package com.floragunn.searchguard;

import co.elastic.clients.elasticsearch._types.ElasticsearchException;
import co.elastic.clients.elasticsearch._types.Time;
import co.elastic.clients.elasticsearch._types.query_dsl.MatchAllQuery;
import co.elastic.clients.elasticsearch.async_search.DeleteAsyncSearchRequest;
import co.elastic.clients.elasticsearch.async_search.GetAsyncSearchRequest;
import co.elastic.clients.elasticsearch.async_search.SubmitRequest;
import co.elastic.clients.elasticsearch.async_search.SubmitResponse;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.client.RestHighLevelClient;
import com.floragunn.searchguard.configuration.AdminDNs;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.floragunn.searchguard.test.helper.cluster.SimpleRestHandler;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.function.Predicate;
import java.util.function.Supplier;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.action.ActionType;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.HandledTransportAction;
import org.elasticsearch.action.support.master.AcknowledgedResponse;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.node.DiscoveryNodes;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.IndexScopedSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsFilter;
import org.elasticsearch.common.xcontent.ChunkedToXContentObject;
import org.elasticsearch.features.NodeFeature;
import org.elasticsearch.plugins.ActionPlugin;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestHandler;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.ToXContentObject;
import org.elasticsearch.xcontent.XContentBuilder;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests.class */
public class ResourceOwnerServiceTests {
    private static TestSgConfig.Role ROLE_OWN_INDEX = new TestSgConfig.Role("own_index").clusterPermissions("SGS_CLUSTER_COMPOSITE_OPS_RO").indexPermissions("SGS_CRUD").on("${user_name}", "${user_name}_*");
    private static TestSgConfig.User SULU = new TestSgConfig.User("sulu").roles(ROLE_OWN_INDEX);
    private static TestSgConfig.User EVIL_SULU = new TestSgConfig.User("evil_sulu").roles(ROLE_OWN_INDEX);
    private static TestSgConfig.User ADMIN = new TestSgConfig.User("admin").roles(new TestSgConfig.Role("admin_role").clusterPermissions("SGS_CLUSTER_COMPOSITE_OPS_RO", "indices:searchguard:async_search/_all_owners"));

    @ClassRule
    public static LocalCluster.Embedded cluster = new LocalCluster.Builder().singleNode().sslEnabled().users(SULU, EVIL_SULU, ADMIN).embedded().plugin(MockActionPlugin.class).build();

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockActionPlugin.class */
    public static class MockActionPlugin extends Plugin implements ActionPlugin {
        /* renamed from: getActions, reason: merged with bridge method [inline-methods] */
        public List<ActionPlugin.ActionHandler<? extends ActionRequest, ? extends ActionResponse>> m4getActions() {
            return Arrays.asList(new ActionPlugin.ActionHandler(MockSubmitTransportAction.TYPE, MockSubmitTransportAction.class), new ActionPlugin.ActionHandler(MockGetTransportAction.TYPE, MockGetTransportAction.class), new ActionPlugin.ActionHandler(MockDeleteTransportAction.TYPE, MockDeleteTransportAction.class));
        }

        public List<RestHandler> getRestHandlers(Settings settings, NamedWriteableRegistry namedWriteableRegistry, RestController restController, ClusterSettings clusterSettings, IndexScopedSettings indexScopedSettings, SettingsFilter settingsFilter, IndexNameExpressionResolver indexNameExpressionResolver, Supplier<DiscoveryNodes> supplier, Predicate<NodeFeature> predicate) {
            return Arrays.asList(new SimpleRestHandler(new RestHandler.Route(RestRequest.Method.POST, "/{index}/_async_search"), MockSubmitTransportAction.TYPE, restRequest -> {
                return new MockSubmitActionRequest(restRequest.param("index"));
            }), new SimpleRestHandler(new RestHandler.Route(RestRequest.Method.GET, "/_async_search/{id}"), MockGetTransportAction.TYPE, restRequest2 -> {
                return new MockGetActionRequest(restRequest2.param("id"));
            }), new SimpleRestHandler(new RestHandler.Route(RestRequest.Method.DELETE, "/_async_search/{id}"), MockDeleteTransportAction.TYPE, restRequest3 -> {
                return new MockGetActionRequest(restRequest3.param("id"));
            }));
        }

