package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.net.URLEncoder;
import java.util.List;
import org.apache.http.Header;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/UserApiTest.class */
public class UserApiTest {

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().nodeSettings(new Object[]{"searchguard.restapi.roles_enabled.0", "sg_admin"}).resources("restapi").sslEnabled().enterpriseModulesEnabled().build();

    @Test
    public void testSearchGuardRoles() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            Assert.assertEquals(trackResources.get("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]).getBody(), 200L, r0.getStatusCode());
            Assert.assertEquals(trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/newuser\", \"value\": {\"password\": \"newuser\", \"search_guard_roles\": [\"sg_all_access\"] } }]").getBody(), 200L, r0.getStatusCode());
            GenericRestClient.HttpResponse httpResponse = trackResources.get("/_searchguard/api/internalusers/newuser", new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertTrue(httpResponse.getBody(), httpResponse.getBody().contains("\"search_guard_roles\":[\"sg_all_access\"]"));
            checkGeneralAccess(200, "newuser", "newuser");
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUserApi() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            GenericRestClient.HttpResponse httpResponse = trackResources.get("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertTrue(httpResponse.getBody(), Settings.builder().loadFromSource(httpResponse.getBody(), XContentType.JSON).build().size() >= 20);
            GenericRestClient.HttpResponse httpResponse2 = trackResources.get("/_searchguard/api/internalusers/admin", new Header[0]);
            Assert.assertEquals(httpResponse2.getBody(), 200L, httpResponse2.getStatusCode());
            System.out.println(httpResponse2.getBody());
            Settings build = Settings.builder().loadFromSource(httpResponse2.getBody(), XContentType.JSON).build();
            Assert.assertEquals(4L, build.size());
            Assert.assertEquals((Object) null, build.get("admin.hash"));
            Assert.assertEquals(404L, trackResources.get("/_searchguard/api/internalusers/nothinghthere", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, trackResources.get("/_searchguard/api/internalusers/", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, trackResources.get("/_searchguard/api/internalusers", new Header[0]).getStatusCode());
            Assert.assertEquals(405L, trackResources.putJson("/_searchguard/api/internalusers/", "{\"hash\": \"123\"}", new Header[0]).getStatusCode());
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_searchguard/api/internalusers/nagilum", "{some: \"thing\" asd  other: \"thing\"}", new Header[0]);
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertEquals(Settings.builder().loadFromSource(putJson.getBody(), XContentType.JSON).build().get("reason"), AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage());
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/_searchguard/api/internalusers/nagilum", "{some: \"thing\", other: \"thing\"}", new Header[0]);
            Assert.assertEquals(400L, putJson2.getStatusCode());
            Settings.builder().loadFromSource(putJson2.getBody(), XContentType.JSON).build();
            GenericRestClient.HttpResponse putJson3 = trackResources.putJson("/_searchguard/api/internalusers/nagilum", "{\"some\": \"thing\", \"other\": \"thing\"}", new Header[0]);
            Assert.assertEquals(400L, putJson3.getStatusCode());
            Settings build2 = Settings.builder().loadFromSource(putJson3.getBody(), XContentType.JSON).build();
            Assert.assertEquals(build2.get("reason"), AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage());
            Assert.assertTrue(build2.get("invalid_keys.keys").contains("some"));
            Assert.assertTrue(build2.get("invalid_keys.keys").contains("other"));
            Assert.assertEquals(404L, trackResources.patch("/_searchguard/api/internalusers/imnothere", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(403L, trackResources.patch("/_searchguard/api/internalusers/sarek", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(404L, trackResources.patch("/_searchguard/api/internalusers/q", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            GenericRestClient.HttpResponse patch = trackResources.patch("/_searchguard/api/internalusers/test", "[{ \"op\": \"add\", \"path\": \"/hidden\", \"value\": true }]");
