package io.trino.aws.proxy.server;

import com.google.inject.Inject;
import com.google.inject.multibindings.OptionalBinder;
import io.airlift.http.server.testing.TestingHttpServer;
import io.trino.aws.proxy.server.testing.RequestRewriteUtil;
import io.trino.aws.proxy.server.testing.TestingS3RequestRewriter;
import io.trino.aws.proxy.server.testing.TestingTrinoAwsProxyServer;
import io.trino.aws.proxy.server.testing.TestingUtil;
import io.trino.aws.proxy.server.testing.containers.S3Container;
import io.trino.aws.proxy.server.testing.harness.BuilderFilter;
import io.trino.aws.proxy.server.testing.harness.TrinoAwsProxyTest;
import io.trino.aws.proxy.server.testing.harness.TrinoAwsProxyTestCommonModules;
import io.trino.aws.proxy.spi.security.S3SecurityFacadeProvider;
import io.trino.aws.proxy.spi.security.SecurityResponse;
import java.net.URI;
import java.util.Objects;
import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.InstanceOfAssertFactories;
import org.junit.jupiter.api.Test;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.PutObjectRequest;
import software.amazon.awssdk.services.s3.model.S3Exception;

@TrinoAwsProxyTest(filters = {TrinoAwsProxyTestCommonModules.WithConfiguredBuckets.class, Filter.class, RequestRewriteUtil.Filter.class})
/* loaded from: input_file:io/trino/aws/proxy/server/TestSecurityControllerCalledBeforeRewrite.class */
public class TestSecurityControllerCalledBeforeRewrite {
    private final S3Client storageClient;
    private final TestingS3RequestRewriter s3requestRewriter;
    private final URI baseUri;
    private final String relativePath;

    /* loaded from: input_file:io/trino/aws/proxy/server/TestSecurityControllerCalledBeforeRewrite$Filter.class */
    public static class Filter implements BuilderFilter {
        @Override // io.trino.aws.proxy.server.testing.harness.BuilderFilter
        public TestingTrinoAwsProxyServer.Builder filter(TestingTrinoAwsProxyServer.Builder builder) {
            return builder.addModule(binder -> {
                OptionalBinder.newOptionalBinder(binder, S3SecurityFacadeProvider.class).setBinding().toInstance((parsedS3Request, optional) -> {
                    return optional -> {
                        return SecurityResponse.FAILURE;
                    };
                });
            });
        }
    }

    @Inject
    public TestSecurityControllerCalledBeforeRewrite(@S3Container.ForS3Container S3Client s3Client, TestingS3RequestRewriter testingS3RequestRewriter, TestingHttpServer testingHttpServer, TrinoAwsProxyConfig trinoAwsProxyConfig) {
        this.storageClient = (S3Client) Objects.requireNonNull(s3Client, "remoteClient is null");
        this.s3requestRewriter = (TestingS3RequestRewriter) Objects.requireNonNull(testingS3RequestRewriter, "requestRewriteController is null");
        this.baseUri = testingHttpServer.getBaseUrl();
        this.relativePath = trinoAwsProxyConfig.getS3Path();
    }

    @Test
    public void testSecurityControllerCalledBeforeRewrite() {
        S3Client s3Client = (S3Client) TestingUtil.clientBuilder(this.baseUri, Optional.of(this.relativePath)).credentialsProvider(() -> {
            return AwsBasicCredentials.create(RequestRewriteUtil.CREDENTIAL_TO_REDIRECT.accessKey(), RequestRewriteUtil.CREDENTIAL_TO_REDIRECT.secretKey());
        }).build();
        try {
            PutObjectRequest putObjectRequest = (PutObjectRequest) PutObjectRequest.builder().bucket("dummy").key("dummy-key").build();
            Assertions.assertThatThrownBy(() -> {
                s3Client.putObject(putObjectRequest, TestingUtil.TEST_FILE);
            }).asInstanceOf(InstanceOfAssertFactories.type(S3Exception.class)).extracting((v0) -> {
                return v0.statusCode();
            }).isEqualTo(401);
            if (s3Client != null) {
                s3Client.close();
            }
            org.junit.jupiter.api.Assertions.assertEquals(0, ((RequestRewriteUtil.Rewriter) this.s3requestRewriter).getCallCount());
            TestingUtil.assertFileNotInS3(this.storageClient, RequestRewriteUtil.TEST_CREDENTIAL_REDIRECT_BUCKET, RequestRewriteUtil.TEST_CREDENTIAL_REDIRECT_KEY);
            TestingUtil.assertFileNotInS3(this.storageClient, "dummy", "dummy-key");
        } catch (Throwable th) {
            if (s3Client != null) {
                try {
                    s3Client.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
