package org.apache.iceberg.rest.auth;

import com.github.benmanes.caffeine.cache.Ticker;
import java.time.Duration;
import java.util.Map;
import java.util.function.Consumer;
import org.apache.iceberg.catalog.SessionCatalog;
import org.apache.iceberg.catalog.TableIdentifier;
import org.apache.iceberg.rest.RESTClient;
import org.apache.iceberg.rest.auth.OAuth2Util;
import org.apache.iceberg.rest.responses.OAuthTokenResponse;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.InstanceOfAssertFactories;
import org.assertj.core.api.ThrowingConsumer;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/iceberg/rest/auth/TestOAuth2Manager.class */
class TestOAuth2Manager {
    private RESTClient client;

    TestOAuth2Manager() {
    }

    @BeforeEach
    void before() {
        this.client = (RESTClient) Mockito.mock(RESTClient.class);
        Mockito.when(this.client.postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), ArgumentMatchers.anyMap(), (Consumer) ArgumentMatchers.any())).thenReturn(OAuthTokenResponse.builder().withToken("test").addScope("scope").withIssuedTokenType("urn:ietf:params:oauth:token-type:access_token").withTokenType("bearer").setExpirationInSeconds(3600).build());
    }

    @Test
    void initSessionNoOAuth2Properties() {
        Map of = Map.of();
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession initSession = oAuth2Manager.initSession(this.client, of);
            try {
                Assertions.assertThat(initSession.headers()).isEmpty();
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor for init session", new Object[0]).isNull();
                if (initSession != null) {
                    initSession.close();
                }
                oAuth2Manager.close();
                Mockito.verifyNoInteractions(new Object[]{this.client});
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void initSessionTokenProvided() {
        Map of = Map.of("token", "test");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession initSession = oAuth2Manager.initSession(this.client, of);
            try {
                Assertions.assertThat(initSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor for init session", new Object[0]).isNull();
                if (initSession != null) {
                    initSession.close();
                }
                oAuth2Manager.close();
                Mockito.verifyNoInteractions(new Object[]{this.client});
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void initSessionCredentialsProvided() {
        Map of = Map.of("credential", "client:secret");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession initSession = oAuth2Manager.initSession(this.client, of);
            try {
                Assertions.assertThat(initSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor for init session", new Object[0]).isNull();
                if (initSession != null) {
                    initSession.close();
                }
                oAuth2Manager.close();
                ((RESTClient) Mockito.verify(this.client)).postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.eq(Map.of("grant_type", "client_credentials", "client_id", "client", "client_secret", "secret", "scope", "catalog")), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), (Map) ArgumentMatchers.eq(Map.of()), (Consumer) ArgumentMatchers.any());
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void catalogSessionNoOAuth2Properties() {
        Map of = Map.of();
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                Assertions.assertThat(catalogSession.headers()).isEmpty();
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor when no token and no credentials provided", new Object[0]).isNull();
                if (catalogSession != null) {
                    catalogSession.close();
                }
                oAuth2Manager.close();
                Mockito.verifyNoInteractions(new Object[]{this.client});
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void catalogSessionTokenProvided() {
        Map of = Map.of("token", "test");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                Assertions.assertThat(catalogSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when token provided", new Object[0]).isNotNull();
                if (catalogSession != null) {
                    catalogSession.close();
                }
                oAuth2Manager.close();
                Mockito.verifyNoInteractions(new Object[]{this.client});
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void catalogSessionRefreshDisabled() {
        Map of = Map.of("token", "test", "token-refresh-enabled", "false");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                Assertions.assertThat(catalogSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor when refresh disabled", new Object[0]).isNull();
                if (catalogSession != null) {
                    catalogSession.close();
                }
                oAuth2Manager.close();
                Mockito.verifyNoInteractions(new Object[]{this.client});
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void catalogSessionCredentialsProvidedWithInitSession() {
        Map of = Map.of("credential", "client:secret");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession initSession = oAuth2Manager.initSession(this.client, of);
            try {
                OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
                try {
                    Assertions.assertThat(catalogSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when credentials provided", new Object[0]).isNotNull();
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    if (initSession != null) {
                        initSession.close();
                    }
                    oAuth2Manager.close();
                    ((RESTClient) Mockito.verify(this.client)).postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.eq(Map.of("grant_type", "client_credentials", "client_id", "client", "client_secret", "secret", "scope", "catalog")), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), (Map) ArgumentMatchers.eq(Map.of()), (Consumer) ArgumentMatchers.any());
                } catch (Throwable th) {
                    if (catalogSession != null) {
                        try {
                            catalogSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void catalogSessionCredentialsProvidedWithoutInitSession() {
        Map of = Map.of("credential", "client:secret");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                Assertions.assertThat(catalogSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when credentials provided", new Object[0]).isNotNull();
                if (catalogSession != null) {
                    catalogSession.close();
