package io.unitycatalog.server.service.credential.azure;

import com.azure.core.http.HttpClient;
import com.azure.core.util.Context;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.DefaultAzureCredential;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.storage.file.datalake.DataLakeServiceAsyncClient;
import com.azure.storage.file.datalake.DataLakeServiceClientBuilder;
import com.azure.storage.file.datalake.implementation.util.DataLakeSasImplUtil;
import com.azure.storage.file.datalake.models.UserDelegationKey;
import com.azure.storage.file.datalake.sas.DataLakeServiceSasSignatureValues;
import com.azure.storage.file.datalake.sas.PathSasPermission;
import io.unitycatalog.server.persist.utils.ServerPropertiesUtils;
import io.unitycatalog.server.service.credential.CredentialContext;
import io.unitycatalog.server.service.credential.azure.ADLSLocationUtils;
import java.net.URI;
import java.time.OffsetDateTime;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:io/unitycatalog/server/service/credential/azure/AzureCredentialVendor.class */
public class AzureCredentialVendor {
    private final Map<String, ADLSStorageConfig> adlsConfigurations = ServerPropertiesUtils.getInstance().getAdlsConfigurations();

    public AzureCredential vendAzureCredential(CredentialContext credentialContext) {
        DefaultAzureCredential build;
        ADLSLocationUtils.ADLSLocationParts parseLocation = ADLSLocationUtils.parseLocation(credentialContext.getStorageBase());
        ADLSStorageConfig aDLSStorageConfig = this.adlsConfigurations.get(parseLocation.accountName());
        if (aDLSStorageConfig == null) {
            build = new DefaultAzureCredentialBuilder().build();
        } else {
            if (aDLSStorageConfig.isTestMode()) {
                return AzureCredential.builder().sasToken(String.format("%s/%s/%s", aDLSStorageConfig.getTenantId(), aDLSStorageConfig.getClientId(), aDLSStorageConfig.getClientSecret())).expirationTimeInEpochMillis(253370790000000L).build();
            }
            build = new ClientSecretCredentialBuilder().tenantId(aDLSStorageConfig.getTenantId()).clientId(aDLSStorageConfig.getClientId()).clientSecret(aDLSStorageConfig.getClientSecret()).build();
        }
        DataLakeServiceAsyncClient buildAsyncClient = new DataLakeServiceClientBuilder().httpClient(HttpClient.createDefault()).endpoint("https://" + parseLocation.account()).credential(build).buildAsyncClient();
        OffsetDateTime now = OffsetDateTime.now();
        OffsetDateTime plusHours = now.plusHours(1L);
        return AzureCredential.builder().sasToken(new DataLakeSasImplUtil(new DataLakeServiceSasSignatureValues(plusHours, resolvePrivileges(credentialContext.getPrivileges())).setStartTime(now), parseLocation.container(), URI.create(credentialContext.getLocations().get(0)).getPath().replaceAll("^/+|/*$", ""), true).generateUserDelegationSas((UserDelegationKey) buildAsyncClient.getUserDelegationKey(now, plusHours).toFuture().join(), parseLocation.accountName(), Context.NONE)).expirationTimeInEpochMillis(plusHours.toInstant().toEpochMilli()).build();
    }

    private PathSasPermission resolvePrivileges(Set<CredentialContext.Privilege> set) {
        PathSasPermission pathSasPermission = new PathSasPermission();
        if (set.contains(CredentialContext.Privilege.UPDATE)) {
            pathSasPermission.setWritePermission(true);
            pathSasPermission.setDeletePermission(true);
        }
        if (set.contains(CredentialContext.Privilege.SELECT)) {
            pathSasPermission.setReadPermission(true);
            pathSasPermission.setListPermission(true);
        }
        return pathSasPermission;
    }
}
