package com.floragunn.searchguard.enterprise.auth.ldap;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.client.RestHighLevelClient;
import com.floragunn.searchguard.enterprise.auth.ldap.TestLdapDirectory;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.RestMatchers;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.certificate.TestCertificate;
import com.floragunn.searchguard.test.helper.certificate.TestCertificates;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import org.apache.http.Header;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.xcontent.XContentType;
import org.hamcrest.MatcherAssert;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/ldap/LdapIntegrationTest.class */
public class LdapIntegrationTest {
    static TestCertificates certificatesContext = TestCertificates.builder().build();
    static TestCertificate ldapServerCertificate = certificatesContext.create("CN=ldap.example.com,OU=MyOU,O=MyO");
    static String PICTURE_OF_THORE = "U2VhcmNoIEd1YXJk==";
    static TestLdapDirectory.Entry KARLOTTA = new TestLdapDirectory.Entry("cn=Karlotta,ou=people,o=TEST").cn("Karlotta").uid("karlotta").userpassword("karlottas-secret").displayName("Karlotta Karl").objectClass("inetOrgPerson");
    static TestLdapDirectory.Entry THORE = new TestLdapDirectory.Entry("cn=Thore,ou=people,o=TEST").cn("Thore").uid("tho").userpassword("tho-secret").objectClass("inetOrgPerson").attr("departmentnumber", "a", "b").attr("jpegPhoto", PICTURE_OF_THORE).attr("businessCategory", "bc_1");
    static TestLdapDirectory.Entry PAUL = new TestLdapDirectory.Entry("cn=Paul,ou=people,o=TEST").cn("Paul").uid("paule").userpassword("p-secret").objectClass("inetOrgPerson");
    static TestLdapDirectory.Entry TILDA_ADDITIONAL_USER_INFORMATION_ENTRY = new TestLdapDirectory.Entry("cn=Tilda,ou=people,o=TEST").cn("Tilda").uid("tilda_additional_user_information").userpassword("p-undefined").objectClass("inetOrgPerson");
    static TestLdapDirectory.Entry KRIS_SPECIAL_CHARACTER = new TestLdapDirectory.Entry("cn=Kris/X (Special)\\, escaped comma,ou=people,o=TEST").cn("Kris/X (Special), escaped comma").uid("kris_special_character").userpassword("p-secret").displayName("Kris/X (Special), really").objectClass("inetOrgPerson");
    static TestLdapDirectory.Entry ALL_ACCESS_GROUP = new TestLdapDirectory.Entry("cn=all_access,ou=groups,o=TEST").cn("all_access").objectClass("groupOfUniqueNames").uniqueMember(KARLOTTA);
    static TestLdapDirectory.Entry STD_ACCESS_GROUP = new TestLdapDirectory.Entry("cn=std_access,ou=groups,o=TEST").cn("std_access").objectClass("groupOfUniqueNames").attr("description", "My Description").attr("businessCategory", "x").uniqueMember(THORE);
    static TestLdapDirectory.Entry SPECIAL_CHARACTER_GROUP = new TestLdapDirectory.Entry("cn=Special/X (Really)\\, escaped comma,ou=groups,o=TEST").cn("Special/X (Really), escaped comma").objectClass("groupOfUniqueNames").attr("description", "My Description").uniqueMember(KRIS_SPECIAL_CHARACTER);
    static TestLdapDirectory.Entry BUSINESS_CATEGORY_1_GROUP = new TestLdapDirectory.Entry("cn=bc_1,ou=groups,o=TEST").cn("bc_1").objectClass("groupOfUniqueNames").attr("businessCategory", "bc_1");
    static TestLdapDirectory.Entry RECURSIVE_GROUP_1 = new TestLdapDirectory.Entry("cn=recursive1,ou=groups,o=TEST").cn("recursive1").objectClass("groupOfUniqueNames").attr("businessCategory", "c").uniqueMember(PAUL, TILDA_ADDITIONAL_USER_INFORMATION_ENTRY);
    static TestLdapDirectory.Entry RECURSIVE_GROUP_2 = new TestLdapDirectory.Entry("cn=recursive2,ou=groups,o=TEST").cn("recursive2").objectClass("groupOfUniqueNames").attr("businessCategory", "d").uniqueMember(RECURSIVE_GROUP_1);
    static TestLdapDirectory.Entry RECURSIVE_GROUP_3 = new TestLdapDirectory.Entry("cn=recursive3,ou=groups,o=TEST").cn("recursive3").objectClass("groupOfUniqueNames").attr("businessCategory", "e").uniqueMember(RECURSIVE_GROUP_1);
    static TestLdapServer tlsLdapServer = TestLdapServer.with(TestLdapDirectory.BASE, KARLOTTA, THORE, PAUL, TILDA_ADDITIONAL_USER_INFORMATION_ENTRY, KRIS_SPECIAL_CHARACTER, ALL_ACCESS_GROUP, STD_ACCESS_GROUP, SPECIAL_CHARACTER_GROUP, RECURSIVE_GROUP_1, RECURSIVE_GROUP_2, RECURSIVE_GROUP_3, BUSINESS_CATEGORY_1_GROUP).tls(ldapServerCertificate).build();
    static TestSgConfig.User TILDA_ADDITIONAL_USER_INFORMATION_USER = new TestSgConfig.User("tilda_additional_user_information").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("role").clusterPermissions(new String[]{"*"})});
    static TestSgConfig.Role INDEX_PATTERN_WITH_ATTR = new TestSgConfig.Role("sg_index_pattern_with_attr_role").clusterPermissions(new String[]{"SGS_CLUSTER_COMPOSITE_OPS_RO"}).indexPermissions(new String[]{"SGS_CRUD"}).on(new String[]{"/attr_test_${user.attrs.pattern|toRegexFragment}/"});
