package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.DefaultObjectMapper;
import com.floragunn.searchguard.support.SgJsonNode;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import org.apache.http.Header;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/RoleBasedAccessTest.class */
public class RoleBasedAccessTest extends AbstractRestApiUnitTest {
    @Test
    public void testActionGroupsApi() throws Exception {
        setupWithRestRoles();
        this.rh.sendHTTPClientCertificate = false;
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/_searchguard/api/internalusers/admin", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Settings build = Settings.builder().loadFromSource(executeGetRequest.getBody(), XContentType.JSON).build();
        Assert.assertTrue(build.get("admin.hash") != null);
        Assert.assertEquals("", build.get("admin.hash"));
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/internalusers/admin", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(Settings.builder().loadFromSource(executeGetRequest2.getBody(), XContentType.JSON).build().get("admin.hash") != null);
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/_searchguard/api/internalusers/", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Settings build2 = Settings.builder().loadFromSource(executeGetRequest3.getBody(), XContentType.JSON).build();
        Assert.assertEquals("", build2.get("admin.hash"));
        Assert.assertEquals("", build2.get("sarek.hash"));
        Assert.assertEquals("", build2.get("worf.hash"));
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/_searchguard/api/internalusers/", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Settings build3 = Settings.builder().loadFromSource(executeGetRequest4.getBody(), XContentType.JSON).build();
        Assert.assertEquals("", build3.get("admin.hash"));
        Assert.assertEquals("", build3.get("sarek.hash"));
        Assert.assertEquals("", build3.get("worf.hash"));
        RestHelper.HttpResponse executeGetRequest5 = this.rh.executeGetRequest("/_searchguard/api/internalusers", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
        Settings build4 = Settings.builder().loadFromSource(executeGetRequest5.getBody(), XContentType.JSON).build();
        Assert.assertEquals("", build4.get("admin.hash"));
        Assert.assertEquals("", build4.get("sarek.hash"));
        Assert.assertEquals("", build4.get("worf.hash"));
        RestHelper.HttpResponse executeGetRequest6 = this.rh.executeGetRequest("/_searchguard/api/internalusers", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
        Settings build5 = Settings.builder().loadFromSource(executeGetRequest6.getBody(), XContentType.JSON).build();
        Assert.assertEquals("", build5.get("admin.hash"));
        Assert.assertEquals("", build5.get("sarek.hash"));
        Assert.assertEquals("", build5.get("worf.hash"));
        RestHelper.HttpResponse executeGetRequest7 = this.rh.executeGetRequest("/_searchguard/api/rolesmapping", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest7.getStatusCode());
        Settings build6 = Settings.builder().loadFromSource(executeGetRequest7.getBody(), XContentType.JSON).build();
        Assert.assertEquals("", build6.getAsList("sg_all_access.users").get(0), "nagilum");
        Assert.assertEquals("", build6.getAsList("sg_role_starfleet_library.backend_roles").get(0), "starfleet*");
        Assert.assertEquals("", build6.getAsList("sg_zdummy_all.users").get(0), "bug108");
        RestHelper.HttpResponse executeGetRequest8 = this.rh.executeGetRequest("_searchguard/api/license", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(403L, executeGetRequest8.getStatusCode());
        Assert.assertTrue(executeGetRequest8.getBody().contains("does not have any access to endpoint LICENSE"));
        RestHelper.HttpResponse executeDeleteRequest = this.rh.executeDeleteRequest("_searchguard/api/cache", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(403L, executeDeleteRequest.getStatusCode());
        Assert.assertTrue(executeDeleteRequest.getBody().contains("does not have any access to endpoint CACHE"));
        RestHelper.HttpResponse executeDeleteRequest2 = this.rh.executeDeleteRequest("_searchguard/api/cache", new Header[]{encodeBasicHeader("sarek", "sarek")});
        Assert.assertEquals(403L, executeDeleteRequest2.getStatusCode());
        Assert.assertTrue(executeDeleteRequest2.getBody().contains("does not have any access to endpoint CACHE"));
        RestHelper.HttpResponse executeGetRequest9 = this.rh.executeGetRequest("/_searchguard/api/internalusers/admin", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(403L, executeGetRequest9.getStatusCode());
        Assert.assertTrue(executeGetRequest9.getBody().contains("does not have any role privileged for admin access"));
        RestHelper.HttpResponse executeGetRequest10 = this.rh.executeGetRequest("/_searchguard/api/internalusers/admin", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(403L, executeGetRequest10.getStatusCode());
        Assert.assertTrue(executeGetRequest10.getBody().contains("does not have any role privileged for admin access"));
