executeRequestWithCredentialsWithScope(str, "https://www.googleapis.com/auth/adexchange.buyer");
        }, "Should throw exception: 403 Forbidden")).getMessage().contains("403 Forbidden"));
    }

    private HttpResponse executeRequestWithCredentialsWithoutScope(String str) throws IOException {
        GoogleCredentials applicationDefault = GoogleCredentials.getApplicationDefault();
        return new NetHttpTransport().createRequestFactory(new HttpCredentialsAdapter(applicationDefault)).buildGetRequest(new GenericUrl(str)).execute();
    }

    private HttpResponse executeRequestWithCredentialsWithScope(String str, String str2) throws IOException {
        return new NetHttpTransport().createRequestFactory(new HttpCredentialsAdapter(GoogleCredentials.getApplicationDefault().createScoped(new String[]{str2}))).buildGetRequest(new GenericUrl(str)).execute();
    }
}