    static TestSgConfig.Role INDEX_PATTERN_WITH_ATTR_FOR_RECURSIVE_GROUPS = new TestSgConfig.Role("sg_index_pattern_with_attr_role_for_recursive_groups").clusterPermissions(new String[]{"SGS_CLUSTER_COMPOSITE_OPS_RO"}).indexPermissions(new String[]{"SGS_CRUD"}).on(new String[]{"/attr_test_${user.attrs.pattern_rec|toRegexFragment}/"});
    static TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/ldap").description("using raw filter queries").backend(DocNode.of("idp.hosts", "#{var:ldapHost}", "idp.tls.trusted_cas", certificatesContext.getCaCertificate().getCertificateString(), "idp.tls.verify_hostnames", false, "user_search.filter.raw", "(uid=${user.name})", "group_search.base_dn", TestLdapDirectory.GROUPS.getDn(), new Object[]{"group_search.filter.raw", "(uniqueMember=${dn})", "group_search.role_name_attribute", "dn", "group_search.recursive.enabled", true})).skipIps(new String[]{"127.0.0.16/30"}).userMapping(new TestSgConfig.Authc.Domain.UserMapping().attrsFrom("pattern", "ldap_user_entry.departmentnumber").attrsFrom("pattern_rec", "ldap_group_entries[*].businessCategory[*]")), new TestSgConfig.Authc.Domain("basic/ldap").description("using by_attribute filter queries and getting user name from ldap_user_entry.displayName").backend(DocNode.of("idp.hosts", "#{var:ldapHost}", "idp.tls.trusted_cas", certificatesContext.getCaCertificate().getCertificateString(), "idp.tls.verify_hostnames", false, "user_search.filter.by_attribute", "uid", "group_search.base_dn", TestLdapDirectory.GROUPS.getDn(), new Object[]{"group_search.filter.by_attribute", "uniqueMember", "group_search.role_name_attribute", "dn", "group_search.recursive.enabled", true})).acceptIps(new String[]{"127.0.0.17"}).userMapping(new TestSgConfig.Authc.Domain.UserMapping().userNameFromBackend("ldap_user_entry.displayName").attrsFrom("pattern", "ldap_user_entry.departmentnumber").attrsFrom("pattern_rec", "ldap_group_entries[*].businessCategory[*]")), new TestSgConfig.Authc.Domain("basic/ldap").description("group search based on attribute of ldap_user_entry").backend(DocNode.of("idp.hosts", "#{var:ldapHost}", "idp.tls.trusted_cas", certificatesContext.getCaCertificate().getCertificateString(), "idp.tls.verify_hostnames", false, "user_search.filter.by_attribute", "uid", "group_search.base_dn", TestLdapDirectory.GROUPS.getDn(), new Object[]{"group_search.filter.raw", "(businessCategory=${ldap_user_entry.businessCategory})", "group_search.role_name_attribute", "dn", "group_search.recursive.enabled", true})).acceptIps(new String[]{"127.0.0.18"}).userMapping(new TestSgConfig.Authc.Domain.UserMapping().attrsFrom("pattern", "ldap_user_entry.departmentnumber").attrsFrom("pattern_rec", "ldap_group_entries[*].businessCategory[*]")), new TestSgConfig.Authc.Domain("basic/ldap").description("using retrieve_attributes setting").backend(DocNode.of("idp.hosts", "#{var:ldapHost}", "idp.tls.trusted_cas", certificatesContext.getCaCertificate().getCertificateString(), "idp.tls.verify_hostnames", false, "user_search.filter.by_attribute", "uid", "user_search.retrieve_attributes", "uid", new Object[]{"group_search.base_dn", TestLdapDirectory.GROUPS.getDn(), "group_search.filter.by_attribute", "uniqueMember", "group_search.role_name_attribute", "dn", "group_search.retrieve_attributes", "businessCategory", "group_search.recursive.enabled", true})).acceptIps(new String[]{"127.0.0.19"}).userMapping(new TestSgConfig.Authc.Domain.UserMapping().userNameFromBackend("ldap_user_entry.uid")), new TestSgConfig.Authc.Domain("basic/internal_users_db").additionalUserInformation(new TestSgConfig.Authc.Domain.AdditionalUserInformation[]{new TestSgConfig.Authc.Domain.AdditionalUserInformation("ldap", DocNode.of("idp.hosts", "#{var:ldapHost}", "idp.tls.trusted_cas", certificatesContext.getCaCertificate().getCertificateString(), "idp.tls.verify_hostnames", false, "user_search.filter.raw", "(uid=${user.name})", "group_search.base_dn", TestLdapDirectory.GROUPS.getDn(), new Object[]{"group_search.filter.raw", "(uniqueMember=${dn})", "group_search.role_name_attribute", "dn", "group_search.recursive.enabled", true}))}).userMapping(new TestSgConfig.Authc.Domain.UserMapping().attrsFrom("pattern", "ldap_user_entry.departmentnumber").attrsFrom("pattern_rec", "ldap_group_entries[*].businessCategory[*]"))}).debug().userCacheEnabled(false);
