package com.google.cloud.storage.it;

import com.google.api.gax.retrying.BasicResultRetryAlgorithm;
import com.google.cloud.Binding;
import com.google.cloud.Condition;
import com.google.cloud.Identity;
import com.google.cloud.Policy;
import com.google.cloud.RetryHelper;
import com.google.cloud.http.BaseHttpServiceException;
import com.google.cloud.storage.Acl;
import com.google.cloud.storage.BlobId;
import com.google.cloud.storage.BlobInfo;
import com.google.cloud.storage.Bucket;
import com.google.cloud.storage.BucketFixture;
import com.google.cloud.storage.BucketInfo;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageException;
import com.google.cloud.storage.StorageFixture;
import com.google.cloud.storage.StorageRoles;
import com.google.cloud.storage.testing.RemoteStorageHelper;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.truth.Truth;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/google/cloud/storage/it/ITAccessTest.class */
public class ITAccessTest {

    @ClassRule(order = 1)
    public static final StorageFixture storageFixtureHttp = StorageFixture.defaultHttp();

    @ClassRule(order = 1)
    public static final StorageFixture storageFixtureGrpc = StorageFixture.defaultGrpc();

    @ClassRule(order = 2)
    public static final BucketFixture bucketFixtureHttp;

    @ClassRule(order = 3)
    public static final BucketFixture requesterPaysFixtureHttp;

    @ClassRule(order = 2)
    public static final BucketFixture bucketFixtureGrpc;

    @ClassRule(order = 2)
    public static final BucketFixture requesterPaysFixtureGrpc;
    private static final Long RETENTION_PERIOD;
    private static final Duration RETENTION_PERIOD_DURATION;
    private final Storage storage;
    private final BucketFixture bucketFixture;
    private final BucketFixture requesterPaysFixture;
    private final String clientName;

    public ITAccessTest(String str, StorageFixture storageFixture, BucketFixture bucketFixture, BucketFixture bucketFixture2) {
        this.clientName = str;
        this.storage = storageFixture.getInstance();
        this.bucketFixture = bucketFixture;
        this.requesterPaysFixture = bucketFixture2;
    }

    @Parameterized.Parameters(name = "{0}")
    public static Iterable<Object[]> data() {
        return ImmutableList.of(new Object[]{"JSON/Prod", storageFixtureHttp, bucketFixtureHttp, requesterPaysFixtureHttp}, new Object[]{"GRPC/Prod", storageFixtureGrpc, bucketFixtureGrpc, requesterPaysFixtureGrpc});
    }

    @Test
    public void bucketAcl_requesterPays_true() {
        Assume.assumeTrue(this.clientName.startsWith("JSON"));
        unsetRequesterPays(this.storage, this.requesterPaysFixture);
        testBucketAclRequesterPays(true);
    }

    @Test
    public void bucketAcl_requesterPays_false() {
        Assume.assumeTrue(this.clientName.startsWith("JSON"));
        unsetRequesterPays(this.storage, this.requesterPaysFixture);
        testBucketAclRequesterPays(false);
    }

    private void testBucketAclRequesterPays(boolean z) {
        if (z) {
            Bucket bucket = this.storage.get(this.requesterPaysFixture.getBucketInfo().getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.ID, Storage.BucketField.BILLING})});
            Assert.assertTrue(bucket.requesterPays() == null || !bucket.requesterPays().booleanValue());
            Assert.assertTrue(this.storage.update(bucket.toBuilder().setRequesterPays(true).build(), new Storage.BucketTargetOption[0]).requesterPays().booleanValue());
        }
        String projectId = this.storage.getOptions().getProjectId();
        Storage.BucketSourceOption[] bucketSourceOptionArr = z ? new Storage.BucketSourceOption[]{Storage.BucketSourceOption.userProject(projectId)} : new Storage.BucketSourceOption[0];
        Assert.assertNull(this.storage.getAcl(this.requesterPaysFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers(), bucketSourceOptionArr));
        Assert.assertFalse(this.storage.deleteAcl(this.requesterPaysFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers(), bucketSourceOptionArr));
        Acl of = Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER);
        Assert.assertNotNull(this.storage.createAcl(this.requesterPaysFixture.getBucketInfo().getName(), of, bucketSourceOptionArr));
        Acl updateAcl = this.storage.updateAcl(this.requesterPaysFixture.getBucketInfo().getName(), of.toBuilder().setRole(Acl.Role.WRITER).build(), bucketSourceOptionArr);
        Assert.assertEquals(Acl.Role.WRITER, updateAcl.getRole());
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.storage.listAcls(this.requesterPaysFixture.getBucketInfo().getName(), bucketSourceOptionArr));
        Assert.assertTrue(hashSet.contains(updateAcl));
        Assert.assertTrue(this.storage.deleteAcl(this.requesterPaysFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers(), bucketSourceOptionArr));
        Assert.assertNull(this.storage.getAcl(this.requesterPaysFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers(), bucketSourceOptionArr));
        if (z) {
            Bucket bucket2 = this.storage.get(this.requesterPaysFixture.getBucketInfo().getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.ID, Storage.BucketField.BILLING}), Storage.BucketGetOption.userProject(projectId)});
            Assert.assertTrue(bucket2.requesterPays().booleanValue());
            Assert.assertFalse(this.storage.update(bucket2.toBuilder().setRequesterPays(false).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.userProject(projectId)}).requesterPays().booleanValue());
        }
    }