                }
                oAuth2Manager.close();
                ((RESTClient) Mockito.verify(this.client)).postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.eq(Map.of("grant_type", "client_credentials", "client_id", "client", "client_secret", "secret", "scope", "catalog")), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), (Map) ArgumentMatchers.eq(Map.of()), (Consumer) ArgumentMatchers.any());
            } finally {
            }
        } catch (Throwable th) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void contextualSessionEmptyContext() {
        SessionCatalog.SessionContext createEmpty = SessionCatalog.SessionContext.createEmpty();
        Map of = Map.of();
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession contextualSession = oAuth2Manager.contextualSession(createEmpty, catalogSession);
                try {
                    Assertions.assertThat(contextualSession).isSameAs(catalogSession);
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor when no context credentials provided", new Object[0]).isNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should not create session cache for empty context", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).isEmpty();
                    }});
                    if (contextualSession != null) {
                        contextualSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    Mockito.verifyNoInteractions(new Object[]{this.client});
                } catch (Throwable th) {
                    if (contextualSession != null) {
                        try {
                            contextualSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void contextualSessionTokenProvided() {
        SessionCatalog.SessionContext sessionContext = new SessionCatalog.SessionContext("test", "test", Map.of("token", "context-token"), Map.of());
        Map of = Map.of();
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession contextualSession = oAuth2Manager.contextualSession(sessionContext, catalogSession);
                try {
                    Assertions.assertThat(contextualSession).isNotSameAs(catalogSession);
                    Assertions.assertThat(contextualSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer context-token")});
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when contextual session created", new Object[0]).isNotNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should create session cache for context with token", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                    }});
                    if (contextualSession != null) {
                        contextualSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    Mockito.verifyNoInteractions(new Object[]{this.client});
                } catch (Throwable th) {
                    if (contextualSession != null) {
                        try {
                            contextualSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void contextualSessionCredentialsProvided() {
        SessionCatalog.SessionContext sessionContext = new SessionCatalog.SessionContext("test", "test", Map.of("credential", "client:secret"), Map.of());
        Map of = Map.of();
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession contextualSession = oAuth2Manager.contextualSession(sessionContext, catalogSession);
                try {
                    Assertions.assertThat(contextualSession).isNotSameAs(catalogSession);
                    Assertions.assertThat(contextualSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when contextual session created", new Object[0]).isNotNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should create session cache for context with credentials", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                    }});
                    if (contextualSession != null) {
                        contextualSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    ((RESTClient) Mockito.verify(this.client)).postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.eq(Map.of("grant_type", "client_credentials", "client_id", "client", "client_secret", "secret", "scope", "catalog")), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), (Map) ArgumentMatchers.eq(Map.of()), (Consumer) ArgumentMatchers.any());
                } catch (Throwable th) {
                    if (contextualSession != null) {
                        try {
                            contextualSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void contextualSessionTokenExchange() {
        SessionCatalog.SessionContext sessionContext = new SessionCatalog.SessionContext("test", "test", Map.of("urn:ietf:params:oauth:token-type:access_token", "context-token"), Map.of());
        Map of = Map.of("token", "catalog-token");
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession contextualSession = oAuth2Manager.contextualSession(sessionContext, catalogSession);
                try {
                    Assertions.assertThat(contextualSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when contextual session created", new Object[0]).isNotNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should create session cache for context with token exchange", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                    }});
                    if (contextualSession != null) {
                        contextualSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    ((RESTClient) Mockito.verify(this.client)).postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.eq(Map.of("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange", "subject_token", "context-token", "subject_token_type", "urn:ietf:params:oauth:token-type:access_token", "actor_token", "catalog-token", "actor_token_type", "urn:ietf:params:oauth:token-type:access_token", "scope", "catalog")), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), (Map) ArgumentMatchers.eq(Map.of("Authorization", "Bearer catalog-token")), (Consumer) ArgumentMatchers.any());
                } catch (Throwable th) {
                    if (contextualSession != null) {
                        try {
                            contextualSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void contextualSessionCacheHit() {
        SessionCatalog.SessionContext sessionContext = new SessionCatalog.SessionContext("test", "test", Map.of("token", "context-token"), Map.of());
        Map of = Map.of();
        OAuth2Manager oAuth2Manager = (OAuth2Manager) Mockito.spy(new OAuth2Manager("test"));
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession contextualSession = oAuth2Manager.contextualSession(sessionContext, catalogSession);
                try {
                    contextualSession = oAuth2Manager.contextualSession(sessionContext, catalogSession);