    public static LocalCluster.Embedded cluster = new LocalCluster.Builder().singleNode().sslEnabled().enterpriseModulesEnabled().resources("ldap").roles(new TestSgConfig.Role[]{TestSgConfig.Role.ALL_ACCESS, INDEX_PATTERN_WITH_ATTR, INDEX_PATTERN_WITH_ATTR_FOR_RECURSIVE_GROUPS}).roleToRoleMapping(TestSgConfig.Role.ALL_ACCESS, new String[]{ALL_ACCESS_GROUP.getDn()}).roleToRoleMapping(INDEX_PATTERN_WITH_ATTR, new String[]{STD_ACCESS_GROUP.getDn()}).roleToRoleMapping(INDEX_PATTERN_WITH_ATTR_FOR_RECURSIVE_GROUPS, new String[]{RECURSIVE_GROUP_3.getDn()}).authc(AUTHC).users(new TestSgConfig.User[]{TILDA_ADDITIONAL_USER_INFORMATION_USER}).var("ldapHost", () -> {
        return tlsLdapServer.hostAndPort();
    }).embedded().build();

    @ClassRule
    public static TestRule serverChain = RuleChain.outerRule(tlsLdapServer).around(cluster);

    @BeforeClass
    public static void initTestData() {
        Client internalNodeClient = cluster.getInternalNodeClient();
        internalNodeClient.index(new IndexRequest("attr_test_a").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"a\", \"amount\": 1010}", XContentType.JSON)).actionGet();
        internalNodeClient.index(new IndexRequest("attr_test_b").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"b\", \"amount\": 2020}", XContentType.JSON)).actionGet();
        internalNodeClient.index(new IndexRequest("attr_test_c").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"c\", \"amount\": 3030}", XContentType.JSON)).actionGet();
        internalNodeClient.index(new IndexRequest("attr_test_d").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"d\", \"amount\": 4040}", XContentType.JSON)).actionGet();
        internalNodeClient.index(new IndexRequest("attr_test_e").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"e\", \"amount\": 5050}", XContentType.JSON)).actionGet();
    }

    @Test
    public void name_fromLdapEntry() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(KARLOTTA, new Header[0]);
        try {
            restClient.setLocalAddress(InetAddress.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 17}));
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), "Karlotta Karl", httpResponse.getBodyAsDocNode().get("user_name"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void roles() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(KARLOTTA, new Header[0]);
        try {
            restClient.setLocalAddress(InetAddress.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 17}));
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("cn=all_access,ou=groups,o=TEST"), httpResponse.getBodyAsDocNode().get("backend_roles"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void roles_rawQuery() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(KARLOTTA, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("cn=all_access,ou=groups,o=TEST"), httpResponse.getBodyAsDocNode().get("backend_roles"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void roles_groupSearchWithLdapEntry() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(THORE, new Header[0]);
        try {
            restClient.setLocalAddress(InetAddress.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 18}));
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("cn=bc_1,ou=groups,o=TEST"), httpResponse.getBodyAsDocNode().get("backend_roles"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void attributeIntegrationTest() throws Exception {
        RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient(KARLOTTA);
        try {
            Assert.assertEquals(5L, restHighLevelClient.search("attr_test_*", 0, 100).hits().total().value());
            if (restHighLevelClient != null) {
                restHighLevelClient.close();
            }
            restHighLevelClient = cluster.getRestHighLevelClient(THORE);
            try {
                Assert.assertEquals(2L, restHighLevelClient.search("attr_test_*", 0, 100).hits().total().value());
                if (restHighLevelClient != null) {
                    restHighLevelClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void attributeIntegrationTest_recursiveGroups() throws Exception {
        RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient(PAUL);
        try {
            Assert.assertEquals(3L, restHighLevelClient.search("attr_test_*", 0, 100).hits().total().value());
            if (restHighLevelClient != null) {
                restHighLevelClient.close();
            }
        } catch (Throwable th) {
            if (restHighLevelClient != null) {
                try {
                    restHighLevelClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void additionalUserInformation() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(TILDA_ADDITIONAL_USER_INFORMATION_USER, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), TILDA_ADDITIONAL_USER_INFORMATION_USER.getName(), httpResponse.getBodyAsDocNode().get("user_name"));
