package io.trino.plugin.password.salesforce;

import com.google.common.base.Strings;
import com.google.common.net.MediaType;
import io.airlift.http.client.HttpStatus;
import io.airlift.http.client.jetty.JettyHttpClient;
import io.airlift.http.client.testing.TestingHttpClient;
import io.airlift.http.client.testing.TestingResponse;
import io.airlift.units.Duration;
import io.trino.spi.security.AccessDeniedException;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.AbstractStringAssert;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.Fail;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/trino/plugin/password/salesforce/TestSalesforceBasicAuthenticator.class */
public class TestSalesforceBasicAuthenticator {
    private final boolean forReal;
    private final String successResponse = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>";
    private final String failedResponse = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:sf=\"urn:fault.partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><soapenv:Fault><faultcode>sf:INVALID_LOGIN</faultcode><faultstring>INVALID_LOGIN: Invalid username, password, security token; or user locked out.</faultstring><detail><sf:LoginFault xsi:type=\"sf:LoginFault\"><sf:exceptionCode>INVALID_LOGIN</sf:exceptionCode><sf:exceptionMessage>Invalid username, password, security token; or user locked out.</sf:exceptionMessage></sf:LoginFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>";

    public TestSalesforceBasicAuthenticator() {
        String str = System.getenv("SALESFORCE_TEST_FORREAL");
        this.forReal = str != null && str.equalsIgnoreCase("TRUE");
    }

    @Test
    public void createAuthenticatedPrincipalSuccess() throws InterruptedException {
        SalesforceConfig cacheExpireDuration = new SalesforceConfig().setAllowedOrganizations("my18CharOrgId").setCacheExpireDuration(Duration.succinctDuration(1.0d, TimeUnit.SECONDS));
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "my18CharOrgId", "user@salesforce.com");
        SalesforceBasicAuthenticator salesforceBasicAuthenticator = new SalesforceBasicAuthenticator(cacheExpireDuration, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        }));
        ((AbstractStringAssert) Assertions.assertThat(salesforceBasicAuthenticator.createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName()).describedAs("Test principal name.", new Object[0])).isEqualTo("user@salesforce.com");
        ((AbstractStringAssert) Assertions.assertThat(salesforceBasicAuthenticator.createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName()).describedAs("Test principal name from cache.", new Object[0])).isEqualTo("user@salesforce.com");
        Thread.sleep(2000L);
        ((AbstractStringAssert) Assertions.assertThat(salesforceBasicAuthenticator.createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName()).describedAs("Test principal name from expired cache.", new Object[0])).isEqualTo("user@salesforce.com");
    }

    @Test
    public void createAuthenticatedPrincipalWrongOrg() {
        String str = "user@salesforce.com";
        String str2 = "passtoken";
        SalesforceConfig allowedOrganizations = new SalesforceConfig().setAllowedOrganizations("my18CharOrgId");
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "NotMyOrg", "user@salesforce.com");
        SalesforceBasicAuthenticator salesforceBasicAuthenticator = new SalesforceBasicAuthenticator(allowedOrganizations, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        }));
        Assertions.assertThatThrownBy(() -> {
            salesforceBasicAuthenticator.createAuthenticatedPrincipal(str, str2);
        }).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied:.*");
    }

    @Test
    public void createAuthenticatedPrincipalBadPass() {
        String str = "user@salesforce.com";
        String str2 = "passtoken";
        String str3 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:sf=\"urn:fault.partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><soapenv:Fault><faultcode>sf:INVALID_LOGIN</faultcode><faultstring>INVALID_LOGIN: Invalid username, password, security token; or user locked out.</faultstring><detail><sf:LoginFault xsi:type=\"sf:LoginFault\"><sf:exceptionCode>INVALID_LOGIN</sf:exceptionCode><sf:exceptionMessage>Invalid username, password, security token; or user locked out.</sf:exceptionMessage></sf:LoginFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>";
        SalesforceBasicAuthenticator salesforceBasicAuthenticator = new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations("my18CharOrgId"), new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.INTERNAL_SERVER_ERROR, MediaType.ANY_TEXT_TYPE, str3);
        }));
        Assertions.assertThatThrownBy(() -> {
            salesforceBasicAuthenticator.createAuthenticatedPrincipal(str, str2);
        }).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: Invalid response for login\n.*");
    }

    @Test
    public void createAuthenticatedPrincipalAllOrgs() {
        SalesforceConfig allowedOrganizations = new SalesforceConfig().setAllowedOrganizations("all");
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "some18CharOrgId", "user@salesforce.com");
        ((AbstractStringAssert) Assertions.assertThat(new SalesforceBasicAuthenticator(allowedOrganizations, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        })).createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName()).describedAs("Test allowing all orgs.", new Object[0])).isEqualTo("user@salesforce.com");
    }

