package com.google.auth.oauth2;

import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.IdentityPoolCredentials;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/google/auth/oauth2/ExternalAccountCredentialsTest.class */
public class ExternalAccountCredentialsTest {
    private static final String STS_URL = "https://sts.googleapis.com";
    private static final Map<String, Object> FILE_CREDENTIAL_SOURCE_MAP = new HashMap<String, Object>() { // from class: com.google.auth.oauth2.ExternalAccountCredentialsTest.1
        {
            put("file", "file");
        }
    };
    private MockExternalAccountCredentialsTransportFactory transportFactory;

    /* loaded from: input_file:com/google/auth/oauth2/ExternalAccountCredentialsTest$MockExternalAccountCredentialsTransportFactory.class */
    static class MockExternalAccountCredentialsTransportFactory implements HttpTransportFactory {
        MockExternalAccountCredentialsTransport transport = new MockExternalAccountCredentialsTransport();

        public HttpTransport create() {
            return this.transport;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/google/auth/oauth2/ExternalAccountCredentialsTest$TestExternalAccountCredentials.class */
    public static class TestExternalAccountCredentials extends ExternalAccountCredentials {

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:com/google/auth/oauth2/ExternalAccountCredentialsTest$TestExternalAccountCredentials$Builder.class */
        public static class Builder extends ExternalAccountCredentials.Builder {
            Builder() {
            }

            /* renamed from: build, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
            public TestExternalAccountCredentials m15build() {
                return new TestExternalAccountCredentials(this);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:com/google/auth/oauth2/ExternalAccountCredentialsTest$TestExternalAccountCredentials$TestCredentialSource.class */
        public static class TestCredentialSource extends IdentityPoolCredentials.IdentityPoolCredentialSource {
            protected TestCredentialSource(Map<String, Object> map) {
                super(map);
            }
        }

        public static Builder newBuilder() {
            return new Builder();
        }

        protected TestExternalAccountCredentials(ExternalAccountCredentials.Builder builder) {
            super(builder);
        }

        public AccessToken refreshAccessToken() {
            return new AccessToken("accessToken", new Date());
        }

        public String retrieveSubjectToken() {
            return "subjectToken";
        }
    }

    @BeforeEach
    void setup() {
        this.transportFactory = new MockExternalAccountCredentialsTransportFactory();
    }

    @Test
    void fromStream_identityPoolCredentials() throws IOException {
        Assertions.assertTrue(ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonIdentityPoolCredential())) instanceof IdentityPoolCredentials);
    }

    @Test
    void fromStream_awsCredentials() throws IOException {
        Assertions.assertTrue(ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonAwsCredential())) instanceof AwsCredentials);
    }

    @Test
    void fromStream_invalidStream_throws() {
        GenericJson buildJsonAwsCredential = buildJsonAwsCredential();
        buildJsonAwsCredential.put("audience", new HashMap());
        Assertions.assertEquals("An invalid input stream was provided.", Assertions.assertThrows(CredentialFormatException.class, () -> {
            ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonAwsCredential));
        }, "Should fail.").getMessage());
    }

    @Test
    void fromStream_nullTransport_throws() {
        Assertions.assertThrows(NullPointerException.class, () -> {
            ExternalAccountCredentials.fromStream(new ByteArrayInputStream("foo".getBytes()), (HttpTransportFactory) null);
        }, "NullPointerException should be thrown.");
    }

    @Test
    void fromStream_nullStream_throws() {
        Assertions.assertThrows(NullPointerException.class, () -> {
            ExternalAccountCredentials.fromStream((InputStream) null, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        }, "NullPointerException should be thrown.");
    }

    @Test
    void fromStream_invalidWorkloadAudience_throws() throws IOException {
        Assertions.assertEquals("An invalid input stream was provided.", Assertions.assertThrows(CredentialFormatException.class, () -> {
            GenericJson buildJsonIdentityPoolWorkforceCredential = buildJsonIdentityPoolWorkforceCredential();
            buildJsonIdentityPoolWorkforceCredential.put("audience", "invalidAudience");
            ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonIdentityPoolWorkforceCredential));
        }, "CredentialFormatException should be thrown.").getMessage());
    }

