package com.floragunn.searchguard.enterprise.femt.tenants;

import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.authc.AuthInfoService;
import com.floragunn.searchguard.authz.AuthorizationService;
import com.floragunn.searchguard.authz.TenantAccessMapper;
import com.floragunn.searchguard.authz.config.MultiTenancyConfigurationProvider;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.junit.ThrowableAssert;
import java.net.InetSocketAddress;
import java.util.Map;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.threadpool.ThreadPool;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.junit.MockitoJUnitRunner;
import org.mockito.stubbing.Answer;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:com/floragunn/searchguard/enterprise/femt/tenants/AvailableTenantServiceTest.class */
public class AvailableTenantServiceTest {
    public static final String TENANT_1 = "tenant-1";
    public static final String TENANT_2 = "tenant-2";
    public static final String TENANT_3 = "tenant-3";
    public static final String TENANT_4 = "tenant-4";
    public static final String TENANT_5 = "tenant-5";

    @Mock
    private MultiTenancyConfigurationProvider configProvider;

    @Mock
    private AuthorizationService authorizationService;

    @Mock
    private ThreadPool threadPool;

    @Mock
    private TenantRepository repository;

    @Mock
    private ThreadContext threadContext;

    @Mock
    private TenantAccessMapper accessMapper;

    @Mock
    private AuthInfoService authInfoService;
    private AvailableTenantService service;

    /* loaded from: input_file:com/floragunn/searchguard/enterprise/femt/tenants/AvailableTenantServiceTest$TenantExistsAnswer.class */
    private static class TenantExistsAnswer implements Answer<ImmutableSet<String>> {
        private final boolean eachTenantExists;

        public TenantExistsAnswer(boolean z) {
            this.eachTenantExists = z;
        }

        /* renamed from: answer, reason: merged with bridge method [inline-methods] */
        public ImmutableSet<String> m24answer(InvocationOnMock invocationOnMock) {
            if (!this.eachTenantExists) {
                return ImmutableSet.empty();
            }
            ImmutableSet.Builder builder = new ImmutableSet.Builder();
            for (int i = 0; i < invocationOnMock.getArguments().length; i++) {
                builder.add((String) invocationOnMock.getArgument(i));
            }
            return builder.build();
        }
    }

    @Before
    public void before() {
        Mockito.when(this.threadPool.getThreadContext()).thenReturn(this.threadContext);
        this.service = new AvailableTenantService(this.configProvider, this.authorizationService, this.threadPool, this.repository, this.authInfoService);
    }

    @Test
    public void shouldReturnErrorWhenUserIsNotPresentInContext() {
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn((Object) null);
        MatcherAssert.assertThat(Boolean.valueOf(this.service.findTenantAvailableForCurrentUser().isPresent()), Matchers.equalTo(false));
    }

    @Test
    public void shouldThrowExceptionWhenMultiTenancyIsEnabledAndUserHaveAccessToZeroTenants() {
        User user = new User("user");
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(user);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        Mockito.when(this.authorizationService.getMappedRoles(user, transportAddress)).thenReturn(ImmutableSet.of("my_role"));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenAnswer(new TenantExistsAnswer(true));
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        this.service = new AvailableTenantService(this.configProvider, this.authorizationService, this.threadPool, this.repository, this.authInfoService);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        ThrowableAssert.assertThatThrown(() -> {
            this.service.findTenantAvailableForCurrentUser();
        }, new Matcher[]{Matchers.instanceOf(DefaultTenantNotFoundException.class)});
    }

    @Test
    public void shouldNotThrowExceptionWhenMultiTenancyIsDisabledAndUserHaveAccessToZeroTenants() {
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(User.forUser("user").requestedTenant("my_tenant").build());
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(false);
        this.service = new AvailableTenantService(this.configProvider, this.authorizationService, this.threadPool, this.repository, this.authInfoService);
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().get();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(false));
        MatcherAssert.assertThat(availableTenantData.tenants(), Matchers.anEmptyMap());
        MatcherAssert.assertThat(availableTenantData.defaultTenant(), Matchers.nullValue());
        MatcherAssert.assertThat(availableTenantData.username(), Matchers.equalTo("user"));
        MatcherAssert.assertThat(availableTenantData.userRequestedTenant(), Matchers.equalTo("my_tenant"));
    }

