package org.apache.drill.exec.store.http;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import org.apache.commons.io.FileUtils;
import org.apache.commons.net.util.Base64;
import org.apache.drill.common.exceptions.UserException;
import org.apache.drill.common.logical.OAuthConfig;
import org.apache.drill.common.logical.StoragePluginConfig;
import org.apache.drill.common.logical.security.PlainCredentialsProvider;
import org.apache.drill.common.types.TypeProtos;
import org.apache.drill.common.util.DrillFileUtils;
import org.apache.drill.exec.oauth.PersistentTokenTable;
import org.apache.drill.exec.physical.rowSet.DirectRowSet;
import org.apache.drill.exec.physical.rowSet.RowSetBuilder;
import org.apache.drill.exec.record.metadata.SchemaBuilder;
import org.apache.drill.shaded.guava.com.google.common.base.Charsets;
import org.apache.drill.shaded.guava.com.google.common.io.Files;
import org.apache.drill.test.BaseDirTestWatcher;
import org.apache.drill.test.ClientFixture;
import org.apache.drill.test.ClusterFixtureBuilder;
import org.apache.drill.test.ClusterTest;
import org.apache.drill.test.rowSet.RowSetUtilities;
import org.junit.After;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/drill/exec/store/http/TestUserTranslationInHttpPlugin.class */
public class TestUserTranslationInHttpPlugin extends ClusterTest {
    private static final int MOCK_SERVER_PORT = 47778;
    private static String TEST_JSON_RESPONSE_WITH_DATATYPES;
    private static String ACCESS_TOKEN_RESPONSE;
    private static int portNumber;
    private static final Logger logger = LoggerFactory.getLogger(TestUserTranslationInHttpPlugin.class);

    @ClassRule
    public static final BaseDirTestWatcher dirTestWatcher = new BaseDirTestWatcher();

    @After
    public void cleanup() throws Exception {
        FileUtils.cleanDirectory(dirTestWatcher.getStoreDir());
    }

    @BeforeClass
    public static void setup() throws Exception {
        TEST_JSON_RESPONSE_WITH_DATATYPES = Files.asCharSource(DrillFileUtils.getResourceAsFile("/data/response2.json"), Charsets.UTF_8).read();
        ACCESS_TOKEN_RESPONSE = Files.asCharSource(DrillFileUtils.getResourceAsFile("/data/oauth_access_token_response.json"), Charsets.UTF_8).read();
        startCluster(new ClusterFixtureBuilder(dirTestWatcher).configProperty("drill.exec.http.enabled", true).configProperty("drill.exec.http.porthunt", true).configProperty("drill.exec.impersonation.enabled", true));
        portNumber = cluster.drillbit().getWebServerPort();
        HttpApiConfig build = HttpApiConfig.builder().url(makeUrl("http://localhost:%d/json")).method("GET").requireTail(false).authType("basic").errorOn400(true).build();
        OAuthConfig build2 = OAuthConfig.builder().callbackURL(makeUrl("http://localhost:%d") + "/update_oauth2_authtoken").build();
        HashMap hashMap = new HashMap();
        hashMap.put("clientID", "12345");
        hashMap.put("clientSecret", "54321");
        hashMap.put("tokenURI", "http://localhost:47778/get_access_token");
        PlainCredentialsProvider plainCredentialsProvider = new PlainCredentialsProvider(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("sharedEndpoint", build);
        HashMap hashMap3 = new HashMap();
        hashMap3.put("username", "user2user");
        hashMap3.put("password", "user2pass");
        HttpStoragePluginConfig httpStoragePluginConfig = new HttpStoragePluginConfig(false, hashMap2, 2, 1000, (String) null, (String) null, "", 80, "", "", "", (OAuthConfig) null, new PlainCredentialsProvider("testUser2", hashMap3), StoragePluginConfig.AuthMode.USER_TRANSLATION.name());
        httpStoragePluginConfig.setEnabled(true);
        HttpStoragePluginConfig httpStoragePluginConfig2 = new HttpStoragePluginConfig(false, hashMap2, 2, 1000, (String) null, (String) null, "", 80, "", "", "", build2, plainCredentialsProvider, StoragePluginConfig.AuthMode.USER_TRANSLATION.name());
        httpStoragePluginConfig2.setEnabled(true);
        cluster.defineStoragePlugin("local", httpStoragePluginConfig);
        cluster.defineStoragePlugin("oauth", httpStoragePluginConfig2);
    }