    @Test
    public void testBucketDefaultAcl() {
        Assume.assumeTrue(this.clientName.startsWith("JSON"));
        Assert.assertNull(retry429s(() -> {
            return this.storage.getDefaultAcl(this.bucketFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers());
        }, this.storage));
        Assert.assertFalse(((Boolean) retry429s(() -> {
            return Boolean.valueOf(this.storage.deleteDefaultAcl(this.bucketFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers()));
        }, this.storage)).booleanValue());
        Acl of = Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER);
        Assert.assertNotNull(retry429s(() -> {
            return this.storage.createDefaultAcl(this.bucketFixture.getBucketInfo().getName(), of);
        }, this.storage));
        Acl acl = (Acl) retry429s(() -> {
            return this.storage.updateDefaultAcl(this.bucketFixture.getBucketInfo().getName(), of.toBuilder().setRole(Acl.Role.OWNER).build());
        }, this.storage);
        Assert.assertEquals(Acl.Role.OWNER, acl.getRole());
        Assert.assertTrue(new HashSet(this.storage.listDefaultAcls(this.bucketFixture.getBucketInfo().getName())).contains(acl));
        Assert.assertTrue(((Boolean) retry429s(() -> {
            return Boolean.valueOf(this.storage.deleteDefaultAcl(this.bucketFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers()));
        }, this.storage)).booleanValue());
        Assert.assertNull(this.storage.getDefaultAcl(this.bucketFixture.getBucketInfo().getName(), Acl.User.ofAllAuthenticatedUsers()));
    }

    @Test
    public void testBucketPolicyV1RequesterPays() {
        unsetRequesterPays(this.storage, this.requesterPaysFixture);
        Bucket bucket = this.storage.get(this.requesterPaysFixture.getBucketInfo().getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.ID, Storage.BucketField.BILLING})});
        Assert.assertTrue(bucket.requesterPays() == null || !bucket.requesterPays().booleanValue());
        Bucket update = this.storage.update(bucket.toBuilder().setRequesterPays(true).build(), new Storage.BucketTargetOption[0]);
        Assert.assertTrue(update.requesterPays().booleanValue());
        String projectId = this.storage.getOptions().getProjectId();
        Storage.BucketSourceOption[] bucketSourceOptionArr = {Storage.BucketSourceOption.userProject(projectId)};
        Identity projectOwner = Identity.projectOwner(projectId);
        Identity projectEditor = Identity.projectEditor(projectId);
        Identity projectViewer = Identity.projectViewer(projectId);
        ImmutableMap of = ImmutableMap.of(StorageRoles.legacyBucketOwner(), new HashSet(Arrays.asList(projectOwner, projectEditor)), StorageRoles.legacyBucketReader(), new HashSet(Collections.singleton(projectViewer)));
        ImmutableMap of2 = ImmutableMap.of(StorageRoles.legacyBucketOwner(), new HashSet(Arrays.asList(projectOwner, projectEditor)), StorageRoles.legacyBucketReader(), new HashSet(Collections.singleton(projectViewer)), StorageRoles.legacyObjectReader(), new HashSet(Collections.singleton(Identity.allUsers())));
        Policy iamPolicy = this.storage.getIamPolicy(this.requesterPaysFixture.getBucketInfo().getName(), bucketSourceOptionArr);
        Assert.assertEquals(of, iamPolicy.getBindings());
        Policy iamPolicy2 = this.storage.setIamPolicy(this.requesterPaysFixture.getBucketInfo().getName(), iamPolicy.toBuilder().addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers(), new Identity[0]).build(), bucketSourceOptionArr);
        Assert.assertEquals(of2, iamPolicy2.getBindings());
        Assert.assertEquals(of, this.storage.setIamPolicy(this.requesterPaysFixture.getBucketInfo().getName(), iamPolicy2.toBuilder().removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers(), new Identity[0]).build(), bucketSourceOptionArr).getBindings());
        Assert.assertEquals(ImmutableList.of(true, true), this.storage.testIamPermissions(this.requesterPaysFixture.getBucketInfo().getName(), ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), bucketSourceOptionArr));
        Assert.assertFalse(this.storage.update(update.toBuilder().setRequesterPays(false).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.userProject(projectId)}).requesterPays().booleanValue());
    }

