package org.apache.jackrabbit.oak.segment.azure;

import com.microsoft.azure.storage.StorageException;
import com.microsoft.azure.storage.blob.CloudBlobContainer;
import com.microsoft.azure.storage.blob.SharedAccessBlobPermissions;
import com.microsoft.azure.storage.blob.SharedAccessBlobPolicy;
import java.io.IOException;
import java.net.URISyntaxException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import org.apache.jackrabbit.oak.blob.cloud.azure.blobstorage.AzuriteDockerRule;
import org.apache.jackrabbit.oak.segment.azure.util.Environment;
import org.apache.jackrabbit.oak.segment.spi.persistence.SegmentNodeStorePersistence;
import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.osgi.util.converter.Converters;

/* loaded from: input_file:org/apache/jackrabbit/oak/segment/azure/AzureSegmentStoreServiceTest.class */
public class AzureSegmentStoreServiceTest {

    @Rule
    public final OsgiContext context = new OsgiContext();
    private CloudBlobContainer container;
    private static final Environment ENVIRONMENT = new Environment();

    @ClassRule
    public static AzuriteDockerRule azurite = new AzuriteDockerRule();
    private static final EnumSet<SharedAccessBlobPermissions> READ_ONLY = EnumSet.of(SharedAccessBlobPermissions.READ, SharedAccessBlobPermissions.LIST);
    private static final EnumSet<SharedAccessBlobPermissions> READ_WRITE = EnumSet.of(SharedAccessBlobPermissions.READ, SharedAccessBlobPermissions.LIST, SharedAccessBlobPermissions.CREATE, SharedAccessBlobPermissions.WRITE, SharedAccessBlobPermissions.ADD);
    private static final Set<String> BLOBS = Set.of("blob1", "blob2");

    @Before
    public void setup() throws Exception {
        this.container = azurite.getContainer("oak");
        for (String str : BLOBS) {
            this.container.getBlockBlobReference(str + ".txt").uploadText(str);
        }
    }

    @Test
    public void connectWithSharedAccessSignatureURL_readOnly() throws Exception {
        new AzureSegmentStoreService().activate(this.context.componentContext(), getConfigurationWithSharedAccessSignature(this.container.generateSharedAccessSignature(policy(READ_ONLY), (String) null)));
        SegmentNodeStorePersistence segmentNodeStorePersistence = (SegmentNodeStorePersistence) this.context.getService(SegmentNodeStorePersistence.class);
        Assert.assertNotNull(segmentNodeStorePersistence);
        assertWriteAccessNotGranted(segmentNodeStorePersistence);
        assertReadAccessGranted(segmentNodeStorePersistence, BLOBS);
    }

    @Test
    public void connectWithSharedAccessSignatureURL_readWrite() throws Exception {
        new AzureSegmentStoreService().activate(this.context.componentContext(), getConfigurationWithSharedAccessSignature(this.container.generateSharedAccessSignature(policy(READ_WRITE), (String) null)));
        SegmentNodeStorePersistence segmentNodeStorePersistence = (SegmentNodeStorePersistence) this.context.getService(SegmentNodeStorePersistence.class);
        Assert.assertNotNull(segmentNodeStorePersistence);
        assertWriteAccessGranted(segmentNodeStorePersistence);
        assertReadAccessGranted(segmentNodeStorePersistence, concat(BLOBS, "test"));
    }

    @Test
    public void connectWithSharedAccessSignatureURL_expired() throws Exception {
        new AzureSegmentStoreService().activate(this.context.componentContext(), getConfigurationWithSharedAccessSignature(this.container.generateSharedAccessSignature(policy(READ_WRITE, yesterday()), (String) null)));
        SegmentNodeStorePersistence segmentNodeStorePersistence = (SegmentNodeStorePersistence) this.context.getService(SegmentNodeStorePersistence.class);
        Assert.assertNotNull(segmentNodeStorePersistence);
        assertWriteAccessNotGranted(segmentNodeStorePersistence);
        assertReadAccessNotGranted(segmentNodeStorePersistence);
    }

