package com.floragunn.searchguard.dlic.dlsfls;

import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import org.apache.http.Header;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/dlsfls/FieldMaskedTest.class */
public class FieldMaskedTest extends AbstractDlsFlsTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @Override // com.floragunn.searchguard.dlic.dlsfls.AbstractDlsFlsTest
    protected void populateData(TransportClient transportClient) {
        transportClient.index(new IndexRequest("searchguard").id("config").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", FileHelper.readYamlContent("dlsfls/sg_config.yml")})).actionGet();
        transportClient.index(new IndexRequest("searchguard").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("internalusers").source(new Object[]{"internalusers", FileHelper.readYamlContent("dlsfls/sg_internal_users.yml")})).actionGet();
        transportClient.index(new IndexRequest("searchguard").id("roles").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", FileHelper.readYamlContent("dlsfls/sg_roles.yml")})).actionGet();
        transportClient.index(new IndexRequest("searchguard").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("rolesmapping").source(new Object[]{"rolesmapping", FileHelper.readYamlContent("dlsfls/sg_roles_mapping.yml")})).actionGet();
        transportClient.index(new IndexRequest("searchguard").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("actiongroups").source(new Object[]{"actiongroups", FileHelper.readYamlContent("dlsfls/sg_action_groups.yml")})).actionGet();
        transportClient.index(new IndexRequest("deals").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"customer\": {\"name\":\"cust1\"}, \"ip_source\": \"100.100.1.1\",\"ip_dest\": \"123.123.1.1\",\"amount\": 10}", XContentType.JSON)).actionGet();
        transportClient.index(new IndexRequest("deals").id("2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"customer\": {\"name\":\"cust2\"}, \"ip_source\": \"100.100.2.2\",\"ip_dest\": \"123.123.2.2\",\"amount\": 20}", XContentType.JSON)).actionGet();
        for (int i = 0; i < 30; i++) {
            transportClient.index(new IndexRequest("deals").id("a" + i).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"customer\": {\"name\":\"cust1\"}, \"ip_source\": \"200.100.1.1\",\"ip_dest\": \"123.123.1.1\",\"amount\": 10}", XContentType.JSON)).actionGet();
        }
    }

    @Test
    public void testMaskedAggregations() throws Exception {
        setup();
        RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("/deals/_search?pretty&size=0", "{\"query\" : {\"match_all\": {}},\"aggs\" : {\"ips\" : { \"terms\" : { \"field\" : \"ip_source.keyword\" } }}}", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        Assert.assertFalse(executePostRequest.getBody().contains("100.100"));
    }

    @Test
    public void testMaskedAggregationsRace() throws Exception {
        setup();
        RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("/deals/_search?pretty&size=0", "{\"aggs\" : {\"ips\" : { \"terms\" : { \"field\" : \"ip_source.keyword\", \"size\": 1002, \"show_term_doc_count_error\": true } }}}", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        Assert.assertTrue(executePostRequest.getBody().contains("100.100"));
        Assert.assertTrue(executePostRequest.getBody().contains("200.100"));
        Assert.assertTrue(executePostRequest.getBody().contains("\"doc_count\" : 30"));
        Assert.assertTrue(executePostRequest.getBody().contains("\"doc_count\" : 1"));
        Assert.assertFalse(executePostRequest.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae"));
        Assert.assertFalse(executePostRequest.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e"));
        Assert.assertFalse(executePostRequest.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        RestHelper.HttpResponse executePostRequest2 = this.rh.executePostRequest("/deals/_search?pretty&size=0", "{\"aggs\" : {\"ips\" : { \"terms\" : { \"field\" : \"ip_source.keyword\", \"size\": 1002, \"show_term_doc_count_error\": true } }}}", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executePostRequest2.getStatusCode());
        Assert.assertTrue(executePostRequest2.getBody().contains("\"doc_count\" : 30"));
        Assert.assertTrue(executePostRequest2.getBody().contains("\"doc_count\" : 1"));
        Assert.assertFalse(executePostRequest2.getBody().contains("100.100"));
        Assert.assertFalse(executePostRequest2.getBody().contains("200.100"));
        Assert.assertTrue(executePostRequest2.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae"));
        Assert.assertTrue(executePostRequest2.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e"));
        Assert.assertTrue(executePostRequest2.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        for (int i = 0; i < 10; i++) {
            RestHelper.HttpResponse executePostRequest3 = this.rh.executePostRequest("/deals/_search?pretty&size=0", "{\"aggs\" : {\"ips\" : { \"terms\" : { \"field\" : \"ip_source.keyword\", \"size\": 1002, \"show_term_doc_count_error\": true } }}}", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executePostRequest3.getStatusCode());
            Assert.assertTrue(executePostRequest3.getBody().contains("100.100"));
            Assert.assertTrue(executePostRequest3.getBody().contains("200.100"));
            Assert.assertTrue(executePostRequest3.getBody().contains("\"doc_count\" : 30"));
            Assert.assertTrue(executePostRequest3.getBody().contains("\"doc_count\" : 1"));
            Assert.assertFalse(executePostRequest3.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae"));
            Assert.assertFalse(executePostRequest3.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e"));
            Assert.assertFalse(executePostRequest3.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        }
    }

