package com.floragunn.searchguard.configuration.api;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.DocReader;
import com.floragunn.codova.documents.DocWriter;
import com.floragunn.codova.documents.Document;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.google.common.collect.ImmutableMap;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.http.Header;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/configuration/api/BulkConfigApiTest.class */
public class BulkConfigApiTest {
    private static final TestSgConfig.User ADMIN_USER = new TestSgConfig.User("admin").roles(new TestSgConfig.Role("allaccess").indexPermissions("*").on("*").clusterPermissions("*"));

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().user(ADMIN_USER).build();

    @Test
    public void getTest() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config", new Header[0]);
            DocNode wrap = DocNode.wrap(DocReader.json().read(httpResponse.getBody()));
            Assert.assertEquals(httpResponse.getBody(), "config", wrap.getAsNode("config").getAsNode("content").getAsNode("_sg_meta").get("type"));
            Assert.assertEquals(httpResponse.getBody(), "internalusers", wrap.getAsNode("internalusers").getAsNode("content").getAsNode("_sg_meta").get("type"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTest() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            DocNode wrap = DocNode.wrap(DocReader.json().read(adminCertRestClient.get("/_searchguard/config", new Header[0]).getBody()));
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) wrap.getAsNode("tenants").getAsNode("content"));
            linkedHashMap.put("my_new_test_tenant", ImmutableMap.of("description", "Test Tenant"));
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config", DocNode.of("tenants.content", linkedHashMap).toJsonString(), new Header[0]);
            Assert.assertEquals(putJson.getBody(), 200L, putJson.getStatusCode());
            Assert.assertNotNull(putJson.getBody(), putJson.getBodyAsDocNode().get("data", new String[]{"tenants", "etag"}));
            Thread.sleep(300L);
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config", new Header[0]);
            DocNode wrap2 = DocNode.wrap(DocReader.json().read(httpResponse.getBody()));
            Assert.assertTrue(httpResponse.getBody(), wrap2.getAsNode("tenants").getAsNode("content").get("my_new_test_tenant") != null);
            Assert.assertEquals(httpResponse.getBody(), wrap.get("config"), wrap2.get("config"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void configVarTest() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config/vars/bulk_test", (Document<?>) DocNode.of("value", "bar")).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config/vars/bulk_test_encrypted", (Document<?>) DocNode.of("value", "foo", "encrypt", true)).getBody(), 201L, r0.getStatusCode());
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("/_searchguard/config", new Header[0]);
            DocNode wrap = DocNode.wrap(DocReader.json().read(httpResponse.getBody()));
            Assert.assertEquals(httpResponse.getBody(), "config", wrap.getAsNode("config").getAsNode("content").getAsNode("_sg_meta").get("type"));
            Assert.assertEquals(httpResponse.getBody(), "internalusers", wrap.getAsNode("internalusers").getAsNode("content").getAsNode("_sg_meta").get("type"));
            Assert.assertEquals(httpResponse.getBody(), "bar", wrap.get("config_vars", new String[]{"content", "bulk_test", "value"}));
            Assert.assertNotNull(httpResponse.getBody(), wrap.get("config_vars", new String[]{"content", "bulk_test_encrypted", "encrypted"}));
            Assert.assertNull(httpResponse.getBody(), wrap.get("config_vars", new String[]{"content", "bulk_test_encrypted", "value"}));
            Assert.assertEquals(adminCertRestClient.delete("/_searchguard/config/vars/bulk_test_encrypted", new Header[0]).getBody(), 200L, r0.getStatusCode());
            Thread.sleep(20L);
            Assert.assertEquals(adminCertRestClient.get("/_searchguard/config/vars/bulk_test_encrypted", new Header[0]).getBody(), 404L, r0.getStatusCode());
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config", (Document<?>) DocNode.of("config_vars.content", wrap.get("config_vars", new String[]{"content"}))).getBody(), 200L, r0.getStatusCode());
            Thread.sleep(20L);
            Assert.assertEquals(adminCertRestClient.get("/_searchguard/config/vars/bulk_test_encrypted", new Header[0]).getBody(), 200L, r0.getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTestValidationError1() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) DocNode.wrap(DocReader.json().read(adminCertRestClient.get("/_searchguard/config", new Header[0]).getBody())).getAsNode("tenants").getAsNode("content"));
            linkedHashMap.put("my_new_test_tenant", ImmutableMap.of("xxx", "Test Tenant"));
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config", DocNode.of("tenants.content", linkedHashMap).toJsonString(), new Header[0]);
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertEquals(putJson.getBody(), "'tenants.my_new_test_tenant.xxx': Unsupported attribute", putJson.getBodyAsDocNode().getAsNode("error").get("message"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTestValidationError2() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) DocNode.wrap(DocReader.json().read(adminCertRestClient.get("/_searchguard/config", new Header[0]).getBody())).getAsNode("tenants").getAsNode("content"));
            linkedHashMap.put("my_new_test_tenant", ImmutableMap.of("xxx", "Test Tenant"));
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config", DocNode.of("tenants.content", linkedHashMap, "foo.content", ImmutableMap.of("yyy", "Bla")).toJsonString(), new Header[0]);
