package net.snowflake.client.jdbc;

import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.HttpsURLConnection;
import net.snowflake.client.AbstractDriverIT;
import net.snowflake.client.ConditionalIgnoreRule;
import net.snowflake.client.RunningOnGithubActions;
import net.snowflake.client.category.TestCategoryFips;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.fips.FipsStatus;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({TestCategoryFips.class})
/* loaded from: input_file:net/snowflake/client/jdbc/ConnectionFipsIT.class */
public class ConnectionFipsIT extends AbstractDriverIT {
    private static final String JCE_PROVIDER_BOUNCY_CASTLE_FIPS = "BCFIPS";
    private static final String JCE_PROVIDER_SUN_JCE = "SunJCE";
    private static final String JCE_PROVIDER_SUN_RSA_SIGN = "SunRsaSign";
    private static final String JCE_KEYSTORE_BOUNCY_CASTLE = "BCFKS";
    private static final String JCE_KEYSTORE_JKS = "JKS";
    private static final String BOUNCY_CASTLE_RNG_HYBRID_MODE = "C:HYBRID;ENABLE{All};";
    private static final String SSL_ENABLED_PROTOCOLS = "TLSv1.2,TLSv1.1,TLSv1";
    private static final String SSL_ENABLED_CIPHERSUITES = "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
    private static final String JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
    private static final String JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
    private static final String JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS = "jdk.tls.client.protocols";
    private static final String JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES = "jdk.tls.client.cipherSuites";
    private static String JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE_ORIGINAL_VALUE;
    private static String JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE_ORIGINAL_VALUE;
    private static String JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS_ORIGINAL_VALUE;
    private static String JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES_ORIGINAL_VALUE;
    private static Provider JCE_PROVIDER_SUN_JCE_PROVIDER_VALUE;
    private static Provider JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_VALUE;
    private static int JCE_PROVIDER_SUN_JCE_PROVIDER_POSITION;
    private static int JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_POSITION;

    @BeforeClass
    public static void setup() throws Exception {
        System.setProperty("javax.net.debug", "ssl");
        JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE);
        JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE);
        System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE, JCE_KEYSTORE_BOUNCY_CASTLE);
        System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE, JCE_KEYSTORE_JKS);
        List asList = Arrays.asList(Security.getProviders());
        JCE_PROVIDER_SUN_JCE_PROVIDER_VALUE = Security.getProvider(JCE_PROVIDER_SUN_JCE);
        JCE_PROVIDER_SUN_JCE_PROVIDER_POSITION = asList.indexOf(JCE_PROVIDER_SUN_JCE_PROVIDER_VALUE);
        JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_VALUE = Security.getProvider(JCE_PROVIDER_SUN_RSA_SIGN);
        JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_POSITION = asList.indexOf(JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_VALUE);
        Security.removeProvider(JCE_PROVIDER_SUN_JCE);
        Security.removeProvider(JCE_PROVIDER_SUN_RSA_SIGN);
        JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS);
        JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES_ORIGINAL_VALUE = System.getProperty(JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES);
        System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS, SSL_ENABLED_PROTOCOLS);
        System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES, SSL_ENABLED_CIPHERSUITES);
        BouncyCastleFipsProvider bouncyCastleFipsProvider = new BouncyCastleFipsProvider(BOUNCY_CASTLE_RNG_HYBRID_MODE);
        Security.removeProvider(JCE_PROVIDER_BOUNCY_CASTLE_FIPS);
        Security.insertProviderAt(bouncyCastleFipsProvider, 1);
        if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            return;
        }
        if (!FipsStatus.isReady()) {
            throw new RuntimeException("FIPS is not ready to be enabled and FIPS mode is required for this test to run");
        }
        CryptoServicesRegistrar.setApprovedOnlyMode(true);
    }

    @AfterClass
    public static void teardown() throws Exception {
        Security.removeProvider(JCE_PROVIDER_BOUNCY_CASTLE_FIPS);
        if (JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS_ORIGINAL_VALUE == null) {
            System.clearProperty(JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS);
        } else {
            System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS, JAVA_SYSTEM_PROPERTY_SSL_PROTOCOLS_ORIGINAL_VALUE);
        }
        if (JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES_ORIGINAL_VALUE == null) {
            System.clearProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE);
        } else {
            System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES, JAVA_SYSTEM_PROPERTY_SSL_CIPHERSUITES_ORIGINAL_VALUE);
        }
        Security.insertProviderAt(JCE_PROVIDER_SUN_JCE_PROVIDER_VALUE, JCE_PROVIDER_SUN_JCE_PROVIDER_POSITION);
        Security.insertProviderAt(JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_VALUE, JCE_PROVIDER_SUN_RSA_SIGN_PROVIDER_POSITION);
        if (JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE_ORIGINAL_VALUE == null) {
            System.clearProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE);
        } else {
            System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE, JAVA_SYSTEM_PROPERTY_SSL_KEYSTORE_TYPE_ORIGINAL_VALUE);
        }
        if (JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE_ORIGINAL_VALUE == null) {
            System.clearProperty(JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE);
        } else {
            System.setProperty(JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE, JAVA_SYSTEM_PROPERTY_SSL_TRUSTSTORE_TYPE_ORIGINAL_VALUE);
        }
    }