    @Test
    public void testMaskedSearch() throws Exception {
        setup();
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/deals/_search?pretty&size=100", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("\"value\" : 32"));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"failed\" : 0"));
        Assert.assertTrue(executeGetRequest.getBody().contains("cust1"));
        Assert.assertTrue(executeGetRequest.getBody().contains("cust2"));
        Assert.assertTrue(executeGetRequest.getBody().contains("100.100.1.1"));
        Assert.assertTrue(executeGetRequest.getBody().contains("100.100.2.2"));
        Assert.assertFalse(executeGetRequest.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/deals/_search?pretty&size=100&q=100.100.1.1", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getBody().contains("100.100.1.1"));
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/deals/_search?pretty&size=100", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Assert.assertTrue(executeGetRequest3.getBody().contains("\"value\" : 32"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("\"failed\" : 0"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("cust1"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("cust2"));
        Assert.assertFalse(executeGetRequest3.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest3.getBody().contains("100.100.2.2"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/deals/_search?pretty&size=100&q=100.100.1.1", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Assert.assertFalse(executeGetRequest4.getBody(), executeGetRequest4.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest4.getBody(), executeGetRequest4.getBody().contains("ip_source"));
    }

    @Test
    public void testMaskedSearchLocalHash() throws Exception {
        setup(Settings.builder().put("searchguard.compliance.local_hashing_enabled", true).build());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/deals/_search?pretty&size=100", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("\"value\" : 32"));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"failed\" : 0"));
        Assert.assertTrue(executeGetRequest.getBody().contains("cust1"));
        Assert.assertTrue(executeGetRequest.getBody().contains("cust2"));
        Assert.assertFalse(executeGetRequest.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest.getBody().contains("100.100.2.2"));
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/deals/_search?pretty&size=100&q=100.100.1.1", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertFalse(executeGetRequest2.getBody(), executeGetRequest2.getBody().contains("100.100.1.1"));
        Assert.assertTrue(executeGetRequest2.getBody(), executeGetRequest2.getBody().contains("ip_source"));
    }

    @Test
    public void testMaskedSearchDCAggLocalHash() throws Exception {
        setup(Settings.builder().put("searchguard.compliance.local_hashing_enabled", true).build());
        for (int i = 0; i < 15; i++) {
            RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("/deals/_search?pretty&size=0", "{\n  \"query\": {\n    \"term\": {\n      \"customer.name\": \"cust1\"\n    }\n  },  \"aggs\" : {\n        \"type_count\" : {\n            \"cardinality\" : {\n                \"field\" : \"ip_source.keyword\"\n            }\n        }\n    }\n}", new Header[]{encodeBasicHeader("user_masked", "password")});
            Assert.assertEquals(200L, executePostRequest.getStatusCode());
            Assert.assertTrue(executePostRequest.getBody().contains("\"value\" : 31"));
            Assert.assertTrue(executePostRequest.getBody().contains("\"failed\" : 0"));
            Assert.assertTrue(executePostRequest.getBody().contains("\"value\" : 2"));
        }
        System.out.println(this.rh.executeGetRequest("/deals/_stats/request_cache,query_cache?human&pretty", new Header[]{encodeBasicHeader("admin", "admin")}).getBody());
        initialize(this.clusterInfo, new DynamicSgConfig().setSgConfig("sg_config_salt2_changed.yml"));
        RestHelper.HttpResponse executePostRequest2 = this.rh.executePostRequest("/deals/_search?pretty&size=0", "{\n  \"query\": {\n    \"term\": {\n      \"customer.name\": \"cust1\"\n    }\n  },  \"aggs\" : {\n        \"type_count\" : {\n            \"cardinality\" : {\n                \"field\" : \"ip_source.keyword\"\n            }\n        }\n    }\n}", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executePostRequest2.getStatusCode());
        Assert.assertTrue(executePostRequest2.getBody().contains("\"value\" : 31"));
        Assert.assertTrue(executePostRequest2.getBody().contains("\"failed\" : 0"));
        Assert.assertTrue(executePostRequest2.getBody().contains("\"value\" : 2"));
    }

    @Test
    public void testMaskedGet() throws Exception {
        setup();
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/deals/_doc/0?pretty", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("\"found\" : true"));
        Assert.assertTrue(executeGetRequest.getBody().contains("cust1"));
        Assert.assertFalse(executeGetRequest.getBody().contains("cust2"));
        Assert.assertTrue(executeGetRequest.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest.getBody().contains("100.100.2.2"));
        Assert.assertFalse(executeGetRequest.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/deals/_doc/0?pretty", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"found\" : true"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("cust1"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("cust2"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("100.100.2.2"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
    }

    @Test
    public void testMaskedGetPrefix() throws Exception {
        setup(Settings.builder().put("searchguard.compliance.mask_prefix", "anon:").build());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/deals/_doc/0?pretty", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("\"found\" : true"));
        Assert.assertTrue(executeGetRequest.getBody().contains("cust1"));
        Assert.assertFalse(executeGetRequest.getBody().contains("cust2"));
        Assert.assertTrue(executeGetRequest.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest.getBody().contains("100.100.2.2"));
        Assert.assertFalse(executeGetRequest.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        Assert.assertFalse(executeGetRequest.getBody().contains("anon:"));
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/deals/_doc/0?pretty", new Header[]{encodeBasicHeader("user_masked", "password")});
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"found\" : true"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("cust1"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("cust2"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("100.100.1.1"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("100.100.2.2"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("anon:87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("anon:"));
    }
}
