package com.google.cloud.hadoop.util;

import com.github.stefanbirkner.systemlambda.SystemLambda;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.testing.http.MockHttpTransport;
import com.google.cloud.hadoop.util.CredentialFactory;
import com.google.cloud.hadoop.util.HttpTransportFactory;
import com.google.cloud.hadoop.util.testing.HadoopConfigurationUtils;
import com.google.cloud.hadoop.util.testing.MockHttpTransportHelper;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.io.Resources;
import com.google.common.truth.Truth;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/google/cloud/hadoop/util/HadoopCredentialConfigurationTest.class */
public class HadoopCredentialConfigurationTest {
    private static final Map<String, Object> expectedDefaultConfiguration = new HashMap<String, Object>() { // from class: com.google.cloud.hadoop.util.HadoopCredentialConfigurationTest.1
        {
            put(".auth.access.token.provider.impl", null);
            put(".auth.null.enable", false);
            put(".auth.service.account.email", null);
            put(".service.account.auth.email", null);
            put(".auth.service.account.enable", true);
            put(".enable.service.account.auth", true);
            put(".auth.service.account.json.keyfile", null);
            put(".auth.service.account.keyfile", null);
            put(".service.account.auth.keyfile", null);
            put(".auth.service.account.private.key", null);
            put(".auth.service.account.private.key.id", null);
            put(".token.server.url", "https://oauth2.googleapis.com/token");
            put(".http.transport.type", HttpTransportFactory.HttpTransportType.JAVA_NET);
            put(".proxy.address", null);
            put(".proxy.password", null);
            put(".proxy.username", null);
            put(".auth.impersonation.service.account", null);
            put(".auth.impersonation.service.account.for.user.", ImmutableMap.of());
            put(".auth.impersonation.service.account.for.group.", ImmutableMap.of());
        }
    };
    private static final ImmutableList<String> TEST_SCOPES = ImmutableList.of("scope1", "scope2");
    private Configuration configuration;

    private static String getConfigKey(HadoopConfigurationProperty<?> hadoopConfigurationProperty) {
        return "google.cloud" + hadoopConfigurationProperty.getKey();
    }

    @Before
    public void setUp() {
        this.configuration = new Configuration();
    }

    private CredentialFactory getCredentialFactory() {
        CredentialFactory credentialFactory = HadoopCredentialConfiguration.getCredentialFactory(this.configuration, new String[0]);
        credentialFactory.setTransport(new MockHttpTransport());
        return credentialFactory;
    }

    @Test
    public void nullCredentialsAreCreatedForTesting() throws Exception {
        this.configuration.setBoolean(getConfigKey(HadoopCredentialConfiguration.ENABLE_SERVICE_ACCOUNTS_SUFFIX), false);
        this.configuration.setBoolean(getConfigKey(HadoopCredentialConfiguration.ENABLE_NULL_CREDENTIAL_SUFFIX), true);
        Truth.assertThat(getCredentialFactory().getCredential(TEST_SCOPES)).isNull();
    }

    @Test
    public void exceptionIsThrownForNoServiceAccountEmail() {
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_KEYFILE_SUFFIX), "aFile");
        Truth.assertThat((IllegalArgumentException) Assert.assertThrows(IllegalArgumentException.class, this::getCredentialFactory)).hasMessageThat().isEqualTo("Email must be set if using service account auth and a key file is specified.");
    }

    @Test
    public void exceptionIsThrownForNoCredentialOptions() {
        this.configuration.setBoolean(getConfigKey(HadoopCredentialConfiguration.ENABLE_SERVICE_ACCOUNTS_SUFFIX), false);
        Truth.assertThat((IllegalArgumentException) Assert.assertThrows(IllegalArgumentException.class, this::getCredentialFactory)).hasMessageThat().startsWith("No valid credential configuration discovered:");
    }