    @Test
    public void testBucketPolicyV1() {
        String projectId = this.storage.getOptions().getProjectId();
        Storage.BucketSourceOption[] bucketSourceOptionArr = new Storage.BucketSourceOption[0];
        Identity projectOwner = Identity.projectOwner(projectId);
        Identity projectEditor = Identity.projectEditor(projectId);
        Identity projectViewer = Identity.projectViewer(projectId);
        ImmutableMap of = ImmutableMap.of(StorageRoles.legacyBucketOwner(), ImmutableSet.of(projectOwner, projectEditor), StorageRoles.legacyBucketReader(), ImmutableSet.of(projectViewer));
        ImmutableMap of2 = ImmutableMap.of(StorageRoles.legacyBucketOwner(), ImmutableSet.of(projectOwner, projectEditor), StorageRoles.legacyBucketReader(), ImmutableSet.of(projectViewer), StorageRoles.legacyObjectReader(), ImmutableSet.of(Identity.allUsers()));
        Policy iamPolicy = this.storage.getIamPolicy(this.bucketFixture.getBucketInfo().getName(), bucketSourceOptionArr);
        Assert.assertEquals(of, iamPolicy.getBindings());
        Policy iamPolicy2 = this.storage.setIamPolicy(this.bucketFixture.getBucketInfo().getName(), iamPolicy.toBuilder().addIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers(), new Identity[0]).build(), bucketSourceOptionArr);
        Assert.assertEquals(of2, iamPolicy2.getBindings());
        Assert.assertEquals(of, this.storage.setIamPolicy(this.bucketFixture.getBucketInfo().getName(), iamPolicy2.toBuilder().removeIdentity(StorageRoles.legacyObjectReader(), Identity.allUsers(), new Identity[0]).build(), bucketSourceOptionArr).getBindings());
        Assert.assertEquals(ImmutableList.of(true, true), this.storage.testIamPermissions(this.bucketFixture.getBucketInfo().getName(), ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), bucketSourceOptionArr));
    }