    @Test
    public void connectWithAccessKey() throws Exception {
        new AzureSegmentStoreService().activate(this.context.componentContext(), getConfigurationWithAccessKey("Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="));
        SegmentNodeStorePersistence segmentNodeStorePersistence = (SegmentNodeStorePersistence) this.context.getService(SegmentNodeStorePersistence.class);
        Assert.assertNotNull(segmentNodeStorePersistence);
        assertWriteAccessGranted(segmentNodeStorePersistence);
        assertReadAccessGranted(segmentNodeStorePersistence, concat(BLOBS, "test"));
    }

    @Test
    public void connectWithConnectionURL() throws Exception {
        new AzureSegmentStoreService().activate(this.context.componentContext(), getConfigurationWithConfigurationURL("Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="));
        SegmentNodeStorePersistence segmentNodeStorePersistence = (SegmentNodeStorePersistence) this.context.getService(SegmentNodeStorePersistence.class);
        Assert.assertNotNull(segmentNodeStorePersistence);
        assertWriteAccessGranted(segmentNodeStorePersistence);
        assertReadAccessGranted(segmentNodeStorePersistence, concat(BLOBS, "test"));
    }

    @Test
    public void connectWithServicePrincipal() throws Exception {
        Assume.assumeNotNull(new Object[]{ENVIRONMENT.getVariable("AZURE_ACCOUNT_NAME")});
        Assume.assumeNotNull(new Object[]{ENVIRONMENT.getVariable("AZURE_TENANT_ID")});
        Assume.assumeNotNull(new Object[]{ENVIRONMENT.getVariable("AZURE_CLIENT_ID")});
        Assume.assumeNotNull(new Object[]{ENVIRONMENT.getVariable("AZURE_CLIENT_SECRET")});
        new AzureSegmentStoreService().activate(this.context.componentContext(), getConfigurationWithServicePrincipal(ENVIRONMENT.getVariable("AZURE_ACCOUNT_NAME"), ENVIRONMENT.getVariable("AZURE_CLIENT_ID"), ENVIRONMENT.getVariable("AZURE_CLIENT_SECRET"), ENVIRONMENT.getVariable("AZURE_TENANT_ID")));
        SegmentNodeStorePersistence segmentNodeStorePersistence = (SegmentNodeStorePersistence) this.context.getService(SegmentNodeStorePersistence.class);
        Assert.assertNotNull(segmentNodeStorePersistence);
        assertWriteAccessGranted(segmentNodeStorePersistence);
        assertReadAccessGranted(segmentNodeStorePersistence, concat(BLOBS, "test"));
    }

    @Test
    public void deactivate() throws Exception {
        AzureSegmentStoreService azureSegmentStoreService = new AzureSegmentStoreService();
        azureSegmentStoreService.activate(this.context.componentContext(), getConfigurationWithAccessKey("Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="));
        Assert.assertNotNull(this.context.getService(SegmentNodeStorePersistence.class));
        azureSegmentStoreService.deactivate();
        Assert.assertNull(this.context.getService(SegmentNodeStorePersistence.class));
    }

    @NotNull
    private static SharedAccessBlobPolicy policy(EnumSet<SharedAccessBlobPermissions> enumSet, Instant instant) {
        SharedAccessBlobPolicy sharedAccessBlobPolicy = new SharedAccessBlobPolicy();
        sharedAccessBlobPolicy.setPermissions(enumSet);
        sharedAccessBlobPolicy.setSharedAccessExpiryTime(Date.from(instant));
        return sharedAccessBlobPolicy;
    }

