package com.floragunn.searchguard.test.helper.cluster;

import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.http.Header;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/LocalClusterTest.class */
public class LocalClusterTest {
    private static final String INDEX_NAME = "some-index";
    private static final Logger log = LogManager.getLogger(LocalClusterTest.class);
    private static final String LIMITED_ROLE_NAME = "limited-role";
    private static final TestSgConfig.User USER_LIMITED = new TestSgConfig.User("limited-user").roles(LIMITED_ROLE_NAME);
    private static final TestSgConfig.User USER_WITHOUT_ROLE = new TestSgConfig.User("user-without-role");
    private static final TestSgConfig.User USER_ADMIN = new TestSgConfig.User("admin").roles(TestSgConfig.Role.ALL_ACCESS.getName());

    @ClassRule
    public static LocalCluster.Embedded CLUSTER = new LocalCluster.Builder().singleNode().authc(new TestSgConfig.Authc(new TestSgConfig.Authc.Domain("basic/internal_users_db"))).roles(TestSgConfig.Role.ALL_ACCESS).user(USER_ADMIN).users(USER_LIMITED).user(USER_WITHOUT_ROLE).sslEnabled().enterpriseModulesEnabled().embedded().build();

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @BeforeClass
    public static void setupData() {
        CLUSTER.getPrivilegedInternalNodeClient().index(new IndexRequest(INDEX_NAME).id("contradiction").source(new Object[]{"yes", "no"}).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE)).actionGet();
    }

    @Test
    public void shouldUpdateAndRestoreConfigurationOfRoles() throws Exception {
        TestSgConfig.Role on = new TestSgConfig.Role(LIMITED_ROLE_NAME).clusterPermissions("*").indexPermissions("*").on(INDEX_NAME);
        GenericRestClient restClient = CLUSTER.getRestClient(USER_LIMITED, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/some-index/_search", new Header[0]);
            log.info("Search response before config update '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(403));
            if (restClient != null) {
                restClient.close();
            }
            AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            GenericRestClient.HttpResponse httpResponse2 = (GenericRestClient.HttpResponse) CLUSTER.callAndRestoreConfig(CType.ROLES, () -> {
                CLUSTER.updateRolesConfig(on);
                GenericRestClient restClient2 = CLUSTER.getRestClient(USER_LIMITED, new Header[0]);
                try {
                    atomicBoolean.set(true);
                    GenericRestClient.HttpResponse httpResponse3 = restClient2.get("/some-index/_search", new Header[0]);
                    if (restClient2 != null) {
                        restClient2.close();
                    }
                    return httpResponse3;
                } catch (Throwable th) {
                    if (restClient2 != null) {
                        try {
                            restClient2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            });
            log.info("Search response after config update '{}'", httpResponse2.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse2.getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(Boolean.valueOf(atomicBoolean.get()), Matchers.equalTo(true));
            restClient = CLUSTER.getRestClient(USER_LIMITED, new Header[0]);
            try {
                GenericRestClient.HttpResponse httpResponse3 = restClient.get("/some-index/_search", new Header[0]);
                log.info("Search response after restore config '{}'", httpResponse3.getBody());
                MatcherAssert.assertThat(Integer.valueOf(httpResponse3.getStatusCode()), Matchers.equalTo(403));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void shouldUpdateAndRestoreConfigurationOfRoleMappings() throws Exception {
        TestSgConfig.RoleMapping users = new TestSgConfig.RoleMapping(TestSgConfig.Role.ALL_ACCESS.getName()).users(USER_WITHOUT_ROLE.getName());
        GenericRestClient restClient = CLUSTER.getRestClient(USER_WITHOUT_ROLE, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/some-index/_search", new Header[0]);
            log.info("Search response before config update '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(403));
            if (restClient != null) {
                restClient.close();
            }
            AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            GenericRestClient.HttpResponse httpResponse2 = (GenericRestClient.HttpResponse) CLUSTER.callAndRestoreConfig(CType.ROLESMAPPING, () -> {
                CLUSTER.updateRolesMappingsConfig(users);
                GenericRestClient restClient2 = CLUSTER.getRestClient(USER_WITHOUT_ROLE, new Header[0]);
                try {
                    atomicBoolean.set(true);
                    GenericRestClient.HttpResponse httpResponse3 = restClient2.get("/some-index/_search", new Header[0]);
                    if (restClient2 != null) {
                        restClient2.close();
                    }
                    return httpResponse3;
                } catch (Throwable th) {
                    if (restClient2 != null) {
                        try {
                            restClient2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            });
            MatcherAssert.assertThat(Boolean.valueOf(atomicBoolean.get()), Matchers.equalTo(true));
            log.info("Search response after config update '{}'", httpResponse2.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse2.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse httpResponse3 = CLUSTER.getRestClient(USER_WITHOUT_ROLE, new Header[0]).get("/some-index/_search", new Header[0]);
            log.info("Search response after config restore '{}'", httpResponse3.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse3.getStatusCode()), Matchers.equalTo(403));
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