    @Test
    public void shouldReturnInformationAboutTwoExistingTenantsWithWriteAccess() {
        User build = User.forUser("user").requestedTenant("my_tenant").build();
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(build);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        ImmutableSet of = ImmutableSet.of("my_role1", "myRole2");
        Mockito.when(this.authorizationService.getMappedRoles(build, transportAddress)).thenReturn(of);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(this.accessMapper.mapTenantsAccess(build, false, of)).thenReturn(ImmutableMap.of(TENANT_1, true, TENANT_2, true));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenAnswer(new TenantExistsAnswer(true));
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().orElseThrow();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(true));
        MatcherAssert.assertThat(availableTenantData.userRequestedTenant(), Matchers.equalTo("my_tenant"));
        Map tenants = availableTenantData.tenants();
        MatcherAssert.assertThat(tenants, Matchers.aMapWithSize(2));
        TenantAccessData tenantAccessData = (TenantAccessData) tenants.get(TENANT_1);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData2 = (TenantAccessData) tenants.get(TENANT_2);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.exists()), Matchers.equalTo(true));
    }

    @Test
    public void shouldNotReturnInformationAboutTenantsWithReadOnlyAccessWhichDoesNotExist() {
        User user = new User("user");
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(user);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        ImmutableSet of = ImmutableSet.of("my_nice_role");
        Mockito.when(this.authorizationService.getMappedRoles(user, transportAddress)).thenReturn(of);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(this.accessMapper.mapTenantsAccess(user, false, of)).thenReturn(ImmutableMap.of(TENANT_4, true, TENANT_5, false));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenAnswer(new TenantExistsAnswer(false));
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().orElseThrow();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(true));
        MatcherAssert.assertThat(availableTenantData.userRequestedTenant(), Matchers.nullValue());
        Map tenants = availableTenantData.tenants();
        MatcherAssert.assertThat(tenants, Matchers.aMapWithSize(1));
        TenantAccessData tenantAccessData = (TenantAccessData) tenants.get(TENANT_4);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.exists()), Matchers.equalTo(false));
    }

    @Test
    public void shouldReturnInformationAboutFiveVariousTenants_1() {
        User user = new User("user");
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(user);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        ImmutableSet of = ImmutableSet.of("my_nice_role");
        Mockito.when(this.authorizationService.getMappedRoles(user, transportAddress)).thenReturn(of);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(this.accessMapper.mapTenantsAccess(user, false, of)).thenReturn(ImmutableMap.of(TENANT_1, false, TENANT_2, true, TENANT_3, true, TENANT_4, false, TENANT_5, true));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenReturn(ImmutableSet.of(TENANT_1, new String[]{TENANT_2, TENANT_4}));
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().orElseThrow();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(true));
        Map tenants = availableTenantData.tenants();
        MatcherAssert.assertThat(tenants, Matchers.aMapWithSize(5));
        TenantAccessData tenantAccessData = (TenantAccessData) tenants.get(TENANT_1);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.writeAccess()), Matchers.equalTo(false));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData2 = (TenantAccessData) tenants.get(TENANT_2);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData3 = (TenantAccessData) tenants.get(TENANT_3);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData3.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData3.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData3.exists()), Matchers.equalTo(false));
        TenantAccessData tenantAccessData4 = (TenantAccessData) tenants.get(TENANT_4);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData4.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData4.writeAccess()), Matchers.equalTo(false));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData4.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData5 = (TenantAccessData) tenants.get(TENANT_5);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData5.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData5.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData5.exists()), Matchers.equalTo(false));
    }