        /* renamed from: getRestHandlers, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Collection m3getRestHandlers(Settings settings, NamedWriteableRegistry namedWriteableRegistry, RestController restController, ClusterSettings clusterSettings, IndexScopedSettings indexScopedSettings, SettingsFilter settingsFilter, IndexNameExpressionResolver indexNameExpressionResolver, Supplier supplier, Predicate predicate) {
            return getRestHandlers(settings, namedWriteableRegistry, restController, clusterSettings, indexScopedSettings, settingsFilter, indexNameExpressionResolver, (Supplier<DiscoveryNodes>) supplier, (Predicate<NodeFeature>) predicate);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockActionResponse.class */
    public static class MockActionResponse extends ActionResponse implements ToXContentObject, ChunkedToXContentObject {
        private String id;
        private RestStatus restStatus;

        public MockActionResponse(String str, RestStatus restStatus) {
            this.id = str;
            this.restStatus = restStatus;
        }

        public MockActionResponse(StreamInput streamInput) throws IOException {
            this.id = streamInput.readOptionalString();
            this.restStatus = streamInput.readEnum(RestStatus.class);
        }

        public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
            xContentBuilder.startObject();
            if (this.id != null) {
                xContentBuilder.field("id", this.id);
            }
            xContentBuilder.field("is_partial", true);
            xContentBuilder.field("is_running", true);
            xContentBuilder.field("start_time_in_millis", System.currentTimeMillis());
            xContentBuilder.field("expiration_time_in_millis", System.currentTimeMillis());
            xContentBuilder.startObject("response");
            xContentBuilder.field("took", 0);
            xContentBuilder.field("timed_out", false);
            xContentBuilder.field("num_reduce_phases", 0);
            xContentBuilder.startObject("_shards");
            xContentBuilder.field("total", 1);
            xContentBuilder.field("successful", 1);
            xContentBuilder.field("skipped", 0);
            xContentBuilder.field("failed", 0);
            xContentBuilder.endObject();
            xContentBuilder.startObject("hits");
            xContentBuilder.startObject("total");
            xContentBuilder.field("value", 0);
            xContentBuilder.field("relation", "eq");
            xContentBuilder.endObject();
            xContentBuilder.nullField("max_score");
            xContentBuilder.startArray("hits");
            xContentBuilder.endArray();
            xContentBuilder.endObject();
            xContentBuilder.endObject();
            xContentBuilder.endObject();
            return xContentBuilder;
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeOptionalString(this.id);
            streamOutput.writeEnum(this.restStatus);
        }

        public RestStatus status() {
            return this.restStatus;
        }

        public String getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public Iterator<? extends ToXContent> toXContentChunked(ToXContent.Params params) {
            return ImmutableList.of(this).iterator();
        }

        public boolean isFragment() {
            return false;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockDeleteTransportAction.class */
    public static class MockDeleteTransportAction extends HandledTransportAction<MockGetActionRequest, AcknowledgedResponse> {
        static ActionType<AcknowledgedResponse> TYPE = new ActionType<>("indices:data/read/async_search/delete");

        @Inject
        public MockDeleteTransportAction(Settings settings, ThreadPool threadPool, ClusterService clusterService, TransportService transportService, AdminDNs adminDNs, ActionFilters actionFilters) {
            super(TYPE.name(), transportService, actionFilters, MockGetActionRequest::new, threadPool.executor("generic"));
        }

        protected void doExecute(Task task, MockGetActionRequest mockGetActionRequest, ActionListener<AcknowledgedResponse> actionListener) {
            actionListener.onResponse(AcknowledgedResponse.of(true));
        }

        protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
            doExecute(task, (MockGetActionRequest) actionRequest, (ActionListener<AcknowledgedResponse>) actionListener);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockGetActionRequest.class */
    public static class MockGetActionRequest extends ActionRequest {
        private String id;

