package org.apache.iceberg.gcp.gcs;

import com.google.auth.oauth2.AccessToken;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Objects;
import org.apache.iceberg.exceptions.BadRequestException;
import org.apache.iceberg.exceptions.RESTException;
import org.apache.iceberg.relocated.com.google.common.collect.ImmutableMap;
import org.apache.iceberg.rest.HttpMethod;
import org.apache.iceberg.rest.credentials.Credential;
import org.apache.iceberg.rest.credentials.ImmutableCredential;
import org.apache.iceberg.rest.responses.ImmutableLoadCredentialsResponse;
import org.apache.iceberg.rest.responses.LoadCredentialsResponseParser;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockserver.integration.ClientAndServer;
import org.mockserver.model.HttpRequest;
import org.mockserver.model.HttpResponse;
import org.mockserver.verify.VerificationTimes;

/* loaded from: input_file:org/apache/iceberg/gcp/gcs/OAuth2RefreshCredentialsHandlerTest.class */
public class OAuth2RefreshCredentialsHandlerTest {
    private static final int PORT = 3333;
    private static final String URI = String.format("http://127.0.0.1:%d/v1/credentials", Integer.valueOf(PORT));
    private static ClientAndServer mockServer;

    @BeforeAll
    public static void beforeAll() {
        mockServer = ClientAndServer.startClientAndServer(new Integer[]{Integer.valueOf(PORT)});
    }

    @AfterAll
    public static void stopServer() {
        mockServer.stop();
    }

    @BeforeEach
    public void before() {
        mockServer.reset();
    }

    @Test
    public void invalidOrMissingUri() {
        Assertions.assertThatThrownBy(() -> {
            OAuth2RefreshCredentialsHandler.create(ImmutableMap.of());
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Invalid credentials endpoint: null");
        Assertions.assertThatThrownBy(() -> {
            OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", "invalid uri")).refreshAccessToken();
        }).isInstanceOf(RESTException.class).hasMessageStartingWith("Failed to create request URI from base invalid uri");
    }

    @Test
    public void badRequest() {
        HttpRequest withMethod = HttpRequest.request("/v1/credentials").withMethod(HttpMethod.GET.name());
        mockServer.when(withMethod).respond(HttpResponse.response().withStatusCode(400));
        OAuth2RefreshCredentialsHandler create = OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", URI));
        Objects.requireNonNull(create);
        Assertions.assertThatThrownBy(create::refreshAccessToken).isInstanceOf(BadRequestException.class).hasMessageStartingWith("Malformed request");
    }

    @Test
    public void noGcsCredentialInResponse() {
        HttpRequest withMethod = HttpRequest.request("/v1/credentials").withMethod(HttpMethod.GET.name());
        mockServer.when(withMethod).respond(HttpResponse.response(LoadCredentialsResponseParser.toJson(ImmutableLoadCredentialsResponse.builder().build())).withStatusCode(200));
        OAuth2RefreshCredentialsHandler create = OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", URI));
        Objects.requireNonNull(create);
        Assertions.assertThatThrownBy(create::refreshAccessToken).isInstanceOf(IllegalStateException.class).hasMessage("Invalid GCS Credentials: empty");
    }

    @Test
    public void noGcsToken() {
        HttpRequest withMethod = HttpRequest.request("/v1/credentials").withMethod(HttpMethod.GET.name());
        mockServer.when(withMethod).respond(HttpResponse.response(LoadCredentialsResponseParser.toJson(ImmutableLoadCredentialsResponse.builder().addCredentials(ImmutableCredential.builder().prefix("gs").config(ImmutableMap.of("gcs.oauth2.token-expires-at", "1000")).build()).build())).withStatusCode(200));
        OAuth2RefreshCredentialsHandler create = OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", URI));
        Objects.requireNonNull(create);
        Assertions.assertThatThrownBy(create::refreshAccessToken).isInstanceOf(IllegalStateException.class).hasMessage("Invalid GCS Credentials: gcs.oauth2.token not set");
    }

