package com.floragunn.searchguard.configuration.api;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.codova.documents.patch.JsonPathPatch;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Predicate;
import org.apache.http.Header;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/configuration/api/ApiIntegrationTest.class */
public class ApiIntegrationTest {
    private static final TestSgConfig.User ADMIN_USER = new TestSgConfig.User("admin").roles(new TestSgConfig.Role("allaccess").indexPermissions("*").on("*").clusterPermissions("*"));

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().sgConfig(new TestSgConfig().frontendAuthc("default", new TestSgConfig.FrontendAuthc().authDomain(new TestSgConfig.FrontendAuthDomain("basic")).loginPage(new TestSgConfig.FrontendLoginPage().brandImage("/relative-default/img.png")))).user(ADMIN_USER).build();

    @Test
    public void patchAuthc() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            adminCertRestClient.patch("/_searchguard/config/authc", new JsonPathPatch(new JsonPathPatch.Operation[]{new JsonPathPatch.Operation(JsonPath.compile("debug", new Predicate[0]), true)}), new Header[0]);
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void deleteAuthc() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            cluster.callAndRestoreConfig(CType.AUTHC, () -> {
                GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config/authc", new Header[0]);
                MatcherAssert.assertThat(httpResponse.getBody(), Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
                MatcherAssert.assertThat(httpResponse.getBody(), httpResponse.getBodyAsDocNode(), Matchers.not(Matchers.anEmptyMap()));
                GenericRestClient.HttpResponse delete = adminCertRestClient.delete("/_searchguard/config/authc", new Header[0]);
                MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
                GenericRestClient.HttpResponse httpResponse2 = adminCertRestClient.get("/_searchguard/config/authc", new Header[0]);
                MatcherAssert.assertThat(httpResponse2.getBody(), Integer.valueOf(httpResponse2.getStatusCode()), Matchers.equalTo(404));
                MatcherAssert.assertThat(httpResponse2.getBody(), httpResponse2.getBodyAsDocNode(), Matchers.anEmptyMap());
                return null;
            });
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putLicenseKeyBadEncoding() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/license/key", (Document<?>) DocNode.of("key", "ggfgf"));
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("Invalid base64 encoding"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putLicenseKeyBadContent() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/license/key", (Document<?>) DocNode.of("key", "aGVsbG8K"));
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("Cannot find license signature"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putFrontendAuthc_multipleDomainsWithAutoSelect() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config/authc_frontend", (Document<?>) DocNode.of("default", DocNode.of("auth_domains", ImmutableList.of(DocNode.of("type", "basic", "label", "basic-1", "enabled", false, "auto_select", true), DocNode.of("type", "basic", "label", "basic-2", "enabled", false, "auto_select", true)))));
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("'default.auth_domains': Only one frontend authentication domain can have 'auto_select' enabled"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putFrontendAuthc_oneDomainWithAutoSelect() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            DocNode of = DocNode.of("default", DocNode.of("auth_domains", ImmutableList.of(DocNode.of("type", "basic", "label", "basic-1", "enabled", false, "auto_select", true), DocNode.of("type", "oidc", "label", "basic-2", "enabled", false, "auto_select", false))));
            Assert.assertEquals(((GenericRestClient.HttpResponse) cluster.callAndRestoreConfig(CType.FRONTEND_AUTHC, () -> {
                return adminCertRestClient.putJson("/_searchguard/config/authc_frontend", (Document<?>) of);
            })).getBody(), 200L, r0.getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void getFrontendAuthc_shouldReturnBrandImageWithRelativePath() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config/authc_frontend", new Header[0]);
            Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
            Assert.assertEquals(httpResponse.getBodyAsDocNode().findSingleValueByJsonPath("$.content.default.login_page.brand_image", String.class), "/relative-default/img.png");
            GenericRestClient.HttpResponse httpResponse2 = adminCertRestClient.get("/_searchguard/config/authc_frontend/default", new Header[0]);
            Assert.assertEquals(httpResponse2.getBody(), 200L, httpResponse2.getStatusCode());
            Assert.assertEquals(httpResponse2.getBodyAsDocNode().findSingleValueByJsonPath("$.data.login_page.brand_image", String.class), "/relative-default/img.png");
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putFrontendAuthc_shouldValidateLoginPageBrandImagePath() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config/authc_frontend", (Document<?>) DocNode.of("default", DocNode.of("login_page", DocNode.of("brand_image", "/relative/test.png"))));
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("'default.login_page.brand_image': Must be an absolute URI"));
