package com.floragunn.searchguard.legacy;

import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.searchguard.authc.rest.AuthenticatingRestFilter;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.net.InetSocketAddress;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.http.HttpChannel;
import org.elasticsearch.http.HttpRequest;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:com/floragunn/searchguard/legacy/Double401ResponsesIntTest.class */
public class Double401ResponsesIntTest {
    private static final Logger log = LogManager.getLogger(Double401ResponsesIntTest.class);
    private static TestSgConfig.User USER = new TestSgConfig.User("user").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("role").indexPermissions(new String[]{"*"}).on(new String[]{"*"})});

    @ClassRule
    public static LocalCluster.Embedded cluster = new LocalCluster.Builder().singleNode().sslEnabled().resources("doubleUnauthorized").users(new TestSgConfig.User[]{USER}).embedded().build();

    @Mock
    private RestRequest restRequest;

    @Mock
    private RestChannel restChannel;

    @Mock
    private HttpChannel httpChannel;

    @Captor
    private ArgumentCaptor<RestResponse> responseCaptor;

    @Mock
    private HttpServerTransport.Dispatcher genuineDispatcher;

    @Mock
    private ThreadContext threadContext;

    @Mock
    private HttpRequest httpRequest;
    private HttpServerTransport.Dispatcher searchGuarddispatcher;
    private AuthenticatingRestFilter authenticatingRestFilter;

    @Before
    public void before() {
        this.authenticatingRestFilter = (AuthenticatingRestFilter) cluster.getInjectable(AuthenticatingRestFilter.class);
        this.searchGuarddispatcher = this.authenticatingRestFilter.wrap(this.genuineDispatcher);
    }

    @Test
    @Ignore("This test is for manual execution only, to reproduce bug related to double 401 responses")
    public void reproduceDouble401ResponsesBug() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(new Header[]{new BasicHeader("Authorization", "Bearer invalid_token")});
        try {
            log.debug("Actual response is '{}'", restClient.get("_searchguard/authinfo", new Header[0]).getBody());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldSend401ResponseOnce() {
        Mockito.when(this.restRequest.getHttpRequest()).thenReturn(this.httpRequest);
        Mockito.when(this.restChannel.request()).thenReturn(this.restRequest);
        Mockito.when(this.restRequest.getHttpChannel()).thenReturn(this.httpChannel);
        Mockito.when(this.restRequest.path()).thenReturn("/_searchguard/authinfo");
        Mockito.when(this.restRequest.method()).thenReturn(RestRequest.Method.GET);
        Mockito.when(this.restRequest.getHeaders()).thenReturn(ImmutableMap.of("Authorization", ImmutableList.of("Bearer invalid_token")));
        Mockito.when(Long.valueOf(this.restRequest.getRequestId())).thenReturn(-1234L);
        Mockito.when(this.restRequest.getSpanId()).thenReturn("test span id");
        Mockito.when(this.httpChannel.getRemoteAddress()).thenReturn(new InetSocketAddress("localhost", 0));
        this.searchGuarddispatcher.dispatchRequest(this.restRequest, this.restChannel, this.threadContext);
        ((RestChannel) Mockito.verify(this.restChannel, Mockito.times(1))).sendResponse((RestResponse) this.responseCaptor.capture());
        RestResponse restResponse = (RestResponse) this.responseCaptor.getValue();
        MatcherAssert.assertThat(restResponse.status(), Matchers.is(RestStatus.UNAUTHORIZED));
        MatcherAssert.assertThat(restResponse.getHeaders(), Matchers.hasEntry(Matchers.equalTo("WWW-Authenticate"), Matchers.contains(new String[]{"Basic realm=\"Search Guard\""})));
        Mockito.verifyNoInteractions(new Object[]{this.genuineDispatcher, this.threadContext});
    }
}
