package com.floragunn.dlic.auth.ldap;

import com.floragunn.dlic.auth.ldap.srv.LdapServer;
import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/dlic/auth/ldap/LdapBackendIntegTest.class */
public class LdapBackendIntegTest extends SingleClusterTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();
    private static LdapServer tlsLdapServer = LdapServer.createTls("base.ldif");

    protected String getResourceFolder() {
        return "ldap";
    }

    @Test
    public void testIntegLdapAuthenticationSSL() throws Exception {
        String replace = FileHelper.loadFile("ldap/sg_config.yml").replace("${ldapsPort}", String.valueOf(tlsLdapServer.getPort()));
        System.out.println(replace);
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfigAsYamlString(replace), Settings.EMPTY);
        Assert.assertEquals(200L, nonSslRestHelper().executeGetRequest("", new Header[]{encodeBasicHeader("jacksonm", "secret")}).getStatusCode());
    }

    @Test
    public void testIntegLdapAuthenticationSSLFail() throws Exception {
        String replace = FileHelper.loadFile("ldap/sg_config.yml").replace("${ldapsPort}", String.valueOf(tlsLdapServer.getPort()));
        System.out.println(replace);
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfigAsYamlString(replace), Settings.EMPTY);
        Assert.assertEquals(401L, nonSslRestHelper().executeGetRequest("", new Header[]{encodeBasicHeader("wrong", "wrong")}).getStatusCode());
    }

    @Test
    public void testAttributesWithImpersonation() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfigAsYamlString(FileHelper.loadFile("ldap/sg_config.yml").replace("${ldapsPort}", String.valueOf(tlsLdapServer.getPort()))), Settings.builder().putList("searchguard.authcz.rest_impersonation_user.cn=Captain Spock,ou=people,o=TEST", new String[]{"*"}).build());
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("_searchguard/authinfo", new Header[]{new BasicHeader("sg_impersonate_as", "jacksonm"), encodeBasicHeader("spock", "spocksecret")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        System.out.println(executeGetRequest.getBody());
        Assert.assertTrue(executeGetRequest.getBody().contains("ldap.dn"));
        Assert.assertTrue(executeGetRequest.getBody().contains("attr.ldap.entryDN"));
        Assert.assertTrue(executeGetRequest.getBody().contains("attr.ldap.subschemaSubentry"));
    }

    @Test
    public void ldapDlsIntegrationTest() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfigAsYamlString(FileHelper.loadFile("ldap/sg_config.yml").replace("${ldapsPort}", String.valueOf(tlsLdapServer.getPort()))), Settings.EMPTY);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.EMPTY);
        try {
            internalTransportClient.index(new IndexRequest("dls_test").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"a\", \"amount\": 1010}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("dls_test").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"b\", \"amount\": 2020}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("dls_test").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"c\", \"amount\": 3030}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("dls_test").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"d\", \"amount\": 4040}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("dls_test").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"filter_attr\": \"e\", \"amount\": 5050}", XContentType.JSON)).actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/dls_test/_search?pretty&size=100", new Header[]{encodeBasicHeader("jacksonm", "secret")});
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            System.out.println(executeGetRequest.getBody());
            Assert.assertTrue(executeGetRequest.getBody().contains("\"value\" : 5,\n      \"relation"));
            RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("/dls_test/_search?pretty&size=100", new Header[]{encodeBasicHeader("propsreplace", "propsreplace")});
            Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
            System.out.println(executeGetRequest2.getBody());
            Assert.assertTrue(executeGetRequest2.getBody().contains("\"value\" : 3,\n      \"relation"));
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @AfterClass
    public static void tearDownLdap() throws Exception {
        if (tlsLdapServer != null) {
            tlsLdapServer.stop();
        }
    }
}