    @Test
    public void testBucketPolicyV3() {
        this.storage.update(BucketInfo.newBuilder(this.bucketFixture.getBucketInfo().getName()).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build(), new Storage.BucketTargetOption[0]);
        String projectId = this.storage.getOptions().getProjectId();
        Storage.BucketSourceOption[] bucketSourceOptionArr = {Storage.BucketSourceOption.requestedPolicyVersion(3L)};
        Identity projectOwner = Identity.projectOwner(projectId);
        Identity projectEditor = Identity.projectEditor(projectId);
        Identity projectViewer = Identity.projectViewer(projectId);
        ImmutableList of = ImmutableList.of(Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build());
        ImmutableList of2 = ImmutableList.of(Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("allUsers")).build());
        ImmutableList of3 = ImmutableList.of(Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(projectViewer.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(projectEditor.strValue(), projectOwner.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")).setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build());
        Policy iamPolicy = this.storage.getIamPolicy(this.bucketFixture.getBucketInfo().getName(), bucketSourceOptionArr);
        Assert.assertEquals(of, iamPolicy.getBindingsList());
        ArrayList arrayList = new ArrayList((Collection) iamPolicy.getBindingsList());
        arrayList.add(Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().getValue()).addMembers(Identity.allUsers().strValue(), new String[0]).build());
        Policy iamPolicy2 = this.storage.setIamPolicy(this.bucketFixture.getBucketInfo().getName(), iamPolicy.toBuilder().setBindings(arrayList).build(), bucketSourceOptionArr);
        Assert.assertTrue(of2.size() == iamPolicy2.getBindingsList().size() && of2.containsAll(iamPolicy2.getBindingsList()));
        ArrayList arrayList2 = new ArrayList((Collection) iamPolicy2.getBindingsList());
        int i = 0;
        while (true) {
            if (i >= arrayList2.size()) {
                break;
            }
            Binding binding = (Binding) arrayList2.get(i);
            if (binding.getRole().equals(StorageRoles.legacyObjectReader().toString())) {
                ArrayList arrayList3 = new ArrayList((Collection) binding.getMembers());
                arrayList3.remove(Identity.allUsers().strValue());
                arrayList2.set(i, binding.toBuilder().setMembers(arrayList3).build());
                break;
            }
            i++;
        }
        Policy iamPolicy3 = this.storage.setIamPolicy(this.bucketFixture.getBucketInfo().getName(), iamPolicy2.toBuilder().setBindings(arrayList2).build(), bucketSourceOptionArr);
        Assert.assertEquals(of, iamPolicy3.getBindingsList());
        Assert.assertTrue(of.size() == iamPolicy3.getBindingsList().size() && of.containsAll(iamPolicy3.getBindingsList()));
        ArrayList arrayList4 = new ArrayList((Collection) iamPolicy3.getBindingsList());
        arrayList4.add(Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).addMembers("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com", new String[0]).setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build());
        Policy iamPolicy4 = this.storage.setIamPolicy(this.bucketFixture.getBucketInfo().getName(), iamPolicy3.toBuilder().setBindings(arrayList4).setVersion(3).build(), bucketSourceOptionArr);
        Assert.assertTrue(of3.size() == iamPolicy4.getBindingsList().size() && of3.containsAll(iamPolicy4.getBindingsList()));
        this.storage.setIamPolicy(this.bucketFixture.getBucketInfo().getName(), iamPolicy4.toBuilder().setBindings(arrayList2).setVersion(3).build(), bucketSourceOptionArr);
        Assert.assertEquals(ImmutableList.of(true, true), this.storage.testIamPermissions(this.bucketFixture.getBucketInfo().getName(), ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), bucketSourceOptionArr));
        this.storage.update(BucketInfo.newBuilder(this.bucketFixture.getBucketInfo().getName()).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build()).build(), new Storage.BucketTargetOption[0]);
    }

    @Test
    public void testBucketWithBucketPolicyOnlyEnabled() throws Exception {
        Assume.assumeTrue(this.clientName.startsWith("JSON"));
        String newBucketName = this.bucketFixture.newBucketName();
        try {
            this.storage.create(Bucket.newBuilder(newBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsBucketPolicyOnlyEnabled(true).build()).build(), new Storage.BucketTargetOption[0]);
            Bucket bucket = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION})});
            Assert.assertTrue(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            Assert.assertNotNull(bucket.getIamConfiguration().getBucketPolicyOnlyLockedTime());
            try {
                bucket.listAcls();
                Assert.fail("StorageException was expected.");
            } catch (StorageException e) {
            }
            try {
                bucket.listDefaultAcls();
                Assert.fail("StorageException was expected");
            } catch (StorageException e2) {
            }
            RemoteStorageHelper.forceDelete(storageFixtureHttp.getInstance(), newBucketName, 1L, TimeUnit.MINUTES);
        } catch (Throwable th) {
            RemoteStorageHelper.forceDelete(storageFixtureHttp.getInstance(), newBucketName, 1L, TimeUnit.MINUTES);
            throw th;
        }
    }