    @Test
    void fromJson_identityPoolCredentialsWorkload() {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        Assertions.assertTrue(fromJson instanceof IdentityPoolCredentials);
        Assertions.assertEquals("//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider", fromJson.getAudience());
        Assertions.assertEquals("subjectTokenType", fromJson.getSubjectTokenType());
        Assertions.assertEquals(STS_URL, fromJson.getTokenUrl());
        Assertions.assertEquals("tokenInfoUrl", fromJson.getTokenInfoUrl());
        Assertions.assertNotNull(fromJson.getCredentialSource());
    }

    @Test
    void fromJson_identityPoolCredentialsWorkforce() {
        IdentityPoolCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolWorkforceCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        Assertions.assertTrue(fromJson instanceof IdentityPoolCredentials);
        Assertions.assertEquals("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider", fromJson.getAudience());
        Assertions.assertEquals("subjectTokenType", fromJson.getSubjectTokenType());
        Assertions.assertEquals(STS_URL, fromJson.getTokenUrl());
        Assertions.assertEquals("tokenInfoUrl", fromJson.getTokenInfoUrl());
        Assertions.assertEquals("userProject", fromJson.getWorkforcePoolUserProject());
        Assertions.assertNotNull(fromJson.getCredentialSource());
    }

    @Test
    void fromJson_awsCredentials() {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonAwsCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        Assertions.assertTrue(fromJson instanceof AwsCredentials);
        Assertions.assertEquals("audience", fromJson.getAudience());
        Assertions.assertEquals("subjectTokenType", fromJson.getSubjectTokenType());
        Assertions.assertEquals(STS_URL, fromJson.getTokenUrl());
        Assertions.assertEquals("tokenInfoUrl", fromJson.getTokenInfoUrl());
        Assertions.assertNotNull(fromJson.getCredentialSource());
    }

    @Test
    void fromJson_nullJson_throws() {
        Assertions.assertThrows(NullPointerException.class, () -> {
            ExternalAccountCredentials.fromJson((Map) null, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        }, "Exception should be thrown.");
    }

    @Test
    void fromJson_invalidServiceAccountImpersonationUrl_throws() {
        GenericJson buildJsonIdentityPoolCredential = buildJsonIdentityPoolCredential();
        buildJsonIdentityPoolCredential.put("service_account_impersonation_url", "https://iamcredentials.googleapis.com");
        Assertions.assertEquals("Unable to determine target principal from service account impersonation URL.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        }, "Exception should be thrown.")).getMessage());
    }

    @Test
    void fromJson_nullTransport_throws() {
        Assertions.assertThrows(NullPointerException.class, () -> {
            ExternalAccountCredentials.fromJson(new HashMap(), (HttpTransportFactory) null);
        }, "Exception should be thrown.");
    }

    @Test
    void fromJson_invalidWorkforceAudiences_throws() {
        for (String str : Arrays.asList("//iam.googleapis.com/locations/global/workloadIdentityPools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers", "//iam.googleapis.com/locations/global/workforcePools/", "//iam.googleapis.com/locations//workforcePools/providers", "//iam.googleapis.com/notlocations/global/workforcePools/providers", "//iam.googleapis.com/locations/global/workforce/providers")) {
            Assertions.assertEquals("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                GenericJson buildJsonIdentityPoolCredential = buildJsonIdentityPoolCredential();
                buildJsonIdentityPoolCredential.put("audience", str);
                buildJsonIdentityPoolCredential.put("workforce_pool_user_project", "userProject");
                ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
            }, "Exception should be thrown.")).getMessage());
        }
    }

    @Test
    void constructor_builder() {
        HashMap hashMap = new HashMap();
        hashMap.put("file", "file");
        ExternalAccountCredentials build = IdentityPoolCredentials.newBuilder().setHttpTransportFactory(this.transportFactory).setAudience("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("https://tokeninfo.com").setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").setCredentialSource(new TestExternalAccountCredentials.TestCredentialSource(hashMap)).setScopes(Arrays.asList("scope1", "scope2")).setQuotaProjectId("projectId").setClientId("clientId").setClientSecret("clientSecret").setWorkforcePoolUserProject("workforcePoolUserProject").build();
        Assertions.assertEquals("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider", build.getAudience());
        Assertions.assertEquals("subjectTokenType", build.getSubjectTokenType());
        Assertions.assertEquals(STS_URL, build.getTokenUrl());
        Assertions.assertEquals("https://tokeninfo.com", build.getTokenInfoUrl());
        Assertions.assertEquals("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken", build.getServiceAccountImpersonationUrl());
        Assertions.assertEquals(Arrays.asList("scope1", "scope2"), build.getScopes());
        Assertions.assertEquals("projectId", build.getQuotaProjectId());
        Assertions.assertEquals("clientId", build.getClientId());
        Assertions.assertEquals("clientSecret", build.getClientSecret());
        Assertions.assertEquals("workforcePoolUserProject", build.getWorkforcePoolUserProject());
        Assertions.assertNotNull(build.getCredentialSource());
    }

