package com.floragunn.searchguard.configuration.api;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.google.common.collect.ImmutableMap;
import java.util.Arrays;
import java.util.UUID;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/configuration/api/InternalUsersConfigApiTest.class */
public class InternalUsersConfigApiTest {
    private static final TestSgConfig.User ADMIN_USER = new TestSgConfig.User("admin").roles(new TestSgConfig.Role("allaccess").indexPermissions("*").on("*").clusterPermissions("*"));

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().user(ADMIN_USER).build();

    @Test
    public void addUser_shouldAddUserIfPasswordIsPresent() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("password", "pass").toJsonString(), new Header[0]);
            Assert.assertEquals(201L, putJson.getStatusCode());
            Assert.assertEquals(putJson.getBody(), "Internal User " + randomUserName + " has been created", putJson.getBodyAsDocNode().get("message"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    @Ignore
    public void addUser_shouldFailWhenPasswordIsMissing() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            Assert.assertEquals(400L, adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName(), DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "backend_roles", Arrays.asList("backendRole1", "backendRole2"), "attributes", ImmutableMap.of("a", "aAttributeValue")).toJsonString(), new Header[0]).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void addUser_shouldFailWhenPasswordIsBlank() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            Assert.assertEquals(400L, adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName(), DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "backend_roles", Arrays.asList("backendRole1", "backendRole2"), "attributes", ImmutableMap.of("a", "aAttributeValue"), "password", "").toJsonString(), new Header[0]).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void addUser_shouldSaveCorrectData() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            DocNode of = DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "backend_roles", Arrays.asList("backendRole1", "backendRole2"), "attributes", ImmutableMap.of("a", "aAttributeValue"), "password", "pass");
            adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, of.toJsonString(), new Header[0]);
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), of.without(new String[]{"password"}), httpResponse.getBodyAsDocNode().getAsNode("data"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void addUser_shouldSaveWithEmptyBackendRolesIfMissingInARequest() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "attributes", ImmutableMap.of("a", "b"), "password", "pass").toJsonString(), new Header[0]);
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertEquals(ImmutableMap.of("attributes", ImmutableMap.of("a", "b"), "search_guard_roles", Arrays.asList("sgRole1", "sgRole2")), httpResponse.getBodyAsDocNode().getAsNode("data").toMap());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void addUser_shouldSaveWithEmptyAttributesIfMissingInARequest() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "backend_roles", Arrays.asList("backendRole1", "backendRole2"), "password", "pass").toJsonString(), new Header[0]);
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertEquals(ImmutableMap.of("backend_roles", Arrays.asList("backendRole1", "backendRole2"), "search_guard_roles", Arrays.asList("sgRole1", "sgRole2")), httpResponse.getBodyAsDocNode().getAsNode("data").toMap());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void getUser_shouldFailWhenUserNotFound() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            Assert.assertEquals(404L, adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName(), new Header[0]).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void getUser_shouldReturnUserData() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            DocNode of = DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "backend_roles", Arrays.asList("backendRole1", "backendRole2"), "attributes", ImmutableMap.of("a", "aAttributeValue"), "password", "pass");
            adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, of.toJsonString(), new Header[0]);
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBody(), of.without(new String[]{"password"}), httpResponse.getBodyAsDocNode().getAsNode("data"));
            Assert.assertTrue(httpResponse.getHeaders().toString(), httpResponse.getHeaders().stream().anyMatch(header -> {
                return header.getName().equalsIgnoreCase("ETag");
            }));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void addUser_concurrencyControl() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("password", "pass").toJsonString(), new Header[0]).getBody(), 201L, r0.getStatusCode());
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            String headerValue = httpResponse.getHeaderValue("ETag");
            Assert.assertNotNull(httpResponse.getHeaders().toString(), headerValue);
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("password", "xyz").toJsonString(), new BasicHeader("If-Match", headerValue)).getBody(), 200L, r0.getStatusCode());
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("password", "abc").toJsonString(), new BasicHeader("If-Match", headerValue));
            Assert.assertEquals(putJson.getBody(), 412L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("Unable to update configuration due to concurrent modification"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void patchUser_concurrencyControl() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/internal_users/" + randomUserName, DocNode.of("password", "pass", "description", "foo").toJsonString(), new Header[0]).getBody(), 201L, r0.getStatusCode());
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            String headerValue = httpResponse.getHeaderValue("ETag");
            Assert.assertNotNull(httpResponse.getHeaders().toString(), headerValue);
            Assert.assertEquals(adminCertRestClient.patchJsonMerge("/_searchguard/internal_users/" + randomUserName, (Document<?>) DocNode.of("backend_roles", Arrays.asList("a", "b", "c")), new BasicHeader("If-Match", headerValue)).getBody(), 200L, r0.getStatusCode());
            GenericRestClient.HttpResponse patchJsonMerge = adminCertRestClient.patchJsonMerge("/_searchguard/internal_users/" + randomUserName, DocNode.of("password", "abc").toJsonString(), new BasicHeader("If-Match", headerValue));
            Assert.assertEquals(patchJsonMerge.getBody(), 412L, patchJsonMerge.getStatusCode());
            Assert.assertTrue(patchJsonMerge.getBody(), patchJsonMerge.getBody().contains("Unable to update configuration due to concurrent modification"));
            GenericRestClient.HttpResponse httpResponse2 = adminCertRestClient.get("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(httpResponse2.getBody(), DocNode.of("description", "foo", "backend_roles", Arrays.asList("a", "b", "c")).toMap(), httpResponse2.getBodyAsDocNode().get("data"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void deleteUser_shouldInformThatUserNotFound() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String randomUserName = randomUserName();
            GenericRestClient.HttpResponse delete = adminCertRestClient.delete("/_searchguard/internal_users/" + randomUserName, new Header[0]);
            Assert.assertEquals(404L, delete.getStatusCode());
            Assert.assertEquals(delete.getBody(), "Internal User " + randomUserName + " does not exist", delete.getBodyAsDocNode().get("error", new String[]{"message"}));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void deleteUser_shouldDeleteUser() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            userExists(adminCertRestClient, randomUserName());
            Assert.assertEquals(200L, adminCertRestClient.delete("/_searchguard/internal_users/" + r0, new Header[0]).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void userExists(GenericRestClient genericRestClient, String str) throws Exception {
        Assert.assertEquals(201L, genericRestClient.putJson("/_searchguard/internal_users/" + str, validUserData().toJsonString(), new Header[0]).getStatusCode());
    }

    private DocNode validUserData() {
        return DocNode.of("search_guard_roles", Arrays.asList("sgRole1", "sgRole2"), "backend_roles", Arrays.asList("backendRole1", "backendRole2"), "attributes", ImmutableMap.of("a", "aAttributeValue"), "password", "pass");
    }

    private String randomUserName() {
        return "userName_" + UUID.randomUUID();
    }
}
