package io.trino.tests.cli;

import com.google.common.collect.ImmutableList;
import com.google.common.io.Files;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import io.trino.tempto.AfterTestWithContext;
import io.trino.tempto.Requirement;
import io.trino.tempto.Requirements;
import io.trino.tempto.RequirementsProvider;
import io.trino.tempto.configuration.Configuration;
import io.trino.tempto.fulfillment.ldap.LdapObjectRequirement;
import io.trino.tempto.fulfillment.table.TableRequirements;
import io.trino.tempto.fulfillment.table.hive.tpch.TpchTableDefinitions;
import io.trino.tempto.process.CliProcess;
import io.trino.tests.ImmutableLdapObjectDefinitions;
import io.trino.tests.TestGroups;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Objects;
import org.assertj.core.api.Assertions;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/tests/cli/TestTrinoLdapCli.class */
public class TestTrinoLdapCli extends TrinoCliLauncher implements RequirementsProvider {
    private static final String SELECT_FROM_NATION = "SELECT * FROM hive.default.nation;";

    @Named("databases.presto.cli_ldap_truststore_path")
    @Inject(optional = true)
    private String ldapTruststorePath;

    @Named("databases.presto.cli_ldap_truststore_password")
    @Inject(optional = true)
    private String ldapTruststorePassword;

    @Named("databases.presto.cli_ldap_user_name")
    @Inject(optional = true)
    private String ldapUserName;

    @Named("databases.presto.cli_ldap_server_address")
    @Inject(optional = true)
    private String ldapServerAddress;

    @Named("databases.presto.cli_ldap_user_password")
    @Inject(optional = true)
    private String ldapUserPassword;

    @Named("databases.presto.file_user_password")
    @Inject(optional = true)
    private String fileUserPassword;

    @Named("databases.OnlyFileUser@presto.file_user_password")
    @Inject(optional = true)
    private String onlyFileUserPassword;

    @Override // io.trino.tests.cli.TrinoCliLauncher
    @AfterTestWithContext
    public void stopPresto() throws InterruptedException {
        super.stopPresto();
    }

    public Requirement getRequirements(Configuration configuration) {
        return Requirements.compose(new Requirement[]{new LdapObjectRequirement(Arrays.asList(ImmutableLdapObjectDefinitions.AMERICA_ORG, ImmutableLdapObjectDefinitions.ASIA_ORG, ImmutableLdapObjectDefinitions.DEFAULT_GROUP, ImmutableLdapObjectDefinitions.PARENT_GROUP, ImmutableLdapObjectDefinitions.CHILD_GROUP, ImmutableLdapObjectDefinitions.DEFAULT_GROUP_USER, ImmutableLdapObjectDefinitions.PARENT_GROUP_USER, ImmutableLdapObjectDefinitions.CHILD_GROUP_USER, ImmutableLdapObjectDefinitions.ORPHAN_USER, ImmutableLdapObjectDefinitions.SPECIAL_USER, ImmutableLdapObjectDefinitions.USER_IN_MULTIPLE_GROUPS)), TableRequirements.immutableTable(TpchTableDefinitions.NATION)});
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldRunQueryWithLdap() throws IOException {
        launchTrinoCliWithServerArgument(new String[0]);
        this.trino.waitForPrompt();
        this.trino.getProcessInput().println(SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readLinesUntilPrompt())).containsAll(this.nationTableInteractiveLines);
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldRunBatchQueryWithLdap() throws IOException {
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingOutputLines())).containsAll(this.nationTableBatchLines);
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldRunQueryFromFileWithLdap() throws IOException {
        File createTempFile = File.createTempFile("test-sql", null);
        createTempFile.deleteOnExit();
        Files.write("SELECT * FROM hive.default.nation;\n", createTempFile, StandardCharsets.UTF_8);
        launchTrinoCliWithServerArgument("--file", createTempFile.getAbsolutePath());
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingOutputLines())).containsAll(this.nationTableBatchLines);
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldPassQueryForLdapUserInMultipleGroups() throws IOException {
        this.ldapUserName = (String) ImmutableLdapObjectDefinitions.USER_IN_MULTIPLE_GROUPS.getAttributes().get("cn");
        launchTrinoCliWithServerArgument("--catalog", "hive", "--schema", "default", "--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingOutputLines())).containsAll(this.nationTableBatchLines);
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForLdapUserInChildGroup() throws IOException {
        this.ldapUserName = (String) ImmutableLdapObjectDefinitions.CHILD_GROUP_USER.getAttributes().get("cn");
        launchTrinoCliWithServerArgument("--catalog", "hive", "--schema", "default", "--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{String.format("User [%s] not a member of an authorized group", this.ldapUserName)});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForLdapUserInParentGroup() throws IOException {
        this.ldapUserName = (String) ImmutableLdapObjectDefinitions.PARENT_GROUP_USER.getAttributes().get("cn");
        launchTrinoCliWithServerArgument("--catalog", "hive", "--schema", "default", "--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{String.format("User [%s] not a member of an authorized group", this.ldapUserName)});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForOrphanLdapUser() throws IOException {
        this.ldapUserName = (String) ImmutableLdapObjectDefinitions.ORPHAN_USER.getAttributes().get("cn");
        launchTrinoCliWithServerArgument("--catalog", "hive", "--schema", "default", "--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{String.format("User [%s] not a member of an authorized group", this.ldapUserName)});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForWrongLdapPassword() throws IOException {
        this.ldapUserPassword = "wrong_password";
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Invalid credentials"});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForWrongLdapUser() throws IOException {
        this.ldapUserName = "invalid_user";
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Access Denied"});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForEmptyUser() throws IOException {
        this.ldapUserName = "";
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Malformed credentials: user is empty"});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForLdapWithoutPassword() throws IOException {
        launchTrinoCli("--server", this.ldapServerAddress, "--truststore-path", this.ldapTruststorePath, "--truststore-password", this.ldapTruststorePassword, "--user", this.ldapUserName, "--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Authentication failed: Unauthorized"});
        });
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailQueryForLdapWithoutHttps() throws IOException {
        this.ldapServerAddress = String.format("http://%s:8443", this.serverHost);
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Authentication using username/password requires HTTPS to be enabled"});
        });
        skipAfterTestWithContext();
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailForIncorrectTrustStore() throws IOException {
        this.ldapTruststorePassword = "wrong_password";
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Keystore was tampered with, or password was incorrect"});
        });
        skipAfterTestWithContext();
    }

