package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.sgconf.impl.CType;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.net.URLEncoder;
import java.util.List;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xcontent.XContentType;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/UserApiTest.class */
public class UserApiTest extends AbstractRestApiUnitTest {
    @Test
    public void testSearchGuardRoles() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(this.rh.executeGetRequest("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]).getBody(), 200L, r0.getStatusCode());
        Assert.assertEquals(35L, Settings.builder().loadFromSource(r0.getBody(), XContentType.JSON).build().size());
        Assert.assertEquals(this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/newuser\", \"value\": {\"password\": \"newuser\", \"search_guard_roles\": [\"sg_all_access\"] } }]", new Header[0]).getBody(), 200L, r0.getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/_searchguard/api/internalusers/newuser", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("\"search_guard_roles\":[\"sg_all_access\"]"));
        checkGeneralAccess(200, "newuser", "newuser");
    }

    @Test
    public void testUserApi() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(this.rh.executeGetRequest("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]).getBody(), 200L, r0.getStatusCode());
        Assert.assertEquals(35L, Settings.builder().loadFromSource(r0.getBody(), XContentType.JSON).build().size());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/_searchguard/api/internalusers/admin", new Header[0]);
        Assert.assertEquals(executeGetRequest.getBody(), 200L, executeGetRequest.getStatusCode());
        System.out.println(executeGetRequest.getBody());
        Settings build = Settings.builder().loadFromSource(executeGetRequest.getBody(), XContentType.JSON).build();
        Assert.assertEquals(7L, build.size());
        Assert.assertEquals("", build.get("admin.hash"));
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/internalusers/nothinghthere", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/internalusers/", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/internalusers", new Header[0]).getStatusCode());
        Assert.assertEquals(405L, this.rh.executePutRequest("/_searchguard/api/internalusers/", "{\"hash\": \"123\"}", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/internalusers/nagilum", "{some: \"thing\" asd  other: \"thing\"}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertEquals(Settings.builder().loadFromSource(executePutRequest.getBody(), XContentType.JSON).build().get("reason"), AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage());
        RestHelper.HttpResponse executePutRequest2 = this.rh.executePutRequest("/_searchguard/api/internalusers/nagilum", "{some: \"thing\", other: \"thing\"}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest2.getStatusCode());
        Settings.builder().loadFromSource(executePutRequest2.getBody(), XContentType.JSON).build();
        RestHelper.HttpResponse executePutRequest3 = this.rh.executePutRequest("/_searchguard/api/internalusers/nagilum", "{\"some\": \"thing\", \"other\": \"thing\"}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest3.getStatusCode());
        Settings build2 = Settings.builder().loadFromSource(executePutRequest3.getBody(), XContentType.JSON).build();
        Assert.assertEquals(build2.get("reason"), AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage());
        Assert.assertTrue(build2.get("invalid_keys.keys").contains("some"));
        Assert.assertTrue(build2.get("invalid_keys.keys").contains("other"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executePatchRequest("/_searchguard/api/internalusers/imnothere", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/internalusers/sarek", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executePatchRequest("/_searchguard/api/internalusers/q", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest = this.rh.executePatchRequest("/_searchguard/api/internalusers/test", "[{ \"op\": \"add\", \"path\": \"/hidden\", \"value\": true }]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest.getStatusCode());
        Assert.assertTrue(executePatchRequest.getBody(), executePatchRequest.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/internalusers/test", "[{ \"op\": \"add\", \"path\": \"/password\", \"value\": \"neu\" }]", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/internalusers/test", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Settings build3 = Settings.builder().loadFromSource(executeGetRequest2.getBody(), XContentType.JSON).build();
