package io.trino.tests.jdbc;

import com.google.inject.Inject;
import com.google.inject.name.Named;
import io.trino.tempto.Requires;
import io.trino.tempto.assertions.QueryAssert;
import io.trino.tempto.fulfillment.table.hive.tpch.ImmutableTpchTablesRequirements;
import io.trino.tests.ImmutableLdapObjectDefinitions;
import io.trino.tests.TestGroups;
import io.trino.tests.TpchTableResults;
import java.sql.DriverManager;
import java.sql.SQLException;
import org.assertj.core.api.AssertionsForClassTypes;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/tests/jdbc/TestLdapTrinoJdbc.class */
public class TestLdapTrinoJdbc extends BaseLdapJdbcTest {

    @Named("databases.presto.file_user_password")
    @Inject(optional = true)
    private String fileUserPassword;

    @Named("databases.OnlyFileUser@presto.file_user_password")
    @Inject(optional = true)
    private String onlyFileUserPassword;

    @Override // io.trino.tests.jdbc.BaseLdapJdbcTest
    protected String getLdapUrlFormat() {
        return "jdbc:trino://%s?SSL=true&SSLTrustStorePath=%s&SSLTrustStorePassword=%s";
    }

    @Requires({ImmutableTpchTablesRequirements.ImmutableNationTable.class})
    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldRunQueryWithLdap() throws SQLException {
        QueryAssert.assertThat(executeLdapQuery("SELECT * FROM tpch.tiny.nation", this.ldapUserName, this.ldapUserPassword)).matches(TpchTableResults.PRESTO_NATION_RESULT);
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForLdapUserInChildGroup() {
        expectQueryToFailForUserNotInGroup((String) ImmutableLdapObjectDefinitions.CHILD_GROUP_USER.getAttributes().get("cn"));
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForLdapUserInParentGroup() {
        expectQueryToFailForUserNotInGroup((String) ImmutableLdapObjectDefinitions.PARENT_GROUP_USER.getAttributes().get("cn"));
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForOrphanLdapUser() {
        expectQueryToFailForUserNotInGroup((String) ImmutableLdapObjectDefinitions.ORPHAN_USER.getAttributes().get("cn"));
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForWrongLdapPassword() {
        expectQueryToFail(this.ldapUserName, "wrong_password", "Authentication failed: Access Denied: Invalid credentials");
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForWrongLdapUser() {
        AssertionsForClassTypes.assertThatThrownBy(() -> {
            executeLdapQuery("SELECT * FROM tpch.tiny.nation", "invalid_user", this.ldapUserPassword);
        }).isInstanceOf(SQLException.class).hasMessageStartingWith("Authentication failed");
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForEmptyUser() {
        expectQueryToFail("", this.ldapUserPassword, "Connection property 'user' value is empty");
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForLdapWithoutPassword() {
        expectQueryToFail(this.ldapUserName, null, "Authentication failed: Unauthorized");
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailQueryForLdapWithoutSsl() {
        AssertionsForClassTypes.assertThatThrownBy(() -> {
            DriverManager.getConnection("jdbc:trino://" + prestoServer(), this.ldapUserName, this.ldapUserPassword);
        }).isInstanceOf(SQLException.class).hasMessage("Authentication using username/password requires SSL to be enabled");
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailForIncorrectTrustStore() {
        String format = String.format("jdbc:trino://%s?SSL=true&SSLTrustStorePath=%s&SSLTrustStorePassword=%s", prestoServer(), this.ldapTruststorePath, "wrong_password");
        AssertionsForClassTypes.assertThatThrownBy(() -> {
            DriverManager.getConnection(format, this.ldapUserName, this.ldapUserPassword);
        }).isInstanceOf(SQLException.class).hasMessage("Error setting up SSL: Keystore was tampered with, or password was incorrect");
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldFailForUserWithColon() {
        expectQueryToFail("UserWith:Colon", this.ldapUserPassword, "Illegal character ':' found in username");
    }

    @Requires({ImmutableTpchTablesRequirements.ImmutableNationTable.class})
    @Test(groups = {TestGroups.LDAP_AND_FILE, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldRunQueryWithFileAuthenticator() throws SQLException {
        QueryAssert.assertThat(executeLdapQuery("SELECT * FROM tpch.tiny.nation", this.ldapUserName, this.fileUserPassword)).matches(TpchTableResults.PRESTO_NATION_RESULT);
    }

    @Requires({ImmutableTpchTablesRequirements.ImmutableNationTable.class})
    @Test(groups = {TestGroups.LDAP_AND_FILE, TestGroups.TRINO_JDBC, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 30000)
    public void shouldRunQueryForAnotherUserWithOnlyFileAuthenticator() throws SQLException {
        QueryAssert.assertThat(executeLdapQuery("SELECT * FROM tpch.tiny.nation", "OnlyFileUser", this.onlyFileUserPassword)).matches(TpchTableResults.PRESTO_NATION_RESULT);
    }

    private void expectQueryToFailForUserNotInGroup(String str) {
        expectQueryToFail(str, this.ldapUserPassword, String.format("Authentication failed: Access Denied: User [%s] not a member of an authorized group", str));
    }

    @Override // io.trino.tests.jdbc.BaseLdapJdbcTest
    protected void expectQueryToFail(String str, String str2, String str3) {
        AssertionsForClassTypes.assertThatThrownBy(() -> {
            executeLdapQuery("SELECT * FROM tpch.tiny.nation", str, str2);
        }).isInstanceOf(SQLException.class).hasMessageContaining(str3);
    }
}
