package com.floragunn.searchguard.enterprise.dlsfls;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.authz.PrivilegesEvaluationContext;
import com.floragunn.searchguard.authz.config.Role;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.enterprise.dlsfls.DlsFlsConfig;
import com.floragunn.searchguard.enterprise.dlsfls.RoleBasedFieldMasking;
import com.floragunn.searchguard.privileges.SpecialPrivilegesEvaluationContext;
import com.floragunn.searchguard.rest.actions.Action;
import com.floragunn.searchguard.rest.actions.ActionRequestIntrospector;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.metrics.Meter;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/dlsfls/RoleBasedFieldMaskingTest.class */
public class RoleBasedFieldMaskingTest {
    @Test
    public void getFieldMaskingRule_template() throws Exception {
        RoleBasedFieldMasking roleBasedFieldMasking = new RoleBasedFieldMasking(SgDynamicConfiguration.of(CType.ROLES, "role", (Role) Role.parse(DocNode.of("index_permissions", DocNode.array(new Object[]{DocNode.of("index_patterns", "index_${user.attrs.a}", "masked_fields", DocNode.array(new Object[]{"masked_a", "masked_b"}))})), (Parser.Context) null).get()), DlsFlsConfig.FieldMasking.DEFAULT, ImmutableSet.of("index_value_of_a", "another_index"), MetricsLevel.NONE);
        PrivilegesEvaluationContext privilegesEvaluationContext = new PrivilegesEvaluationContext(new User.Builder().name("test_user").attribute("a", "value_of_a").build(), ImmutableSet.of("role"), (Action) null, roleBasedFieldMasking, false, (ActionRequestIntrospector) null, (SpecialPrivilegesEvaluationContext) null);
        RoleBasedFieldMasking.FieldMaskingRule fieldMaskingRule = roleBasedFieldMasking.getFieldMaskingRule(privilegesEvaluationContext, "index_value_of_a", Meter.NO_OP);
        Assert.assertNotNull(fieldMaskingRule.toString(), fieldMaskingRule.get("masked_a"));
        Assert.assertNotNull(fieldMaskingRule.toString(), fieldMaskingRule.get("masked_b"));
        Assert.assertNull(fieldMaskingRule.toString(), fieldMaskingRule.get("masked_c"));
        RoleBasedFieldMasking.FieldMaskingRule fieldMaskingRule2 = roleBasedFieldMasking.getFieldMaskingRule(privilegesEvaluationContext, "another_index", Meter.NO_OP);
        Assert.assertNull(fieldMaskingRule2.toString(), fieldMaskingRule2.get("masked_a"));
        Assert.assertNull(fieldMaskingRule2.toString(), fieldMaskingRule2.get("masked_b"));
        Assert.assertNull(fieldMaskingRule2.toString(), fieldMaskingRule2.get("masked_c"));
    }

    @Test
    public void getFieldMaskingRule_wildcardRule() throws Exception {
        RoleBasedFieldMasking roleBasedFieldMasking = new RoleBasedFieldMasking(SgDynamicConfiguration.of(CType.ROLES, "role_with_wildcard_fm", (Role) Role.parse(DocNode.of("index_permissions", DocNode.array(new Object[]{DocNode.of("index_patterns", "*", "masked_fields", DocNode.array(new Object[]{"wildcard_masked_a", "wildcard_masked_b"}))})), (Parser.Context) null).get()), DlsFlsConfig.FieldMasking.DEFAULT, ImmutableSet.of("one_index", "another_index"), MetricsLevel.NONE);
        RoleBasedFieldMasking.FieldMaskingRule fieldMaskingRule = roleBasedFieldMasking.getFieldMaskingRule(new PrivilegesEvaluationContext(new User.Builder().name("test_user").build(), ImmutableSet.of("role_with_wildcard_fm"), (Action) null, roleBasedFieldMasking, false, (ActionRequestIntrospector) null, (SpecialPrivilegesEvaluationContext) null), "one_index", Meter.NO_OP);
        Assert.assertNotNull(fieldMaskingRule.toString(), fieldMaskingRule.get("wildcard_masked_a"));
        Assert.assertNotNull(fieldMaskingRule.toString(), fieldMaskingRule.get("wildcard_masked_b"));
        Assert.assertNull(fieldMaskingRule.toString(), fieldMaskingRule.get("wildcard_masked_c"));
    }

