package io.trino.testing;

import com.google.common.collect.ImmutableMap;
import com.google.inject.Key;
import io.trino.Session;
import io.trino.client.OkHttpUtil;
import io.trino.execution.QueryIdGenerator;
import io.trino.metadata.SessionPropertyManager;
import io.trino.server.security.PasswordAuthenticatorManager;
import io.trino.server.testing.TestingTrinoServer;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.Identity;
import java.security.Principal;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import org.assertj.core.api.Assertions;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/testing/TestTestingTrinoClient.class */
public class TestTestingTrinoClient {
    private static final String PASSWORD = "password";
    private TestingTrinoServer server;
    private static final QueryIdGenerator queryIdGenerator = new QueryIdGenerator();
    private static final SessionPropertyManager sessionManager = new SessionPropertyManager();
    private static final String TEST_USER = "test_user";
    private static final Session session = Session.builder(sessionManager).setIdentity(Identity.forUser(TEST_USER).build()).setQueryId(queryIdGenerator.createNextQueryId()).build();

    @BeforeClass
    public void setup() {
        this.server = TestingTrinoServer.builder().setProperties(ImmutableMap.builder().put("http-server.authentication.type", PASSWORD).put("http-server.authentication.allow-insecure-over-http", "false").put("http-server.process-forwarded", "true").build()).build();
        ((PasswordAuthenticatorManager) this.server.getInstance(Key.get(PasswordAuthenticatorManager.class))).setAuthenticator(TestTestingTrinoClient::authenticate);
    }

    private static Principal authenticate(String str, String str2) {
        if (TEST_USER.equals(str) && PASSWORD.equals(str2)) {
            return new BasicPrincipal(str);
        }
        throw new AccessDeniedException("Invalid credentials");
    }

    @AfterClass(alwaysRun = true)
    public void teardown() throws Exception {
        this.server.close();
    }

    @Test
    public void testAuthenticationWithForwarding() {
        TestingTrinoClient testingTrinoClient = new TestingTrinoClient(this.server, session, new OkHttpClient.Builder().addInterceptor(OkHttpUtil.basicAuth(TEST_USER, PASSWORD)).addInterceptor(httpsForwarded()).build());
        try {
            Assert.assertEquals(((MaterializedResult) testingTrinoClient.execute("SELECT 123").getResult()).getOnlyValue(), 123);
            testingTrinoClient.close();
        } catch (Throwable th) {
            try {
                testingTrinoClient.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testAuthenticationWithoutForwarding() {
        TestingTrinoClient testingTrinoClient = new TestingTrinoClient(this.server, session, new OkHttpClient.Builder().addInterceptor(OkHttpUtil.basicAuth(TEST_USER, PASSWORD)).build());
        try {
            Assertions.assertThatThrownBy(() -> {
                testingTrinoClient.execute("SELECT 123");
            }).isInstanceOf(RuntimeException.class).hasMessageContaining("Error 403 Forbidden");
            testingTrinoClient.close();
        } catch (Throwable th) {
            try {
                testingTrinoClient.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static Interceptor httpsForwarded() {
        return chain -> {
            Request request = chain.request();
            return chain.proceed(request.newBuilder().url(request.url().newBuilder().scheme("http").build()).addHeader("X-Forwarded-Proto", "https").build());
        };
    }
}
