package org.apache.hadoop.fs.adl;

import com.microsoft.azure.datalake.store.oauth2.ClientCredsTokenProvider;
import com.microsoft.azure.datalake.store.oauth2.RefreshTokenBasedTokenProvider;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import org.apache.commons.lang.builder.EqualsBuilder;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.adl.common.CustomMockTokenProvider;
import org.apache.hadoop.fs.adl.oauth2.AzureADTokenProvider;
import org.apache.hadoop.security.ProviderUtils;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:test-classes/org/apache/hadoop/fs/adl/TestAzureADTokenProvider.class */
public class TestAzureADTokenProvider {
    private static final String CLIENT_ID = "MY_CLIENT_ID";
    private static final String REFRESH_TOKEN = "MY_REFRESH_TOKEN";
    private static final String CLIENT_SECRET = "MY_CLIENT_SECRET";
    private static final String REFRESH_URL = "http://localhost:8080/refresh";

    @Rule
    public final TemporaryFolder tempDir = new TemporaryFolder();

    @Test
    public void testRefreshTokenProvider() throws URISyntaxException, IOException {
        Configuration configuration = new Configuration();
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, "MY_CLIENTID");
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_TOKEN_KEY, "XYZ");
        configuration.setEnum(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, TokenProviderType.RefreshToken);
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_URL_KEY, REFRESH_URL);
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(adlFileSystem.getTokenProvider() instanceof RefreshTokenBasedTokenProvider);
    }

    @Test
    public void testClientCredTokenProvider() throws IOException, URISyntaxException {
        Configuration configuration = new Configuration();
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, "MY_CLIENTID");
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_SECRET_KEY, "XYZ");
        configuration.setEnum(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, TokenProviderType.ClientCredential);
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_URL_KEY, REFRESH_URL);
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(adlFileSystem.getTokenProvider() instanceof ClientCredsTokenProvider);
    }

    @Test
    public void testCustomCredTokenProvider() throws URISyntaxException, IOException {
        Configuration configuration = new Configuration();
        configuration.setClass(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_CLASS_KEY, CustomMockTokenProvider.class, AzureADTokenProvider.class);
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(adlFileSystem.getTokenProvider() instanceof SdkTokenProviderAdapter);
    }

    @Test
    public void testInvalidProviderConfigurationForType() throws URISyntaxException, IOException {
        Configuration configuration = new Configuration();
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        try {
            adlFileSystem.initialize(uri, configuration);
            Assert.fail("Initialization should have failed due no token provider configuration");
        } catch (IllegalArgumentException e) {
            Assert.assertTrue(e.getMessage().contains(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_CLASS_KEY));
        }
        configuration.setClass(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_CLASS_KEY, CustomMockTokenProvider.class, AzureADTokenProvider.class);
        adlFileSystem.initialize(uri, configuration);
    }

    @Test
    public void testInvalidProviderConfigurationForClassPath() throws URISyntaxException, IOException {
        Configuration configuration = new Configuration();
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        configuration.set(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_CLASS_KEY, "wrong.classpath.CustomMockTokenProvider");
        try {
            adlFileSystem.initialize(uri, configuration);
            Assert.fail("Initialization should have failed due invalid provider configuration");
        } catch (RuntimeException e) {
            Assert.assertTrue(e.getMessage().contains("wrong.classpath.CustomMockTokenProvider"));
        }
    }

    private CredentialProvider createTempCredProvider(Configuration configuration) throws URISyntaxException, IOException {
        configuration.set("hadoop.security.credential.provider.path", ProviderUtils.nestURIForLocalJavaKeyStoreProvider(this.tempDir.newFile("test.jks").toURI()).toString());
        return (CredentialProvider) CredentialProviderFactory.getProviders(configuration).get(0);
    }