    @Test
    public void hasFieldMaskingRestriction_template() throws Exception {
        RoleBasedFieldMasking roleBasedFieldMasking = new RoleBasedFieldMasking(SgDynamicConfiguration.of(CType.ROLES, "role", (Role) Role.parse(DocNode.of("index_permissions", DocNode.array(new Object[]{DocNode.of("index_patterns", "index_${user.attrs.a}", "masked_fields", DocNode.array(new Object[]{"masked_a", "masked_b"}))})), (Parser.Context) null).get()), DlsFlsConfig.FieldMasking.DEFAULT, ImmutableSet.of("index_value_of_a", "another_index"), MetricsLevel.NONE);
        PrivilegesEvaluationContext privilegesEvaluationContext = new PrivilegesEvaluationContext(new User.Builder().name("test_user").attribute("a", "value_of_a").build(), ImmutableSet.of("role"), (Action) null, roleBasedFieldMasking, false, (ActionRequestIntrospector) null, (SpecialPrivilegesEvaluationContext) null);
        Assert.assertTrue(roleBasedFieldMasking.toString(), roleBasedFieldMasking.hasFieldMaskingRestrictions(privilegesEvaluationContext, "index_value_of_a", Meter.NO_OP));
        Assert.assertFalse(roleBasedFieldMasking.toString(), roleBasedFieldMasking.hasFieldMaskingRestrictions(privilegesEvaluationContext, "another_index", Meter.NO_OP));
    }

    @Test
    public void hasFieldMaskingRestriction_wildcardRule() throws Exception {
        RoleBasedFieldMasking roleBasedFieldMasking = new RoleBasedFieldMasking(SgDynamicConfiguration.of(CType.ROLES, "role_with_wildcard_fm", (Role) Role.parse(DocNode.of("index_permissions", DocNode.array(new Object[]{DocNode.of("index_patterns", "*", "masked_fields", DocNode.array(new Object[]{"wildcard_masked_a", "wildcard_masked_b"}))})), (Parser.Context) null).get()), DlsFlsConfig.FieldMasking.DEFAULT, ImmutableSet.of("one_index", "another_index"), MetricsLevel.NONE);
        PrivilegesEvaluationContext privilegesEvaluationContext = new PrivilegesEvaluationContext(new User.Builder().name("test_user").build(), ImmutableSet.of("role_with_wildcard_fm"), (Action) null, roleBasedFieldMasking, false, (ActionRequestIntrospector) null, (SpecialPrivilegesEvaluationContext) null);
        Assert.assertTrue(roleBasedFieldMasking.toString(), roleBasedFieldMasking.hasFieldMaskingRestrictions(privilegesEvaluationContext, "one_index", Meter.NO_OP));
        Assert.assertTrue(roleBasedFieldMasking.toString(), roleBasedFieldMasking.hasFieldMaskingRestrictions(privilegesEvaluationContext, "another_index", Meter.NO_OP));
        PrivilegesEvaluationContext privilegesEvaluationContext2 = new PrivilegesEvaluationContext(new User.Builder().name("test_user").build(), ImmutableSet.of("role_without_wildcard_fm"), (Action) null, roleBasedFieldMasking, false, (ActionRequestIntrospector) null, (SpecialPrivilegesEvaluationContext) null);
        Assert.assertFalse(roleBasedFieldMasking.toString(), roleBasedFieldMasking.hasFieldMaskingRestrictions(privilegesEvaluationContext2, "one_index", Meter.NO_OP));
        Assert.assertFalse(roleBasedFieldMasking.toString(), roleBasedFieldMasking.hasFieldMaskingRestrictions(privilegesEvaluationContext2, "another_index", Meter.NO_OP));
    }
}
