package com.floragunn.searchguard.auditlog.integration;

import com.floragunn.searchguard.auditlog.AbstractAuditlogiUnitTest;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import org.apache.http.Header;
import org.apache.http.NoHttpResponseException;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/auditlog/integration/BasicAuditlogTest.class */
public class BasicAuditlogTest extends AbstractAuditlogiUnitTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @Test
    public void testSimpleAuthenticated() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "authenticated").put("searchguard.audit.config.disabled_rest_categories", "authenticated").put("searchguard.audit.threadpool.size", 0).build());
        setupStarfleetIndex();
        TestAuditlogImpl.clear();
        System.out.println("#### testSimpleAuthenticated");
        Assert.assertEquals(200L, this.rh.executeGetRequest("_search", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        Thread.sleep(1500L);
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("GRANTED_PRIVILEGES"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("REST"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testSSLPlainText() throws Exception {
        setup(Settings.builder().put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/node-0-keystore.jks")).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/truststore.jks")).put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        TestAuditlogImpl.clear();
        try {
            nonSslRestHelper().executeGetRequest("_search", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.fail();
        } catch (NoHttpResponseException e) {
        }
        Thread.sleep(1500L);
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertFalse(TestAuditlogImpl.messages.isEmpty());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("SSL_EXCEPTION"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("exception_stacktrace"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("not an SSL/TLS record"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testSimpleTransportAuthenticated() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        setupStarfleetIndex();
        TestAuditlogImpl.clear();
        System.out.println("#### testSimpleAuthenticated");
        TransportClient userTransportClient = getUserTransportClient(this.clusterInfo, "spock-keystore.jks", Settings.EMPTY);
        try {
            ThreadContext.StoredContext stashContext = userTransportClient.threadPool().getThreadContext().stashContext();
            try {
                Header encodeBasicHeader = encodeBasicHeader("admin", "admin");
                userTransportClient.threadPool().getThreadContext().putHeader(encodeBasicHeader.getName(), encodeBasicHeader.getValue());
                System.out.println((SearchResponse) userTransportClient.search(new SearchRequest()).actionGet());
                stashContext.close();
                if (userTransportClient != null) {
                    userTransportClient.close();
                }
                Thread.sleep(1500L);
                System.out.println(TestAuditlogImpl.sb.toString());
                Assert.assertTrue("Was " + TestAuditlogImpl.messages.size(), TestAuditlogImpl.messages.size() >= 2);
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("GRANTED_PRIVILEGES"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("TRANSPORT"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\"audit_request_effective_user\" : \"admin\""));
                Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("REST"));
                Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization"));
                Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
            } catch (Throwable th) {
                stashContext.close();
                throw th;
            }
        } catch (Throwable th2) {
            if (userTransportClient != null) {
                try {
                    userTransportClient.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    @Test
    public void testTaskId() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        setupStarfleetIndex();
        TestAuditlogImpl.clear();
        TransportClient userTransportClient = getUserTransportClient(this.clusterInfo, "spock-keystore.jks", Settings.EMPTY);
        try {
            ThreadContext.StoredContext stashContext = userTransportClient.threadPool().getThreadContext().stashContext();
            try {
                Header encodeBasicHeader = encodeBasicHeader("admin", "admin");
                userTransportClient.threadPool().getThreadContext().putHeader(encodeBasicHeader.getName(), encodeBasicHeader.getValue());
                System.out.println((SearchResponse) userTransportClient.search(new SearchRequest()).actionGet());
                stashContext.close();
                if (userTransportClient != null) {
                    userTransportClient.close();
                }
                Thread.sleep(1500L);
                System.out.println(TestAuditlogImpl.sb.toString());
                Assert.assertTrue(String.valueOf(TestAuditlogImpl.messages.size()), TestAuditlogImpl.messages.size() >= 2);
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("GRANTED_PRIVILEGES"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("TRANSPORT"));
                Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\"audit_request_effective_user\" : \"admin\""));
                Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("REST"));
                Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization"));
                Assert.assertEquals(TestAuditlogImpl.messages.get(0).getAsMap().get("audit_trace_task_id"), TestAuditlogImpl.messages.get(1).getAsMap().get("audit_trace_task_id"));
                Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