    @NotNull
    private static SharedAccessBlobPolicy policy(EnumSet<SharedAccessBlobPermissions> enumSet) {
        return policy(enumSet, Instant.now().plus((TemporalAmount) Duration.ofDays(7L)));
    }

    private static void assertReadAccessGranted(SegmentNodeStorePersistence segmentNodeStorePersistence, Set<String> set) throws Exception {
        CloudBlobContainer containerFrom = getContainerFrom(segmentNodeStorePersistence);
        Set set2 = (Set) StreamSupport.stream(containerFrom.listBlobs().spliterator(), false).map(listBlobItem -> {
            return listBlobItem.getUri().getPath();
        }).map(str -> {
            return str.substring(str.lastIndexOf(47) + 1);
        }).filter(str2 -> {
            return str2.equals("test.txt") || str2.startsWith("blob");
        }).collect(Collectors.toSet());
        Assert.assertEquals((Set) set.stream().map(str3 -> {
            return str3 + ".txt";
        }).collect(Collectors.toSet()), set2);
        Assert.assertEquals(set, (Set) set2.stream().map(str4 -> {
            try {
                return containerFrom.getBlockBlobReference(str4).downloadText();
            } catch (StorageException | IOException | URISyntaxException e) {
                throw new RuntimeException("Error while reading blob " + str4, e);
            }
        }).collect(Collectors.toSet()));
    }

    private static void assertWriteAccessGranted(SegmentNodeStorePersistence segmentNodeStorePersistence) throws Exception {
        getContainerFrom(segmentNodeStorePersistence).getBlockBlobReference("test.txt").uploadText("test");
    }

    private static CloudBlobContainer getContainerFrom(SegmentNodeStorePersistence segmentNodeStorePersistence) throws Exception {
        return ((AzurePersistence) segmentNodeStorePersistence).getSegmentstoreDirectory().getContainer();
    }

    private static void assertWriteAccessNotGranted(SegmentNodeStorePersistence segmentNodeStorePersistence) {
        try {
            assertWriteAccessGranted(segmentNodeStorePersistence);
            Assert.fail("Write access should not be granted, but writing to the storage succeeded.");
        } catch (Exception e) {
        }
    }

    private static void assertReadAccessNotGranted(SegmentNodeStorePersistence segmentNodeStorePersistence) {
        try {
            assertReadAccessGranted(segmentNodeStorePersistence, BLOBS);
            Assert.fail("Read access should not be granted, but reading from the storage succeeded.");
        } catch (Exception e) {
        }
    }

    private static Instant yesterday() {
        return Instant.now().minus((TemporalAmount) Duration.ofDays(1L));
    }

    private static Set<String> concat(Set<String> set, String str) {
        return (Set) Stream.concat(set.stream(), Stream.of(str)).collect(Collectors.toSet());
    }

    private static Configuration getConfigurationWithSharedAccessSignature(String str) {
        return getConfiguration(str, "devstoreaccount1", null, null, null, null, null);
    }

    private static Configuration getConfigurationWithAccessKey(String str) {
        return getConfiguration(null, "devstoreaccount1", str, null, null, null, null);
    }

    private static Configuration getConfigurationWithConfigurationURL(String str) {
        return getConfiguration(null, "devstoreaccount1", null, "DefaultEndpointsProtocol=https;BlobEndpoint=" + azurite.getBlobEndpoint() + ";AccountName=devstoreaccount1;AccountKey=" + str + ";", null, null, null);
    }

    private static Configuration getConfigurationWithServicePrincipal(String str, String str2, String str3, String str4) {
        return getConfiguration(null, str, null, null, str2, str3, str4);
    }

    @NotNull
    private static Configuration getConfiguration(final String str, final String str2, final String str3, final String str4, final String str5, final String str6, final String str7) {
        return (Configuration) Converters.standardConverter().convert(new HashMap<Object, Object>() { // from class: org.apache.jackrabbit.oak.segment.azure.AzureSegmentStoreServiceTest.1
            {
                put("accountName", str2);
                put("accessKey", str3);
                put("connectionURL", str4);
                put("sharedAccessSignature", str);
                put("clientId", str5);
                put("clientSecret", str6);
                put("tenantId", str7);
                put("blobEndpoint", AzureSegmentStoreServiceTest.azurite.getBlobEndpoint());
            }
        }).to(Configuration.class);
    }
}
