package com.google.auth.oauth2;

import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.GenericJson;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.ExecutableHandler;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.PluggableAuthCredentials;
import java.io.IOException;
import java.io.InputStream;
import java.io.NotSerializableException;
import java.math.BigDecimal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nullable;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/google/auth/oauth2/PluggableAuthCredentialsTest.class */
public class PluggableAuthCredentialsTest extends BaseSerializationTest {
    private static final int DEFAULT_EXECUTABLE_TIMEOUT_MS = 30000;
    private static final int MINIMUM_EXECUTABLE_TIMEOUT_MS = 5000;
    private static final int MAXIMUM_EXECUTABLE_TIMEOUT_MS = 120000;
    private static final String STS_URL = "https://sts.googleapis.com";
    private static final PluggableAuthCredentials CREDENTIAL = PluggableAuthCredentials.newBuilder().setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience("//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("tokenInfoUrl").setCredentialSource(buildCredentialSource()).build();

    /* loaded from: input_file:com/google/auth/oauth2/PluggableAuthCredentialsTest$MockExternalAccountCredentialsTransportFactory.class */
    static class MockExternalAccountCredentialsTransportFactory implements HttpTransportFactory {
        MockExternalAccountCredentialsTransport transport = new MockExternalAccountCredentialsTransport();

        MockExternalAccountCredentialsTransportFactory() {
        }

        public HttpTransport create() {
            return this.transport;
        }
    }

    @Test
    public void retrieveSubjectToken_shouldDelegateToHandler() throws IOException {
        Assert.assertEquals(PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            return "pluggableAuthToken";
        }).build().retrieveSubjectToken(), "pluggableAuthToken");
    }

    @Test
    public void retrieveSubjectToken_shouldPassAllOptionsToHandler() throws IOException {
        ExecutableHandler.ExecutableOptions[] executableOptionsArr = {null};
        PluggableAuthCredentials build = PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            executableOptionsArr[0] = executableOptions;
            return "pluggableAuthToken";
        }).setCredentialSource(buildCredentialSource("/path/to/executable", "5000", "/path/to/output/file")).setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").build();
        Assert.assertEquals(build.retrieveSubjectToken(), "pluggableAuthToken");
        ExecutableHandler.ExecutableOptions executableOptions2 = executableOptionsArr[0];
        Assert.assertEquals(executableOptions2.getExecutableCommand(), "/path/to/executable");
        Assert.assertEquals(executableOptions2.getExecutableTimeoutMs(), Integer.parseInt("5000"));
        Assert.assertEquals(executableOptions2.getOutputFilePath(), "/path/to/output/file");
        Map environmentMap = executableOptions2.getEnvironmentMap();
        Assert.assertEquals(environmentMap.size(), 5L);
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE"), build.getAudience());
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE"), build.getSubjectTokenType());
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE"), "0");
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL"), build.getServiceAccountEmail());
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE"), "/path/to/output/file");
    }

    @Test
    public void retrieveSubjectToken_shouldPassMinimalOptionsToHandler() throws IOException {
        ExecutableHandler.ExecutableOptions[] executableOptionsArr = {null};
        PluggableAuthCredentials build = PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            executableOptionsArr[0] = executableOptions;
            return "pluggableAuthToken";
        }).setCredentialSource(buildCredentialSource("/path/to/executable", null, null)).build();
        Assert.assertEquals(build.retrieveSubjectToken(), "pluggableAuthToken");
        ExecutableHandler.ExecutableOptions executableOptions2 = executableOptionsArr[0];
        Assert.assertEquals(executableOptions2.getExecutableCommand(), "/path/to/executable");
        Assert.assertEquals(executableOptions2.getExecutableTimeoutMs(), 30000L);
        Assert.assertNull(executableOptions2.getOutputFilePath());
        Map environmentMap = executableOptions2.getEnvironmentMap();
        Assert.assertEquals(environmentMap.size(), 3L);
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_AUDIENCE"), build.getAudience());
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_TOKEN_TYPE"), build.getSubjectTokenType());
        Assert.assertEquals(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_INTERACTIVE"), "0");
        Assert.assertNull(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_IMPERSONATED_EMAIL"));
        Assert.assertNull(environmentMap.get("GOOGLE_EXTERNAL_ACCOUNT_OUTPUT_FILE"));
    }

