package com.google.bigtable.repackaged.com.google.auth.oauth2;

import com.google.bigtable.repackaged.com.google.api.client.http.HttpTransport;
import com.google.bigtable.repackaged.com.google.api.client.json.GenericJson;
import com.google.bigtable.repackaged.com.google.auth.TestUtils;
import com.google.bigtable.repackaged.com.google.auth.http.HttpTransportFactory;
import com.google.bigtable.repackaged.com.google.auth.oauth2.ExternalAccountCredentials;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/google/bigtable/repackaged/com/google/auth/oauth2/ExternalAccountCredentialsTest.class */
public class ExternalAccountCredentialsTest {
    private static final String STS_URL = "https://www.sts.google.com";
    private MockExternalAccountCredentialsTransportFactory transportFactory;

    /* loaded from: input_file:com/google/bigtable/repackaged/com/google/auth/oauth2/ExternalAccountCredentialsTest$MockExternalAccountCredentialsTransportFactory.class */
    static class MockExternalAccountCredentialsTransportFactory implements HttpTransportFactory {
        MockExternalAccountCredentialsTransport transport = new MockExternalAccountCredentialsTransport();

        public HttpTransport create() {
            return this.transport;
        }
    }

    /* loaded from: input_file:com/google/bigtable/repackaged/com/google/auth/oauth2/ExternalAccountCredentialsTest$TestExternalAccountCredentials.class */
    static class TestExternalAccountCredentials extends ExternalAccountCredentials {

        /* loaded from: input_file:com/google/bigtable/repackaged/com/google/auth/oauth2/ExternalAccountCredentialsTest$TestExternalAccountCredentials$TestCredentialSource.class */
        static class TestCredentialSource extends ExternalAccountCredentials.CredentialSource {
            protected TestCredentialSource(Map<String, Object> map) {
                super(map);
            }
        }

        protected TestExternalAccountCredentials(HttpTransportFactory httpTransportFactory, String str, String str2, String str3, ExternalAccountCredentials.CredentialSource credentialSource, @Nullable String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable Collection<String> collection) {
            super(httpTransportFactory, str, str2, str3, credentialSource, str4, str5, str6, str7, str8, collection);
        }

        protected TestExternalAccountCredentials(HttpTransportFactory httpTransportFactory, String str, String str2, String str3, ExternalAccountCredentials.CredentialSource credentialSource, @Nullable String str4, @Nullable String str5, @Nullable String str6, @Nullable String str7, @Nullable String str8, @Nullable Collection<String> collection, @Nullable EnvironmentProvider environmentProvider) {
            super(httpTransportFactory, str, str2, str3, credentialSource, str4, str5, str6, str7, str8, collection, environmentProvider);
        }

        public AccessToken refreshAccessToken() {
            return new AccessToken("accessToken", new Date());
        }

        public String retrieveSubjectToken() {
            return "subjectToken";
        }
    }

    @Before
    public void setup() {
        this.transportFactory = new MockExternalAccountCredentialsTransportFactory();
    }

    @Test
    public void fromStream_identityPoolCredentials() throws IOException {
        Assert.assertTrue(ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonIdentityPoolCredential())) instanceof IdentityPoolCredentials);
    }

    @Test
    public void fromStream_awsCredentials() throws IOException {
        Assert.assertTrue(ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonAwsCredential())) instanceof AwsCredentials);
    }

    @Test
    public void fromStream_invalidStream_throws() throws IOException {
        GenericJson buildJsonAwsCredential = buildJsonAwsCredential();
        buildJsonAwsCredential.put("audience", new HashMap());
        try {
            ExternalAccountCredentials.fromStream(TestUtils.jsonToInputStream(buildJsonAwsCredential));
            Assert.fail("Should fail.");
        } catch (CredentialFormatException e) {
            Assert.assertEquals("An invalid input stream was provided.", e.getMessage());
        }
    }

    @Test
    public void fromStream_nullTransport_throws() throws IOException {
        try {
            ExternalAccountCredentials.fromStream(new ByteArrayInputStream("foo".getBytes()), (HttpTransportFactory) null);
            Assert.fail("NullPointerException should be thrown.");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void fromStream_nullStream_throws() throws IOException {
        try {
            ExternalAccountCredentials.fromStream((InputStream) null, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
            Assert.fail("NullPointerException should be thrown.");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void fromJson_identityPoolCredentials() {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        Assert.assertTrue(fromJson instanceof IdentityPoolCredentials);
        Assert.assertEquals("audience", fromJson.getAudience());
        Assert.assertEquals("subjectTokenType", fromJson.getSubjectTokenType());
        Assert.assertEquals(STS_URL, fromJson.getTokenUrl());
        Assert.assertEquals("tokenInfoUrl", fromJson.getTokenInfoUrl());
        Assert.assertNotNull(fromJson.getCredentialSource());
    }