            Assert.assertEquals(400L, patch.getStatusCode());
            Assert.assertTrue(patch.getBody(), patch.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
            Assert.assertEquals(trackResources.patch("/_searchguard/api/internalusers/test", "[{ \"op\": \"add\", \"path\": \"/password\", \"value\": \"neu\" }]").getBody(), 200L, r0.getStatusCode());
            GenericRestClient.HttpResponse httpResponse3 = trackResources.get("/_searchguard/api/internalusers/test", new Header[0]);
            Assert.assertEquals(200L, httpResponse3.getStatusCode());
            Assert.assertFalse(Settings.builder().loadFromSource(httpResponse3.getBody(), XContentType.JSON).build().hasValue("test.password"));
            Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/imnothere/a\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(403L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/sarek/a\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/q/a\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            GenericRestClient.HttpResponse patch2 = trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/test/hidden\", \"value\": true }]");
            Assert.assertEquals(400L, patch2.getStatusCode());
            Assert.assertTrue(patch2.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
            Assert.assertEquals(200L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/bulknew1\", \"value\": {\"password\": \"bla\", \"backend_roles\": [\"vulcan\"] } }]").getStatusCode());
            GenericRestClient.HttpResponse httpResponse4 = trackResources.get("/_searchguard/api/internalusers/bulknew1", new Header[0]);
            Assert.assertEquals(200L, httpResponse4.getStatusCode());
            Settings build3 = Settings.builder().loadFromSource(httpResponse4.getBody(), XContentType.JSON).build();
            Assert.assertFalse(build3.hasValue("bulknew1.password"));
            List asList = build3.getAsList("bulknew1.backend_roles");
            Assert.assertEquals(1L, asList.size());
            Assert.assertTrue(asList.contains("vulcan"));
            checkGeneralAccess(401, "nagilum", "nagilum");
            addUserWithHash(trackResources, "sarek", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 403);
            addUserWithHash(trackResources, "q", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 403);
            addUserWithHash(trackResources, "nagilum", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            checkGeneralAccess(200, "nagilum", "nagilum");
            Assert.assertEquals(405L, trackResources.delete("/_searchguard/api/internalusers", new Header[0]).getStatusCode());
            Assert.assertEquals(404L, trackResources.delete("/_searchguard/api/internalusers/picard", new Header[0]).getStatusCode());
            Assert.assertEquals(403L, trackResources.delete("/_searchguard/api/internalusers/sarek", new Header[0]).getStatusCode());
            Assert.assertEquals(404L, trackResources.delete("/_searchguard/api/internalusers/q", new Header[0]).getStatusCode());
            trackResources.delete("/_searchguard/api/internalusers/nagilum", new Header[0]);
            checkGeneralAccess(401, "nagilum", "nagilum");
            addUserWithPassword(trackResources, "nagilum", "correctpassword", 201);
            checkGeneralAccess(401, "nagilum", "wrongpassword");
            checkGeneralAccess(200, "nagilum", "correctpassword");
            trackResources.delete("/_searchguard/api/internalusers/nagilum", new Header[0]);
            addUserWithoutPasswordOrHash(trackResources, "nagilum", new String[]{"starfleet"}, 400);
            addUserWithHash(trackResources, "nagilum", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            addUserWithoutPasswordOrHash(trackResources, "nagilum", new String[]{"starfleet"}, 200);
            GenericRestClient.HttpResponse httpResponse5 = trackResources.get("/_searchguard/api/internalusers/nagilum", new Header[0]);
            Assert.assertEquals(200L, httpResponse5.getStatusCode());
            Assert.assertNull(Settings.builder().loadFromSource(httpResponse5.getBody(), XContentType.JSON).build().get("nagilum.hash"));
            setupStarfleetIndex();
            Settings build4 = Settings.builder().loadFromSource(trackResources.putJson("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes.json"), new Header[0]).getBody(), XContentType.JSON).build();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build4.get("reason"));
