package io.trino.jdbc;

import com.google.common.collect.ImmutableMap;
import com.google.common.io.Resources;
import com.google.inject.Key;
import io.trino.server.security.PasswordAuthenticatorManager;
import io.trino.server.testing.TestingTrinoServer;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.PasswordAuthenticator;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.Principal;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import org.assertj.core.api.Assertions;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/jdbc/TestTrinoDriverImpersonateUser.class */
public class TestTrinoDriverImpersonateUser {
    private static final String TEST_USER = "test_user";
    private static final String PASSWORD = "password";
    private TestingTrinoServer server;

    @BeforeClass
    public void setup() throws Exception {
        Path createTempFile = Files.createTempFile("passwordConfigDummy", null, new FileAttribute[0]);
        createTempFile.toFile().deleteOnExit();
        this.server = TestingTrinoServer.builder().setProperties(ImmutableMap.builder().put("password-authenticator.config-files", createTempFile.toString()).put("http-server.authentication.type", PASSWORD).put("http-server.https.enabled", "true").put("http-server.https.keystore.path", new File(Resources.getResource("localhost.keystore").toURI()).getPath()).put("http-server.https.keystore.key", "changeit").buildOrThrow()).build();
        ((PasswordAuthenticatorManager) this.server.getInstance(Key.get(PasswordAuthenticatorManager.class))).setAuthenticators(new PasswordAuthenticator[]{TestTrinoDriverImpersonateUser::authenticate});
    }

    private static Principal authenticate(String str, String str2) {
        if (TEST_USER.equals(str) && PASSWORD.equals(str2)) {
            return new BasicPrincipal(str);
        }
        throw new AccessDeniedException("Invalid credentials");
    }

    @AfterClass(alwaysRun = true)
    public void teardown() throws Exception {
        this.server.close();
        this.server = null;
    }

    @Test
    public void testInvalidCredentials() {
        Assertions.assertThatThrownBy(() -> {
            trySelectCurrentUser(ImmutableMap.of());
        });
        Assertions.assertThatThrownBy(() -> {
            trySelectCurrentUser(ImmutableMap.of("user", "invalidUser", PASSWORD, PASSWORD));
        });
        Assertions.assertThatThrownBy(() -> {
            trySelectCurrentUser(ImmutableMap.of("user", TEST_USER, PASSWORD, "invalidPassword"));
        });
        Assertions.assertThatThrownBy(() -> {
            trySelectCurrentUser(ImmutableMap.of("user", "invalidUser", PASSWORD, PASSWORD, "sessionUser", TEST_USER));
        });
    }

    @Test
    public void testQueryUserNotSpecified() throws Exception {
        Assert.assertEquals(trySelectCurrentUser(ImmutableMap.of("user", TEST_USER, PASSWORD, PASSWORD)), TEST_USER);
    }

    @Test
    public void testImpersonateUser() throws Exception {
        Assert.assertEquals(trySelectCurrentUser(ImmutableMap.of("user", TEST_USER, PASSWORD, PASSWORD, "sessionUser", "differentUser")), "differentUser");
    }

    private String trySelectCurrentUser(Map<String, String> map) throws Exception {
        Connection createConnection = createConnection(map);
        try {
            Statement createStatement = createConnection.createStatement();
            try {
                ResultSet executeQuery = createStatement.executeQuery("SELECT current_user");
                try {
                    Assert.assertTrue(executeQuery.next());
                    String string = executeQuery.getString(1);
                    if (executeQuery != null) {
                        executeQuery.close();
                    }
                    if (createStatement != null) {
                        createStatement.close();
                    }
                    if (createConnection != null) {
                        createConnection.close();
                    }
                    return string;
                } catch (Throwable th) {
                    if (executeQuery != null) {
                        try {
                            executeQuery.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (createStatement != null) {
                    try {
                        createStatement.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        } catch (Throwable th5) {
            if (createConnection != null) {
                try {
                    createConnection.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    private Connection createConnection(Map<String, String> map) throws Exception {
        String format = String.format("jdbc:trino://localhost:%s", Integer.valueOf(this.server.getHttpsAddress().getPort()));
        Properties properties = new Properties();
        properties.setProperty("SSL", "true");
        properties.setProperty("SSLTrustStorePath", new File(Resources.getResource("localhost.truststore").toURI()).getPath());
        properties.setProperty("SSLTrustStorePassword", "changeit");
        Objects.requireNonNull(properties);
        map.forEach(properties::setProperty);
        return DriverManager.getConnection(format, properties);
    }
}