            DocNode of = DocNode.of("default", DocNode.of("login_page", DocNode.of("brand_image", "http://localhost:123/absolute/test.png")));
            cluster.callAndRestoreConfig(CType.FRONTEND_AUTHC, () -> {
                Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config/authc_frontend", (Document<?>) of).getBody(), 200L, r0.getStatusCode());
                GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config/authc_frontend", new Header[0]);
                Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                Assert.assertEquals(httpResponse.getBodyAsDocNode().findSingleValueByJsonPath("$.content.default.login_page.brand_image", String.class), "http://localhost:123/absolute/test.png");
                return null;
            });
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
            adminCertRestClient = cluster.getAdminCertRestClient();
            try {
                GenericRestClient.HttpResponse putJson2 = adminCertRestClient.putJson("/_searchguard/config/authc_frontend/default", (Document<?>) DocNode.of("login_page", DocNode.of("brand_image", "/relative/test.png")));
                Assert.assertEquals(putJson2.getBody(), 400L, putJson2.getStatusCode());
                Assert.assertTrue(putJson2.getBody(), putJson2.getBody().contains("'login_page.brand_image': Must be an absolute URI"));
                DocNode of2 = DocNode.of("login_page", DocNode.of("brand_image", "http://localhost:123/absolute/test.png"));
                cluster.callAndRestoreConfig(CType.FRONTEND_AUTHC, () -> {
                    Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config/authc_frontend/default", (Document<?>) of2).getBody(), 200L, r0.getStatusCode());
                    GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config/authc_frontend/default", new Header[0]);
                    Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                    Assert.assertEquals(httpResponse.getBodyAsDocNode().findSingleValueByJsonPath("$.data.login_page.brand_image", String.class), "http://localhost:123/absolute/test.png");
                    return null;
                });
                if (adminCertRestClient != null) {
                    adminCertRestClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void patchFrontendAuthc_shouldValidateLoginPageBrandImagePath() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse patchJsonMerge = adminCertRestClient.patchJsonMerge("/_searchguard/config/authc_frontend", (Document<?>) DocNode.of("default", DocNode.of("login_page", DocNode.of("brand_image", "/relative/test.png"))), new Header[0]);
            Assert.assertEquals(patchJsonMerge.getBody(), 400L, patchJsonMerge.getStatusCode());
            Assert.assertTrue(patchJsonMerge.getBody(), patchJsonMerge.getBody().contains("'default.login_page.brand_image': Must be an absolute URI"));
            DocNode of = DocNode.of("default", DocNode.of("login_page", DocNode.of("brand_image", "http://localhost:123/absolute/test.png")));
            cluster.callAndRestoreConfig(CType.FRONTEND_AUTHC, () -> {
                Assert.assertEquals(adminCertRestClient.patchJsonMerge("/_searchguard/config/authc_frontend", (Document<?>) of, new Header[0]).getBody(), 200L, r0.getStatusCode());
                GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config/authc_frontend", new Header[0]);
                Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                Assert.assertEquals(httpResponse.getBodyAsDocNode().findSingleValueByJsonPath("$.content.default.login_page.brand_image", String.class), "http://localhost:123/absolute/test.png");
                return null;
            });
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
            adminCertRestClient = cluster.getAdminCertRestClient();
            try {
                GenericRestClient.HttpResponse patchJsonMerge2 = adminCertRestClient.patchJsonMerge("/_searchguard/config/authc_frontend/default", (Document<?>) DocNode.of("login_page", DocNode.of("brand_image", "/relative/test.png")), new Header[0]);
                Assert.assertEquals(patchJsonMerge2.getBody(), 400L, patchJsonMerge2.getStatusCode());
                Assert.assertTrue(patchJsonMerge2.getBody(), patchJsonMerge2.getBody().contains("'login_page.brand_image': Must be an absolute URI"));
                DocNode of2 = DocNode.of("login_page", DocNode.of("brand_image", "http://localhost:123/absolute/test.png"));
                cluster.callAndRestoreConfig(CType.FRONTEND_AUTHC, () -> {
                    Assert.assertEquals(adminCertRestClient.patchJsonMerge("/_searchguard/config/authc_frontend/default", (Document<?>) of2, new Header[0]).getBody(), 200L, r0.getStatusCode());
                    GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config/authc_frontend/default", new Header[0]);
                    Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                    Assert.assertEquals(httpResponse.getBodyAsDocNode().findSingleValueByJsonPath("$.data.login_page.brand_image", String.class), "http://localhost:123/absolute/test.png");
                    return null;
                });
                if (adminCertRestClient != null) {
                    adminCertRestClient.close();
                }
            } finally {
            }
        } finally {
        }
    }
}
