package io.trino.client.auth.external;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import io.airlift.concurrent.Threads;
import io.trino.client.ClientException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.Callable;
import java.util.concurrent.CancellationException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.stream.Stream;
import okhttp3.HttpUrl;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ListAssert;
import org.assertj.core.api.ThrowableAssert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;

@Test(singleThreaded = true)
/* loaded from: input_file:io/trino/client/auth/external/TestExternalAuthenticator.class */
public class TestExternalAuthenticator {
    private static final ExecutorService executor = Executors.newCachedThreadPool(Threads.daemonThreadsNamed(TestExternalAuthenticator.class.getName() + "-%d"));

    /* loaded from: input_file:io/trino/client/auth/external/TestExternalAuthenticator$ConcurrentRequestAssertion.class */
    static class ConcurrentRequestAssertion {
        private final List<Throwable> exceptions = new ArrayList();
        private final List<Request> requests = new ArrayList();

        public ConcurrentRequestAssertion(List<Future<Request>> list) {
            Iterator<Future<Request>> it = list.iterator();
            while (it.hasNext()) {
                try {
                    this.requests.add(it.next().get());
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    throw new RuntimeException(e);
                } catch (CancellationException e2) {
                    this.exceptions.add(e2);
                } catch (ExecutionException e3) {
                    Preconditions.checkState(e3.getCause() != null, "Missing cause on ExecutionException " + e3.getMessage());
                    this.exceptions.add(e3.getCause());
                }
            }
        }

        ThrowableAssert firstException() {
            return (ThrowableAssert) this.exceptions.stream().findFirst().map(ThrowableAssert::new).orElseGet(() -> {
                return new ThrowableAssert(() -> {
                    return null;
                });
            });
        }

        void assertThatNoExceptionsHasBeenThrown() {
            if (this.exceptions.isEmpty()) {
                return;
            }
            AssertionError assertionError = new AssertionError("Expected no exceptions, but some exceptions has been thrown", this.exceptions.get(0));
            for (int i = 1; i < this.exceptions.size(); i++) {
                assertionError.addSuppressed(this.exceptions.get(i));
            }
            throw assertionError;
        }

        ListAssert<Request> requests() {
            return Assertions.assertThat(this.requests);
        }
    }

    @AfterClass(alwaysRun = true)
    public void shutDownThreadPool() {
        executor.shutdownNow();
    }

    @Test
    public void testChallengeWithOnlyTokenServerUri() {
        Assertions.assertThat(buildAuthentication("Bearer x_token_server=\"http://token.uri\"")).hasValueSatisfying(externalAuthentication -> {
            Assertions.assertThat(externalAuthentication.getRedirectUri()).isEmpty();
            Assertions.assertThat(externalAuthentication.getTokenUri()).isEqualTo(URI.create("http://token.uri"));
        });
    }

    @Test
    public void testChallengeWithBothUri() {
        Assertions.assertThat(buildAuthentication("Bearer x_redirect_server=\"http://redirect.uri\", x_token_server=\"http://token.uri\"")).hasValueSatisfying(externalAuthentication -> {
            Assertions.assertThat(externalAuthentication.getRedirectUri()).hasValue(URI.create("http://redirect.uri"));
            Assertions.assertThat(externalAuthentication.getTokenUri()).isEqualTo(URI.create("http://token.uri"));
        });
    }

    @Test
    public void testChallengeWithValuesWithoutQuotes() {
        Assertions.assertThat(buildAuthentication("Bearer x_redirect_server=http://redirect.uri, x_token_server=http://token.uri")).hasValueSatisfying(externalAuthentication -> {
            Assertions.assertThat(externalAuthentication.getRedirectUri()).hasValue(URI.create("http://redirect.uri"));
            Assertions.assertThat(externalAuthentication.getTokenUri()).isEqualTo(URI.create("http://token.uri"));
        });
    }

    @Test
    public void testChallengeWithAdditionalFields() {
        Assertions.assertThat(buildAuthentication("Bearer type=\"token\", x_redirect_server=\"http://redirect.uri\", x_token_server=\"http://token.uri\", description=\"oauth challenge\"")).hasValueSatisfying(externalAuthentication -> {
            Assertions.assertThat(externalAuthentication.getRedirectUri()).hasValue(URI.create("http://redirect.uri"));
            Assertions.assertThat(externalAuthentication.getTokenUri()).isEqualTo(URI.create("http://token.uri"));
        });
    }

    @Test
    public void testInvalidChallenges() {
        Assertions.assertThat(buildAuthentication("Bearer")).isEmpty();
        Assertions.assertThat(buildAuthentication("x_redirect_server=\"http://redirect.uri\", x_token_server=\"http://token.uri\"")).isEmpty();
        Assertions.assertThat(buildAuthentication("Bearer x_redirect_server=\"http://redirect.uri\" x_token_server=\"http://token.uri\"")).isEmpty();
        Assertions.assertThat(buildAuthentication("Bearer x_redirect_server=\"http://redirect.uri\"=x_token_server=\"http://token.uri\"")).isEmpty();
    }