            } catch (Throwable th) {
                stashContext.close();
                throw th;
            }
        } catch (Throwable th2) {
            if (userTransportClient != null) {
                try {
                    userTransportClient.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    @Test
    public void testDefaultsRest() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        setupStarfleetIndex();
        TestAuditlogImpl.clear();
        Assert.assertEquals(200L, this.rh.executeGetRequest("_search", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        Thread.sleep(1500L);
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertEquals(2L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("GRANTED_PRIVILEGES"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("TRANSPORT"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\"audit_request_effective_user\" : \"admin\""));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("REST"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testAuthenticated() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        setupStarfleetIndex();
        TestAuditlogImpl.clear();
        testMsearch();
        TestAuditlogImpl.clear();
        testBulkAuth();
        TestAuditlogImpl.clear();
        testBulkNonAuth();
        TestAuditlogImpl.clear();
        testUpdateSettings();
        TestAuditlogImpl.clear();
    }

    @Test
    public void testNonAuthenticated() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.threadpool.size", -1).build());
        setupStarfleetIndex();
        TestAuditlogImpl.clear();
        testJustAuthenticated();
        TestAuditlogImpl.clear();
        testBadHeader();
        TestAuditlogImpl.clear();
        testMissingPriv();
        TestAuditlogImpl.clear();
        testSgIndexAttempt();
        TestAuditlogImpl.clear();
        testUnauthenticated();
        TestAuditlogImpl.clear();
        testUnknownAuthorization();
        TestAuditlogImpl.clear();
        testWrongUser();
        TestAuditlogImpl.clear();
    }

    public void testWrongUser() throws Exception {
        Assert.assertEquals(401L, this.rh.executeGetRequest("", new Header[]{encodeBasicHeader("wronguser", "admin")}).getStatusCode());
        Thread.sleep(500L);
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("FAILED_LOGIN"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("wronguser"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("@timestamp"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testUnknownAuthorization() throws Exception {
        Assert.assertEquals(401L, this.rh.executeGetRequest("", new Header[]{encodeBasicHeader("unknown", "unknown")}).getStatusCode());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("FAILED_LOGIN"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("Basic dW5rbm93bjp1bmtub3du"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("@timestamp"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testUnauthenticated() throws Exception {
        System.out.println("#### testUnauthenticated");
        Assert.assertEquals(401L, this.rh.executeGetRequest("_search", new Header[0]).getStatusCode());
        Thread.sleep(1500L);
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("FAILED_LOGIN"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("<NONE>"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("/_search"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("@timestamp"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testJustAuthenticated() throws Exception {
        Assert.assertEquals(200L, this.rh.executeGetRequest("", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        Assert.assertEquals(0L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testSgIndexAttempt() throws Exception {
        Assert.assertEquals(403L, this.rh.executePutRequest("searchguard/config/0", "{}", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("MISSING_PRIVILEGES"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("SG_INDEX_ATTEMPT"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("admin"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("@timestamp"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertEquals(2L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testBadHeader() throws Exception {
        Assert.assertEquals(403L, this.rh.executeGetRequest("", new Header[]{new BasicHeader("_sg_bad", "bad"), encodeBasicHeader("admin", "admin")}).getStatusCode());
        Assert.assertFalse(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("BAD_HEADERS"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("_sg_bad"));
        Assert.assertEquals(TestAuditlogImpl.sb.toString(), 1L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testMissingPriv() throws Exception {
        Assert.assertEquals(403L, this.rh.executeGetRequest("sf/_search", new Header[]{encodeBasicHeader("worf", "worf")}).getStatusCode());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("MISSING_PRIVILEGES"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/search"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("worf"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\"sf\""));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("@timestamp"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testMsearch() throws Exception {
        String str = "{\"index\":\"sf\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":0,\"query\":{\"match_all\":{}}}" + System.lineSeparator() + "{\"index\":\"sf\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":0,\"query\":{\"match_all\":{}}}" + System.lineSeparator();
        System.out.println("##### msaerch");