                    try {
                        Assertions.assertThat(contextualSession).isNotSameAs(catalogSession);
                        Assertions.assertThat(contextualSession).isNotSameAs(catalogSession);
                        Assertions.assertThat(contextualSession).isSameAs(contextualSession);
                        Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should only create and cache contextual session once", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                            Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                        }});
                        ((OAuth2Manager) Mockito.verify(oAuth2Manager, Mockito.times(1))).newSessionFromAccessToken("context-token", Map.of(), catalogSession);
                        if (contextualSession != null) {
                            contextualSession.close();
                        }
                        if (contextualSession != null) {
                            contextualSession.close();
                        }
                        if (catalogSession != null) {
                            catalogSession.close();
                        }
                        if (oAuth2Manager != null) {
                            oAuth2Manager.close();
                        }
                        Mockito.verifyNoInteractions(new Object[]{this.client});
                    } finally {
                        if (contextualSession != null) {
                            try {
                                contextualSession.close();
                            } catch (Throwable th) {
                                th.addSuppressed(th);
                            }
                        }
                    }
                } catch (Throwable th2) {
                    throw th2;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (oAuth2Manager != null) {
                try {
                    oAuth2Manager.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    void tableSessionNoTableCredentials() {
        Map of = Map.of();
        TableIdentifier of2 = TableIdentifier.of(new String[]{"ns", "tbl"});
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession tableSession = oAuth2Manager.tableSession(of2, of, catalogSession);
                try {
                    Assertions.assertThat(tableSession).isSameAs(catalogSession);
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor when no table credentials provided", new Object[0]).isNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should not create session cache for empty table credentials", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).isEmpty();
                    }});
                    if (tableSession != null) {
                        tableSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    Mockito.verifyNoInteractions(new Object[]{this.client});
                } catch (Throwable th) {
                    if (tableSession != null) {
                        try {
                            tableSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void tableSessionTokenProvided() {
        Map of = Map.of();
        Map of2 = Map.of("token", "table-token");
        TableIdentifier of3 = TableIdentifier.of(new String[]{"ns", "tbl"});
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession tableSession = oAuth2Manager.tableSession(of3, of2, catalogSession);
                try {
                    Assertions.assertThat(tableSession).isNotSameAs(catalogSession);
                    Assertions.assertThat(tableSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer table-token")});
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when table session created", new Object[0]).isNotNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should create session cache for table with token", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                    }});
                    if (tableSession != null) {
                        tableSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    Mockito.verifyNoInteractions(new Object[]{this.client});
                } catch (Throwable th) {
                    if (tableSession != null) {
                        try {
                            tableSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void tableSessionTokenExchange() {
        Map of = Map.of("token", "catalog-token");
        Map of2 = Map.of("urn:ietf:params:oauth:token-type:access_token", "table-token");
        TableIdentifier of3 = TableIdentifier.of(new String[]{"ns", "tbl"});
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test");
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession tableSession = oAuth2Manager.tableSession(of3, of2, catalogSession);
                try {
                    Assertions.assertThat(tableSession.headers()).containsOnly(new Map.Entry[]{Map.entry("Authorization", "Bearer test")});
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should create refresh executor when table session created", new Object[0]).isNotNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should create session cache for table with token exchange", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                    }});
                    if (tableSession != null) {
                        tableSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    oAuth2Manager.close();
                    ((RESTClient) Mockito.verify(this.client)).postForm((String) ArgumentMatchers.any(), (Map) ArgumentMatchers.eq(Map.of("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange", "subject_token", "table-token", "subject_token_type", "urn:ietf:params:oauth:token-type:access_token", "actor_token", "catalog-token", "actor_token_type", "urn:ietf:params:oauth:token-type:access_token", "scope", "catalog")), (Class) ArgumentMatchers.eq(OAuthTokenResponse.class), (Map) ArgumentMatchers.eq(Map.of("Authorization", "Bearer catalog-token")), (Consumer) ArgumentMatchers.any());
                } catch (Throwable th) {
                    if (tableSession != null) {
                        try {
                            tableSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    @Test
    void tableSessionCacheHit() {
        Map of = Map.of();
        Map of2 = Map.of("token", "table-token");
        TableIdentifier of3 = TableIdentifier.of(new String[]{"ns", "tbl"});
        OAuth2Manager oAuth2Manager = (OAuth2Manager) Mockito.spy(new OAuth2Manager("test"));
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession tableSession = oAuth2Manager.tableSession(of3, of2, catalogSession);
                try {
                    tableSession = oAuth2Manager.tableSession(of3, of2, catalogSession);
                    try {
                        Assertions.assertThat(tableSession).isNotSameAs(catalogSession);