    @Test
    public void refreshAccessToken_withoutServiceAccountImpersonation() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        mockExternalAccountCredentialsTransportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
        Assert.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getAccessToken(), PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            return "pluggableAuthToken";
        }).setTokenUrl(mockExternalAccountCredentialsTransportFactory.transport.getStsUrl()).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).build().refreshAccessToken().getTokenValue());
        Assert.assertEquals(TestUtils.parseQuery(mockExternalAccountCredentialsTransportFactory.transport.getRequests().get(0).getContentAsString()).get("subject_token"), "pluggableAuthToken");
    }

    @Test
    public void refreshAccessToken_withServiceAccountImpersonation() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        mockExternalAccountCredentialsTransportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
        Assert.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getServiceAccountAccessToken(), PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            return "pluggableAuthToken";
        }).setTokenUrl(mockExternalAccountCredentialsTransportFactory.transport.getStsUrl()).setServiceAccountImpersonationUrl(mockExternalAccountCredentialsTransportFactory.transport.getServiceAccountImpersonationUrl()).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).build().refreshAccessToken().getTokenValue());
        Assert.assertEquals(TestUtils.parseQuery(mockExternalAccountCredentialsTransportFactory.transport.getRequests().get(0).getContentAsString()).get("subject_token"), "pluggableAuthToken");
    }

    @Test
    public void refreshAccessToken_withServiceAccountImpersonationOptions() throws IOException {
        MockExternalAccountCredentialsTransportFactory mockExternalAccountCredentialsTransportFactory = new MockExternalAccountCredentialsTransportFactory();
        mockExternalAccountCredentialsTransportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
        Assert.assertEquals(mockExternalAccountCredentialsTransportFactory.transport.getServiceAccountAccessToken(), PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            return "pluggableAuthToken";
        }).setTokenUrl(mockExternalAccountCredentialsTransportFactory.transport.getStsUrl()).setServiceAccountImpersonationUrl(mockExternalAccountCredentialsTransportFactory.transport.getServiceAccountImpersonationUrl()).setHttpTransportFactory(mockExternalAccountCredentialsTransportFactory).setServiceAccountImpersonationOptions(ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800)).build().refreshAccessToken().getTokenValue());
        Assert.assertEquals("2800s", ((GenericJson) OAuth2Utils.JSON_FACTORY.createJsonParser(mockExternalAccountCredentialsTransportFactory.transport.getLastRequest().getContentAsString()).parseAndClose(GenericJson.class)).get("lifetime"));
    }

    @Test
    public void pluggableAuthCredentialSource_allFields() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("executable", hashMap2);
        hashMap2.put("command", "/path/to/executable");
        hashMap2.put("timeout_millis", "10000");
        hashMap2.put("output_file", "/path/to/output/file");
        PluggableAuthCredentials.PluggableAuthCredentialSource pluggableAuthCredentialSource = new PluggableAuthCredentials.PluggableAuthCredentialSource(hashMap);
        Assert.assertEquals(pluggableAuthCredentialSource.getCommand(), "/path/to/executable");
        Assert.assertEquals(pluggableAuthCredentialSource.getTimeoutMs(), 10000L);
        Assert.assertEquals(pluggableAuthCredentialSource.getOutputFilePath(), "/path/to/output/file");
    }

    @Test
    public void pluggableAuthCredentialSource_noTimeoutProvided_setToDefault() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("executable", hashMap2);
        hashMap2.put("command", "command");
        PluggableAuthCredentials.PluggableAuthCredentialSource pluggableAuthCredentialSource = new PluggableAuthCredentials.PluggableAuthCredentialSource(hashMap);
        Assert.assertEquals(pluggableAuthCredentialSource.getCommand(), "command");
        Assert.assertEquals(pluggableAuthCredentialSource.getTimeoutMs(), 30000L);
        Assert.assertNull(pluggableAuthCredentialSource.getOutputFilePath());
    }