    @Test
    void constructor_builder_invalidTokenUrl() {
        Assertions.assertEquals("The provided token URL is invalid.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new TestExternalAccountCredentials(TestExternalAccountCredentials.newBuilder().setHttpTransportFactory(this.transportFactory).setAudience("audience").setSubjectTokenType("subjectTokenType").setTokenUrl("tokenUrl").setCredentialSource(new TestExternalAccountCredentials.TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)));
        }, "Should have failed since an invalid token URL was passed.")).getMessage());
    }

    @Test
    void constructor_builder_invalidServiceAccountImpersonationUrl() {
        Assertions.assertEquals("The provided token URL is invalid.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            new TestExternalAccountCredentials(TestExternalAccountCredentials.newBuilder().setHttpTransportFactory(this.transportFactory).setAudience("audience").setSubjectTokenType("subjectTokenType").setTokenUrl("tokenUrl").setCredentialSource(new TestExternalAccountCredentials.TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)).setServiceAccountImpersonationUrl("serviceAccountImpersonationUrl"));
        }, "Should have failed since an invalid token URL was passed.")).getMessage());
    }

    @Test
    void constructor_builderWithInvalidWorkforceAudiences_throws() {
        List<String> asList = Arrays.asList("", "//iam.googleapis.com/projects/x23/locations/global/workloadIdentityPools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcepools/pool/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers/provider", "//iam.googleapis.com/locations/global/workforcePools/providers", "//iam.googleapis.com/locations/global/workforcePools/", "//iam.googleapis.com/locations//workforcePools/providers", "//iam.googleapis.com/notlocations/global/workforcePools/providers", "//iam.googleapis.com/locations/global/workforce/providers");
        HashMap hashMap = new HashMap();
        hashMap.put("file", "file");
        for (String str : asList) {
            Assertions.assertEquals("The workforce_pool_user_project parameter should only be provided for a Workforce Pool configuration.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                TestExternalAccountCredentials.newBuilder().setWorkforcePoolUserProject("workforcePoolUserProject").setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience(str).setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setCredentialSource(new TestExternalAccountCredentials.TestCredentialSource(hashMap)).build();
            }, "Exception should be thrown.")).getMessage());
        }
    }

    @Test
    void constructor_builderWithEmptyWorkforceUserProjectAndWorkforceAudience() {
        HashMap hashMap = new HashMap();
        hashMap.put("file", "file");
        TestExternalAccountCredentials.newBuilder().setWorkforcePoolUserProject("").setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience("//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setCredentialSource(new TestExternalAccountCredentials.TestCredentialSource(hashMap)).build();
    }

    @Test
    void exchangeExternalCredentialForAccessToken() throws IOException {
        Assertions.assertEquals(this.transportFactory.transport.getAccessToken(), ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), this.transportFactory).exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build()).getTokenValue());
        Assertions.assertNull(TestUtils.parseQuery(this.transportFactory.transport.getLastRequest().getContentAsString()).get("options"));
    }

    @Test
    void exchangeExternalCredentialForAccessToken_withInternalOptions() throws IOException {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), this.transportFactory);
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(OAuth2Utils.JSON_FACTORY);
        genericJson.put("key", "value");
        Assertions.assertEquals(this.transportFactory.transport.getAccessToken(), fromJson.exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").setInternalOptions(genericJson.toString()).build()).getTokenValue());
        Map<String, String> parseQuery = TestUtils.parseQuery(this.transportFactory.transport.getLastRequest().getContentAsString());
        Assertions.assertNotNull(parseQuery.get("options"));
        Assertions.assertEquals(genericJson.toString(), parseQuery.get("options"));
    }

