package org.apache.jackrabbit.oak.blob.cloud.azure.blobstorage;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import com.microsoft.azure.storage.StorageException;
import com.microsoft.azure.storage.blob.CloudBlobContainer;
import com.microsoft.azure.storage.blob.SharedAccessBlobPermissions;
import com.microsoft.azure.storage.blob.SharedAccessBlobPolicy;
import java.io.IOException;
import java.net.URISyntaxException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.EnumSet;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.apache.jackrabbit.core.data.DataRecord;
import org.apache.jackrabbit.core.data.DataStoreException;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/blob/cloud/azure/blobstorage/AzureBlobStoreBackendTest.class */
public class AzureBlobStoreBackendTest {
    private static final String CONTAINER_NAME = "blobstore";
    private CloudBlobContainer container;

    @ClassRule
    public static AzuriteDockerRule azurite = new AzuriteDockerRule();
    private static final EnumSet<SharedAccessBlobPermissions> READ_ONLY = EnumSet.of(SharedAccessBlobPermissions.READ, SharedAccessBlobPermissions.LIST);
    private static final EnumSet<SharedAccessBlobPermissions> READ_WRITE = EnumSet.of(SharedAccessBlobPermissions.READ, SharedAccessBlobPermissions.LIST, SharedAccessBlobPermissions.CREATE, SharedAccessBlobPermissions.WRITE, SharedAccessBlobPermissions.ADD);
    private static final ImmutableSet<String> BLOBS = ImmutableSet.of("blob1", "blob2");

    @After
    public void tearDown() throws Exception {
        if (this.container != null) {
            this.container.deleteIfExists();
        }
    }

    @Test
    public void initWithSharedAccessSignature_readOnly() throws Exception {
        String generateSharedAccessSignature = createBlobContainer().generateSharedAccessSignature(policy(READ_ONLY), (String) null);
        AzureBlobStoreBackend azureBlobStoreBackend = new AzureBlobStoreBackend();
        azureBlobStoreBackend.setProperties(getConfigurationWithSasToken(generateSharedAccessSignature));
        azureBlobStoreBackend.init();
        assertWriteAccessNotGranted(azureBlobStoreBackend);
        assertReadAccessGranted(azureBlobStoreBackend, BLOBS);
    }

    @Test
    public void initWithSharedAccessSignature_readWrite() throws Exception {
        String generateSharedAccessSignature = createBlobContainer().generateSharedAccessSignature(policy(READ_WRITE), (String) null);
        AzureBlobStoreBackend azureBlobStoreBackend = new AzureBlobStoreBackend();
        azureBlobStoreBackend.setProperties(getConfigurationWithSasToken(generateSharedAccessSignature));
        azureBlobStoreBackend.init();
        assertWriteAccessGranted(azureBlobStoreBackend, "file");
        assertReadAccessGranted(azureBlobStoreBackend, concat(BLOBS, "file"));
    }

    @Test
    public void connectWithSharedAccessSignatureURL_expired() throws Exception {
        String generateSharedAccessSignature = createBlobContainer().generateSharedAccessSignature(policy(READ_WRITE, yesterday()), (String) null);
        AzureBlobStoreBackend azureBlobStoreBackend = new AzureBlobStoreBackend();
        azureBlobStoreBackend.setProperties(getConfigurationWithSasToken(generateSharedAccessSignature));
        azureBlobStoreBackend.init();
        assertWriteAccessNotGranted(azureBlobStoreBackend);
        assertReadAccessNotGranted(azureBlobStoreBackend);
    }

    @Test
    public void initWithAccessKey() throws Exception {
        AzureBlobStoreBackend azureBlobStoreBackend = new AzureBlobStoreBackend();
        azureBlobStoreBackend.setProperties(getConfigurationWithAccessKey());
        azureBlobStoreBackend.init();
        assertWriteAccessGranted(azureBlobStoreBackend, "file");
        assertReadAccessGranted(azureBlobStoreBackend, ImmutableSet.of("file"));
    }

    @Test
    public void initWithConnectionURL() throws Exception {
        AzureBlobStoreBackend azureBlobStoreBackend = new AzureBlobStoreBackend();
        azureBlobStoreBackend.setProperties(getConfigurationWithConnectionString());
        azureBlobStoreBackend.init();
        assertWriteAccessGranted(azureBlobStoreBackend, "file");
        assertReadAccessGranted(azureBlobStoreBackend, ImmutableSet.of("file"));
    }

