package com.floragunn.searchguard.enterprise.auth.ldap;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.searchguard.enterprise.auth.ldap.TestLdapDirectory;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.certificate.TestCertificate;
import com.floragunn.searchguard.test.helper.certificate.TestCertificates;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.time.Duration;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.http.Header;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.xcontent.XContentType;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;

@Ignore
/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/ldap/LdapStressTest.class */
public class LdapStressTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();
    static TestCertificates certificatesContext = TestCertificates.builder().build();
    static TestCertificate ldapServerCertificate = certificatesContext.create("CN=ldap.example.com,OU=MyOU,O=MyO");
    static TestLdapDirectory.Entry KARLOTTA = new TestLdapDirectory.Entry("cn=Karlotta,ou=people,o=TEST").cn("Karlotta").uid("karlotta").userpassword("karlottas-secret").displayName("Karlotta Karl").objectClass("inetOrgPerson");
    static TestLdapDirectory.Entry THORE = new TestLdapDirectory.Entry("cn=Thore,ou=people,o=TEST").cn("Thore").uid("tho").userpassword("tho-secret").objectClass("inetOrgPerson").attr("departmentnumber", "a", "b").attr("businessCategory", "bc_1");
    static TestLdapDirectory.Entry PAUL = new TestLdapDirectory.Entry("cn=Paul,ou=people,o=TEST").cn("Paul").uid("paule").userpassword("p-secret").objectClass("inetOrgPerson");
    static TestLdapDirectory.Entry ALL_ACCESS_GROUP = new TestLdapDirectory.Entry("cn=all_access,ou=groups,o=TEST").cn("all_access").objectClass("groupOfUniqueNames").uniqueMember(KARLOTTA);
    static TestLdapDirectory.Entry STD_ACCESS_GROUP = new TestLdapDirectory.Entry("cn=std_access,ou=groups,o=TEST").cn("std_access").objectClass("groupOfUniqueNames").uniqueMember(THORE);
    static TestLdapServer tlsLdapServer = TestLdapServer.with(TestLdapDirectory.BASE, KARLOTTA, THORE, PAUL, ALL_ACCESS_GROUP, STD_ACCESS_GROUP).tls(ldapServerCertificate).bindRequestDelay(Duration.ofSeconds(5)).build();
    static TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/ldap").description("using raw filter queries").backend(DocNode.of("idp.hosts", "#{var:ldapHost}", "idp.tls.trusted_cas", certificatesContext.getCaCertificate().getCertificateString(), "idp.tls.verify_hostnames", false, "user_search.filter.raw", "(uid=${user.name})", "group_search.base_dn", TestLdapDirectory.GROUPS.getDn(), new Object[]{"group_search.filter.raw", "(uniqueMember=${dn})", "group_search.role_name_attribute", "dn", "group_search.recursive.enabled", true})).userMapping(new TestSgConfig.Authc.Domain.UserMapping().attrsFrom("pattern", "ldap_user_entry.departmentnumber").attrsFrom("pattern_rec", "ldap_group_entries[*].businessCategory[*]"))});
    public static LocalCluster cluster = new LocalCluster.Builder().singleNode().sslEnabled().enterpriseModulesEnabled().resources("ldap").roles(new TestSgConfig.Role[]{TestSgConfig.Role.ALL_ACCESS}).roleToRoleMapping(TestSgConfig.Role.ALL_ACCESS, new String[]{ALL_ACCESS_GROUP.getDn()}).authc(AUTHC).var("ldapHost", () -> {
        return tlsLdapServer.hostAndPort();
    }).build();

    @ClassRule
    public static TestRule serverChain = RuleChain.outerRule(tlsLdapServer).around(cluster);

    @BeforeClass
    public static void initTestData() {
        Client internalNodeClient = cluster.getInternalNodeClient();
        try {
            internalNodeClient.index(new IndexRequest("attr_test_a").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"a\", \"amount\": 1010}", XContentType.JSON)).actionGet();
            internalNodeClient.index(new IndexRequest("attr_test_b").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"b\", \"amount\": 2020}", XContentType.JSON)).actionGet();
            internalNodeClient.index(new IndexRequest("attr_test_c").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"c\", \"amount\": 3030}", XContentType.JSON)).actionGet();
            internalNodeClient.index(new IndexRequest("attr_test_d").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"d\", \"amount\": 4040}", XContentType.JSON)).actionGet();
            internalNodeClient.index(new IndexRequest("attr_test_e").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"e\", \"amount\": 5050}", XContentType.JSON)).actionGet();
            if (internalNodeClient != null) {
                internalNodeClient.close();
            }
        } catch (Throwable th) {
            if (internalNodeClient != null) {
                try {
                    internalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void concurrentAuth() {
        CompletableFuture[] completableFutureArr = new CompletableFuture[15];
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(15);
        for (int i = 0; i < 15; i++) {
            completableFutureArr[i] = CompletableFuture.supplyAsync(() -> {
                try {
                    GenericRestClient restClient = cluster.getRestClient(KARLOTTA, new Header[0]);
                    try {
                        GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
                        Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                        Assert.assertEquals(httpResponse.getBody(), "karlotta", httpResponse.getBodyAsDocNode().get("user_name"));
                        if (restClient != null) {
                            restClient.close();
                        }
                        return null;
                    } finally {
                    }
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }, newFixedThreadPool);
        }
        CompletableFuture.allOf(completableFutureArr).join();
    }
}