    @Test
    void exchangeExternalCredentialForAccessToken_workforceCred_expectUserProjectPassedToSts() throws IOException {
        Assertions.assertEquals(this.transportFactory.transport.getAccessToken(), ExternalAccountCredentials.fromJson(buildJsonIdentityPoolWorkforceCredential(), this.transportFactory).exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build()).getTokenValue());
        Map<String, String> parseQuery = TestUtils.parseQuery(this.transportFactory.transport.getLastRequest().getContentAsString());
        GenericJson genericJson = new GenericJson();
        genericJson.setFactory(OAuth2Utils.JSON_FACTORY);
        genericJson.put("userProject", "userProject");
        Assertions.assertEquals(genericJson.toString(), parseQuery.get("options"));
    }

    @Test
    void exchangeExternalCredentialForAccessToken_workforceCredWithInternalOptions_expectOverridden() throws IOException {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolWorkforceCredential(), this.transportFactory);
        GenericJson genericJson = new GenericJson();
        genericJson.put("key", "value");
        Assertions.assertEquals(this.transportFactory.transport.getAccessToken(), fromJson.exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").setInternalOptions(genericJson.toString()).build()).getTokenValue());
        Map<String, String> parseQuery = TestUtils.parseQuery(this.transportFactory.transport.getLastRequest().getContentAsString());
        Assertions.assertNotNull(parseQuery.get("options"));
        Assertions.assertEquals(genericJson.toString(), parseQuery.get("options"));
    }

    @Test
    void exchangeExternalCredentialForAccessToken_withServiceAccountImpersonation() throws IOException {
        this.transportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
        Assertions.assertEquals(this.transportFactory.transport.getServiceAccountAccessToken(), ExternalAccountCredentials.fromStream(IdentityPoolCredentialsTest.writeIdentityPoolCredentialsStream(this.transportFactory.transport.getStsUrl(), this.transportFactory.transport.getMetadataUrl(), this.transportFactory.transport.getServiceAccountImpersonationUrl()), this.transportFactory).exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build()).getTokenValue());
    }

    @Test
    void exchangeExternalCredentialForAccessToken_throws() throws IOException {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), this.transportFactory);
        this.transportFactory.transport.addResponseErrorSequence(TestUtils.buildHttpResponseException("invalidRequest", "errorDescription", "errorUri"));
        StsTokenExchangeRequest build = StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build();
        OAuthException assertThrows = Assertions.assertThrows(OAuthException.class, () -> {
            fromJson.exchangeExternalCredentialForAccessToken(build);
        }, "Exception should be thrown.");
        Assertions.assertEquals("invalidRequest", assertThrows.getErrorCode());
        Assertions.assertEquals("errorDescription", assertThrows.getErrorDescription());
        Assertions.assertEquals("errorUri", assertThrows.getErrorUri());
    }

    @Test
    void getRequestMetadata_withQuotaProjectId() throws IOException {
        Assertions.assertEquals("quotaProjectId", ((List) ((TestExternalAccountCredentials) TestExternalAccountCredentials.newBuilder().setHttpTransportFactory(this.transportFactory).setAudience("audience").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setCredentialSource(new TestExternalAccountCredentials.TestCredentialSource(FILE_CREDENTIAL_SOURCE_MAP)).setQuotaProjectId("quotaProjectId").build()).getRequestMetadata(URI.create("http://googleapis.com/foo/bar")).get("x-goog-user-project")).get(0));
    }

    @Test
    void validateTokenUrl_validUrls() {
        for (String str : Arrays.asList(STS_URL, "https://us-east-1.sts.googleapis.com", "https://US-EAST-1.sts.googleapis.com", "https://sts.us-east-1.googleapis.com", "https://sts.US-WEST-1.googleapis.com", "https://us-east-1-sts.googleapis.com", "https://US-WEST-1-sts.googleapis.com", "https://us-west-1-sts.googleapis.com/path?query")) {
            ExternalAccountCredentials.validateTokenUrl(str);
            ExternalAccountCredentials.validateTokenUrl(str.toUpperCase(Locale.US));
        }
    }

    @Test
    void validateTokenUrl_invalidUrls() {
        for (String str : Arrays.asList("https://iamcredentials.googleapis.com", "sts.googleapis.com", "https://", "http://sts.googleapis.com", "https://st.s.googleapis.com", "https://us-eas\\t-1.sts.googleapis.com", "https:/us-east-1.sts.googleapis.com", "https://US-WE/ST-1-sts.googleapis.com", "https://sts-us-east-1.googleapis.com", "https://sts-US-WEST-1.googleapis.com", "testhttps://us-east-1.sts.googleapis.com", "https://us-east-1.sts.googleapis.comevil.com", "https://us-east-1.us-east-1.sts.googleapis.com", "https://us-ea.s.t.sts.googleapis.com", "https://sts.googleapis.comevil.com", "hhttps://us-east-1.sts.googleapis.com", "https://us- -1.sts.googleapis.com", "https://-sts.googleapis.com", "https://us-east-1.sts.googleapis.com.evil.com")) {
            Assertions.assertEquals("The provided token URL is invalid.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                ExternalAccountCredentials.validateTokenUrl(str);
            }, "Should have failed since an invalid URL was passed.")).getMessage());
        }
    }