    @Test
    public void tokenWithoutExpiration() {
        HttpRequest withMethod = HttpRequest.request("/v1/credentials").withMethod(HttpMethod.GET.name());
        mockServer.when(withMethod).respond(HttpResponse.response(LoadCredentialsResponseParser.toJson(ImmutableLoadCredentialsResponse.builder().addCredentials(ImmutableCredential.builder().prefix("gs").config(ImmutableMap.of("gcs.oauth2.token", "gcsToken")).build()).build())).withStatusCode(200));
        OAuth2RefreshCredentialsHandler create = OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", URI));
        Objects.requireNonNull(create);
        Assertions.assertThatThrownBy(create::refreshAccessToken).isInstanceOf(IllegalStateException.class).hasMessage("Invalid GCS Credentials: gcs.oauth2.token-expires-at not set");
    }

    @Test
    public void tokenWithExpiration() {
        HttpRequest withMethod = HttpRequest.request("/v1/credentials").withMethod(HttpMethod.GET.name());
        ImmutableCredential build = ImmutableCredential.builder().prefix("gs").config(ImmutableMap.of("gcs.oauth2.token", "gcsToken", "gcs.oauth2.token-expires-at", Long.toString(Instant.now().plus(5L, (TemporalUnit) ChronoUnit.MINUTES).toEpochMilli()))).build();
        mockServer.when(withMethod).respond(HttpResponse.response(LoadCredentialsResponseParser.toJson(ImmutableLoadCredentialsResponse.builder().addCredentials(build).build())).withStatusCode(200));
        OAuth2RefreshCredentialsHandler create = OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", URI));
        AccessToken refreshAccessToken = create.refreshAccessToken();
        Assertions.assertThat(refreshAccessToken.getTokenValue()).isEqualTo((String) build.config().get("gcs.oauth2.token"));
        Assertions.assertThat(refreshAccessToken.getExpirationTime().toInstant().toEpochMilli()).isEqualTo(Long.parseLong((String) build.config().get("gcs.oauth2.token-expires-at")));
        Assertions.assertThat(create.refreshAccessToken()).isNotSameAs(refreshAccessToken);
        mockServer.verify(withMethod, VerificationTimes.exactly(2));
    }

    @Test
    public void multipleGcsCredentials() {
        mockServer.when(HttpRequest.request("/v1/credentials").withMethod(HttpMethod.GET.name())).respond(HttpResponse.response(LoadCredentialsResponseParser.toJson(ImmutableLoadCredentialsResponse.builder().addCredentials(new Credential[]{ImmutableCredential.builder().prefix("gs").config(ImmutableMap.of("gcs.oauth2.token", "gcsToken1", "gcs.oauth2.token-expires-at", Long.toString(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES).toEpochMilli()))).build(), ImmutableCredential.builder().prefix("gs://my-custom-prefix/xyz/long-prefix").config(ImmutableMap.of("gcs.oauth2.token", "gcsToken2", "gcs.oauth2.token-expires-at", Long.toString(Instant.now().plus(2L, (TemporalUnit) ChronoUnit.MINUTES).toEpochMilli()))).build(), ImmutableCredential.builder().prefix("gs://my-custom-prefix/xyz").config(ImmutableMap.of("gcs.oauth2.token", "gcsToken3", "gcs.oauth2.token-expires-at", Long.toString(Instant.now().plus(3L, (TemporalUnit) ChronoUnit.MINUTES).toEpochMilli()))).build()}).build())).withStatusCode(200));
        OAuth2RefreshCredentialsHandler create = OAuth2RefreshCredentialsHandler.create(ImmutableMap.of("gcs.oauth2.refresh-credentials-endpoint", URI));
        Objects.requireNonNull(create);
        Assertions.assertThatThrownBy(create::refreshAccessToken).isInstanceOf(IllegalStateException.class).hasMessage("Invalid GCS Credentials: only one GCS credential should exist");
    }
}