    @Test
    public void pluggableAuthCredentialSource_timeoutProvidedOutOfRange_throws() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("executable", hashMap2);
        hashMap2.put("command", "command");
        for (int i : new int[]{0, 4000, 121000}) {
            hashMap2.put("timeout_millis", Integer.valueOf(i));
            try {
                new PluggableAuthCredentials.PluggableAuthCredentialSource(hashMap);
                Assert.fail("Should not be able to continue without exception.");
            } catch (IllegalArgumentException e) {
                Assert.assertEquals(String.format("The executable timeout must be between %s and %s milliseconds.", Integer.valueOf(MINIMUM_EXECUTABLE_TIMEOUT_MS), Integer.valueOf(MAXIMUM_EXECUTABLE_TIMEOUT_MS)), e.getMessage());
            }
        }
    }

    @Test
    public void pluggableAuthCredentialSource_validTimeoutProvided() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("executable", hashMap2);
        hashMap2.put("command", "command");
        for (Object obj : new Object[]{"10000", 10000, BigDecimal.valueOf(10000L)}) {
            hashMap2.put("timeout_millis", obj);
            PluggableAuthCredentials.PluggableAuthCredentialSource pluggableAuthCredentialSource = new PluggableAuthCredentials.PluggableAuthCredentialSource(hashMap);
            Assert.assertEquals(pluggableAuthCredentialSource.getCommand(), "command");
            Assert.assertEquals(pluggableAuthCredentialSource.getTimeoutMs(), 10000L);
            Assert.assertNull(pluggableAuthCredentialSource.getOutputFilePath());
        }
    }

    @Test
    public void pluggableAuthCredentialSource_missingExecutableField_throws() {
        try {
            new PluggableAuthCredentials.PluggableAuthCredentialSource(new HashMap());
            Assert.fail("Should not be able to continue without exception.");
        } catch (IllegalArgumentException e) {
            Assert.assertEquals("Invalid credential source for PluggableAuth credentials.", e.getMessage());
        }
    }

    @Test
    public void pluggableAuthCredentialSource_missingExecutableCommandField_throws() {
        HashMap hashMap = new HashMap();
        hashMap.put("executable", new HashMap());
        try {
            new PluggableAuthCredentials.PluggableAuthCredentialSource(hashMap);
            Assert.fail("Should not be able to continue without exception.");
        } catch (IllegalArgumentException e) {
            Assert.assertEquals("The PluggableAuthCredentialSource is missing the required 'command' field.", e.getMessage());
        }
    }

    @Test
    public void builder_allFields() {
        List asList = Arrays.asList("scope1", "scope2");
        ExternalAccountCredentials.CredentialSource buildCredentialSource = buildCredentialSource();
        ExecutableHandler executableHandler = executableOptions -> {
            return "Token";
        };
        PluggableAuthCredentials build = PluggableAuthCredentials.newBuilder().setExecutableHandler(executableHandler).setHttpTransportFactory(OAuth2Utils.HTTP_TRANSPORT_FACTORY).setAudience("audience").setSubjectTokenType("subjectTokenType").setTokenUrl(STS_URL).setTokenInfoUrl("tokenInfoUrl").setCredentialSource(buildCredentialSource).setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").setQuotaProjectId("quotaProjectId").setClientId("clientId").setClientSecret("clientSecret").setScopes(asList).build();
        Assert.assertEquals(build.getExecutableHandler(), executableHandler);
        Assert.assertEquals("audience", build.getAudience());
        Assert.assertEquals("subjectTokenType", build.getSubjectTokenType());
        Assert.assertEquals(build.getTokenUrl(), STS_URL);
        Assert.assertEquals(build.getTokenInfoUrl(), "tokenInfoUrl");
        Assert.assertEquals(build.getServiceAccountImpersonationUrl(), "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken");
        Assert.assertEquals(build.getCredentialSource(), buildCredentialSource);
        Assert.assertEquals(build.getQuotaProjectId(), "quotaProjectId");
        Assert.assertEquals(build.getClientId(), "clientId");
        Assert.assertEquals(build.getClientSecret(), "clientSecret");
        Assert.assertEquals(build.getScopes(), asList);
        Assert.assertEquals(build.getEnvironmentProvider(), SystemEnvironmentProvider.getInstance());
    }