        public MockGetActionRequest(String str) {
            this.id = str;
        }

        public MockGetActionRequest(StreamInput streamInput) throws IOException {
            this.id = streamInput.readString();
        }

        public void writeTo(StreamOutput streamOutput) throws IOException {
            streamOutput.writeString(this.id);
        }

        public ActionRequestValidationException validate() {
            return null;
        }

        public String getId() {
            return this.id;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockGetTransportAction.class */
    public static class MockGetTransportAction extends HandledTransportAction<MockGetActionRequest, MockActionResponse> {
        static ActionType<MockActionResponse> TYPE = new ActionType<>("indices:data/read/async_search/get");

        @Inject
        public MockGetTransportAction(Settings settings, ThreadPool threadPool, ClusterService clusterService, TransportService transportService, AdminDNs adminDNs, ActionFilters actionFilters) {
            super(TYPE.name(), transportService, actionFilters, MockGetActionRequest::new, threadPool.executor("generic"));
        }

        protected void doExecute(Task task, MockGetActionRequest mockGetActionRequest, ActionListener<MockActionResponse> actionListener) {
            actionListener.onResponse(new MockActionResponse(UUID.randomUUID().toString(), RestStatus.OK));
        }

        protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
            doExecute(task, (MockGetActionRequest) actionRequest, (ActionListener<MockActionResponse>) actionListener);
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockSubmitActionRequest.class */
    public static class MockSubmitActionRequest extends ActionRequest {
        private String index;

        public MockSubmitActionRequest(String str) {
            this.index = str;
        }

        public MockSubmitActionRequest(StreamInput streamInput) throws IOException {
        }

        public ActionRequestValidationException validate() {
            return null;
        }

        public String getIndex() {
            return this.index;
        }

        public void setIndex(String str) {
            this.index = str;
        }
    }

    /* loaded from: input_file:com/floragunn/searchguard/ResourceOwnerServiceTests$MockSubmitTransportAction.class */
    public static class MockSubmitTransportAction extends HandledTransportAction<MockSubmitActionRequest, MockActionResponse> {
        static ActionType<MockActionResponse> TYPE = new ActionType<>("indices:data/read/async_search/submit");

        @Inject
        public MockSubmitTransportAction(Settings settings, ThreadPool threadPool, ClusterService clusterService, TransportService transportService, AdminDNs adminDNs, ActionFilters actionFilters) {
            super(TYPE.name(), transportService, actionFilters, MockSubmitActionRequest::new, threadPool.executor("generic"));
        }

        protected void doExecute(Task task, MockSubmitActionRequest mockSubmitActionRequest, ActionListener<MockActionResponse> actionListener) {
            actionListener.onResponse(new MockActionResponse(UUID.randomUUID().toString(), RestStatus.OK));
        }

        protected /* bridge */ /* synthetic */ void doExecute(Task task, ActionRequest actionRequest, ActionListener actionListener) {
            doExecute(task, (MockSubmitActionRequest) actionRequest, (ActionListener<MockActionResponse>) actionListener);
        }
    }