        Assert.assertEquals(this.rh.executePostRequest("_msearch?pretty", str, new Header[]{encodeBasicHeader("admin", "admin")}).getStatusReason(), 200L, r0.getStatusCode());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("indices:data/read/msearch"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("indices:data/read/search"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.sb.toString().contains("match_all"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("audit_trace_task_id"));
        Assert.assertEquals(TestAuditlogImpl.sb.toString(), 4L, TestAuditlogImpl.messages.size());
        Assert.assertFalse(TestAuditlogImpl.sb.toString().toLowerCase().contains("authorization"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testBulkAuth() throws Exception {
        System.out.println("#### testBulkAuth");
        RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("_bulk", "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"worf\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"update\" : {\"_id\" : \"1\", \"_type\" : \"type1\", \"_index\" : \"test\"} }" + System.lineSeparator() + "{ \"doc\" : {\"field\" : \"valuex\"} }" + System.lineSeparator() + "{ \"delete\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"create\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value3x\" }" + System.lineSeparator(), new Header[]{encodeBasicHeader("admin", "admin")});
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        Assert.assertTrue(executePostRequest.getBody().contains("\"errors\":false"));
        Assert.assertTrue(executePostRequest.getBody().contains("\"status\":201"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:admin/auto_create"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/write/bulk"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("IndexRequest"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("audit_trace_task_parent_id"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("audit_trace_task_id"));
        Assert.assertTrue(TestAuditlogImpl.messages.size() >= 17);
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testBulkNonAuth() throws Exception {
        RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("_bulk", "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"worf\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"update\" : {\"_id\" : \"1\", \"_type\" : \"type1\", \"_index\" : \"test\"} }" + System.lineSeparator() + "{ \"doc\" : {\"field\" : \"valuex\"} }" + System.lineSeparator() + "{ \"delete\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"create\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value3x\" }" + System.lineSeparator(), new Header[]{encodeBasicHeader("worf", "worf")});
        System.out.println(executePostRequest.getBody());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        Assert.assertTrue(executePostRequest.getBody().contains("\"errors\":true"));
        Assert.assertTrue(executePostRequest.getBody().contains("\"status\":200"));
        Assert.assertTrue(executePostRequest.getBody().contains("\"status\":403"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("MISSING_PRIVILEGES"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/write/bulk[s]"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("IndexRequest"));
        Assert.assertTrue(TestAuditlogImpl.messages.size() >= 7);
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    public void testUpdateSettings() throws Exception {
        Assert.assertEquals(200L, this.rh.executePutRequest("_cluster/settings", "{\"persistent\" : {\"discovery.zen.minimum_master_nodes\" : 1},\"transient\" : {\"discovery.zen.minimum_master_nodes\" : 1}}", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("AUTHENTICATED"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("cluster:admin/settings/update"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("discovery.zen.minimum_master_nodes"));
        Assert.assertTrue(TestAuditlogImpl.messages.size() > 1);
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testIndexPattern() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", "internal_elasticsearch").put("searchguard.audit.log_request_body", false).put("searchguard.audit.resolve_indices", false).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 10).put("searchguard.audit.config.index", "'auditlog-'YYYY.MM.dd.ss").build());
        setupStarfleetIndex();
        boolean z = this.rh.sendHTTPClientCertificate;
        String str = this.rh.keystore;
        this.rh.sendHTTPClientCertificate = true;
        this.rh.keystore = "auditlog/kirk-keystore.jks";
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_cat/indices", new Header[0]);
        this.rh.sendHTTPClientCertificate = z;
        this.rh.keystore = str;
        Assert.assertTrue(executeGetRequest.getBody().contains("auditlog-20"));
    }

    @Test
    public void testAliases() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.admin().indices().create(new CreateIndexRequest("copysf")).actionGet();
            internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("spock").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("kirk").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("role01_role02").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            TestAuditlogImpl.clear();
            Assert.assertEquals(200L, this.rh.executeGetRequest("sf/_search?pretty", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            System.out.println(TestAuditlogImpl.sb.toString());
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("starfleet_academy"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("starfleet_library"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("starfleet"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("sf"));
            Assert.assertEquals(2L, TestAuditlogImpl.messages.size());
            Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testScroll() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        for (int i = 0; i < 3; i++) {
            try {
                internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            } catch (Throwable th) {
