package net.snowflake.client.jdbc;

import java.net.SocketTimeoutException;
import java.security.cert.CertificateExpiredException;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;
import javax.net.ssl.SSLPeerUnverifiedException;
import net.snowflake.client.ConditionalIgnoreRule;
import net.snowflake.client.RunningOnTravisCI;
import net.snowflake.client.core.SFOCSPException;
import net.snowflake.client.core.SFTrustManager;
import org.hamcrest.CoreMatchers;
import org.hamcrest.core.IsInstanceOf;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:net/snowflake/client/jdbc/ConnectionWithOCSPModeIT.class */
public class ConnectionWithOCSPModeIT extends BaseJDBCTest {
    private final String testUser = "fakeuser";
    private final String testPassword = "testpassword";
    private final String testRevokedCertConnectString = "jdbc:snowflake://revoked.badssl.com/";
    private static int nameCounter = 0;

    @Before
    public void setUp() {
        SFTrustManager.deleteCache();
    }

    @After
    public void tearDown() {
        SFTrustManager.cleanTestSystemParameters();
    }

    private static synchronized String genTestConnectString() {
        String str = "jdbc:snowflake://fakeaccount" + nameCounter + ".snowflakecomputing.com";
        nameCounter++;
        return str;
    }

    private static Throwable getCause(Throwable th) {
        Throwable th2 = th;
        while (true) {
            Throwable th3 = th2;
            if (th3.getCause() == null) {
                return th3;
            }
            th2 = th3.getCause();
        }
    }

    private Properties OCSPFailOpenProperties() {
        Properties properties = new Properties();
        properties.put("user", "fakeuser");
        properties.put("password", "testpassword");
        properties.put("ocspFailOpen", Boolean.TRUE.toString());
        properties.put("loginTimeout", "10");
        properties.put("tracing", "ALL");
        return properties;
    }

    private Properties OCSPFailClosedProperties() {
        Properties properties = new Properties();
        properties.put("user", "fakeuser");
        properties.put("password", "testpassword");
        properties.put("ocspFailOpen", Boolean.FALSE.toString());
        properties.put("loginTimeout", "10");
        properties.put("tracing", "ALL");
        return properties;
    }

    private Properties OCSPInsecureProperties() {
        Properties properties = new Properties();
        properties.put("user", "fakeuser");
        properties.put("password", "testpassword");
        properties.put("insecureMode", Boolean.TRUE.toString());
        properties.put("loginTimeout", "10");
        return properties;
    }

    @Test
    public void testValidityExpiredOCSPResponseFailOpen() {
        System.setProperty("SF_OCSP_TEST_INJECT_VALIDITY_ERROR", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testValidityExpiredOCSPResponseFailClosed() {
        System.setProperty("SF_OCSP_TEST_INJECT_VALIDITY_ERROR", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            SFOCSPException cause = getCause(e);
            Assert.assertThat(cause, IsInstanceOf.instanceOf(SFOCSPException.class));
            Assert.assertThat(cause.getErrorCode(), CoreMatchers.equalTo(OCSPErrorCode.INVALID_OCSP_RESPONSE_VALIDITY));
        }
    }

    @Test
    public void testNoOCSPResponderURLFailOpen() {
        System.setProperty("SF_OCSP_TEST_NO_OCSP_RESPONDER_URL", Boolean.TRUE.toString());
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testNoOCSPResponderURLFailClosed() {
        System.setProperty("SF_OCSP_TEST_NO_OCSP_RESPONDER_URL", Boolean.TRUE.toString());
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            SFOCSPException cause = getCause(e);
            Assert.assertThat(cause, IsInstanceOf.instanceOf(SFOCSPException.class));
            Assert.assertThat(cause.getErrorCode(), CoreMatchers.equalTo(OCSPErrorCode.NO_OCSP_URL_ATTACHED));
        }
    }

    @Test
    public void testValidityExpiredOCSPResponseInsecure() {
        System.setProperty("SF_OCSP_TEST_INJECT_VALIDITY_ERROR", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPInsecureProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testCertAttachedInvalidFailOpen() {
        System.setProperty("SF_OCSP_TEST_INVALID_SIGNING_CERT", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testCertAttachedInvalidFailClosed() {
        System.setProperty("SF_OCSP_TEST_INVALID_SIGNING_CERT", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            SFOCSPException cause = getCause(e);
            Assert.assertThat(cause, IsInstanceOf.instanceOf(SFOCSPException.class));
            Assert.assertThat(cause.getErrorCode(), CoreMatchers.equalTo(OCSPErrorCode.EXPIRED_OCSP_SIGNING_CERTIFICATE));
        }
    }