        Assert.assertFalse(build3.hasValue("test.password"));
        Assert.assertTrue(build3.hasValue("test.hash"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/imnothere/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/sarek/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/q/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest2 = this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/test/hidden\", \"value\": true }]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest2.getStatusCode());
        Assert.assertTrue(executePatchRequest2.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/bulknew1\", \"value\": {\"password\": \"bla\", \"backend_roles\": [\"vulcan\"] } }]", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/_searchguard/api/internalusers/bulknew1", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Settings build4 = Settings.builder().loadFromSource(executeGetRequest3.getBody(), XContentType.JSON).build();
        Assert.assertFalse(build4.hasValue("bulknew1.password"));
        Assert.assertTrue(build4.hasValue("bulknew1.hash"));
        List asList = build4.getAsList("bulknew1.backend_roles");
        Assert.assertEquals(1L, asList.size());
        Assert.assertTrue(asList.contains("vulcan"));
        checkGeneralAccess(401, "nagilum", "nagilum");
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("sarek", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 403);
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("q", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 403);
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("nagilum", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        checkGeneralAccess(200, "nagilum", "nagilum");
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(405L, this.rh.executeDeleteRequest("/_searchguard/api/internalusers", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/internalusers/picard", new Header[0]).getStatusCode());
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("/_searchguard/api/internalusers/sarek", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/internalusers/q", new Header[0]).getStatusCode());
        deleteUser("nagilum");
        this.rh.sendHTTPClientCertificate = false;
        checkGeneralAccess(401, "nagilum", "nagilum");
        this.rh.sendHTTPClientCertificate = true;
        addUserWithPassword("nagilum", "correctpassword", 201);
        this.rh.sendHTTPClientCertificate = false;
        checkGeneralAccess(401, "nagilum", "wrongpassword");
        checkGeneralAccess(200, "nagilum", "correctpassword");
        deleteUser("nagilum");
        this.rh.sendHTTPClientCertificate = true;
        addUserWithoutPasswordOrHash("nagilum", new String[]{"starfleet"}, 400);
        addUserWithHash("nagilum", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        addUserWithoutPasswordOrHash("nagilum", new String[]{"starfleet"}, 200);
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/_searchguard/api/internalusers/nagilum", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Assert.assertTrue(Settings.builder().loadFromSource(executeGetRequest4.getBody(), XContentType.JSON).build().get("nagilum.hash").equals(""));
        setupStarfleetIndex();
        this.rh.sendHTTPClientCertificate = true;
        Settings build5 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build5.get("reason"));
        Assert.assertTrue(build5.get("backend_roles").equals("Array expected"));
        this.rh.sendHTTPClientCertificate = false;
        this.rh.sendHTTPClientCertificate = true;
        Settings build6 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build6.get("reason"));
        Assert.assertTrue(build6.get("backend_roles").equals("Array expected"));
        this.rh.sendHTTPClientCertificate = false;
        this.rh.sendHTTPClientCertificate = true;
        Settings build7 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes2.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build7.get("reason"));
        Assert.assertTrue(build7.get("password").equals("String expected"));
        Assert.assertTrue(build7.get("backend_roles") == null);
        this.rh.sendHTTPClientCertificate = false;
        this.rh.sendHTTPClientCertificate = true;
        Settings build8 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/internalusers/picard", FileHelper.loadFile("restapi/users_wrong_datatypes3.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build8.get("reason"));
