package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.util.List;
import org.apache.http.Header;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/RolesMappingApiTest.class */
public class RolesMappingApiTest extends AbstractRestApiUnitTest {
    @Test
    public void testRolesMappingApi() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeGetRequest("_searchguard/api/rolesmapping", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_searchguard/api/rolesmapping", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getContentType(), executeGetRequest.isJsonContentType());
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/rolesmapping/sg_role_starfleet", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getContentType(), executeGetRequest2.isJsonContentType());
        Settings build = Settings.builder().loadFromSource(executeGetRequest2.getBody(), XContentType.JSON).build();
        Assert.assertEquals("starfleet", build.getAsList("sg_role_starfleet.backend_roles").get(0));
        Assert.assertEquals("captains", build.getAsList("sg_role_starfleet.backend_roles").get(1));
        Assert.assertEquals("*.starfleetintranet.com", build.getAsList("sg_role_starfleet.hosts").get(0));
        Assert.assertEquals("nagilum", build.getAsList("sg_role_starfleet.users").get(0));
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/rolesmapping/nothinghthere", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/_searchguard/api/rolesmapping/", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Assert.assertTrue(executeGetRequest3.getContentType(), executeGetRequest3.isJsonContentType());
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/_searchguard/api/rolesmapping", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Assert.assertTrue(executeGetRequest4.getContentType(), executeGetRequest4.isJsonContentType());
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/rolesmapping/sg_role_internal", new Header[0]).getStatusCode());
        setupStarfleetIndex();
        addUserWithPassword("picard", "picard", new String[]{"captains"}, 201);
        checkWriteAccess(201, "picard", "picard", "sf", "ships", 1);
        checkWriteAccess(400, "picard", "picard", "sf", "public", 1);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/idonotexist", new Header[0]).getStatusCode());
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_library", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_role_internal", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeDeleteRequest = this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeDeleteRequest.getStatusCode());
        Assert.assertTrue(executeDeleteRequest.getContentType(), executeDeleteRequest.isJsonContentType());
        this.rh.executeGetRequest("_searchguard/api/rolesmapping", new Header[0]);
        this.rh.sendHTTPClientCertificate = false;
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
        checkWriteAccess(403, "picard", "picard", "sf", "public", 1);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_role_starfleet", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkAllSfForbidden();
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", "", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.PAYLOAD_MANDATORY.getMessage(), Settings.builder().loadFromSource(executePutRequest.getBody(), XContentType.JSON).build().get("reason"));
        Settings build2 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/rolesmapping_not_parseable.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage(), build2.get("reason"));
        Settings build3 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/rolesmapping_invalid_keys.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage(), build3.get("reason"));
        Assert.assertTrue(build3.get("invalid_keys.keys").contains("theusers"));
        Assert.assertTrue(build3.get("invalid_keys.keys").contains("thebackendroles"));
        Assert.assertTrue(build3.get("invalid_keys.keys").contains("thehosts"));
        Settings build4 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/rolesmapping_backendroles_captains_single_wrong_datatype.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build4.get("reason"));
        Assert.assertTrue(build4.get("backend_roles").equals("Array expected"));
        Assert.assertTrue(build4.get("hosts") == null);
        Assert.assertTrue(build4.get("users") == null);
        Settings build5 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/rolesmapping_hosts_single_wrong_datatype.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build5.get("reason"));
        Assert.assertTrue(build5.get("hosts").equals("Array expected"));
        Assert.assertTrue(build5.get("backend_roles") == null);
        Assert.assertTrue(build5.get("users") == null);
        Settings build6 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/rolesmapping_users_picard_single_wrong_datatype.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build6.get("reason"));
        Assert.assertTrue(build6.get("hosts").equals("Array expected"));
        Assert.assertTrue(build6.get("users").equals("Array expected"));
        Assert.assertTrue(build6.get("backend_roles").equals("Array expected"));
        Assert.assertEquals(403L, this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_library", FileHelper.loadFile("restapi/rolesmapping_all_access.json"), new Header[0]).getStatusCode());
        Assert.assertEquals(403L, this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_internal", FileHelper.loadFile("restapi/rolesmapping_all_access.json"), new Header[0]).getStatusCode());
        Assert.assertEquals(201L, this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/rolesmapping_all_access.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping/imnothere", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_library", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping/sg_role_internal", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest = this.rh.executePatchRequest("/_searchguard/api/rolesmapping/sg_role_vulcans", "[{ \"op\": \"add\", \"path\": \"/hidden\", \"value\": true }]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest.getStatusCode());
        Assert.assertTrue(executePatchRequest.getBody(), executePatchRequest.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping/sg_role_vulcans", "[{ \"op\": \"add\", \"path\": \"/backend_roles/-\", \"value\": \"spring\" }]", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest5 = this.rh.executeGetRequest("/_searchguard/api/rolesmapping/sg_role_vulcans", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
        List asList = Settings.builder().loadFromSource(executeGetRequest5.getBody(), XContentType.JSON).build().getAsList("sg_role_vulcans.backend_roles");
        Assert.assertNotNull(asList);
        Assert.assertTrue(asList.contains("spring"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"add\", \"path\": \"/imnothere/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"add\", \"path\": \"/sg_role_starfleet_library/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"add\", \"path\": \"/sg_role_internal/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest2 = this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"add\", \"path\": \"/sg_role_vulcans/hidden\", \"value\": true }]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest2.getStatusCode());
        Assert.assertTrue(executePatchRequest2.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"add\", \"path\": \"/bulknew1\", \"value\": {  \"backend_roles\":[\"vulcanadmin\"]} }]", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest6 = this.rh.executeGetRequest("/_searchguard/api/rolesmapping/bulknew1", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
        List asList2 = Settings.builder().loadFromSource(executeGetRequest6.getBody(), XContentType.JSON).build().getAsList("bulknew1.backend_roles");
        Assert.assertNotNull(asList2);
        Assert.assertTrue(asList2.contains("vulcanadmin"));
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest3 = this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"add\", \"path\": \"/bulknew1\", \"value\": {  \"unknownfield\":[\"vulcanadmin\"]} }]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest3.getStatusCode());
        Assert.assertTrue(executePatchRequest3.getContentType(), executePatchRequest3.isJsonContentType());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/rolesmapping", "[{ \"op\": \"remove\", \"path\": \"/bulknew1\"}]", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/rolesmapping/bulknew1", new Header[0]).getStatusCode());
        deleteAndputNewMapping("rolesmapping_backendroles_captains_list.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_backendroles_captains_single.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_users_picard_list.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_users_picard_single.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_hosts_list.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_hosts_single.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_all_access.json");
        checkAllSfAllowed();
        deleteAndputNewMapping("rolesmapping_all_noaccess.json");
        checkAllSfForbidden();
    }

    private void checkAllSfAllowed() throws Exception {
        this.rh.sendHTTPClientCertificate = false;
        checkReadAccess(200, "picard", "picard", "sf", "ships", 1);
        checkWriteAccess(200, "picard", "picard", "sf", "ships", 1);
        checkWriteAccess(400, "picard", "picard", "sf", "public", 1);
    }

    private void checkAllSfForbidden() throws Exception {
        this.rh.sendHTTPClientCertificate = false;
        checkReadAccess(403, "picard", "picard", "sf", "ships", 1);
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
    }

    private RestHelper.HttpResponse deleteAndputNewMapping(String str) throws Exception {
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/rolesmapping/sg_role_starfleet_captains", FileHelper.loadFile("restapi/" + str), new Header[0]);
        Assert.assertEquals(201L, executePutRequest.getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        return executePutRequest;
    }
}