    private void skipAfterTestWithContext() {
        this.trino.close();
        this.trino = null;
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldPassForCredentialsWithSpecialCharacters() throws IOException {
        this.ldapUserName = (String) ImmutableLdapObjectDefinitions.SPECIAL_USER.getAttributes().get("cn");
        this.ldapUserPassword = (String) ImmutableLdapObjectDefinitions.SPECIAL_USER.getAttributes().get("userPassword");
        launchTrinoCliWithServerArgument("--catalog", "hive", "--schema", "default", "--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingOutputLines())).containsAll(this.nationTableBatchLines);
    }

    @Test(groups = {TestGroups.LDAP, TestGroups.LDAP_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldFailForUserWithColon() throws IOException {
        this.ldapUserName = "UserWith:Colon";
        launchTrinoCliWithServerArgument("--execute", SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readRemainingErrorLines())).anySatisfy(str -> {
            Assertions.assertThat(str).contains(new CharSequence[]{"Illegal character ':' found in username"});
        });
        skipAfterTestWithContext();
    }

    @Test(groups = {TestGroups.LDAP_AND_FILE_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldRunQueryWithFileAuthenticator() throws IOException {
        this.ldapUserPassword = this.fileUserPassword;
        launchTrinoCliWithServerArgument(new String[0]);
        this.trino.waitForPrompt();
        this.trino.getProcessInput().println(SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readLinesUntilPrompt())).containsAll(this.nationTableInteractiveLines);
    }

    @Test(groups = {TestGroups.LDAP_AND_FILE_CLI, TestGroups.PROFILE_SPECIFIC_TESTS}, timeOut = 300000)
    public void shouldRunQueryForAnotherUserWithOnlyFileAuthenticator() throws IOException {
        this.ldapUserName = "OnlyFileUser";
        this.ldapUserPassword = this.onlyFileUserPassword;
        launchTrinoCliWithServerArgument(new String[0]);
        this.trino.waitForPrompt();
        this.trino.getProcessInput().println(SELECT_FROM_NATION);
        Assertions.assertThat(CliProcess.trimLines(this.trino.readLinesUntilPrompt())).containsAll(this.nationTableInteractiveLines);
    }

    private void launchTrinoCliWithServerArgument(String... strArr) throws IOException {
        Objects.requireNonNull(this.ldapTruststorePath, "ldapTruststorePath is null");
        Objects.requireNonNull(this.ldapTruststorePassword, "ldapTruststorePassword is null");
        Objects.requireNonNull(this.ldapUserName, "ldapUserName is null");
        Objects.requireNonNull(this.ldapServerAddress, "ldapServerAddress is null");
        Objects.requireNonNull(this.ldapUserPassword, "ldapUserPassword is null");
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.add(new String[]{"--server", this.ldapServerAddress, "--truststore-path", this.ldapTruststorePath, "--truststore-password", this.ldapTruststorePassword, "--user", this.ldapUserName, "--password"});
        builder.add(strArr);
        ProcessBuilder processBuilder = getProcessBuilder(builder.build());
        processBuilder.environment().put("TRINO_PASSWORD", this.ldapUserPassword);
        this.trino = new TrinoCliProcess(processBuilder.start());
    }
}