            Assert.assertEquals(httpResponse.getBody(), ImmutableSet.of(RECURSIVE_GROUP_1.getDn(), new String[]{RECURSIVE_GROUP_2.getDn(), RECURSIVE_GROUP_3.getDn()}), ImmutableSet.of((Collection) httpResponse.getBodyAsDocNode().get("backend_roles")));
            Assert.assertTrue(httpResponse.getBody(), ((Collection) httpResponse.getBodyAsDocNode().get("sg_roles")).contains("user_tilda_additional_user_information__role"));
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("pattern_rec"), httpResponse.getBodyAsDocNode().get("attribute_names"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuthDomainInfo() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(KARLOTTA, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            Assert.assertTrue(httpResponse.getBody(), httpResponse.getBodyAsDocNode().getAsString("user").startsWith("User karlotta <basic/ldap>"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void wrongPassword() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(KARLOTTA.getName(), "wrong-password", new Header[0]);
        try {
            Assert.assertEquals(restClient.get("/_searchguard/authinfo", new Header[0]).getBody(), 401L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void userNotFound() throws Exception {
        GenericRestClient restClient = cluster.getRestClient("unknown-user", "password", new Header[0]);
        try {
            Assert.assertEquals(restClient.get("/_searchguard/authinfo", new Header[0]).getBody(), 401L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void retrieveAttributes() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(THORE, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/auth/debug", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList(PICTURE_OF_THORE), httpResponse.getBodyAsDocNode().findByJsonPath("$.debug[?(@.method=='basic/ldap' && @.message=='Backends successful')].details.user_mapping_attributes.ldap_user_entry.jpegPhoto[0]"));
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("My Description"), httpResponse.getBodyAsDocNode().findByJsonPath("$.debug[?(@.method=='basic/ldap' && @.message=='Backends successful')].details.user_mapping_attributes.ldap_group_entries[*].description[0]"));
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("x"), httpResponse.getBodyAsDocNode().findByJsonPath("$.debug[?(@.method=='basic/ldap' && @.message=='Backends successful')].details.user_mapping_attributes.ldap_group_entries[*].businessCategory[0]"));
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(THORE, new Header[0]);
            try {
                restClient.setLocalAddress(InetAddress.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 19}));
                GenericRestClient.HttpResponse httpResponse2 = restClient.get("/_searchguard/auth/debug", new Header[0]);
                Assert.assertEquals(httpResponse2.getBody(), 200L, httpResponse2.getStatusCode());
                Assert.assertEquals(httpResponse2.getBody(), Collections.emptyList(), httpResponse2.getBodyAsDocNode().findByJsonPath("$.debug[?(@.method=='basic/ldap' && @.message=='Backends successful')].details.user_mapping_attributes.ldap_user_entry.jpegPhoto[0]"));
                Assert.assertEquals(httpResponse2.getBody(), Collections.emptyList(), httpResponse2.getBodyAsDocNode().findByJsonPath("$.debug[?(@.method=='basic/ldap' && @.message=='Backends successful')].details.user_mapping_attributes.ldap_group_entries[*].description[0]"));
                Assert.assertEquals(httpResponse2.getBody(), Arrays.asList("x"), httpResponse2.getBodyAsDocNode().findByJsonPath("$.debug[?(@.method=='basic/ldap' && @.message=='Backends successful')].details.user_mapping_attributes.ldap_group_entries[*].businessCategory[0]"));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void specialCharacters() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(KRIS_SPECIAL_CHARACTER, new Header[0]);
        try {
            restClient.setLocalAddress(InetAddress.getByAddress(new byte[]{Byte.MAX_VALUE, 0, 0, 17}));
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_searchguard/authinfo", new Header[0]);
            MatcherAssert.assertThat(httpResponse, RestMatchers.isOk());
            Assert.assertEquals(httpResponse.getBody(), "Kris/X (Special), really", httpResponse.getBodyAsDocNode().get("user_name"));
            Assert.assertEquals(httpResponse.getBody(), Arrays.asList("cn=Special/X (Really)\\, escaped comma,ou=groups,o=TEST"), httpResponse.getBodyAsDocNode().get("backend_roles"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
