package com.floragunn.searchguard.enterprise.auth.session;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.BearerAuthorization;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.util.Arrays;
import org.apache.http.Header;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/session/ExternalSearchGuardSessionAuthenticationBackendTest.class */
public class ExternalSearchGuardSessionAuthenticationBackendTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();
    static final TestSgConfig.User SESSION_TEST_USER = new TestSgConfig.User("session_test_user").roles(new String[]{"sg_all_access", "SGS_KIBANA_USER"});
    static final String HS512_KEY = "rJr-CU8cedCQxHetNz5jgNWVPrfDmgUMjiNcXmvxODZozLkNCbgDQRneS6kNXlnOLFC8IKx5mACOmcd4bsDD2w";
    static final DocNode HS512_JWK = DocNode.of("kty", "oct", "kid", "kid_a", "k", HS512_KEY, "alg", "HS512");
    static final String SESSION_JWT_AUDIENCE = "test_session_audience";

    @ClassRule
    public static LocalCluster sessionProvidingCluster = new LocalCluster.Builder().sgConfig(new TestSgConfig().authc(new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/internal_users_db")})).frontendAuthc("default", new TestSgConfig.FrontendAuthc[]{new TestSgConfig.FrontendAuthc().authDomain(new TestSgConfig.FrontendAuthDomain("basic").label("Basic Login"))}).sessions(new TestSgConfig.Sessions().jwtSigningKeyHs512(HS512_KEY).jwtAudience(SESSION_JWT_AUDIENCE)).user(SESSION_TEST_USER)).singleNode().sslEnabled().enterpriseModulesEnabled().build();

    @ClassRule
    public static LocalCluster sessionConsumingCluster = new LocalCluster.Builder().sgConfig(new TestSgConfig().authc(new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("jwt/external_session").frontend(DocNode.of("signing.jwks.keys", Arrays.asList(HS512_JWK), "required_audience", SESSION_JWT_AUDIENCE)).backend(DocNode.of("hosts", ImmutableList.of("#{var:session_hosts}", "https://invalidhost.example.com:9200", "https://invalidhost2.example.com:9200", new String[0]), "tls.trust_all", true, "tls.verify_hostnames", false))})).var("session_hosts", () -> {
        return sessionProvidingCluster.getHttpAddressAsURI().toString();
    })).singleNode().sslEnabled().enterpriseModulesEnabled().build();

    @Test
    public void basicTest() throws Exception {
        GenericRestClient restClient = sessionProvidingCluster.getRestClient(new Header[0]);
        try {
            GenericRestClient.HttpResponse postJson = restClient.postJson("/_searchguard/auth/session", DocNode.of("mode", "basic", "user", SESSION_TEST_USER.getName(), "password", SESSION_TEST_USER.getPassword()), new Header[0]);
            System.out.println(postJson.getBody());
            Assert.assertEquals(postJson.getBody(), 201L, postJson.getStatusCode());
            String asString = postJson.getBodyAsDocNode().getAsString("token");
            Assert.assertNotNull(postJson.getBody(), asString);
            if (restClient != null) {
                restClient.close();
            }
            restClient = sessionConsumingCluster.getRestClient(new Header[]{new BearerAuthorization(asString)});
            try {
                GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
                System.out.println(httpResponse.getBody());
                Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                Assert.assertEquals(httpResponse.getBody(), SESSION_TEST_USER.getName(), httpResponse.getBodyAsDocNode().getAsString("user_name"));
                Assert.assertEquals(httpResponse.getBody(), SESSION_TEST_USER.getRoleNames(), ImmutableSet.of(httpResponse.getBodyAsDocNode().getAsListOfStrings("sg_roles")));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }
}