    @Test
    public void metadataServiceIsUsedByDefault() throws Exception {
        CredentialFactory.setStaticHttpTransport(MockHttpTransportHelper.mockTransport(new Object[]{MockHttpTransportHelper.jsonDataResponse(new TokenResponse().setAccessToken("metadata-test-token"))}));
        Truth.assertThat(getCredentialFactory().getCredential(TEST_SCOPES).getAccessToken()).isEqualTo("metadata-test-token");
    }

    @Test
    public void applicationDefaultServiceAccountWhenConfigured() throws Exception {
        CredentialFactory credentialFactory = getCredentialFactory();
        CredentialFactory.GoogleCredentialWithRetry googleCredentialWithRetry = (CredentialFactory.GoogleCredentialWithRetry) SystemLambda.withEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", getStringPath("test-credential.json")).execute(() -> {
            return credentialFactory.getCredential(TEST_SCOPES);
        });
        Truth.assertThat(googleCredentialWithRetry.getServiceAccountId()).isEqualTo("test-email@gserviceaccount.com");
        Truth.assertThat(googleCredentialWithRetry.getServiceAccountPrivateKeyId()).isEqualTo("test-key-id");
    }

    @Test
    public void p12KeyFileUsedWhenConfigured() throws Exception {
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_EMAIL_SUFFIX), "foo@example.com");
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_KEYFILE_SUFFIX), getStringPath("test-key.p12"));
        Truth.assertThat(getCredentialFactory().getCredential(TEST_SCOPES).getServiceAccountId()).isEqualTo("foo@example.com");
    }

    @Test
    public void jsonKeyFileUsedWhenConfigured() throws Exception {
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_JSON_KEYFILE_SUFFIX), getStringPath("test-credential.json"));
        CredentialFactory.GoogleCredentialWithRetry credential = getCredentialFactory().getCredential(TEST_SCOPES);
        Truth.assertThat(credential.getServiceAccountId()).isEqualTo("test-email@gserviceaccount.com");
        Truth.assertThat(credential.getServiceAccountPrivateKeyId()).isEqualTo("test-key-id");
    }

    @Test
    public void configurationSAUsedWhenConfigured() throws Exception {
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_EMAIL_SUFFIX), "foo@example.com");
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_PRIVATE_KEY_ID_SUFFIX), "privatekey");
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_PRIVATE_KEY_SUFFIX), Resources.toString(getPath("test-key.txt").toUri().toURL(), StandardCharsets.UTF_8));
        CredentialFactory.GoogleCredentialWithRetry credential = getCredentialFactory().getCredential(TEST_SCOPES);
        Truth.assertThat(credential.getServiceAccountId()).isEqualTo("foo@example.com");
        Truth.assertThat(credential.getServiceAccountPrivateKeyId()).isEqualTo("privatekey");
    }

    @Test
    public void customTokenServerUrl() throws Exception {
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.SERVICE_ACCOUNT_JSON_KEYFILE_SUFFIX), getStringPath("test-credential.json"));
        this.configuration.set(getConfigKey(HadoopCredentialConfiguration.TOKEN_SERVER_URL_SUFFIX), "https://test.oauth.com/token");
        Truth.assertThat(getCredentialFactory().getCredential(TEST_SCOPES).getTokenServerEncodedUrl()).isEqualTo("https://test.oauth.com/token");
    }

    @Test
    public void defaultPropertiesValues() {
        Truth.assertThat(HadoopConfigurationUtils.getDefaultProperties(HadoopCredentialConfiguration.class)).containsExactlyEntriesIn(expectedDefaultConfiguration);
    }

    private static String getStringPath(String str) throws Exception {
        return getPath(str).toString();
    }

    private static Path getPath(String str) throws Exception {
        String file = Resources.getResource(str).getFile();
        return Paths.get((System.getProperty("os.name").toLowerCase().contains("win") && file.startsWith("/")) ? file.substring(1) : file, new String[0]);
    }
}