    @Test
    public void shouldReturnInformationAboutFiveVariousTenants_2() {
        User user = new User("user");
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(user);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        ImmutableSet of = ImmutableSet.of("my_nice_role");
        Mockito.when(this.authorizationService.getMappedRoles(user, transportAddress)).thenReturn(of);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(this.accessMapper.mapTenantsAccess(user, false, of)).thenReturn(ImmutableMap.of(TENANT_1, false, TENANT_2, false, TENANT_3, false, TENANT_4, true, TENANT_5, true));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenReturn(ImmutableSet.of(TENANT_1, new String[]{TENANT_2, TENANT_4}));
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().orElseThrow();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(true));
        Map tenants = availableTenantData.tenants();
        MatcherAssert.assertThat(tenants, Matchers.aMapWithSize(4));
        TenantAccessData tenantAccessData = (TenantAccessData) tenants.get(TENANT_1);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.writeAccess()), Matchers.equalTo(false));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData2 = (TenantAccessData) tenants.get(TENANT_2);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.writeAccess()), Matchers.equalTo(false));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData2.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData3 = (TenantAccessData) tenants.get(TENANT_4);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData3.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData3.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData3.exists()), Matchers.equalTo(true));
        TenantAccessData tenantAccessData4 = (TenantAccessData) tenants.get(TENANT_5);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData4.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData4.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData4.exists()), Matchers.equalTo(false));
    }

    @Test
    public void shouldDetectAdminUser() {
        User user = new User("user");
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(user);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        ImmutableSet of = ImmutableSet.of("my_nice_role");
        Mockito.when(this.authorizationService.getMappedRoles(user, transportAddress)).thenReturn(of);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(this.accessMapper.mapTenantsAccess(user, true, of)).thenReturn(ImmutableMap.of(TENANT_1, true));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenReturn(ImmutableSet.of(TENANT_1));
        Mockito.when(Boolean.valueOf(this.authInfoService.isAdmin(user))).thenReturn(true);
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().orElseThrow();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(true));
        Map tenants = availableTenantData.tenants();
        MatcherAssert.assertThat(tenants, Matchers.aMapWithSize(1));
        TenantAccessData tenantAccessData = (TenantAccessData) tenants.get(TENANT_1);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.exists()), Matchers.equalTo(true));
    }

    @Test
    public void shouldDetectNonAdminUser() {
        User user = new User("user");
        TransportAddress transportAddress = new TransportAddress(new InetSocketAddress(8901));
        Mockito.when(this.threadContext.getTransient("_sg_user")).thenReturn(user);
        Mockito.when(this.threadContext.getTransient("_sg_remote_address")).thenReturn(transportAddress);
        ImmutableSet of = ImmutableSet.of("my_nice_role");
        Mockito.when(this.authorizationService.getMappedRoles(user, transportAddress)).thenReturn(of);
        Mockito.when(this.configProvider.getTenantAccessMapper()).thenReturn(this.accessMapper);
        Mockito.when(Boolean.valueOf(this.configProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(this.accessMapper.mapTenantsAccess(user, false, of)).thenReturn(ImmutableMap.of(TENANT_1, true));
        Mockito.when(this.repository.exists((String[]) ArgumentMatchers.any(String[].class))).thenReturn(ImmutableSet.of(TENANT_1));
        Mockito.when(Boolean.valueOf(this.authInfoService.isAdmin(user))).thenReturn(false);
        AvailableTenantData availableTenantData = (AvailableTenantData) this.service.findTenantAvailableForCurrentUser().orElseThrow();
        MatcherAssert.assertThat(Boolean.valueOf(availableTenantData.multiTenancyEnabled()), Matchers.equalTo(true));
        Map tenants = availableTenantData.tenants();
        MatcherAssert.assertThat(tenants, Matchers.aMapWithSize(1));
        TenantAccessData tenantAccessData = (TenantAccessData) tenants.get(TENANT_1);
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.readAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.writeAccess()), Matchers.equalTo(true));
        MatcherAssert.assertThat(Boolean.valueOf(tenantAccessData.exists()), Matchers.equalTo(true));
    }
}