            Assert.assertTrue(build4.get("backend_roles").equals("Array expected"));
            Settings build5 = Settings.builder().loadFromSource(trackResources.putJson("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes.json"), new Header[0]).getBody(), XContentType.JSON).build();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build5.get("reason"));
            Assert.assertTrue(build5.get("backend_roles").equals("Array expected"));
            Settings build6 = Settings.builder().loadFromSource(trackResources.putJson("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes2.json"), new Header[0]).getBody(), XContentType.JSON).build();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build6.get("reason"));
            Assert.assertTrue(build6.get("password").equals("String expected"));
            Assert.assertTrue(build6.get("backend_roles") == null);
            Settings build7 = Settings.builder().loadFromSource(trackResources.putJson("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes3.json"), new Header[0]).getBody(), XContentType.JSON).build();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build7.get("reason"));
            Assert.assertTrue(build7.get("backend_roles").equals("Array expected"));
            addUserWithPassword(trackResources, "picard", "picard", 201);
            checkGeneralAccess(403, "picard", "picard");
            checkReadAccess(403, "picard", "picard", "sf", "ships", 0);
            addUserWithPassword(trackResources, "picard", "picard", new String[]{"starfleet"}, 200);
            checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
            checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
            addUserWithPassword(trackResources, "picard", "picard", new String[]{"starfleet", "captains"}, 200);
            checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
            checkWriteAccess(201, "picard", "picard", "sf", "ships", 1);
            GenericRestClient.HttpResponse httpResponse6 = trackResources.get("/_searchguard/api/internalusers/picard", new Header[0]);
            Assert.assertEquals(200L, httpResponse6.getStatusCode());
            Settings build8 = Settings.builder().loadFromSource(httpResponse6.getBody(), XContentType.JSON).build();
            Assert.assertNull(build8.get("picard.hash"));
            List asList2 = build8.getAsList("picard.backend_roles");
            Assert.assertNotNull(asList2);
            Assert.assertEquals(2L, asList2.size());
            Assert.assertTrue(asList2.contains("starfleet"));
            Assert.assertTrue(asList2.contains("captains"));
            addUserWithPassword(trackResources, "$1aAAAAAAAAC", "$1aAAAAAAAAC", 201);
            addUserWithPassword(trackResources, "abc", "abc", 201);
            Assert.assertEquals(trackResources.putJson("/_searchguard/api/internalusers/userwithtabs", "\t{\"hash\": \t \"123\"\t}  ", new Header[0]).getBody(), 201L, r0.getStatusCode());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPasswordRules() throws Exception {
        LocalCluster start = new LocalCluster.Builder().nodeSettings(new Object[]{"searchguard.restapi.roles_enabled.0", "sg_admin", "searchguard.restapi.password_validation_error_message", "xxx", "searchguard.restapi.password_validation_regex", "(?=.*[A-Z])(?=.*[^a-zA-Z\\\\d])(?=.*[0-9])(?=.*[a-z]).{8,}"}).resources("restapi").singleNode().sslEnabled().enterpriseModulesEnabled().start();
        try {
            GenericRestClient trackResources = start.getAdminCertRestClient().trackResources();
            try {
                Assert.assertEquals(trackResources.get("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]).getBody(), 200L, r0.getStatusCode());
                addUserWithPassword(trackResources, "tooshoort", "123", 400);
                addUserWithPassword(trackResources, "tooshoort", "1234567", 400);
                addUserWithPassword(trackResources, "tooshoort", "1Aa%", 400);
                addUserWithPassword(trackResources, "no-nonnumeric", "123456789", 400);
                addUserWithPassword(trackResources, "no-uppercase", "a123456789", 400);
                addUserWithPassword(trackResources, "no-lowercase", "A123456789", 400);
                addUserWithPassword(trackResources, "ok1", "a%A123456789", 201);
                addUserWithPassword(trackResources, "ok2", "$aA123456789", 201);
                addUserWithPassword(trackResources, "ok3", "$Aa123456789", 201);
