package com.floragunn.signals.truststore.rest;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.certificate.TestCertificates;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.floragunn.searchsupport.junit.matcher.DocNodeMatchers;
import com.floragunn.signals.SignalsModule;
import com.floragunn.signals.watch.WatchBuilder;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Random;
import org.apache.http.Header;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.search.SearchHit;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/signals/truststore/rest/TrustedCertificatesRestActionHandlersAndTruststoreIndexMappingTest.class */
public class TrustedCertificatesRestActionHandlersAndTruststoreIndexMappingTest {
    public static final String TRUSTSTORE_ID_1 = "truststore-id-001";
    public static final String TRUSTSTORE_ID_2 = "truststore-id-002";
    public static final String TRUSTSTORE_ID_3 = "truststore-id-003";
    private static final Logger log = LogManager.getLogger(TrustedCertificatesRestActionHandlersAndTruststoreIndexMappingTest.class);
    private static final TestSgConfig.User USER_ADMIN = new TestSgConfig.User("admin").roles(new TestSgConfig.Role[]{TestSgConfig.Role.ALL_ACCESS.tenantPermission(new String[]{"cluster:admin:searchguard:tenant:signals:*"}).on(new String[]{"SGS_GLOBAL_TENANT"})});
    private static final TestSgConfig.User READONLY_USER = new TestSgConfig.User("readonly_user").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("read-only-role").indexPermissions(new String[]{"SGS_READ"}).on(new String[]{"*"})});
    private static final TestSgConfig.Role READ_TRUSTSTORES_ROLE = new TestSgConfig.Role("read-truststores-role").clusterPermissions(new String[]{"cluster:admin:searchguard:signals:truststores/findall", "cluster:admin:searchguard:signals:truststores/findone"});
    private static final TestSgConfig.User READ_TRUSTSTORES_USER = new TestSgConfig.User("read-truststores-user").roles(new TestSgConfig.Role[]{READ_TRUSTSTORES_ROLE});

    @ClassRule
    public static LocalCluster.Embedded cluster = new LocalCluster.Builder().singleNode().sslEnabled().user(USER_ADMIN).user(READONLY_USER).user(READ_TRUSTSTORES_USER).enableModule(SignalsModule.class).nodeSettings(new Object[]{"signals.enabled", true}).waitForComponents(new String[]{"signals"}).embedded().build();

    @After
    public void clearData() {
        Client privilegedInternalNodeClient = cluster.getPrivilegedInternalNodeClient();
        for (SearchHit searchHit : ((SearchResponse) privilegedInternalNodeClient.search(new SearchRequest(new String[]{".signals_truststores"})).actionGet()).getHits().getHits()) {
            String id = searchHit.getId();
            privilegedInternalNodeClient.delete(new DeleteRequest(".signals_truststores").id(id).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE)).actionGet();
            log.info("Document with id '{}' deleted from index '{}'.", id, ".signals_truststores");
        }
    }

    @Test
    public void shouldNotFindTrustStoreWhichDoesNotExist() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores/does-not-exists", new Header[0]);
            log.info("Load one truststore by id response '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(404));
            MatcherAssert.assertThat(httpResponse.getBody(), Matchers.not(Matchers.emptyOrNullString()));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldLoadTruststoreById() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_2, TruststoreLoader.PEM_TWO_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_3, TruststoreLoader.PEM_ONE_CERTIFICATES);
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores/truststore-id-001", new Header[0]);
            log.info("Load one truststore by id response '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
            DocNode bodyAsDocNode = httpResponse.getBodyAsDocNode();
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.docNodeSizeEqualTo("data.certificates", 3));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[0].issuer", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[0].subject", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[1].issuer", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[1].subject", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[2].issuer", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[2].subject", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldLoadExactlyTheSamePemFile() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            String storeTruststore = TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_2, TruststoreLoader.PEM_THREE_CERTIFICATES);
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores/truststore-id-002", new Header[0]);
            log.info("Load one truststore by id response '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(httpResponse.getBodyAsDocNode().getAsNode("data").getAsString("raw_pem"), Matchers.equalTo(storeTruststore));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldGetEmptyTruststoreList() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores", new Header[0]);
            log.info("Get truststore by id '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(httpResponse.getBodyAsDocNode(), DocNodeMatchers.docNodeSizeEqualTo("data", 0));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldGetListWithOneTruststore() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores", new Header[0]);
            log.info("Get all truststores response '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
            DocNode bodyAsDocNode = httpResponse.getBodyAsDocNode();