    @Test
    public void fromJson_awsCredentials() {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonAwsCredential(), OAuth2Utils.HTTP_TRANSPORT_FACTORY);
        Assert.assertTrue(fromJson instanceof AwsCredentials);
        Assert.assertEquals("audience", fromJson.getAudience());
        Assert.assertEquals("subjectTokenType", fromJson.getSubjectTokenType());
        Assert.assertEquals(STS_URL, fromJson.getTokenUrl());
        Assert.assertEquals("tokenInfoUrl", fromJson.getTokenInfoUrl());
        Assert.assertNotNull(fromJson.getCredentialSource());
    }

    @Test
    public void fromJson_nullJson_throws() {
        try {
            ExternalAccountCredentials.fromJson((Map) null, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
            Assert.fail("Exception should be thrown.");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void fromJson_invalidServiceAccountImpersonationUrl_throws() {
        GenericJson buildJsonIdentityPoolCredential = buildJsonIdentityPoolCredential();
        buildJsonIdentityPoolCredential.put("service_account_impersonation_url", "invalid_url");
        try {
            ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential, OAuth2Utils.HTTP_TRANSPORT_FACTORY);
            Assert.fail("Exception should be thrown.");
        } catch (IllegalArgumentException e) {
            Assert.assertEquals("Unable to determine target principal from service account impersonation URL.", e.getMessage());
        }
    }

    @Test
    public void fromJson_nullTransport_throws() {
        try {
            ExternalAccountCredentials.fromJson(new HashMap(), (HttpTransportFactory) null);
            Assert.fail("Exception should be thrown.");
        } catch (NullPointerException e) {
        }
    }

    @Test
    public void exchangeExternalCredentialForAccessToken() throws IOException {
        Assert.assertEquals(this.transportFactory.transport.getAccessToken(), ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), this.transportFactory).exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build()).getTokenValue());
    }

    @Test
    public void exchangeExternalCredentialForAccessToken_withServiceAccountImpersonation() throws IOException {
        this.transportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
        Assert.assertEquals(this.transportFactory.transport.getServiceAccountAccessToken(), ExternalAccountCredentials.fromStream(IdentityPoolCredentialsTest.writeIdentityPoolCredentialsStream(this.transportFactory.transport.getStsUrl(), this.transportFactory.transport.getMetadataUrl(), this.transportFactory.transport.getServiceAccountImpersonationUrl()), this.transportFactory).exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build()).getTokenValue());
    }

    @Test
    public void exchangeExternalCredentialForAccessToken_throws() throws IOException {
        ExternalAccountCredentials fromJson = ExternalAccountCredentials.fromJson(buildJsonIdentityPoolCredential(), this.transportFactory);
        this.transportFactory.transport.addResponseErrorSequence(TestUtils.buildHttpResponseException("invalidRequest", "errorDescription", "errorUri"));
        try {
            fromJson.exchangeExternalCredentialForAccessToken(StsTokenExchangeRequest.newBuilder("credential", "subjectTokenType").build());
            Assert.fail("Exception should be thrown.");
        } catch (OAuthException e) {
            Assert.assertEquals("invalidRequest", e.getErrorCode());
            Assert.assertEquals("errorDescription", e.getErrorDescription());
            Assert.assertEquals("errorUri", e.getErrorUri());
        }
    }

    @Test
    public void getRequestMetadata_withQuotaProjectId() throws IOException {
        Assert.assertEquals("quotaProjectId", ((List) new TestExternalAccountCredentials(this.transportFactory, "audience", "subjectTokenType", "tokenUrl", new TestExternalAccountCredentials.TestCredentialSource(new HashMap()), "tokenInfoUrl", null, "quotaProjectId", null, null, null).getRequestMetadata(URI.create("http://googleapis.com/foo/bar")).get("x-goog-user-project")).get(0));
    }

    private GenericJson buildJsonIdentityPoolCredential() {
        GenericJson genericJson = new GenericJson();
        genericJson.put("audience", "audience");
        genericJson.put("subject_token_type", "subjectTokenType");
        genericJson.put("token_url", STS_URL);
        genericJson.put("token_info_url", "tokenInfoUrl");
        HashMap hashMap = new HashMap();
        hashMap.put("file", "file");
        genericJson.put("credential_source", hashMap);
        return genericJson;
    }

    private GenericJson buildJsonAwsCredential() {
        GenericJson genericJson = new GenericJson();
        genericJson.put("audience", "audience");
        genericJson.put("subject_token_type", "subjectTokenType");
        genericJson.put("token_url", STS_URL);
        genericJson.put("token_info_url", "tokenInfoUrl");
        HashMap hashMap = new HashMap();
        hashMap.put("environment_id", "aws1");
        hashMap.put("region_url", "regionUrl");
        hashMap.put("url", "url");
        hashMap.put("regional_cred_verification_url", "regionalCredVerificationUrl");
        genericJson.put("credential_source", hashMap);
        return genericJson;
    }
}