    @Test
    void validateServiceAccountImpersonationUrls_validUrls() {
        for (String str : Arrays.asList("https://iamcredentials.googleapis.com", "https://us-east-1.iamcredentials.googleapis.com", "https://US-EAST-1.iamcredentials.googleapis.com", "https://iamcredentials.us-east-1.googleapis.com", "https://iamcredentials.US-WEST-1.googleapis.com", "https://us-east-1-iamcredentials.googleapis.com", "https://US-WEST-1-iamcredentials.googleapis.com", "https://us-west-1-iamcredentials.googleapis.com/path?query")) {
            ExternalAccountCredentials.validateServiceAccountImpersonationInfoUrl(str);
            ExternalAccountCredentials.validateServiceAccountImpersonationInfoUrl(str.toUpperCase(Locale.US));
        }
    }

    @Test
    void validateServiceAccountImpersonationUrls_invalidUrls() {
        for (String str : Arrays.asList(STS_URL, "iamcredentials.googleapis.com", "https://", "http://iamcredentials.googleapis.com", "https://iamcre.dentials.googleapis.com", "https://us-eas\t-1.iamcredentials.googleapis.com", "https:/us-east-1.iamcredentials.googleapis.com", "https://US-WE/ST-1-iamcredentials.googleapis.com", "https://iamcredentials-us-east-1.googleapis.com", "https://iamcredentials-US-WEST-1.googleapis.com", "testhttps://us-east-1.iamcredentials.googleapis.com", "https://us-east-1.iamcredentials.googleapis.comevil.com", "https://us-east-1.us-east-1.iamcredentials.googleapis.com", "https://us-ea.s.t.iamcredentials.googleapis.com", "https://iamcredentials.googleapis.comevil.com", "hhttps://us-east-1.iamcredentials.googleapis.com", "https://us- -1.iamcredentials.googleapis.com", "https://-iamcredentials.googleapis.com", "https://us-east-1.iamcredentials.googleapis.com.evil.com")) {
            Assertions.assertEquals("The provided service account impersonation URL is invalid.", ((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
                ExternalAccountCredentials.validateServiceAccountImpersonationInfoUrl(str);
            }, "Should have failed since an invalid URL was passed.")).getMessage());
        }
    }

    private GenericJson buildJsonIdentityPoolCredential() {
        GenericJson genericJson = new GenericJson();
        genericJson.put("audience", "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider");
        genericJson.put("subject_token_type", "subjectTokenType");
        genericJson.put("token_url", STS_URL);
        genericJson.put("token_info_url", "tokenInfoUrl");
        HashMap hashMap = new HashMap();
        hashMap.put("file", "file");
        genericJson.put("credential_source", hashMap);
        return genericJson;
    }

    private GenericJson buildJsonIdentityPoolWorkforceCredential() {
        GenericJson buildJsonIdentityPoolCredential = buildJsonIdentityPoolCredential();
        buildJsonIdentityPoolCredential.put("audience", "//iam.googleapis.com/locations/global/workforcePools/pool/providers/provider");
        buildJsonIdentityPoolCredential.put("workforce_pool_user_project", "userProject");
        return buildJsonIdentityPoolCredential;
    }

    private GenericJson buildJsonAwsCredential() {
        GenericJson genericJson = new GenericJson();
        genericJson.put("audience", "audience");
        genericJson.put("subject_token_type", "subjectTokenType");
        genericJson.put("token_url", STS_URL);
        genericJson.put("token_info_url", "tokenInfoUrl");
        HashMap hashMap = new HashMap();
        hashMap.put("environment_id", "aws1");
        hashMap.put("region_url", "regionUrl");
        hashMap.put("url", "url");
        hashMap.put("regional_cred_verification_url", "regionalCredVerificationUrl");
        genericJson.put("credential_source", hashMap);
        return genericJson;
    }
}