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.docNodeSizeEqualTo("data", 1));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.docNodeSizeEqualTo("data[0].certificates", 3));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data[0].certificates[0].issuer", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data[0].certificates[0].subject", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data[0].certificates[1].issuer", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data[0].certificates[1].subject", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data[0].certificates[2].issuer", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data[0].certificates[2].subject", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldGetListWithMultipleTruststores() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            List<DocNode> saveRandomTruststores = saveRandomTruststores(12);
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores", new Header[0]);
            log.info("Get all truststores response '{}'", httpResponse.getBody());
            MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
            ImmutableList asListOfNodes = httpResponse.getBodyAsDocNode().getAsListOfNodes("data");
            MatcherAssert.assertThat(asListOfNodes, Matchers.hasSize(saveRandomTruststores.size()));
            for (int i = 0; i < saveRandomTruststores.size(); i++) {
                MatcherAssert.assertThat((DocNode) asListOfNodes.get(i), DocNodeMatchers.containsValue("id", saveRandomTruststores.get(i).get("id")));
                ImmutableList asListOfNodes2 = saveRandomTruststores.get(i).getAsListOfNodes("certificates");
                MatcherAssert.assertThat((DocNode) asListOfNodes.get(i), DocNodeMatchers.docNodeSizeEqualTo("certificates", asListOfNodes2.size()));
                for (int i2 = 0; i2 < asListOfNodes2.size(); i2++) {
                    MatcherAssert.assertThat((DocNode) asListOfNodes.get(i), DocNodeMatchers.containsValue("certificates[" + i2 + "].issuer", ((DocNode) asListOfNodes2.get(i2)).get("issuer")));
                    MatcherAssert.assertThat((DocNode) asListOfNodes.get(i), DocNodeMatchers.containsValue("certificates[" + i2 + "].subject", ((DocNode) asListOfNodes2.get(i2)).get("subject")));
                }
            }
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldUploadTruststore() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/truststores/truststore-id-001", DocNode.of("name", TruststoreLoader.NAME_TRUST_STORE, "pem", TruststoreLoader.loadCertificates(TruststoreLoader.PEM_THREE_CERTIFICATES)).toJsonString(), new Header[0]);
            log.info("Upload truststore status code '{}' and response body '{}'", Integer.valueOf(putJson.getStatusCode()), putJson.getBody());
            MatcherAssert.assertThat(Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            DocNode bodyAsDocNode = putJson.getBodyAsDocNode();
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.name", TruststoreLoader.NAME_TRUST_STORE));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.id", TRUSTSTORE_ID_1));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.docNodeSizeEqualTo("data.certificates", 3));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[0].issuer", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[0].subject", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[1].issuer", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[1].subject", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[2].issuer", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[2].subject", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldReplaceTruststore() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            String loadCertificates = TruststoreLoader.loadCertificates(TruststoreLoader.PEM_ONE_CERTIFICATES);
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/truststores/truststore-id-001", DocNode.of("name", TruststoreLoader.NAME_TRUST_STORE, "pem", loadCertificates).toJsonString(), new Header[0]);
            log.info("Replace truststore status code '{}' and response body '{}'", Integer.valueOf(putJson.getStatusCode()), putJson.getBody());
            MatcherAssert.assertThat(Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            DocNode bodyAsDocNode = putJson.getBodyAsDocNode();
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.name", TruststoreLoader.NAME_TRUST_STORE));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.id", TRUSTSTORE_ID_1));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.docNodeSizeEqualTo("data.certificates", 1));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.raw_pem", loadCertificates));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.time.ZonedDateTime] */
    @Test
    public void shouldUploadExpiredCertificate() throws Exception {
        String jsonString = DocNode.of("name", "I am a little outdated", "pem", TestCertificates.builder().ca("CN=root.ca.example.com,OU=SearchGuard,O=SearchGuard", Date.from(LocalDateTime.of(1999, 1, 1, 12, 0).atZone((ZoneId) ZoneOffset.UTC).toInstant()), Date.from(LocalDateTime.of(2001, 1, 1, 12, 0).atZone((ZoneId) ZoneOffset.UTC).toInstant())).build().getCaCertificate().getCertificateString()).toJsonString();
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/truststores/truststore-id-001", jsonString, new Header[0]);
            log.info("Upload truststore status code '{}' and response body '{}'", Integer.valueOf(putJson.getStatusCode()), putJson.getBody());
            MatcherAssert.assertThat(Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            DocNode bodyAsDocNode = putJson.getBodyAsDocNode();
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.name", "I am a little outdated"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[0].not_before", "1999-01-01T12:00:00.000Z"));