    @Test
    public void createAuthenticatedPrincipalFewOrgs() {
        SalesforceConfig allowedOrganizations = new SalesforceConfig().setAllowedOrganizations("my18CharOrgId,your18CharOrgId, his18CharOrgId ,her18CharOrgId");
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns=\"urn:partner.soap.sforce.com\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><soapenv:Body><loginResponse><result><metadataServerUrl>https://example.salesforce.com/services/Soap/m/46.0/example</metadataServerUrl><passwordExpired>false</passwordExpired><sandbox>false</sandbox><serverUrl>https://example.salesforce.com/services/Soap/u/46.0/example</serverUrl><sessionId>example</sessionId><userId>example</userId><userInfo><accessibilityMode>false</accessibilityMode><chatterExternal>false</chatterExternal><currencySymbol>$</currencySymbol><orgAttachmentFileSizeLimit>5242880</orgAttachmentFileSizeLimit><orgDefaultCurrencyIsoCode>USD</orgDefaultCurrencyIsoCode><orgDefaultCurrencyLocale>en_US</orgDefaultCurrencyLocale><orgDisallowHtmlAttachments>false</orgDisallowHtmlAttachments><orgHasPersonAccounts>true</orgHasPersonAccounts><organizationId>%s</organizationId><organizationMultiCurrency>false</organizationMultiCurrency><organizationName>example</organizationName><profileId>example</profileId><roleId>example</roleId><sessionSecondsValid>7200</sessionSecondsValid><userDefaultCurrencyIsoCode xsi:nil=\"true\"/><userEmail>user@salesforce.com</userEmail><userFullName>Vince Chase</userFullName><userId>example</userId><userLanguage>en_US</userLanguage><userLocale>en_US</userLocale><userName>%s</userName><userTimeZone>America/Chicago</userTimeZone><userType>Standard</userType><userUiSkin>Theme3</userUiSkin></userInfo></result></loginResponse></soapenv:Body></soapenv:Envelope>", "my18CharOrgId", "user@salesforce.com");
        ((AbstractStringAssert) Assertions.assertThat(new SalesforceBasicAuthenticator(allowedOrganizations, new TestingHttpClient(request -> {
            return TestingResponse.mockResponse(HttpStatus.OK, MediaType.ANY_TEXT_TYPE, format);
        })).createAuthenticatedPrincipal("user@salesforce.com", "passtoken").getName()).describedAs("Test allowing a few orgs.", new Object[0])).isEqualTo("user@salesforce.com");
    }

    @Test
    public void createAuthenticatedPrincipalRealSuccess() {
        if (!this.forReal) {
            Assumptions.abort("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_ORG");
        if (Strings.emptyToNull(str) == null) {
            Fail.fail("Must set SALESFORCE_TEST_ORG environment variable.");
        }
        String str2 = System.getenv("SALESFORCE_TEST_USERNAME");
        String str3 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str2) == null || Strings.emptyToNull(str3) == null) {
            Fail.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        ((AbstractStringAssert) Assertions.assertThat(new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations(str), new JettyHttpClient()).createAuthenticatedPrincipal(str2, str3).getName()).describedAs("Test principal name for real, yo!", new Object[0])).isEqualTo(str2);
    }

    @Test
    public void createAuthenticatedPrincipalRealWrongOrg() {
        if (!this.forReal) {
            Assumptions.abort("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_USERNAME");
        String str2 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str) == null || Strings.emptyToNull(str2) == null) {
            Fail.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        SalesforceBasicAuthenticator salesforceBasicAuthenticator = new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations("NotMyOrg"), new JettyHttpClient());
        Assertions.assertThatThrownBy(() -> {
            salesforceBasicAuthenticator.createAuthenticatedPrincipal(str, str2);
        }).isInstanceOf(AccessDeniedException.class).hasMessage("Test got wrong org for real, yo!");
    }

    @Test
    public void createAuthenticatedPrincipalRealAllOrgs() {
        if (!this.forReal) {
            Assumptions.abort("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_USERNAME");
        String str2 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str) == null || Strings.emptyToNull(str2) == null) {
            Fail.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        ((AbstractStringAssert) Assertions.assertThat(new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations("all"), new JettyHttpClient()).createAuthenticatedPrincipal(str, str2).getName()).describedAs("Test no org check for real, yo!", new Object[0])).isEqualTo(str);
    }

    @Test
    public void createAuthenticatedPrincipalRealBadPassword() {
        if (!this.forReal) {
            Assumptions.abort("Skipping real tests.");
        }
        String str = System.getenv("SALESFORCE_TEST_ORG");
        if (Strings.emptyToNull(str) == null) {
            Fail.fail("Must set SALESFORCE_TEST_ORG environment variable.");
        }
        String str2 = System.getenv("SALESFORCE_TEST_USERNAME");
        String str3 = System.getenv("SALESFORCE_TEST_PASSWORD");
        if (Strings.emptyToNull(str2) == null || Strings.emptyToNull(str3) == null) {
            Fail.fail("Must set SALESFORCE_TEST_USERNAME and SALESFORCE_TEST_PASSWORD environment variables.");
        }
        SalesforceBasicAuthenticator salesforceBasicAuthenticator = new SalesforceBasicAuthenticator(new SalesforceConfig().setAllowedOrganizations(str), new JettyHttpClient());
        Assertions.assertThatThrownBy(() -> {
            salesforceBasicAuthenticator.createAuthenticatedPrincipal(str2, "NotMyPassword");
        }).isInstanceOf(AccessDeniedException.class).hasMessage("Test bad password for real, yo!");
    }
}
