package com.floragunn.searchguard.enterprise.dlsfls;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.DocumentParseException;
import com.floragunn.codova.documents.Format;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestData;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.util.Collection;
import org.apache.http.Header;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.common.settings.Settings;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/dlsfls/DlsTest.class */
public class DlsTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();
    static final int DOC_COUNT = 200;
    static final TestData TEST_DATA = TestData.documentCount(DOC_COUNT).get();
    static final TestSgConfig.User ADMIN = new TestSgConfig.User("admin").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("all_access").indexPermissions(new String[]{"*"}).on(new String[]{"*"}).clusterPermissions(new String[]{"*"})});
    static final String INDEX = "logs";
    static final TestSgConfig.User DEPT_A_USER = new TestSgConfig.User("dept_a").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("dept_a").indexPermissions(new String[]{"SGS_READ"}).dls(DocNode.of("prefix.dept.value", "dept_a")).on(new String[]{INDEX}).clusterPermissions(new String[]{"*"})});
    static final TestSgConfig.User DEPT_D_USER = new TestSgConfig.User("dept_d").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("dept_d").indexPermissions(new String[]{"SGS_READ"}).dls(DocNode.of("term.dept.value", "dept_d")).on(new String[]{INDEX}).clusterPermissions(new String[]{"*"})});
    static final TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/internal_users_db")});
    static final TestSgConfig.DlsFls DLSFLS = new TestSgConfig.DlsFls().useImpl("flx");

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().enterpriseModulesEnabled().authc(AUTHC).dlsFls(DLSFLS).users(new TestSgConfig.User[]{ADMIN, DEPT_A_USER, DEPT_D_USER}).resources("dlsfls").build();