    @Test
    public void testChallengeWithMalformedUri() {
        Assertions.assertThatThrownBy(() -> {
            buildAuthentication("Bearer x_token_server=\"http://[1.1.1.1]\"");
        }).isInstanceOf(ClientException.class).hasMessageContaining(String.format("Failed to parse URI for field '%s'", "x_token_server")).hasRootCauseInstanceOf(URISyntaxException.class).hasRootCauseMessage("Malformed IPv6 address at index 8: http://[1.1.1.1]");
    }

    @Test
    public void testAuthentication() {
        Assertions.assertThat(new ExternalAuthenticator(uri -> {
        }, new MockTokenPoller().withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("valid-token"))), KnownToken.local(), Duration.ofSeconds(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\"")).headers()).extracting(headers -> {
            return headers.get("Authorization");
        }).isEqualTo("Bearer valid-token");
    }

    @Test
    public void testReAuthenticationAfterRejectingToken() {
        ExternalAuthenticator externalAuthenticator = new ExternalAuthenticator(uri -> {
        }, new MockTokenPoller().withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("first-token"))).withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("second-token"))), KnownToken.local(), Duration.ofSeconds(1L));
        Assertions.assertThat(externalAuthenticator.authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\"", externalAuthenticator.authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\"")))).headers("Authorization")).containsExactly(new String[]{"Bearer second-token"});
    }

    @Test(timeOut = 2000)
    public void testAuthenticationFromMultipleThreadsWithLocallyStoredToken() {
        MockTokenPoller withResult = new MockTokenPoller().withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("valid-token-1"))).withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("valid-token-2"))).withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("valid-token-3"))).withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("valid-token-4")));
        MockRedirectHandler mockRedirectHandler = new MockRedirectHandler();
        Stream<Callable<Request>> times = times(4, () -> {
            return new ExternalAuthenticator(mockRedirectHandler, withResult, KnownToken.local(), Duration.ofSeconds(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\""));
        });
        ExecutorService executorService = executor;
        Objects.requireNonNull(executorService);
        ConcurrentRequestAssertion concurrentRequestAssertion = new ConcurrentRequestAssertion((List) times.map(executorService::submit).collect(ImmutableList.toImmutableList()));
        concurrentRequestAssertion.requests().extracting((v0) -> {
            return v0.headers();
        }).extracting(headers -> {
            return headers.get("Authorization");
        }).contains(new String[]{"Bearer valid-token-1", "Bearer valid-token-2", "Bearer valid-token-3", "Bearer valid-token-4"});
        concurrentRequestAssertion.assertThatNoExceptionsHasBeenThrown();
        Assertions.assertThat(mockRedirectHandler.getRedirectionCount()).isEqualTo(4);
    }

    @Test(timeOut = 2000)
    public void testAuthenticationFromMultipleThreadsWithCachedToken() {
        MockTokenPoller withResult = new MockTokenPoller().withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("valid-token")));
        MockRedirectHandler sleepOnRedirect = new MockRedirectHandler().sleepOnRedirect(Duration.ofSeconds(1L));
        Stream<Callable<Request>> times = times(2, () -> {
            return new ExternalAuthenticator(sleepOnRedirect, withResult, KnownToken.memoryCached(), Duration.ofSeconds(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\""));
        });
        ExecutorService executorService = executor;
        Objects.requireNonNull(executorService);
        ConcurrentRequestAssertion concurrentRequestAssertion = new ConcurrentRequestAssertion((List) times.map(executorService::submit).collect(ImmutableList.toImmutableList()));
        concurrentRequestAssertion.requests().extracting((v0) -> {
            return v0.headers();
        }).extracting(headers -> {
            return headers.get("Authorization");
        }).containsOnly(new String[]{"Bearer valid-token"});
        concurrentRequestAssertion.assertThatNoExceptionsHasBeenThrown();
        Assertions.assertThat(sleepOnRedirect.getRedirectionCount()).isEqualTo(1);
    }