                addUserWithPassword(trackResources, "ok4", "$1aAAAAAAAAA", 201);
                Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/ok4\", \"value\": {\"password\": \"bla\", \"backend_roles\": [\"vulcan\"] } }]").getStatusCode());
                Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"replace\", \"path\": \"/ok4\", \"value\": {\"password\": \"bla\", \"backend_roles\": [\"vulcan\"] } }]").getStatusCode());
                addUserWithPassword(trackResources, "ok4", "123", 400);
                Assert.assertEquals(200L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/ok4\", \"value\": {\"password\": \"$1aAAAAAAAAB\", \"backend_roles\": [\"vulcan\"] } }]").getStatusCode());
                addUserWithPassword(trackResources, "ok4", "$1aAAAAAAAAC", 200);
                Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/$1aAAAAAAAAB\", \"value\": {\"password\": \"$1aAAAAAAAAB\", \"backend_roles\": [\"vulcan\"] } }]").getStatusCode());
                addUserWithPassword(trackResources, "$1aAAAAAAAAC", "$1aAAAAAAAAC", 400);
                addUserWithPassword(trackResources, "$1aAAAAAAAac", "$1aAAAAAAAAC", 400);
                addUserWithPassword(trackResources, URLEncoder.encode("$1aAAAAAAAac%", "UTF-8"), "$1aAAAAAAAAC%", 400);
                addUserWithPassword(trackResources, URLEncoder.encode("$1aAAAAAAAac%!=\"/\\;:test&~@^", "UTF-8").replace("+", "%2B"), "$1aAAAAAAAac%!=\\\"/\\\\;:test&~@^", 400);
                addUserWithPassword(trackResources, URLEncoder.encode("$1aAAAAAAAac%!=\"/\\;: test&", "UTF-8"), "$1aAAAAAAAac%!=\\\"/\\\\;: test&123", 201);
                GenericRestClient.HttpResponse httpResponse = trackResources.get("/_searchguard/api/internalusers/nothinghthere?pretty", new Header[0]);
                Assert.assertEquals(404L, httpResponse.getStatusCode());
                Assert.assertTrue(httpResponse.getBody().contains("NOT_FOUND"));
                GenericRestClient.HttpResponse patch = trackResources.patch("/_searchguard/api/internalusers", "[ { \"op\": \"add\", \"path\": \"/testuser1\",  \"value\": { \"password\": \"$aA123456789\", \"backend_roles\": [\"testrole1\"] } },{ \"op\": \"add\", \"path\": \"/testuser2\",  \"value\": { \"password\": \"testpassword2\", \"backend_roles\": [\"testrole2\"] } }]");
                Assert.assertEquals(400L, patch.getStatusCode());
                Assert.assertTrue(patch.getBody().contains("error"));
                Assert.assertTrue(patch.getBody(), patch.getBody().contains("Invalid password"));
                if (trackResources != null) {
                    trackResources.close();
                }
                if (start != null) {
                    start.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (start != null) {
                try {
                    start.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUserApiWithDots() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            Assert.assertEquals(200L, trackResources.get("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]).getStatusCode());
            addUserWithPassword(trackResources, ".my.dotuser0", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            addUserWithPassword(trackResources, ".my.dot.user0", "12345678", 201);
            addUserWithHash(trackResources, ".my.dotuser1", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            addUserWithPassword(trackResources, ".my.dot.user2", "12345678", 201);
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUserApiNoPasswordChange() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            addUserWithHash(trackResources, "user1", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            Assert.assertEquals(200L, trackResources.putJson("/_searchguard/api/internalusers/user1", "{\"hash\":\"$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m\",\"password\":\"\",\"backend_roles\":[\"admin\",\"rolea\"]}", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, trackResources.get("/_searchguard/api/internalusers/user1", new Header[0]).getStatusCode());
            addUserWithHash(trackResources, "user2", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            Assert.assertEquals(200L, trackResources.putJson("/_searchguard/api/internalusers/user2", "{\"password\":\"\",\"backend_roles\":[\"admin\",\"rolex\"]}", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, trackResources.get("/_searchguard/api/internalusers/user2", new Header[0]).getStatusCode());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testDontReturnSensitiveDataUponInvalidRequests() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            addUserWithHash(trackResources, "user1", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_searchguard/api/internalusers/user1", "{\"12312\"---\"$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m\",\"password\":\"secret\",\"xyz\":[\"admina\",\"rolea\"]}", new Header[0]);