    @Test
    public void testRefreshTokenWithCredentialProvider() throws IOException, URISyntaxException {
        Configuration configuration = new Configuration();
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, "DUMMY");
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_TOKEN_KEY, "DUMMY");
        configuration.setEnum(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, TokenProviderType.RefreshToken);
        CredentialProvider createTempCredProvider = createTempCredProvider(configuration);
        createTempCredProvider.createCredentialEntry(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, CLIENT_ID.toCharArray());
        createTempCredProvider.createCredentialEntry(AdlConfKeys.AZURE_AD_REFRESH_TOKEN_KEY, REFRESH_TOKEN.toCharArray());
        createTempCredProvider.flush();
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(EqualsBuilder.reflectionEquals(new RefreshTokenBasedTokenProvider(CLIENT_ID, REFRESH_TOKEN), adlFileSystem.getTokenProvider()));
    }

    @Test
    public void testRefreshTokenWithCredentialProviderFallback() throws IOException, URISyntaxException {
        Configuration configuration = new Configuration();
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, CLIENT_ID);
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_TOKEN_KEY, REFRESH_TOKEN);
        configuration.setEnum(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, TokenProviderType.RefreshToken);
        createTempCredProvider(configuration);
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(EqualsBuilder.reflectionEquals(new RefreshTokenBasedTokenProvider(CLIENT_ID, REFRESH_TOKEN), adlFileSystem.getTokenProvider()));
    }

    @Test
    public void testClientCredWithCredentialProvider() throws IOException, URISyntaxException {
        Configuration configuration = new Configuration();
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, "DUMMY");
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_SECRET_KEY, "DUMMY");
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_URL_KEY, "DUMMY");
        configuration.setEnum(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, TokenProviderType.ClientCredential);
        CredentialProvider createTempCredProvider = createTempCredProvider(configuration);
        createTempCredProvider.createCredentialEntry(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, CLIENT_ID.toCharArray());
        createTempCredProvider.createCredentialEntry(AdlConfKeys.AZURE_AD_CLIENT_SECRET_KEY, CLIENT_SECRET.toCharArray());
        createTempCredProvider.createCredentialEntry(AdlConfKeys.AZURE_AD_REFRESH_URL_KEY, REFRESH_URL.toCharArray());
        createTempCredProvider.flush();
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(EqualsBuilder.reflectionEquals(new ClientCredsTokenProvider(REFRESH_URL, CLIENT_ID, CLIENT_SECRET), adlFileSystem.getTokenProvider()));
    }

    @Test
    public void testClientCredWithCredentialProviderFallback() throws IOException, URISyntaxException {
        Configuration configuration = new Configuration();
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_ID_KEY, CLIENT_ID);
        configuration.set(AdlConfKeys.AZURE_AD_CLIENT_SECRET_KEY, CLIENT_SECRET);
        configuration.set(AdlConfKeys.AZURE_AD_REFRESH_URL_KEY, REFRESH_URL);
        configuration.setEnum(AdlConfKeys.AZURE_AD_TOKEN_PROVIDER_TYPE_KEY, TokenProviderType.ClientCredential);
        createTempCredProvider(configuration);
        URI uri = new URI("adl://localhost:8080");
        AdlFileSystem adlFileSystem = new AdlFileSystem();
        adlFileSystem.initialize(uri, configuration);
        Assert.assertTrue(EqualsBuilder.reflectionEquals(new ClientCredsTokenProvider(REFRESH_URL, CLIENT_ID, CLIENT_SECRET), adlFileSystem.getTokenProvider()));
    }

    @Test
    public void testCredentialProviderPathExclusions() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.credential.provider.path", "user:///,jceks://adl/user/hrt_qa/sqoopdbpasswd.jceks,jceks://hdfs@nn1.example.com/my/path/test.jceks");
        excludeAndTestExpectations(configuration, "user:///,jceks://hdfs@nn1.example.com/my/path/test.jceks");
    }

    @Test
    public void testExcludeAllProviderTypesFromConfig() throws Exception {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.credential.provider.path", "jceks://adl/tmp/test.jceks,jceks://adl@/my/path/test.jceks");
        excludeAndTestExpectations(configuration, null);
    }

    void excludeAndTestExpectations(Configuration configuration, String str) throws Exception {
        Assert.assertEquals(str, ProviderUtils.excludeIncompatibleCredentialProviders(configuration, AdlFileSystem.class).get("hadoop.security.credential.provider.path", (String) null));
    }
}