    @Test(timeOut = 2000)
    public void testAuthenticationFromMultipleThreadsWithCachedTokenAfterAuthenticateFails() {
        MockTokenPoller withResult = new MockTokenPoller().withResult(URI.create("http://token.uri"), TokenPollResult.successful(new Token("first-token"))).withResult(URI.create("http://token.uri"), TokenPollResult.failed("external authentication error"));
        MockRedirectHandler sleepOnRedirect = new MockRedirectHandler().sleepOnRedirect(Duration.ofMillis(500L));
        Request authenticate = new ExternalAuthenticator(sleepOnRedirect, withResult, KnownToken.memoryCached(), Duration.ofSeconds(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\""));
        Stream<Callable<Request>> times = times(4, () -> {
            return new ExternalAuthenticator(sleepOnRedirect, withResult, KnownToken.memoryCached(), Duration.ofSeconds(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\"", authenticate));
        });
        ExecutorService executorService = executor;
        Objects.requireNonNull(executorService);
        ConcurrentRequestAssertion concurrentRequestAssertion = new ConcurrentRequestAssertion((List) times.map(executorService::submit).collect(ImmutableList.toImmutableList()));
        concurrentRequestAssertion.requests().containsOnlyNulls();
        concurrentRequestAssertion.firstException().hasMessage("external authentication error").isInstanceOf(ClientException.class);
        Assertions.assertThat(sleepOnRedirect.getRedirectionCount()).isEqualTo(2);
    }

    @Test(timeOut = 2000)
    public void testAuthenticationFromMultipleThreadsWithCachedTokenAfterAuthenticateTimesOut() {
        MockRedirectHandler sleepOnRedirect = new MockRedirectHandler().sleepOnRedirect(Duration.ofSeconds(1L));
        Stream<Callable<Request>> times = times(2, () -> {
            return new ExternalAuthenticator(sleepOnRedirect, MockTokenPoller.onPoll(TokenPollResult::pending), KnownToken.memoryCached(), Duration.ofMillis(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\""));
        });
        ExecutorService executorService = executor;
        Objects.requireNonNull(executorService);
        ConcurrentRequestAssertion concurrentRequestAssertion = new ConcurrentRequestAssertion((List) times.map(executorService::submit).collect(ImmutableList.toImmutableList()));
        concurrentRequestAssertion.requests().containsExactly(new Request[]{null, null});
        concurrentRequestAssertion.assertThatNoExceptionsHasBeenThrown();
        Assertions.assertThat(sleepOnRedirect.getRedirectionCount()).isEqualTo(1);
    }

    @Test(timeOut = 2000)
    public void testAuthenticationFromMultipleThreadsWithCachedTokenAfterAuthenticateIsInterrupted() throws Exception {
        ExecutorService newCachedThreadPool = Executors.newCachedThreadPool(Threads.daemonThreadsNamed(getClass().getName() + "-interruptable-%d"));
        MockRedirectHandler sleepOnRedirect = new MockRedirectHandler().sleepOnRedirect(Duration.ofMinutes(1L));
        ExternalAuthenticator externalAuthenticator = new ExternalAuthenticator(sleepOnRedirect, MockTokenPoller.onPoll(TokenPollResult::pending), KnownToken.memoryCached(), Duration.ofMillis(1L));
        Future submit = newCachedThreadPool.submit(() -> {
            return externalAuthenticator.authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\""));
        });
        Thread.sleep(100L);
        Stream<Callable<Request>> times = times(2, () -> {
            return new ExternalAuthenticator(sleepOnRedirect, MockTokenPoller.onPoll(TokenPollResult::pending), KnownToken.memoryCached(), Duration.ofMillis(1L)).authenticate((Route) null, getUnauthorizedResponse("Bearer x_token_server=\"http://token.uri\", x_redirect_server=\"http://redirect.uri\""));
        });
        ExecutorService executorService = executor;
        Objects.requireNonNull(executorService);
        List list = (List) times.map(executorService::submit).collect(ImmutableList.toImmutableList());
        Thread.sleep(100L);
        newCachedThreadPool.shutdownNow();
        ConcurrentRequestAssertion concurrentRequestAssertion = new ConcurrentRequestAssertion(ImmutableList.builder().addAll(list).add(submit).build());
        concurrentRequestAssertion.requests().containsExactly(new Request[]{null, null});
        concurrentRequestAssertion.firstException().hasRootCauseInstanceOf(InterruptedException.class);
        Assertions.assertThat(sleepOnRedirect.getRedirectionCount()).isEqualTo(1);
    }

    private static Stream<Callable<Request>> times(int i, Callable<Request> callable) {
        return Stream.generate(() -> {
            return callable;
        }).limit(i);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Optional<ExternalAuthentication> buildAuthentication(String str) {
        return ExternalAuthenticator.toAuthentication(getUnauthorizedResponse(str));
    }

    private static Response getUnauthorizedResponse(String str) {
        return getUnauthorizedResponse(str, new Request.Builder().url(HttpUrl.get("http://example.com")).build());
    }

    private static Response getUnauthorizedResponse(String str, Request request) {
        return new Response.Builder().request(request).protocol(Protocol.HTTP_1_1).code(401).message("Unauthorized").header("WWW-Authenticate", str).build();
    }
}