    @Test
    public void testBucketWithUniformBucketLevelAccessEnabled() throws Exception {
        Assume.assumeTrue(this.clientName.startsWith("JSON"));
        String newBucketName = this.bucketFixture.newBucketName();
        try {
            this.storage.create(Bucket.newBuilder(newBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build(), new Storage.BucketTargetOption[0]);
            Bucket bucket = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION})});
            Assert.assertTrue(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertNotNull(bucket.getIamConfiguration().getUniformBucketLevelAccessLockedTime());
            try {
                bucket.listAcls();
                Assert.fail("StorageException was expected.");
            } catch (StorageException e) {
            }
            try {
                bucket.listDefaultAcls();
                Assert.fail("StorageException was expected");
            } catch (StorageException e2) {
            }
            RemoteStorageHelper.forceDelete(storageFixtureHttp.getInstance(), newBucketName, 1L, TimeUnit.MINUTES);
        } catch (Throwable th) {
            RemoteStorageHelper.forceDelete(storageFixtureHttp.getInstance(), newBucketName, 1L, TimeUnit.MINUTES);
            throw th;
        }
    }

    @Test
    public void testEnableAndDisableUniformBucketLevelAccessOnExistingBucket() throws Exception {
        String newBucketName = this.bucketFixture.newBucketName();
        BucketInfo.IamConfiguration build = BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build();
        TemporaryBucket build2 = TemporaryBucket.newBuilder().setBucketInfo(Bucket.newBuilder(newBucketName).setIamConfiguration(build).setAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).setDefaultAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            try {
                BucketInfo bucket = build2.getBucket();
                Truth.assertThat(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled()).isFalse();
                this.storage.update(bucket.toBuilder().setAcl((Iterable) null).setDefaultAcl((Iterable) null).setIamConfiguration(build.toBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
                Bucket bucket2 = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION})});
                Assert.assertTrue(bucket2.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
                Assert.assertNotNull(bucket2.getIamConfiguration().getUniformBucketLevelAccessLockedTime());
                bucket2.toBuilder().setIamConfiguration(build).build().update(new Storage.BucketTargetOption[0]);
                Bucket bucket3 = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION, Storage.BucketField.ACL, Storage.BucketField.DEFAULT_OBJECT_ACL})});
                Assert.assertFalse(bucket3.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
                Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getDefaultAcl().get(0)).getEntity());
                Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getDefaultAcl().get(0)).getRole());
                Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getAcl().get(0)).getEntity());
                Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getAcl().get(0)).getRole());
                if (build2 != null) {
                    if (0 == 0) {
                        build2.close();
                        return;
                    }
                    try {
                        build2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (build2 != null) {
                if (th != null) {
                    try {
                        build2.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    build2.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testEnforcedPublicAccessPreventionOnBucket() throws Exception {
        String newBucketName = this.bucketFixture.newBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(newBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.ENFORCED).build()).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            BucketInfo bucket = build.getBucket();
            try {
                this.storage.setIamPolicy(newBucketName, Policy.newBuilder().setVersion(3).setBindings(ImmutableList.of(Binding.newBuilder().setRole("roles/storage.objectViewer").addMembers("allUsers", new String[0]).build())).build(), new Storage.BucketSourceOption[0]);
                Assert.fail("pap: expected adding allUsers policy to bucket should fail");
            } catch (StorageException e) {
                Assert.assertEquals(e.getCode(), 412L);
            }
            try {
                this.storage.create(BlobInfo.newBuilder(bucket, "pap-test-object").build(), new Storage.BlobTargetOption[]{Storage.BlobTargetOption.predefinedAcl(Storage.PredefinedAcl.PUBLIC_READ)});
                Assert.fail("pap: expected adding allUsers ACL to object should fail");
            } catch (StorageException e2) {
                Assert.assertEquals(e2.getCode(), 412L);
            }
            if (build != null) {
                if (0 == 0) {
                    build.close();
                    return;
                }
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testUnspecifiedPublicAccessPreventionOnBucket() throws Exception {
        String newBucketName = this.bucketFixture.newBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(newBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.INHERITED).build()).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            try {