    @BeforeClass
    public static void setupTestData() {
        Client internalNodeClient = cluster.getInternalNodeClient();
        try {
            TEST_DATA.createIndex(internalNodeClient, INDEX, Settings.builder().put("index.number_of_shards", 5).build());
            if (internalNodeClient != null) {
                internalNodeClient.close();
            }
        } catch (Throwable th) {
            if (internalNodeClient != null) {
                try {
                    internalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void search() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(DEPT_A_USER, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/logs/_search?pretty", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertTrue(httpResponse.getBody(), httpResponse.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(@._source.dept =~ /dept_a.*/)]").size() == 10);
            Assert.assertTrue(httpResponse.getBody(), httpResponse.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(!(@._source.dept =~ /dept_a.*/))]").size() == 0);
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(ADMIN, new Header[0]);
            try {
                GenericRestClient.HttpResponse httpResponse2 = restClient.get("/logs/_search?pretty", new Header[0]);
                Assert.assertEquals(httpResponse2.getBody(), 200L, httpResponse2.getStatusCode());
                Assert.assertTrue(httpResponse2.getBody(), httpResponse2.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(!(@._source.dept =~ /dept_a.*/))]").size() != 0);
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void scroll() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(DEPT_A_USER, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/logs/_search?scroll=1m&pretty=true&size=5", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertTrue(httpResponse.getBody(), httpResponse.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(@._source.dept =~ /dept_a.*/)]").size() == 5);
            Assert.assertTrue(httpResponse.getBody(), httpResponse.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(!(@._source.dept =~ /dept_a.*/))]").size() == 0);
            String asString = httpResponse.getBodyAsDocNode().getAsString("_scroll_id");
            while (true) {
                GenericRestClient.HttpResponse postJson = restClient.postJson("/_search/scroll?pretty=true", DocNode.of("scroll", "1m", "scroll_id", asString), new Header[0]);
                int size = postJson.getBodyAsDocNode().getAsNode("hits").getAsListOfNodes("hits").size();
                if (size == 0) {
                    break;
                }
                Assert.assertTrue(postJson.getBody(), postJson.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(@._source.dept =~ /dept_a.*/)]").size() == size);
                Assert.assertTrue(postJson.getBody(), postJson.getBodyAsDocNode().findNodesByJsonPath("hits.hits[?(!(@._source.dept =~ /dept_a.*/))]").size() == 0);
            }
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void terms_aggregation() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse postJson = restClient.postJson("/logs/_search?pretty", "{\"query\" : {\"match_all\": {}},\"aggs\" : {\"test_agg\" : { \"terms\" : { \"field\" : \"dept.keyword\" } }}}", new Header[0]);
            Assert.assertEquals(postJson.getBody(), 200L, postJson.getStatusCode());
            Assert.assertTrue(postJson.getBody(), postJson.getBodyAsDocNode().findNodesByJsonPath("aggregations.test_agg.buckets[?(@.key == 'dept_d')]").size() == 1);
            int i = getInt(postJson, "aggregations.test_agg.buckets[?(@.key == 'dept_a_1')].doc_count");
            int i2 = getInt(postJson, "aggregations.test_agg.buckets[?(@.key == 'dept_a_2')].doc_count");
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(DEPT_A_USER, new Header[0]);
            try {
                GenericRestClient.HttpResponse postJson2 = restClient.postJson("/logs/_search?pretty", "{\"query\" : {\"match_all\": {}},\"aggs\" : {\"test_agg\" : { \"terms\" : { \"field\" : \"dept.keyword\" } }}}", new Header[0]);
                Assert.assertEquals(postJson2.getBody(), 200L, postJson2.getStatusCode());
                Assert.assertTrue(postJson2.getBody(), postJson2.getBodyAsDocNode().findNodesByJsonPath("aggregations.test_agg.buckets[?(@.key == 'dept_d')]").size() == 0);
                Assert.assertEquals(postJson2.getBody(), i, getInt(postJson2, "aggregations.test_agg.buckets[?(@.key == 'dept_a_1')].doc_count"));
                Assert.assertEquals(postJson2.getBody(), i2, getInt(postJson2, "aggregations.test_agg.buckets[?(@.key == 'dept_a_2')].doc_count"));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void termvectors() throws Exception {
        String str = "/logs//_termvectors/" + TEST_DATA.anyDocumentForDepartment("dept_a_1").getId() + "?pretty=true";
        GenericRestClient restClient = cluster.getRestClient(ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get(str, new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), true, httpResponse.getBodyAsDocNode().get("found"));
            if (restClient != null) {
                restClient.close();
            }
            GenericRestClient restClient2 = cluster.getRestClient(DEPT_D_USER, new Header[0]);
            try {
                GenericRestClient.HttpResponse httpResponse2 = restClient2.get(str, new Header[0]);
                Assert.assertEquals(httpResponse2.getBody(), 200L, httpResponse2.getStatusCode());
                Assert.assertEquals(httpResponse2.getBody(), false, httpResponse2.getBodyAsDocNode().get("found"));
                if (restClient2 != null) {
                    restClient2.close();
                }
                String str2 = "/logs/_termvectors/" + TEST_DATA.anyDocumentForDepartment("dept_d").getId() + "?pretty=true";
                restClient2 = cluster.getRestClient(DEPT_D_USER, new Header[0]);
                try {
                    GenericRestClient.HttpResponse httpResponse3 = restClient2.get(str2, new Header[0]);
                    Assert.assertEquals(httpResponse3.getBody(), 200L, httpResponse3.getStatusCode());
                    Assert.assertEquals(httpResponse3.getBody(), true, httpResponse3.getBodyAsDocNode().get("found"));
                    if (restClient2 != null) {
                        restClient2.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        }
    }

    private static int getInt(GenericRestClient.HttpResponse httpResponse, String str) throws DocumentParseException, Format.UnknownDocTypeException {
        Object basicObject = httpResponse.getBodyAsDocNode().findSingleNodeByJsonPath("aggregations.test_agg.buckets[?(@.key == 'dept_a_1')].doc_count").toBasicObject();
        if (basicObject instanceof Collection) {
            basicObject = ((Collection) basicObject).iterator().next();
        }
        if (basicObject instanceof Number) {
            return ((Number) basicObject).intValue();
        }
        throw new RuntimeException("Invalid value for " + str + ": " + basicObject);
    }
}