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertThat(putJson.getBody(), CoreMatchers.not(CoreMatchers.containsString("secret")));
            Assert.assertThat(putJson.getBody(), CoreMatchers.not(CoreMatchers.containsString("password")));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void checkGeneralAccess(int i, String str, String str2) throws Exception {
        GenericRestClient restClient = cluster.getRestClient(str, str2, new Header[0]);
        try {
            Assert.assertEquals(i, restClient.get("", new Header[0]).getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void addUserWithPassword(GenericRestClient genericRestClient, String str, String str2, int i) throws Exception {
        Assert.assertEquals(i, genericRestClient.putJson("/_searchguard/api/internalusers/" + str, "{\"password\": \"" + str2 + "\"}", new Header[0]).getStatusCode());
    }

    protected void addUserWithPassword(GenericRestClient genericRestClient, String str, String str2, String[] strArr, int i) throws Exception {
        String str3 = "{\"password\": \"" + str2 + "\",\"backend_roles\": [";
        for (int i2 = 0; i2 < strArr.length; i2++) {
            str3 = str3 + "\"" + strArr[i2] + "\"";
            if (i2 + 1 < strArr.length) {
                str3 = str3 + ",";
            }
        }
        Assert.assertEquals(i, genericRestClient.putJson("/_searchguard/api/internalusers/" + str, str3 + "]}", new Header[0]).getStatusCode());
    }

    protected void addUserWithHash(GenericRestClient genericRestClient, String str, String str2) throws Exception {
        addUserWithHash(genericRestClient, str, str2, 200);
    }

    protected void addUserWithHash(GenericRestClient genericRestClient, String str, String str2, int i) throws Exception {
        Assert.assertEquals(genericRestClient.putJson("/_searchguard/api/internalusers/" + str, "{\"hash\": \"" + str2 + "\"}", new Header[0]).getBody(), i, r0.getStatusCode());
    }

    protected void addUserWithoutPasswordOrHash(GenericRestClient genericRestClient, String str, String[] strArr, int i) throws Exception {
        String str2 = "{ \"backend_roles\": [";
        for (int i2 = 0; i2 < strArr.length; i2++) {
            str2 = str2 + "\" " + strArr[i2] + " \"";
            if (i2 + 1 < strArr.length) {
                str2 = str2 + ",";
            }
        }
        Assert.assertEquals(i, genericRestClient.putJson("/_searchguard/api/internalusers/" + str, str2 + "]}", new Header[0]).getStatusCode());
    }

    protected void setupStarfleetIndex() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            adminCertRestClient.put("sf");
            adminCertRestClient.putJson("sf/ships/0", "{\"number\" : \"NCC-1701-D\"}", new Header[0]);
            adminCertRestClient.putJson("sf/public/0", "{\"some\" : \"value\"}", new Header[0]);
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected String checkReadAccess(int i, String str, String str2, String str3, String str4, int i2) throws Exception {
        GenericRestClient restClient = cluster.getRestClient(str, str2, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get(str3 + "/" + str4 + "/" + i2, new Header[0]);
            Assert.assertEquals(i, httpResponse.getStatusCode());
            String body = httpResponse.getBody();
            if (restClient != null) {
                restClient.close();
            }
            return body;
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected String checkWriteAccess(int i, String str, String str2, String str3, String str4, int i2) throws Exception {
        GenericRestClient restClient = cluster.getRestClient(str, str2, new Header[0]);
        try {
            GenericRestClient.HttpResponse putJson = restClient.putJson(str3 + "/" + str4 + "/" + i2, "{\"value\" : \"true\"}", new Header[0]);
            Assert.assertEquals(i, putJson.getStatusCode());
            String body = putJson.getBody();
            if (restClient != null) {
                restClient.close();
            }
            return body;
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