    @Test
    public void createdScoped_clonedCredentialWithAddedScopes() {
        PluggableAuthCredentials build = PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            return "pluggableAuthToken";
        }).setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").setQuotaProjectId("quotaProjectId").setClientId("clientId").setClientSecret("clientSecret").setUniverseDomain("universeDomain").build();
        List asList = Arrays.asList("scope1", "scope2");
        PluggableAuthCredentials createScoped = build.createScoped(asList);
        Assert.assertEquals(build.getAudience(), createScoped.getAudience());
        Assert.assertEquals(build.getSubjectTokenType(), createScoped.getSubjectTokenType());
        Assert.assertEquals(build.getTokenUrl(), createScoped.getTokenUrl());
        Assert.assertEquals(build.getTokenInfoUrl(), createScoped.getTokenInfoUrl());
        Assert.assertEquals(build.getServiceAccountImpersonationUrl(), createScoped.getServiceAccountImpersonationUrl());
        Assert.assertEquals(build.getCredentialSource(), createScoped.getCredentialSource());
        Assert.assertEquals(asList, createScoped.getScopes());
        Assert.assertEquals(build.getQuotaProjectId(), createScoped.getQuotaProjectId());
        Assert.assertEquals(build.getClientId(), createScoped.getClientId());
        Assert.assertEquals(build.getClientSecret(), createScoped.getClientSecret());
        Assert.assertEquals(build.getExecutableHandler(), createScoped.getExecutableHandler());
        Assert.assertEquals(build.getUniverseDomain(), createScoped.getUniverseDomain());
        Assert.assertEquals("universeDomain", createScoped.getUniverseDomain());
    }

    @Test
    public void serialize() throws IOException, ClassNotFoundException {
        PluggableAuthCredentials build = PluggableAuthCredentials.newBuilder(CREDENTIAL).setExecutableHandler(executableOptions -> {
            return "pluggableAuthToken";
        }).setServiceAccountImpersonationUrl("https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/testn@test.iam.gserviceaccount.com:generateAccessToken").setQuotaProjectId("quotaProjectId").setClientId("clientId").setClientSecret("clientSecret").setUniverseDomain("universeDomain").build();
        Assert.assertThrows(NotSerializableException.class, () -> {
        });
    }

    private static ExternalAccountCredentials.CredentialSource buildCredentialSource() {
        return buildCredentialSource("command", null, null);
    }

    private static ExternalAccountCredentials.CredentialSource buildCredentialSource(String str, @Nullable String str2, @Nullable String str3) {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("executable", hashMap2);
        hashMap2.put("command", str);
        if (str2 != null) {
            hashMap2.put("timeout_millis", str2);
        }
        if (str3 != null) {
            hashMap2.put("output_file", str3);
        }
        return new PluggableAuthCredentials.PluggableAuthCredentialSource(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InputStream writeCredentialsStream(String str) throws IOException {
        GenericJson genericJson = new GenericJson();
        genericJson.put("audience", "audience");
        genericJson.put("subject_token_type", "subjectTokenType");
        genericJson.put("token_url", str);
        genericJson.put("token_info_url", "tokenInfoUrl");
        genericJson.put("type", "external_account");
        GenericJson genericJson2 = new GenericJson();
        GenericJson genericJson3 = new GenericJson();
        genericJson3.put("command", "/path/to/executable");
        genericJson2.put("executable", genericJson3);
        genericJson.put("credential_source", genericJson2);
        return TestUtils.jsonToInputStream(genericJson);
    }
}