            MatcherAssert.assertThat(bodyAsDocNode, DocNodeMatchers.containsValue("data.certificates[0].not_after", "2001-01-01T12:00:00.000Z"));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldValidateCertificatesAndReportErrors() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/truststores/truststore-id-001", DocNode.of("name", TruststoreLoader.NAME_TRUST_STORE, "pem", "-----BEGIN CERTIFICATE-----invalid certificate-----END CERTIFICATE-----").toJsonString(), new Header[0]);
            log.info("Replace truststore status code '{}' and response body '{}'", Integer.valueOf(putJson.getStatusCode()), putJson.getBody());
            MatcherAssert.assertThat(Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(400));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldReturnErrorsOccuredDuringCertificateParsing() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/truststores/truststore-id-001", DocNode.of("name", TruststoreLoader.NAME_TRUST_STORE, "pem", "this is invalid certificate").toJsonString(), new Header[0]);
            log.info("Replace truststore status code '{}' and response body '{}'", Integer.valueOf(putJson.getStatusCode()), putJson.getBody());
            MatcherAssert.assertThat(Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(400));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldNotDeleteTruststoreIfTruststoreDoesNotExists() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient.HttpResponse delete = restClient.delete("/_signals/truststores/not-exists", new Header[0]);
            MatcherAssert.assertThat(Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(404));
            MatcherAssert.assertThat(delete.getBody(), Matchers.not(Matchers.emptyOrNullString()));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldNotDeleteTruststoreIfTruststoreIsUsedByWatch() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            String lowerCase = TRUSTSTORE_ID_1.toLowerCase();
            String upperCase = TRUSTSTORE_ID_1.toUpperCase();
            TruststoreLoader.storeTruststore(restClient, lowerCase, TruststoreLoader.PEM_THREE_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, upperCase, TruststoreLoader.PEM_THREE_CERTIFICATES);
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/watch/_main/webhook_with_truststore", new WatchBuilder("test_with_truststore").cronTrigger("0 0 */1 * * ?").then().postWebhook("http://localhost:3233").truststoreId(lowerCase).name("webhook").build().toJson(), new Header[0]);
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(201));
            GenericRestClient.HttpResponse delete = restClient.delete("/_signals/truststores/" + lowerCase, new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(409));
            MatcherAssert.assertThat(delete.getBody(), delete.getBodyAsDocNode(), DocNodeMatchers.containsValue("$.error.message", "The truststore is still in use"));
            GenericRestClient.HttpResponse delete2 = restClient.delete("/_signals/truststores/" + upperCase, new Header[0]);
            MatcherAssert.assertThat(delete2.getBody(), Integer.valueOf(delete2.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse delete3 = restClient.delete("/_signals/watch/_main/webhook_with_truststore", new Header[0]);
            MatcherAssert.assertThat(delete3.getBody(), Integer.valueOf(delete3.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse delete4 = restClient.delete("/_signals/truststores/" + lowerCase, new Header[0]);
            MatcherAssert.assertThat(delete4.getBody(), Integer.valueOf(delete4.getStatusCode()), Matchers.equalTo(200));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldDeleteExistingTruststore() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_2, TruststoreLoader.PEM_TWO_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_3, TruststoreLoader.PEM_ONE_CERTIFICATES);
            MatcherAssert.assertThat(Integer.valueOf(restClient.delete("/_signals/truststores/truststore-id-001", new Header[0]).getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores/truststore-id-001", new Header[0]).getStatusCode()), Matchers.equalTo(404));
            MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores/truststore-id-002", new Header[0]).getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores/truststore-id-003", new Header[0]).getStatusCode()), Matchers.equalTo(200));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldDeleteAnotherExistingTruststore() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_2, TruststoreLoader.PEM_TWO_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_3, TruststoreLoader.PEM_ONE_CERTIFICATES);
            MatcherAssert.assertThat(Integer.valueOf(restClient.delete("/_signals/truststores/truststore-id-002", new Header[0]).getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores/truststore-id-001", new Header[0]).getStatusCode()), Matchers.equalTo(200));
            MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores/truststore-id-002", new Header[0]).getStatusCode()), Matchers.equalTo(404));
            MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores/truststore-id-003", new Header[0]).getStatusCode()), Matchers.equalTo(200));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldNotAccessTruststoreIndexDirectly() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
            try {
                TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
                TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_2, TruststoreLoader.PEM_TWO_CERTIFICATES);
                TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_3, TruststoreLoader.PEM_ONE_CERTIFICATES);
                GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores", new Header[0]);
                MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