                this.storage.create(BlobInfo.newBuilder(build.getBucket(), "pap-test-object").build(), new Storage.BlobTargetOption[]{Storage.BlobTargetOption.predefinedAcl(Storage.PredefinedAcl.PUBLIC_READ)});
            } catch (StorageException e) {
                Assert.fail("pap: expected adding allUsers ACL to object to succeed");
            }
            try {
                this.storage.setIamPolicy(newBucketName, Policy.newBuilder().setVersion(3).setBindings(ImmutableList.of(Binding.newBuilder().setRole("roles/storage.objectViewer").addMembers("allUsers", new String[0]).build())).build(), new Storage.BucketSourceOption[0]);
            } catch (StorageException e2) {
                Assert.fail("pap: expected adding allUsers policy to bucket to succeed");
            }
            if (build != null) {
                if (0 == 0) {
                    build.close();
                    return;
                }
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void changingPAPDoesNotAffectUBLA() throws Exception {
        String newBucketName = this.bucketFixture.newBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(newBucketName).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.INHERITED).setIsUniformBucketLevelAccessEnabled(false).build()).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            BucketInfo bucket = build.getBucket();
            Assert.assertEquals(bucket.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.INHERITED);
            Assert.assertFalse(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertFalse(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            this.storage.update(bucket.toBuilder().setIamConfiguration(bucket.getIamConfiguration().toBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.ENFORCED).build()).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
            Bucket bucket2 = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION})});
            Assert.assertEquals(bucket2.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.ENFORCED);
            Assert.assertFalse(bucket2.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
            Assert.assertFalse(bucket2.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
            if (build != null) {
                if (0 == 0) {
                    build.close();
                    return;
                }
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void changingUBLADoesNotAffectPAP() throws Exception {
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.bucketFixture.newBucketName()).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setPublicAccessPrevention(BucketInfo.PublicAccessPrevention.INHERITED).setIsUniformBucketLevelAccessEnabled(false).build()).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            try {
                BucketInfo bucket = build.getBucket();
                Assert.assertEquals(bucket.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.INHERITED);
                Assert.assertFalse(bucket.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
                Assert.assertFalse(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
                Bucket update = this.storage.update(bucket.toBuilder().setIamConfiguration(bucket.getIamConfiguration().toBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).setAcl(Collections.emptyList()).setDefaultAcl(Collections.emptyList()).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
                Assert.assertEquals(update.getIamConfiguration().getPublicAccessPrevention(), BucketInfo.PublicAccessPrevention.INHERITED);
                Assert.assertTrue(update.getIamConfiguration().isUniformBucketLevelAccessEnabled().booleanValue());
                Assert.assertTrue(update.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
                if (build != null) {
                    if (0 == 0) {
                        build.close();
                        return;
                    }
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (build != null) {
                if (th != null) {
                    try {
                        build.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    build.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testListBucketRequesterPaysFails() throws InterruptedException {
        Iterator it;
        Iterator it2 = this.storage.list(new Storage.BucketListOption[]{Storage.BucketListOption.prefix(this.bucketFixture.getBucketInfo().getName()), Storage.BucketListOption.fields(new Storage.BucketField[0]), Storage.BucketListOption.userProject(this.storage.getOptions().getProjectId())}).iterateAll().iterator();
        while (true) {
            it = it2;
            if (it.hasNext()) {
                break;
            }
            Thread.sleep(500L);
            it2 = this.storage.list(new Storage.BucketListOption[]{Storage.BucketListOption.prefix(this.bucketFixture.getBucketInfo().getName()), Storage.BucketListOption.fields(new Storage.BucketField[0])}).iterateAll().iterator();
        }
        while (it.hasNext()) {
            Bucket bucket = (Bucket) it.next();
            Assert.assertTrue(bucket.getName().startsWith(this.bucketFixture.getBucketInfo().getName()));
            Assert.assertNull(bucket.getCreateTime());
            Assert.assertNull(bucket.getSelfLink());
        }
    }