    @Test
    public void connectWithFips() throws SQLException {
        Connection connection = getConnection();
        Statement createStatement = connection.createStatement();
        Assert.assertTrue(createStatement.executeQuery("show parameters").next());
        Assert.assertFalse(connection.isClosed());
        createStatement.close();
        connection.close();
        Assert.assertTrue(connection.isClosed());
        connection.close();
    }

    @Test
    @ConditionalIgnoreRule.ConditionalIgnore(condition = RunningOnGithubActions.class)
    public void connectWithFipsKeyPair() throws Exception {
        Map<String, String> connectionParameters = getConnectionParameters();
        String str = connectionParameters.get("user");
        Connection connection = getConnection();
        Statement createStatement = connection.createStatement();
        createStatement.execute("use role accountadmin");
        createStatement.execute(String.format("alter user %s set rsa_public_key='%s'", str, new String(Files.readAllBytes(Paths.get(getFullPathFileInResource("rsa_key.pub"), new String[0]))).replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "")));
        connection.close();
        String str2 = connectionParameters.get("uri") + "/?private_key_file=" + getFullPathFileInResource("rsa_key.p8");
        Properties properties = new Properties();
        properties.put("account", connectionParameters.get("account"));
        properties.put("user", str);
        properties.put("ssl", connectionParameters.get("ssl"));
        properties.put("port", connectionParameters.get("port"));
        Connection connection2 = DriverManager.getConnection(str2, properties);
        Assert.assertNotNull(connection2);
        connection2.close();
    }

    @Test
    @ConditionalIgnoreRule.ConditionalIgnore(condition = RunningOnGithubActions.class)
    public void testConnectUsingKeyPair() throws Exception {
        Map<String, String> connectionParameters = getConnectionParameters();
        String str = connectionParameters.get("user");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", JCE_PROVIDER_BOUNCY_CASTLE_FIPS);
        keyPairGenerator.initialize(2048, SecureRandom.getInstance("DEFAULT", JCE_PROVIDER_BOUNCY_CASTLE_FIPS));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Connection connection = getConnection();
        try {
            Statement createStatement = connection.createStatement();
            createStatement.execute("use role accountadmin");
            createStatement.execute(String.format("alter user %s set rsa_public_key='%s'", str, Base64.encodeBase64String(publicKey.getEncoded())));
            if (connection != null) {
                connection.close();
            }
            String str2 = connectionParameters.get("uri");
            Properties properties = new Properties();
            properties.put("account", connectionParameters.get("account"));
            properties.put("user", str);
            properties.put("ssl", connectionParameters.get("ssl"));
            properties.put("port", connectionParameters.get("port"));
            properties.put("privateKey", privateKey);
            DriverManager.getConnection(str2, properties).close();
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void connectWithFipsAndQuery() throws SQLException {
        Connection connection = getConnection();
        try {
            ResultSet executeQuery = connection.createStatement().executeQuery("select seq8(), randstr(100, random()) from table(generator(rowcount=>10000))");
            int i = 0;
            while (executeQuery.next()) {
                Assert.assertNotNull(Integer.valueOf(executeQuery.getInt(1)));
                Assert.assertNotNull(executeQuery.getString(2));
                i++;
            }
            Assert.assertEquals(i, 10000L);
            if (connection != null) {
                connection.close();
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void connectWithFipsAndPut() throws Exception {
        Connection connection = getConnection();
        try {
            int i = 0;
            while (connection.createStatement().executeQuery("PUT file://" + getFullPathFileInResource("orders_100.csv") + " @~").next()) {
                i++;
            }
            Assert.assertEquals(i, 1L);
            if (connection != null) {
                connection.close();
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void connectToGoogle() throws Exception {
        int responseCode = ((HttpsURLConnection) new URL("https://www.google.com/").openConnection()).getResponseCode();
        if (responseCode != 200) {
            throw new Exception("Got " + responseCode + " instead of HTTP_OK");
        }
        System.out.println("Connected to Google successfully");
    }
}