                MatcherAssert.assertThat(httpResponse.getBodyAsDocNode(), DocNodeMatchers.docNodeSizeEqualTo("data", 3));
                MatcherAssert.assertThat(Integer.valueOf(restClient.get("/.signals_truststores/_search", new Header[0]).getStatusCode()), Matchers.equalTo(403));
                GenericRestClient.HttpResponse httpResponse2 = adminCertRestClient.get("/.signals_truststores/_search", new Header[0]);
                MatcherAssert.assertThat(Integer.valueOf(httpResponse2.getStatusCode()), Matchers.equalTo(200));
                MatcherAssert.assertThat(httpResponse2.getBodyAsDocNode(), DocNodeMatchers.containsValue("hits.total.value", 3));
                if (adminCertRestClient != null) {
                    adminCertRestClient.close();
                }
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldNotGetCertificatesWhenUserHasNoRequiredPermission() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_2, TruststoreLoader.PEM_TWO_CERTIFICATES);
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_3, TruststoreLoader.PEM_ONE_CERTIFICATES);
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(READONLY_USER, new Header[0]);
            try {
                MatcherAssert.assertThat(Integer.valueOf(restClient.get("/_signals/truststores", new Header[0]).getStatusCode()), Matchers.equalTo(403));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void shouldReadOneTruststoreWithReadTruststoresUserAccount() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(READ_TRUSTSTORES_USER, new Header[0]);
            try {
                GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores/truststore-id-001", new Header[0]);
                MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
                MatcherAssert.assertThat(httpResponse.getBodyAsDocNode(), DocNodeMatchers.docNodeSizeEqualTo("data.certificates", 3));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void shouldReadAllTruststoreWithReadTruststoresUserAccount() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, TRUSTSTORE_ID_1, TruststoreLoader.PEM_THREE_CERTIFICATES);
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(READ_TRUSTSTORES_USER, new Header[0]);
            try {
                GenericRestClient.HttpResponse httpResponse = restClient.get("/_signals/truststores", new Header[0]);
                MatcherAssert.assertThat(Integer.valueOf(httpResponse.getStatusCode()), Matchers.equalTo(200));
                MatcherAssert.assertThat(httpResponse.getBodyAsDocNode(), DocNodeMatchers.docNodeSizeEqualTo("data[0].certificates", 3));
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void shouldNotCreateTruststoresWithReadTruststoresUserAccount() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(READ_TRUSTSTORES_USER, new Header[0]);
        try {
            MatcherAssert.assertThat(Integer.valueOf(restClient.putJson("/_signals/truststores/truststore-id-001", DocNode.of("name", TruststoreLoader.NAME_TRUST_STORE, "pem", TruststoreLoader.loadCertificates(TruststoreLoader.PEM_THREE_CERTIFICATES)).toJsonString(), new Header[0]).getStatusCode()), Matchers.equalTo(403));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void shouldUsePredefinedMappingForTruststoreIndex() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            TruststoreLoader.storeTruststore(restClient, "certificate-id-1", TruststoreLoader.PEM_ONE_CERTIFICATES, "2023-05-08T13:35:53.508955Z");
            GenericRestClient.HttpResponse putJson = restClient.putJson("/_signals/truststores/another-id", DocNode.of("name", "regular and valid name", "pem", TruststoreLoader.loadCertificates(TruststoreLoader.PEM_THREE_CERTIFICATES)).toJsonString(), new Header[0]);
            log.info("Upload truststore status code '{}' and response body '{}'", Integer.valueOf(putJson.getStatusCode()), putJson.getBody());
            MatcherAssert.assertThat(Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<DocNode> saveRandomTruststores(int i) throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_ADMIN, new Header[0]);
        try {
            ImmutableMap of = ImmutableMap.of(1, DocNode.array(new Object[]{DocNode.of("issuer", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0", "subject", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0")}), 2, DocNode.array(new Object[]{DocNode.of("issuer", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0", "subject", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"), DocNode.of("issuer", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1", "subject", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1")}), 3, DocNode.array(new Object[]{DocNode.of("issuer", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0", "subject", "CN=root.ca.number-0.com,OU=SearchGuard,O=index-0"), DocNode.of("issuer", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1", "subject", "CN=root.ca.number-1.com,OU=SearchGuard,O=index-1"), DocNode.of("issuer", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2", "subject", "CN=root.ca.number-2.com,OU=SearchGuard,O=index-2")}));
            ImmutableMap of2 = ImmutableMap.of(1, TruststoreLoader.PEM_ONE_CERTIFICATES, 2, TruststoreLoader.PEM_TWO_CERTIFICATES, 3, TruststoreLoader.PEM_THREE_CERTIFICATES);
            ArrayList arrayList = new ArrayList();
            for (int i2 = 1; i2 <= i; i2++) {
                int nextInt = new Random().nextInt(3) + 1;
                String str = "name-" + i2;
                TruststoreLoader.storeTruststore(restClient, String.valueOf(i2), (String) of2.get(Integer.valueOf(nextInt)), str);
                arrayList.add(DocNode.of("id", Integer.valueOf(i2), "name", str, "certificates", of.get(Integer.valueOf(nextInt))));
            }
            if (restClient != null) {
                restClient.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