    @Test
    public void testEmptyUserCredentials() throws Exception {
        cluster.clientBuilder().property("user", "testUser1").property("password", "testUser1Password").build();
        Map userCredentials = cluster.storageRegistry().getPlugin("local").getConfig().getCredentialsProvider().getUserCredentials("testUser1");
        Assert.assertNotNull(userCredentials);
        Assert.assertNull(userCredentials.get("username"));
        Assert.assertNull(userCredentials.get("password"));
    }

    @Test
    public void testQueryWithValidCredentials() throws Exception {
        ClientFixture build = cluster.clientBuilder().property("user", "testUser2").property("password", "testUser2Password").build();
        MockWebServer startServer = startServer();
        try {
            startServer.enqueue(new MockResponse().setResponseCode(200).setBody(TEST_JSON_RESPONSE_WITH_DATATYPES));
            DirectRowSet rowSet = build.queryBuilder().sql("SELECT * FROM local.sharedEndpoint").rowSet();
            Assert.assertEquals(rowSet.rowCount(), 2L);
            rowSet.clear();
            Assert.assertEquals(startServer.takeRequest().getHeaders().get("Authorization"), createEncodedText("user2user", "user2pass"));
            if (startServer != null) {
                startServer.close();
            }
        } catch (Throwable th) {
            if (startServer != null) {
                try {
                    startServer.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testQueryWithMissingCredentials() throws Exception {
        ClientFixture build = cluster.clientBuilder().property("user", "testUser1").property("password", "testUser1Password").build();
        MockWebServer startServer = startServer();
        try {
            startServer.enqueue(new MockResponse().setResponseCode(200).setBody(TEST_JSON_RESPONSE_WITH_DATATYPES));
            try {
                build.queryBuilder().sql("SELECT * FROM local.sharedEndpoint").run();
                Assert.fail();
            } catch (UserException e) {
                Assert.assertTrue(e.getMessage().contains("You do not have valid credentials for this API."));
            }
            if (startServer != null) {
                startServer.close();
            }
        } catch (Throwable th) {
            if (startServer != null) {
                try {
                    startServer.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testQueryWithOAuth() throws Exception {
        ClientFixture build = cluster.clientBuilder().property("user", "testUser2").property("password", "testUser2Password").build();
        try {
            MockWebServer startServer = startServer();
            try {
                PersistentTokenTable tokenTable = cluster.storageRegistry().getPlugin("oauth").getTokenRegistry("testUser2").getTokenTable("oauth");
                tokenTable.setAccessToken("you_have_access_2");
                tokenTable.setRefreshToken("refresh_me_2");
                Assert.assertEquals("you_have_access_2", tokenTable.getAccessToken());
                Assert.assertEquals("refresh_me_2", tokenTable.getRefreshToken());
                startServer.enqueue(new MockResponse().setResponseCode(200).setBody(TEST_JSON_RESPONSE_WITH_DATATYPES));
                RowSetUtilities.verify(new RowSetBuilder(build.allocator(), new SchemaBuilder().add("col_1", TypeProtos.MinorType.FLOAT8, TypeProtos.DataMode.OPTIONAL).add("col_2", TypeProtos.MinorType.BIGINT, TypeProtos.DataMode.OPTIONAL).add("col_3", TypeProtos.MinorType.VARCHAR, TypeProtos.DataMode.OPTIONAL).build()).addRow(new Object[]{Double.valueOf(1.0d), 2, "3.0"}).addRow(new Object[]{Double.valueOf(4.0d), 5, "6.0"}).build(), queryBuilder().sql("SELECT * FROM oauth.sharedEndpoint").rowSet());
                Assert.assertEquals("you_have_access_2", startServer.takeRequest().getHeader("Authorization"));
                if (startServer != null) {
                    startServer.close();
                }
            } finally {
            }
        } catch (Exception e) {
            logger.debug(e.getMessage());
            Assert.fail();
        }
    }

    @Test
    public void testUnrelatedQueryWithUser() throws Exception {
        Assert.assertTrue(cluster.clientBuilder().property("user", "testUser1").property("password", "testUser1Password").build().queryBuilder().sql("SHOW FILES IN dfs").run().succeeded());
    }

    private static MockWebServer startServer() throws IOException {
        MockWebServer mockWebServer = new MockWebServer();
        mockWebServer.start(MOCK_SERVER_PORT);
        return mockWebServer;
    }

    private static String makeUrl(String str) {
        return String.format(str, Integer.valueOf(MOCK_SERVER_PORT));
    }

    private static String createEncodedText(String str, String str2) {
        return "Basic " + new String(Base64.encodeBase64((str + ":" + str2).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }
}