                        Assertions.assertThat(tableSession).isNotSameAs(catalogSession);
                        Assertions.assertThat(tableSession).isSameAs(tableSession);
                        Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should only create and cache table session once", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                            Assertions.assertThat(authSessionCache.sessionCache().asMap()).hasSize(1);
                        }});
                        ((OAuth2Manager) Mockito.verify(oAuth2Manager, Mockito.times(1))).newSessionFromAccessToken("table-token", Map.of("token", "table-token"), catalogSession);
                        if (tableSession != null) {
                            tableSession.close();
                        }
                        if (tableSession != null) {
                            tableSession.close();
                        }
                        if (catalogSession != null) {
                            catalogSession.close();
                        }
                        if (oAuth2Manager != null) {
                            oAuth2Manager.close();
                        }
                        Mockito.verifyNoInteractions(new Object[]{this.client});
                    } finally {
                        if (tableSession != null) {
                            try {
                                tableSession.close();
                            } catch (Throwable th) {
                                th.addSuppressed(th);
                            }
                        }
                    }
                } catch (Throwable th2) {
                    throw th2;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (oAuth2Manager != null) {
                try {
                    oAuth2Manager.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    void tableSessionDisallowedTableProperties() {
        Map of = Map.of();
        Map of2 = Map.of("credential", "client:secret");
        TableIdentifier of3 = TableIdentifier.of(new String[]{"ns", "tbl"});
        OAuth2Manager oAuth2Manager = (OAuth2Manager) Mockito.spy(new OAuth2Manager("test"));
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession tableSession = oAuth2Manager.tableSession(of3, of2, catalogSession);
                try {
                    Assertions.assertThat(tableSession).isSameAs(catalogSession);
                    Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should not create refresh executor when table credentials were filtered out", new Object[0]).isNull();
                    Assertions.assertThat(oAuth2Manager).extracting("sessionCache").asInstanceOf(InstanceOfAssertFactories.type(AuthSessionCache.class)).as("should not create session cache for ignored table credentials", new Object[0]).satisfies(new ThrowingConsumer[]{authSessionCache -> {
                        Assertions.assertThat(authSessionCache.sessionCache().asMap()).isEmpty();
                    }});
                    if (tableSession != null) {
                        tableSession.close();
                    }
                    if (catalogSession != null) {
                        catalogSession.close();
                    }
                    if (oAuth2Manager != null) {
                        oAuth2Manager.close();
                    }
                    Mockito.verifyNoInteractions(new Object[]{this.client});
                } catch (Throwable th) {
                    if (tableSession != null) {
                        try {
                            tableSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (oAuth2Manager != null) {
                try {
                    oAuth2Manager.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    void close() {
        Map of = Map.of();
        SessionCatalog.SessionContext sessionContext = new SessionCatalog.SessionContext("test", "test", Map.of("token", "context-token"), Map.of());
        Map of2 = Map.of("token", "table-token");
        TableIdentifier of3 = TableIdentifier.of(new String[]{"ns", "tbl"});
        OAuth2Manager oAuth2Manager = new OAuth2Manager("test") { // from class: org.apache.iceberg.rest.auth.TestOAuth2Manager.1
            protected AuthSessionCache newSessionCache(String str, Map<String, String> map) {
                return new AuthSessionCache(Duration.ofHours(1L), (v0) -> {
                    v0.run();
                }, Ticker.systemTicker());
            }

            protected OAuth2Util.AuthSession newSessionFromAccessToken(String str, Map<String, String> map, OAuth2Util.AuthSession authSession) {
                return (OAuth2Util.AuthSession) Mockito.spy(super.newSessionFromAccessToken(str, map, authSession));
            }
        };
        try {
            OAuth2Util.AuthSession catalogSession = oAuth2Manager.catalogSession(this.client, of);
            try {
                OAuth2Util.AuthSession contextualSession = oAuth2Manager.contextualSession(sessionContext, catalogSession);
                try {
                    OAuth2Util.AuthSession tableSession = oAuth2Manager.tableSession(of3, of2, contextualSession);
                    try {
                        oAuth2Manager.close();
                        Assertions.assertThat(oAuth2Manager).extracting("refreshExecutor").as("should close refresh executor", new Object[0]).isNull();
                        Assertions.assertThat(oAuth2Manager).extracting("sessionCache").as("should close session cache", new Object[0]).isNull();
                        ((OAuth2Util.AuthSession) Mockito.verify(contextualSession)).close();
                        ((OAuth2Util.AuthSession) Mockito.verify(tableSession)).close();
                        if (tableSession != null) {
                            tableSession.close();
                        }
                        if (contextualSession != null) {
                            contextualSession.close();
                        }
                        if (catalogSession != null) {
                            catalogSession.close();
                        }
                        oAuth2Manager.close();
                        Mockito.verifyNoInteractions(new Object[]{this.client});
                    } catch (Throwable th) {
                        if (tableSession != null) {
                            try {
                                tableSession.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (contextualSession != null) {
                        try {
                            contextualSession.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th5) {
            try {
                oAuth2Manager.close();
            } catch (Throwable th6) {
                th5.addSuppressed(th6);
            }
            throw th5;
        }
    }
}