    @Test
    public void testRetentionPolicyNoLock() throws Exception {
        String newBucketName = this.bucketFixture.newBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(newBucketName).setRetentionPeriod(RETENTION_PERIOD).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            try {
                BucketInfo bucket = build.getBucket();
                Truth.assertThat(bucket.getRetentionPeriod()).isEqualTo(RETENTION_PERIOD);
                Truth.assertThat(bucket.getRetentionPeriodDuration()).isEqualTo(RETENTION_PERIOD_DURATION);
                Assert.assertNotNull(bucket.getRetentionEffectiveTime());
                Truth.assertThat(bucket.retentionPolicyIsLocked()).isAnyOf((Object) null, false, new Object[0]);
                Bucket bucket2 = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.RETENTION_POLICY})});
                Assert.assertEquals(RETENTION_PERIOD, bucket2.getRetentionPeriod());
                Truth.assertThat(bucket2.getRetentionPeriodDuration()).isEqualTo(RETENTION_PERIOD_DURATION);
                Assert.assertNotNull(bucket2.getRetentionEffectiveTime());
                Truth.assertThat(bucket2.retentionPolicyIsLocked()).isAnyOf((Object) null, false, new Object[0]);
                Assert.assertNotNull(this.storage.create(BlobInfo.newBuilder(newBucketName, "test-create-with-retention-policy-hold").build(), new Storage.BlobTargetOption[0]).getRetentionExpirationTime());
                Assert.assertNull(bucket2.toBuilder().setRetentionPeriod((Long) null).build().update(new Storage.BucketTargetOption[0]).getRetentionPeriod());
                if (build != null) {
                    if (0 == 0) {
                        build.close();
                        return;
                    }
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (build != null) {
                if (th != null) {
                    try {
                        build.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    build.close();
                }
            }
            throw th4;
        }
    }

    private static void unsetRequesterPays(Storage storage, BucketFixture bucketFixture) {
        Bucket bucket = storage.get(bucketFixture.getBucketInfo().getName(), new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.ID, Storage.BucketField.BILLING}), Storage.BucketGetOption.userProject(storage.getOptions().getProjectId())});
        if (bucket.requesterPays() == null || !bucket.requesterPays().booleanValue()) {
            return;
        }
        bucket.toBuilder().setRequesterPays(false).build().update(new Storage.BucketTargetOption[]{Storage.BucketTargetOption.userProject(storage.getOptions().getProjectId())});
    }

    @Test
    public void testEnableAndDisableBucketPolicyOnlyOnExistingBucket() throws Exception {
        String newBucketName = this.bucketFixture.newBucketName();
        TemporaryBucket build = TemporaryBucket.newBuilder().setBucketInfo(Bucket.newBuilder(newBucketName).setAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).setDefaultAcl(ImmutableList.of(Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER))).build()).setStorage(storageFixtureHttp.getInstance()).build();
        Throwable th = null;
        try {
            try {
                BucketInfo bucket = build.getBucket();
                Truth.assertThat(bucket.getIamConfiguration().isBucketPolicyOnlyEnabled()).isFalse();
                BucketInfo.IamConfiguration build2 = BucketInfo.IamConfiguration.newBuilder().setIsBucketPolicyOnlyEnabled(true).build();
                this.storage.update(bucket.toBuilder().setAcl((Iterable) null).setDefaultAcl((Iterable) null).setIamConfiguration(build2).build(), new Storage.BucketTargetOption[]{Storage.BucketTargetOption.metagenerationMatch()});
                Bucket bucket2 = this.storage.get(newBucketName, new Storage.BucketGetOption[0]);
                Assert.assertTrue(bucket2.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
                Assert.assertNotNull(bucket2.getIamConfiguration().getBucketPolicyOnlyLockedTime());
                bucket2.toBuilder().setIamConfiguration(build2.toBuilder().setIsBucketPolicyOnlyEnabled(false).build()).build().update(new Storage.BucketTargetOption[0]);
                Bucket bucket3 = this.storage.get(newBucketName, new Storage.BucketGetOption[]{Storage.BucketGetOption.fields(new Storage.BucketField[]{Storage.BucketField.IAMCONFIGURATION, Storage.BucketField.ACL, Storage.BucketField.DEFAULT_OBJECT_ACL})});
                Assert.assertFalse(bucket3.getIamConfiguration().isBucketPolicyOnlyEnabled().booleanValue());
                Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getDefaultAcl().get(0)).getEntity());
                Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getDefaultAcl().get(0)).getRole());
                Assert.assertEquals(Acl.User.ofAllAuthenticatedUsers(), ((Acl) bucket3.getAcl().get(0)).getEntity());
                Assert.assertEquals(Acl.Role.READER, ((Acl) bucket3.getAcl().get(0)).getRole());
                if (build != null) {
                    if (0 == 0) {
                        build.close();
                        return;
                    }
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (build != null) {
                if (th != null) {
                    try {
                        build.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    build.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testBlobAcl() {
        Assume.assumeTrue(this.clientName.startsWith("JSON"));
        BlobId of = BlobId.of(this.bucketFixture.getBucketInfo().getName(), "test-blob-acl");
        this.storage.create(BlobInfo.newBuilder(of).build(), new Storage.BlobTargetOption[0]);
        Assert.assertNull(this.storage.getAcl(of, Acl.User.ofAllAuthenticatedUsers()));
        Acl of2 = Acl.of(Acl.User.ofAllAuthenticatedUsers(), Acl.Role.READER);
        Assert.assertNotNull(this.storage.createAcl(of, of2));
        Acl updateAcl = this.storage.updateAcl(of, of2.toBuilder().setRole(Acl.Role.OWNER).build());
        Assert.assertEquals(Acl.Role.OWNER, updateAcl.getRole());
        Assert.assertTrue(new HashSet(this.storage.listAcls(of)).contains(updateAcl));
        Assert.assertTrue(this.storage.deleteAcl(of, Acl.User.ofAllAuthenticatedUsers()));
        Assert.assertNull(this.storage.getAcl(of, Acl.User.ofAllAuthenticatedUsers()));
        BlobId of3 = BlobId.of(this.bucketFixture.getBucketInfo().getName(), "test-blob-acl", -1L);
        try {
            Assert.assertNull(this.storage.getAcl(of3, Acl.User.ofAllAuthenticatedUsers()));
            Assert.fail("Expected an 'Invalid argument' exception");
        } catch (StorageException e) {
            Truth.assertThat(e.getMessage()).contains("Invalid argument");
        }
        try {
            Assert.assertFalse(this.storage.deleteAcl(of3, Acl.User.ofAllAuthenticatedUsers()));
            Assert.fail("Expected an 'Invalid argument' exception");
        } catch (StorageException e2) {
            Truth.assertThat(e2.getMessage()).contains("Invalid argument");
        }
        try {
            this.storage.createAcl(of3, of2);
            Assert.fail("Expected StorageException");
        } catch (StorageException e3) {
        }
        try {
            this.storage.updateAcl(of3, of2);
            Assert.fail("Expected StorageException");
        } catch (StorageException e4) {
        }
        try {
            this.storage.listAcls(of3);
            Assert.fail("Expected StorageException");
        } catch (StorageException e5) {
        }
    }