    @Test
    public void initSecret() throws Exception {
        AzureBlobStoreBackend azureBlobStoreBackend = new AzureBlobStoreBackend();
        azureBlobStoreBackend.setProperties(getConfigurationWithConnectionString());
        azureBlobStoreBackend.init();
        assertReferenceSecret(azureBlobStoreBackend);
    }

    private CloudBlobContainer createBlobContainer() throws Exception {
        this.container = azurite.getContainer(CONTAINER_NAME);
        UnmodifiableIterator it = BLOBS.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            this.container.getBlockBlobReference(str + ".txt").uploadText(str);
        }
        return this.container;
    }

    private static Properties getConfigurationWithSasToken(String str) {
        Properties basicConfiguration = getBasicConfiguration();
        basicConfiguration.setProperty("azureSas", str);
        basicConfiguration.setProperty("azureCreateContainer", "false");
        basicConfiguration.setProperty("refOnInit", "false");
        return basicConfiguration;
    }

    private static Properties getConfigurationWithAccessKey() {
        Properties basicConfiguration = getBasicConfiguration();
        basicConfiguration.setProperty("secretKey", AzuriteDockerRule.ACCOUNT_KEY);
        return basicConfiguration;
    }

    @NotNull
    private static Properties getConfigurationWithConnectionString() {
        Properties basicConfiguration = getBasicConfiguration();
        basicConfiguration.setProperty("azureConnectionString", getConnectionString());
        return basicConfiguration;
    }

    @NotNull
    private static Properties getBasicConfiguration() {
        Properties properties = new Properties();
        properties.setProperty("container", CONTAINER_NAME);
        properties.setProperty("accessKey", AzuriteDockerRule.ACCOUNT_NAME);
        properties.setProperty("azureBlobEndpoint", azurite.getBlobEndpoint());
        properties.setProperty("azureCreateContainer", "");
        return properties;
    }

    @NotNull
    private static SharedAccessBlobPolicy policy(EnumSet<SharedAccessBlobPermissions> enumSet, Instant instant) {
        SharedAccessBlobPolicy sharedAccessBlobPolicy = new SharedAccessBlobPolicy();
        sharedAccessBlobPolicy.setPermissions(enumSet);
        sharedAccessBlobPolicy.setSharedAccessExpiryTime(Date.from(instant));
        return sharedAccessBlobPolicy;
    }

    @NotNull
    private static SharedAccessBlobPolicy policy(EnumSet<SharedAccessBlobPermissions> enumSet) {
        return policy(enumSet, Instant.now().plus((TemporalAmount) Duration.ofDays(7L)));
    }

    private static void assertReadAccessGranted(AzureBlobStoreBackend azureBlobStoreBackend, Set<String> set) throws Exception {
        CloudBlobContainer azureContainer = azureBlobStoreBackend.getAzureContainer();
        Set set2 = (Set) StreamSupport.stream(azureContainer.listBlobs().spliterator(), false).map(listBlobItem -> {
            return listBlobItem.getUri().getPath();
        }).map(str -> {
            return str.substring(str.lastIndexOf(47) + 1);
        }).filter(str2 -> {
            return !str2.isEmpty();
        }).collect(Collectors.toSet());
        Assert.assertEquals((Set) set.stream().map(str3 -> {
            return str3 + ".txt";
        }).collect(Collectors.toSet()), set2);
        Assert.assertEquals(set, (Set) set2.stream().map(str4 -> {
            try {
                return azureContainer.getBlockBlobReference(str4).downloadText();
            } catch (StorageException | IOException | URISyntaxException e) {
                throw new RuntimeException("Error while reading blob " + str4, e);
            }
        }).collect(Collectors.toSet()));
    }

    private static void assertWriteAccessGranted(AzureBlobStoreBackend azureBlobStoreBackend, String str) throws Exception {
        azureBlobStoreBackend.getAzureContainer().getBlockBlobReference(str + ".txt").uploadText(str);
    }

    private static void assertWriteAccessNotGranted(AzureBlobStoreBackend azureBlobStoreBackend) {
        try {
            assertWriteAccessGranted(azureBlobStoreBackend, "test.txt");
            Assert.fail("Write access should not be granted, but writing to the storage succeeded.");
        } catch (Exception e) {
        }
    }

    private static void assertReadAccessNotGranted(AzureBlobStoreBackend azureBlobStoreBackend) {
        try {
            assertReadAccessGranted(azureBlobStoreBackend, BLOBS);
            Assert.fail("Read access should not be granted, but reading from the storage succeeded.");
        } catch (Exception e) {
        }
    }

    private static Instant yesterday() {
        return Instant.now().minus((TemporalAmount) Duration.ofDays(1L));
    }

    private static ImmutableSet<String> concat(ImmutableSet<String> immutableSet, String str) {
        return ImmutableSet.builder().addAll(immutableSet).add(str).build();
    }

    private static String getConnectionString() {
        return Utils.getConnectionString(AzuriteDockerRule.ACCOUNT_NAME, AzuriteDockerRule.ACCOUNT_KEY, azurite.getBlobEndpoint());
    }

    private static void assertReferenceSecret(AzureBlobStoreBackend azureBlobStoreBackend) throws DataStoreException, IOException {
        DataRecord metadataRecord = azureBlobStoreBackend.getMetadataRecord("reference.key");
        Assert.assertNotNull("Reference data record null", metadataRecord);
        Assert.assertTrue("reference key is empty", metadataRecord.getLength() > 0);
    }
}