                if (internalTransportClient != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (internalTransportClient != null) {
            internalTransportClient.close();
        }
        TestAuditlogImpl.clear();
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("vulcangov/_search?scroll=1m&pretty=true", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        int indexOf = executeGetRequest.getBody().indexOf("_scroll_id") + 15;
        Assert.assertEquals(200L, this.rh.executePostRequest("/_search/scroll?pretty=true", "{\"scroll_id\" : \"" + executeGetRequest.getBody().substring(indexOf, executeGetRequest.getBody().indexOf("\"", indexOf + 1)) + "\"}", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        Assert.assertEquals(4L, TestAuditlogImpl.messages.size());
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("vulcangov/_search?scroll=1m&pretty=true", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        int indexOf2 = executeGetRequest2.getBody().indexOf("_scroll_id") + 15;
        String substring = executeGetRequest2.getBody().substring(indexOf2, executeGetRequest2.getBody().indexOf("\"", indexOf2 + 1));
        TestAuditlogImpl.clear();
        Assert.assertEquals(403L, this.rh.executePostRequest("/_search/scroll?pretty=true", "{\"scroll_id\" : \"" + substring + "\"}", new Header[]{encodeBasicHeader("admin2", "admin")}).getStatusCode());
        Thread.sleep(1000L);
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("InternalScrollSearchRequest"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("MISSING_PRIVILEGES"));
        Assert.assertTrue(TestAuditlogImpl.messages.size() > 2);
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testAliasResolution() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", false).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        for (int i = 0; i < 3; i++) {
            try {
                internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            } catch (Throwable th) {
                if (internalTransportClient != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("thealias").index("vulcangov"))).actionGet();
        if (internalTransportClient != null) {
            internalTransportClient.close();
        }
        TestAuditlogImpl.clear();
        Assert.assertEquals(200L, this.rh.executeGetRequest("thealias/_search?pretty", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("thealias"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("audit_trace_resolved_indices"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("vulcangov"));
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        TestAuditlogImpl.clear();
    }

    @Test
    public void testAliasBadHeaders() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        TestAuditlogImpl.clear();
        Assert.assertEquals(403L, this.rh.executeGetRequest("_search?pretty", new Header[]{new BasicHeader("_sg_user", "xxx"), encodeBasicHeader("admin", "admin")}).getStatusCode());
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("YWRtaW46YWRtaW4"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("BAD_HEADERS"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("xxx"));
        Assert.assertEquals(1L, TestAuditlogImpl.messages.size());
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        TestAuditlogImpl.clear();
    }

    @Test
    public void testIndexCloseDelete() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_transport_categories", "NONE").put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.threadpool.size", 0).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.admin().indices().create(new CreateIndexRequest("index1")).actionGet();
            internalTransportClient.admin().indices().create(new CreateIndexRequest("index2")).actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            TestAuditlogImpl.clear();
            Assert.assertEquals(200L, this.rh.executeDeleteRequest("index1?pretty", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            Assert.assertEquals(200L, this.rh.executePostRequest("index2/_close?pretty", "", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            System.out.println(TestAuditlogImpl.sb.toString());
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:admin/close"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:admin/delete"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString(), TestAuditlogImpl.messages.size() >= 2);
            Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testDeleteByQuery() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.enable_rest", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.disabled_rest_categories", "NONE").put("searchguard.audit.config.disabled_transport_categories", "NONE").build());
        TransportClient internalTransportClient = getInternalTransportClient();
        for (int i = 0; i < 3; i++) {
            try {
                internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            } catch (Throwable th) {
                if (internalTransportClient != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (internalTransportClient != null) {
            internalTransportClient.close();
        }
        TestAuditlogImpl.clear();
        RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("/vulcango*/_delete_by_query?refresh=true&wait_for_completion=true&pretty=true", "{\"query\" : {\"match_all\" : {}}}", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        assertContains(executePostRequest, "*\"deleted\" : 3,*");
        String stringBuffer = TestAuditlogImpl.sb.toString();
        Assert.assertTrue(stringBuffer.contains("indices:data/write/delete/byquery"));
        Assert.assertTrue(stringBuffer.contains("indices:data/write/bulk"));
        Assert.assertTrue(stringBuffer.contains("indices:data/read/search"));
    }
}