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertEquals(putJson.getBody(), "'foo': Invalid config type: foo", putJson.getBodyAsDocNode().getAsNode("error").get("message"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTestValidationError3_staticEntriesShouldBeRejected() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) DocNode.wrap(DocReader.json().read(adminCertRestClient.get("/_searchguard/config", new Header[0]).getBody())).getAsNode("tenants").getAsNode("content"));
            linkedHashMap.put("my_new_test_tenant", ImmutableMap.of("description", "Test Tenant", "static", true));
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config", DocNode.of("tenants.content", linkedHashMap).toJsonString(), new Header[0]);
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            DocNode bodyAsDocNode = putJson.getBodyAsDocNode();
            Assert.assertEquals(putJson.getBody(), "'tenants.content.my_new_test_tenant': Invalid value", bodyAsDocNode.getAsNode("error").get("message"));
            Assert.assertEquals(putJson.getBody(), "Non-static entry", ((DocNode) bodyAsDocNode.getAsNode("error").getAsNode("details").getAsListOfNodes("tenants.content.my_new_test_tenant").get(0)).get("expected"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTestValidationError4_frontendAuthcLoginPageWithRelativePathShouldBeRejected() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) DocNode.wrap(DocReader.json().read(adminCertRestClient.get("/_searchguard/config", new Header[0]).getBody())).getAsNode("frontend_authc").getAsNode("content"));
            linkedHashMap.put("default", ImmutableMap.of("login_page", ImmutableMap.of("brand_image", "/relative/img.png")));
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config", DocNode.of("frontend_authc.content", linkedHashMap).toJsonString(), new Header[0]);
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertEquals(putJson.getBody(), "'frontend_authc.default.login_page.brand_image': Must be an absolute URI", putJson.getBodyAsDocNode().getAsNode("error").get("message"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTestValidationError5_rolesWhichAssignsPermsToNoExistentTenantsShouldBeRejected() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            DocNode bodyAsDocNode = adminCertRestClient.get("/_searchguard/config", new Header[0]).getBodyAsDocNode();
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) bodyAsDocNode.getAsNode("roles").getAsNode("content"));
            linkedHashMap.put("my-role", ImmutableMap.of("tenant_permissions", ImmutableMap.of("tenant_patterns", Collections.singletonList("missing1" + "*"), "allowed_actions", Collections.singletonList("*"))));
            DocNode of = DocNode.of("roles.content", linkedHashMap);
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/config", (Document<?>) of);
            Assert.assertEquals(putJson.getBody(), 400L, putJson.getStatusCode());
            Assert.assertEquals(putJson.getBody(), "Tenant pattern: '" + "missing1" + "*' does not match any tenant", ((DocNode) putJson.getBodyAsDocNode().getAsNode("error").getAsNode("details").getAsListOfNodes("roles.my-role").get(0)).get("error"));
            new LinkedHashMap((Map) bodyAsDocNode.getAsNode("tenants").getAsNode("content")).put("missing1", ImmutableMap.of("description", "tenant"));
            Assert.assertEquals(200L, adminCertRestClient.putJson("/_searchguard/config", (Document<?>) DocNode.of("tenants.content", r0)).getStatusCode());
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config", (Document<?>) of).getBody(), 200L, r0.getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putRoleWhichAssignsPermsToGlobalTenant() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap((Map) adminCertRestClient.get("/_searchguard/config", new Header[0]).getBodyAsDocNode().getAsNode("roles").getAsNode("content"));
            linkedHashMap.put("my-role", ImmutableMap.of("tenant_permissions", ImmutableMap.of("tenant_patterns", Collections.singletonList("SGS_GLOBAL_TENANT" + "*"), "allowed_actions", Collections.singletonList("*"))));
            Assert.assertEquals(adminCertRestClient.putJson("/_searchguard/config", (Document<?>) DocNode.of("roles.content", linkedHashMap)).getBody(), 200L, r0.getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putTestWithoutAdminCert() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(ADMIN_USER, new Header[0]);
        try {
            Assert.assertEquals(restClient.putJson("/_searchguard/config", DocWriter.json().writeAsString(DocNode.of("a", "b")), new Header[0]).getBody(), 403L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void getTestWithoutAdminCert() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(ADMIN_USER, new Header[0]);
        try {
            Assert.assertEquals(restClient.get("/_searchguard/config", new Header[0]).getBody(), 403L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void getTestWithoutAdminCertWithAllowedAction() throws Exception {
        LocalCluster start = new LocalCluster.Builder().sslEnabled().user(ADMIN_USER).nodeSettings("searchguard.admin_only_actions", Collections.emptyList()).start();
        try {
            GenericRestClient restClient = start.getRestClient(ADMIN_USER, new Header[0]);
            try {
                Assert.assertEquals(restClient.get("/_searchguard/config", new Header[0]).getBody(), 200L, r0.getStatusCode());
                if (restClient != null) {
                    restClient.close();
                }
                if (start != null) {
                    start.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (start != null) {
                try {
                    start.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