    @Test
    public void testAsyncSearch() throws Exception {
        RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient(SULU);
        try {
            SubmitResponse submit = restHighLevelClient.getJavaClient().asyncSearch().submit(new SubmitRequest.Builder().index("test1", new String[]{"test2"}).query(new MatchAllQuery.Builder().build()._toQuery()).waitForCompletionTimeout((Time) new Time.Builder().time("1ms").build()).build(), Map.class);
            restHighLevelClient.getJavaClient().asyncSearch().get(new GetAsyncSearchRequest.Builder().id(submit.id()).build(), Map.class);
            restHighLevelClient.getJavaClient().asyncSearch().delete(new DeleteAsyncSearchRequest.Builder().id(submit.id()).build());
            Thread.sleep(100L);
            try {
                Assert.fail(restHighLevelClient.getJavaClient().asyncSearch().get(new GetAsyncSearchRequest.Builder().id(submit.id()).build(), Map.class).toString());
            } catch (ElasticsearchException e) {
                Assert.assertEquals(e.toString(), RestStatus.NOT_FOUND.getStatus(), e.status());
            }
            if (restHighLevelClient != null) {
                restHighLevelClient.close();
            }
        } catch (Throwable th) {
            if (restHighLevelClient != null) {
                try {
                    restHighLevelClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAsyncSearchUserMismatch() throws Exception {
        try {
            RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient(SULU);
            try {
                RestHighLevelClient restHighLevelClient2 = cluster.getRestHighLevelClient(EVIL_SULU);
                try {
                    restHighLevelClient2.getJavaClient().asyncSearch().get(new GetAsyncSearchRequest.Builder().id(restHighLevelClient.getJavaClient().asyncSearch().submit(new SubmitRequest.Builder().index("test1", new String[]{"test2"}).query(new MatchAllQuery.Builder().build()._toQuery()).waitForCompletionTimeout((Time) new Time.Builder().time("1ms").build()).build(), Map.class).id()).build(), Map.class);
                    Assert.fail();
                    if (restHighLevelClient2 != null) {
                        restHighLevelClient2.close();
                    }
                    if (restHighLevelClient != null) {
                        restHighLevelClient.close();
                    }
                } catch (Throwable th) {
                    if (restHighLevelClient2 != null) {
                        try {
                            restHighLevelClient2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (ElasticsearchException e) {
            Assert.assertTrue(e.toString(), e.toString().contains("is not owned by user evil_sulu"));
            Assert.assertEquals(e.toString(), RestStatus.FORBIDDEN.getStatus(), e.status());
        }
    }

    @Test
    public void testAsyncSearchUserOverride() throws Exception {
        RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient(SULU);
        try {
            RestHighLevelClient restHighLevelClient2 = cluster.getRestHighLevelClient(ADMIN);
            try {
                SubmitResponse submit = restHighLevelClient.getJavaClient().asyncSearch().submit(new SubmitRequest.Builder().index("test1", new String[]{"test2"}).query(new MatchAllQuery.Builder().build()._toQuery()).waitForCompletionTimeout((Time) new Time.Builder().time("1ms").build()).build(), Map.class);
                restHighLevelClient2.getJavaClient().asyncSearch().get(new GetAsyncSearchRequest.Builder().id(submit.id()).build(), Map.class);
                restHighLevelClient2.getJavaClient().asyncSearch().delete(new DeleteAsyncSearchRequest.Builder().id(submit.id()).build());
                if (restHighLevelClient2 != null) {
                    restHighLevelClient2.close();
                }
                if (restHighLevelClient != null) {
                    restHighLevelClient.close();
                }
            } catch (Throwable th) {
                if (restHighLevelClient2 != null) {
                    try {
                        restHighLevelClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (restHighLevelClient != null) {
                try {
                    restHighLevelClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAsyncSearchUserMismatchForDelete() throws Exception {
        try {
            RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient(SULU);
            try {
                RestHighLevelClient restHighLevelClient2 = cluster.getRestHighLevelClient(EVIL_SULU);
                try {
                    restHighLevelClient2.getJavaClient().asyncSearch().get(new GetAsyncSearchRequest.Builder().id(restHighLevelClient.getJavaClient().asyncSearch().submit(new SubmitRequest.Builder().index("test1", new String[]{"test2"}).query(new MatchAllQuery.Builder().build()._toQuery()).waitForCompletionTimeout((Time) new Time.Builder().time("1ms").build()).build(), Map.class).id()).build(), Map.class);
                    Assert.fail();
                    if (restHighLevelClient2 != null) {
                        restHighLevelClient2.close();
                    }
                    if (restHighLevelClient != null) {
                        restHighLevelClient.close();
                    }
                } catch (Throwable th) {
                    if (restHighLevelClient2 != null) {
                        try {
                            restHighLevelClient2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (ElasticsearchException e) {
            Assert.assertTrue(e.toString(), e.toString().contains("is not owned by user evil_sulu"));
            Assert.assertEquals(e.toString(), RestStatus.FORBIDDEN.getStatus(), e.status());
        }
    }
}