        RestHelper.HttpResponse executeGetRequest11 = this.rh.executeGetRequest("/_searchguard/api/internalusers", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(403L, executeGetRequest11.getStatusCode());
        Assert.assertTrue(executeGetRequest11.getBody().contains("does not have any role privileged for admin access"));
        RestHelper.HttpResponse executeGetRequest12 = this.rh.executeGetRequest("/_searchguard/api/roles", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(403L, executeGetRequest12.getStatusCode());
        Assert.assertTrue(executeGetRequest12.getBody().contains("does not have any role privileged for admin access"));
        RestHelper.HttpResponse executeDeleteRequest3 = this.rh.executeDeleteRequest("/_searchguard/api/internalusers/admin", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(403L, executeDeleteRequest3.getStatusCode());
        Assert.assertTrue(executeDeleteRequest3.getBody().contains("does not have any role privileged for admin access"));
        RestHelper.HttpResponse executeDeleteRequest4 = this.rh.executeDeleteRequest("/_searchguard/api/internalusers/other", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeDeleteRequest4.getStatusCode());
        Assert.assertTrue(executeDeleteRequest4.getBody().contains("'other' deleted"));
        RestHelper.HttpResponse executeGetRequest13 = this.rh.executeGetRequest("/_searchguard/api/internalusers/other", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(404L, executeGetRequest13.getStatusCode());
        Assert.assertTrue(executeGetRequest13.getBody().contains("'other' not found"));
        RestHelper.HttpResponse executeGetRequest14 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest14.getStatusCode());
        Assert.assertEquals(new SgJsonNode(DefaultObjectMapper.readTree(executeGetRequest14.getBody())).getDotted("sg_role_starfleet_captains.cluster_permissions").get(0).asString(), "cluster:monitor*");
        RestHelper.HttpResponse executeDeleteRequest5 = this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeDeleteRequest5.getStatusCode());
        Assert.assertTrue(executeDeleteRequest5.getBody().contains("'sg_role_starfleet_captains' deleted"));
        RestHelper.HttpResponse executeGetRequest15 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(404L, executeGetRequest15.getStatusCode());
        Assert.assertTrue(executeGetRequest15.getBody().contains("'sg_role_starfleet_captains' not found"));
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_unittest_1", new Header[]{encodeBasicHeader("worf", "worf")}).getStatusCode());
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("/_searchguard/api/rolesmapping/sg_unittest_1", new Header[]{encodeBasicHeader("worf", "worf")}).getStatusCode());
        Assert.assertEquals(403L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants.json"), new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_different_content.json"), new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(201L, executePutRequest.getStatusCode());
        Settings.builder().loadFromSource(executePutRequest.getBody(), XContentType.JSON).build();
        RestHelper.HttpResponse executeGetRequest16 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("worf", "worf")});
        Assert.assertEquals(200L, executeGetRequest16.getStatusCode());
        Assert.assertEquals(new SgJsonNode(DefaultObjectMapper.readTree(executeGetRequest16.getBody())).getDotted("sg_role_starfleet_captains.index_permissions").get(0).get("allowed_actions").get(0).asString(), "blafasel");
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest17 = this.rh.executeGetRequest("/_searchguard/api/internalusers/admin", new Header[]{encodeBasicHeader("la", "lu")});
        Assert.assertEquals(200L, executeGetRequest17.getStatusCode());
        Settings build7 = Settings.builder().loadFromSource(executeGetRequest17.getBody(), XContentType.JSON).build();
        Assert.assertTrue(build7.get("admin.hash") != null);
        Assert.assertEquals("", build7.get("admin.hash"));
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("_searchguard/api/cache", new Header[]{encodeBasicHeader("wrong", "wrong")}).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        Assert.assertEquals(200L, this.rh.executeGetRequest("_searchguard/api/actiongroups", new Header[]{encodeBasicHeader("test", "test")}).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("_searchguard/api/license", new Header[]{encodeBasicHeader("test", "test")}).getStatusCode());
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("_searchguard/api/cache", new Header[]{encodeBasicHeader("test", "test")}).getStatusCode());
        Assert.assertEquals(200L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_different_content.json"), new Header[]{encodeBasicHeader("test", "test")}).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("test", "test")}).getStatusCode());
        RestHelper.HttpResponse executeDeleteRequest6 = this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("test", "test")});
        Assert.assertEquals(200L, executeDeleteRequest6.getStatusCode());
        Assert.assertTrue(executeDeleteRequest6.getBody().contains("'sg_role_starfleet_captains' deleted"));
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[]{encodeBasicHeader("test", "test")}).getStatusCode());
    }
}
