package io.hetu.core.plugin.datacenter;

import com.google.common.collect.ImmutableMap;
import com.google.common.io.Files;
import com.google.common.io.Resources;
import io.airlift.security.pem.PemReader;
import io.hetu.core.plugin.datacenter.client.DataCenterClient;
import io.hetu.core.plugin.datacenter.client.DataCenterStatementClientFactory;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.prestosql.plugin.tpch.TpchPlugin;
import io.prestosql.server.testing.TestingPrestoServer;
import io.prestosql.spi.PrestoException;
import io.prestosql.spi.type.TypeManager;
import io.prestosql.spi.type.testing.TestingTypeManager;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.sql.SQLException;
import java.util.Base64;
import java.util.Optional;
import java.util.Set;
import okhttp3.OkHttpClient;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:io/hetu/core/plugin/datacenter/TestDataCenterClientAuth.class */
public class TestDataCenterClientAuth {
    private TypeManager typeManager = new TestingTypeManager();
    private TestingPrestoServer server;
    private byte[] defaultKey;
    private byte[] hmac222;
    private PrivateKey privateKey33;

    @BeforeClass
    public void setup() throws Exception {
        URL resource = getClass().getClassLoader().getResource("33.privateKey");
        Assert.assertNotNull(resource, "key directory not found");
        File parentFile = new File(resource.getFile()).getAbsoluteFile().getParentFile();
        this.defaultKey = Base64.getMimeDecoder().decode(Files.asCharSource(new File(parentFile, "default-key.key"), StandardCharsets.US_ASCII).read().getBytes(StandardCharsets.US_ASCII));
        this.hmac222 = Base64.getMimeDecoder().decode(Files.asCharSource(new File(parentFile, "222.key"), StandardCharsets.US_ASCII).read().getBytes(StandardCharsets.US_ASCII));
        this.privateKey33 = PemReader.loadPrivateKey(new File(parentFile, "33.privateKey"), Optional.empty());
        this.server = new TestingPrestoServer(ImmutableMap.builder().put("http-server.authentication.type", "JWT").put("http.authentication.jwt.key-file", new File(parentFile, "${KID}.key").toString()).put("http-server.https.enabled", "true").put("http-server.https.keystore.path", Resources.getResource("localhost.keystore").getPath()).put("http-server.https.keystore.key", "changeit").build());
        this.server.installPlugin(new TpchPlugin());
        this.server.createCatalog("tpch", "tpch");
    }

    @AfterClass(alwaysRun = true)
    public void teardown() throws IOException {
        this.server.close();
    }

    @Test
    public void testSuccessDefaultKey() throws SQLException {
        assertToken(Jwts.builder().setSubject("test").signWith(SignatureAlgorithm.HS512, this.defaultKey).compact());
    }

    @Test
    public void testSuccessHmac() throws SQLException {
        assertToken(Jwts.builder().setSubject("test").setHeaderParam("kid", "222").signWith(SignatureAlgorithm.HS512, this.hmac222).compact());
    }

    @Test
    public void testSuccessPublicKey() throws SQLException {
        assertToken(Jwts.builder().setSubject("test").setHeaderParam("kid", "33").signWith(SignatureAlgorithm.RS256, this.privateKey33).compact());
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "tpch not found, failed to get schema names")
    public void testFailedNoToken() throws SQLException {
        assertToken(null);
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "tpch not found, failed to get schema names")
    public void testFailedUnsigned() throws SQLException {
        assertToken(Jwts.builder().setSubject("test").compact());
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "tpch not found, failed to get schema names")
    public void testFailedBadHmacSignature() throws Exception {
        assertToken(Jwts.builder().setSubject("test").signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString("bad-key".getBytes(StandardCharsets.US_ASCII))).compact());
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "tpch not found, failed to get schema names")
    public void testFailedWrongPublicKey() throws Exception {
        assertToken(Jwts.builder().setSubject("test").setHeaderParam("kid", "42").signWith(SignatureAlgorithm.RS256, this.privateKey33).compact());
    }

    @Test(expectedExceptions = {PrestoException.class}, expectedExceptionsMessageRegExp = "tpch not found, failed to get schema names")
    public void testFailedUnknownPublicKey() throws Exception {
        assertToken(Jwts.builder().setSubject("test").setHeaderParam("kid", "unknown").signWith(SignatureAlgorithm.RS256, this.privateKey33).compact());
    }

    private void assertToken(String str) throws SQLException {
        DataCenterConfig sslTrustStorePassword = new DataCenterConfig().setConnectionUrl(URI.create("https://localhost:" + this.server.getHttpsAddress().getPort())).setConnectionUser("test").setSsl(true).setAccessToken(str).setSslTrustStorePath(Resources.getResource("localhost.truststore").getPath()).setSslTrustStorePassword("changeit");
        OkHttpClient newHttpClient = DataCenterStatementClientFactory.newHttpClient(sslTrustStorePassword);
        try {
            try {
                Set schemaNames = new DataCenterClient(sslTrustStorePassword, newHttpClient, this.typeManager).getSchemaNames("tpch");
                Assert.assertTrue(schemaNames.contains("tiny"));
                Assert.assertEquals(schemaNames.size(), 9);
                newHttpClient.dispatcher().executorService().shutdown();
                newHttpClient.connectionPool().evictAll();
            } catch (Throwable th) {
                if (!(th.getCause() instanceof SQLException)) {
                    throw th;
                }
                throw ((SQLException) th.getCause());
            }
        } catch (Throwable th2) {
            newHttpClient.dispatcher().executorService().shutdown();
            newHttpClient.connectionPool().evictAll();
            throw th2;
        }
    }
}