    @Test
    public void testUnknownOCSPCertFailOpen() {
        System.setProperty("SF_OCSP_TEST_INJECT_UNKNOWN_STATUS", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testUnknownOCSPCertFailClosed() {
        System.setProperty("SF_OCSP_TEST_INJECT_UNKNOWN_STATUS", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            SFOCSPException cause = getCause(e);
            Assert.assertThat(cause, IsInstanceOf.instanceOf(SFOCSPException.class));
            Assert.assertThat(cause.getErrorCode(), CoreMatchers.equalTo(OCSPErrorCode.CERTIFICATE_STATUS_UNKNOWN));
        }
    }

    @Test
    public void testRevokedCertFailOpen() {
        try {
            DriverManager.getConnection("jdbc:snowflake://revoked.badssl.com/", OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            SFOCSPException cause = getCause(e);
            Assert.assertThat(cause, IsInstanceOf.instanceOf(SFOCSPException.class));
            Assert.assertThat(cause.getErrorCode(), CoreMatchers.equalTo(OCSPErrorCode.CERTIFICATE_STATUS_REVOKED));
        }
    }

    @Test
    public void testRevokedCertFailClosed() {
        try {
            DriverManager.getConnection("jdbc:snowflake://revoked.badssl.com/", OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            SFOCSPException cause = getCause(e);
            Assert.assertThat(cause, IsInstanceOf.instanceOf(SFOCSPException.class));
            Assert.assertThat(cause.getErrorCode(), CoreMatchers.equalTo(OCSPErrorCode.CERTIFICATE_STATUS_REVOKED));
        }
    }

    @Test
    public void testOCSPCacheServerTimeoutFailOpen() {
        System.setProperty("SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT", "1000");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_URL", "http://localhost:12345/hang");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testOCSPCacheServerTimeoutFailClosed() {
        System.setProperty("SF_OCSP_TEST_OCSP_RESPONSE_CACHE_SERVER_TIMEOUT", "1000");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_URL", "http://localhost:12345/hang");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.TRUE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    public void testOCSPResponderTimeoutFailOpen() {
        System.setProperty("SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT", "1000");
        System.setProperty("SF_OCSP_TEST_RESPONDER_URL", "http://localhost:12345/hang");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    @ConditionalIgnoreRule.ConditionalIgnore(condition = RunningOnTravisCI.class)
    public void testOCSPResponderTimeoutFailClosed() {
        System.setProperty("SF_OCSP_TEST_OCSP_RESPONDER_TIMEOUT", "1000");
        System.setProperty("SF_OCSP_TEST_RESPONDER_URL", "http://localhost:12345/hang");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(getCause(e), IsInstanceOf.instanceOf(SocketTimeoutException.class));
        }
    }

    @Test
    public void testOCSPResponder403FailOpen() {
        System.setProperty("SF_OCSP_TEST_RESPONDER_URL", "http://localhost:12345/403");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailOpenProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("HTTP status=403"));
            Assert.assertNull(e.getCause());
        }
    }

    @Test
    @ConditionalIgnoreRule.ConditionalIgnore(condition = RunningOnTravisCI.class)
    public void testOCSPResponder403FailClosed() {
        System.setProperty("SF_OCSP_TEST_RESPONDER_URL", "http://localhost:12345/403");
        System.setProperty("SF_OCSP_RESPONSE_CACHE_SERVER_ENABLED", Boolean.FALSE.toString());
        try {
            DriverManager.getConnection(genTestConnectString(), OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(Integer.valueOf(e.getErrorCode()), CoreMatchers.equalTo(ErrorCode.NETWORK_ERROR.getMessageCode()));
            Assert.assertThat(getCause(e).getMessage(), CoreMatchers.containsString("StatusCode: 403"));
        }
    }

    @Test
    public void testExpiredCert() {
        try {
            DriverManager.getConnection("jdbc:snowflake://expired.badssl.com/", OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(getCause(e), IsInstanceOf.instanceOf(CertificateExpiredException.class));
        }
    }

    @Test
    public void testWrongHost() {
        try {
            DriverManager.getConnection("jdbc:snowflake://wrong.host.badssl.com/", OCSPFailClosedProperties());
            Assert.fail("should fail");
        } catch (SQLException e) {
            Assert.assertThat(e, IsInstanceOf.instanceOf(SnowflakeSQLException.class));
            Assert.assertThat(getCause(e), IsInstanceOf.instanceOf(SSLPeerUnverifiedException.class));
        }
    }
}