    static <T> T retry429s(Callable<T> callable, Storage storage) {
        return (T) RetryHelper.runWithRetries(callable, storage.getOptions().getRetrySettings(), new BasicResultRetryAlgorithm<Object>() { // from class: com.google.cloud.storage.it.ITAccessTest.1
            public boolean shouldRetry(Throwable th, Object obj) {
                return (th instanceof BaseHttpServiceException) && ((BaseHttpServiceException) th).getCode() == 429;
            }
        }, storage.getOptions().getClock());
    }

    static {
        BucketFixture.Builder newBuilder = BucketFixture.newBuilder();
        StorageFixture storageFixture = storageFixtureHttp;
        storageFixture.getClass();
        bucketFixtureHttp = newBuilder.setHandle(storageFixture::getInstance).build();
        BucketFixture.Builder newBuilder2 = BucketFixture.newBuilder();
        StorageFixture storageFixture2 = storageFixtureHttp;
        storageFixture2.getClass();
        requesterPaysFixtureHttp = newBuilder2.setHandle(storageFixture2::getInstance).build();
        BucketFixture.Builder bucketNameFmtString = BucketFixture.newBuilder().setBucketNameFmtString("java-storage-grpc-%s");
        StorageFixture storageFixture3 = storageFixtureHttp;
        storageFixture3.getClass();
        bucketFixtureGrpc = bucketNameFmtString.setHandle(storageFixture3::getInstance).build();
        BucketFixture.Builder bucketNameFmtString2 = BucketFixture.newBuilder().setBucketNameFmtString("java-storage-grpc-%s");
        StorageFixture storageFixture4 = storageFixtureHttp;
        storageFixture4.getClass();
        requesterPaysFixtureGrpc = bucketNameFmtString2.setHandle(storageFixture4::getInstance).build();
        RETENTION_PERIOD = 5L;
        RETENTION_PERIOD_DURATION = Duration.ofSeconds(5L);
    }
}