        Assert.assertTrue(build8.get("backend_roles").equals("Array expected"));
        this.rh.sendHTTPClientCertificate = false;
        addUserWithPassword("picard", "picard", 201);
        checkGeneralAccess(403, "picard", "picard");
        checkReadAccess(403, "picard", "picard", "sf", "ships", 0);
        addUserWithPassword("picard", "picard", new String[]{"starfleet"}, 200);
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
        addUserWithPassword("picard", "picard", new String[]{"starfleet", "captains"}, 200);
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(201, "picard", "picard", "sf", "ships", 1);
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest5 = this.rh.executeGetRequest("/_searchguard/api/internalusers/picard", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
        Settings build9 = Settings.builder().loadFromSource(executeGetRequest5.getBody(), XContentType.JSON).build();
        Assert.assertEquals("", build9.get("picard.hash"));
        List asList2 = build9.getAsList("picard.backend_roles");
        Assert.assertNotNull(asList2);
        Assert.assertEquals(2L, asList2.size());
        Assert.assertTrue(asList2.contains("starfleet"));
        Assert.assertTrue(asList2.contains("captains"));
        addUserWithPassword("$1aAAAAAAAAC", "$1aAAAAAAAAC", 201);
        addUserWithPassword("abc", "abc", 201);
        Assert.assertEquals(this.rh.executePutRequest("/_searchguard/api/internalusers/userwithtabs", "\t{\"hash\": \t \"123\"\t}  ", new Header[0]).getBody(), 201L, r0.getStatusCode());
    }

    @Test
    public void testPasswordRules() throws Exception {
        setup(Settings.builder().put("searchguard.restapi.password_validation_error_message", "xxx").put("searchguard.restapi.password_validation_regex", "(?=.*[A-Z])(?=.*[^a-zA-Z\\\\d])(?=.*[0-9])(?=.*[a-z]).{8,}").build());
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        System.out.println(executeGetRequest.getBody());
        Assert.assertEquals(35L, Settings.builder().loadFromSource(executeGetRequest.getBody(), XContentType.JSON).build().size());
        addUserWithPassword("tooshoort", "123", 400);
        addUserWithPassword("tooshoort", "1234567", 400);
        addUserWithPassword("tooshoort", "1Aa%", 400);
        addUserWithPassword("no-nonnumeric", "123456789", 400);
        addUserWithPassword("no-uppercase", "a123456789", 400);
        addUserWithPassword("no-lowercase", "A123456789", 400);
        addUserWithPassword("ok1", "a%A123456789", 201);
        addUserWithPassword("ok2", "$aA123456789", 201);
        addUserWithPassword("ok3", "$Aa123456789", 201);
        addUserWithPassword("ok4", "$1aAAAAAAAAA", 201);
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/ok4\", \"value\": {\"password\": \"bla\", \"backend_roles\": [\"vulcan\"] } }]", new Header[0]).getStatusCode());
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"replace\", \"path\": \"/ok4\", \"value\": {\"password\": \"bla\", \"backend_roles\": [\"vulcan\"] } }]", new Header[0]).getStatusCode());
        addUserWithPassword("ok4", "123", 400);
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/ok4\", \"value\": {\"password\": \"$1aAAAAAAAAB\", \"backend_roles\": [\"vulcan\"] } }]", new Header[0]).getStatusCode());
        addUserWithPassword("ok4", "$1aAAAAAAAAC", 200);
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/internalusers", "[{ \"op\": \"add\", \"path\": \"/$1aAAAAAAAAB\", \"value\": {\"password\": \"$1aAAAAAAAAB\", \"backend_roles\": [\"vulcan\"] } }]", new Header[0]).getStatusCode());
        addUserWithPassword("$1aAAAAAAAAC", "$1aAAAAAAAAC", 400);
        addUserWithPassword("$1aAAAAAAAac", "$1aAAAAAAAAC", 400);
        addUserWithPassword(URLEncoder.encode("$1aAAAAAAAac%", "UTF-8"), "$1aAAAAAAAAC%", 400);
        addUserWithPassword(URLEncoder.encode("$1aAAAAAAAac%!=\"/\\;:test&~@^", "UTF-8").replace("+", "%2B"), "$1aAAAAAAAac%!=\\\"/\\\\;:test&~@^", 400);
        addUserWithPassword(URLEncoder.encode("$1aAAAAAAAac%!=\"/\\;: test&", "UTF-8"), "$1aAAAAAAAac%!=\\\"/\\\\;: test&123", 201);
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/internalusers/nothinghthere?pretty", new Header[0]);
        Assert.assertEquals(404L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getBody().contains("NOT_FOUND"));
        RestHelper.HttpResponse executePatchRequest = this.rh.executePatchRequest("/_searchguard/api/internalusers", "[ { \"op\": \"add\", \"path\": \"/testuser1\",  \"value\": { \"password\": \"$aA123456789\", \"backend_roles\": [\"testrole1\"] } },{ \"op\": \"add\", \"path\": \"/testuser2\",  \"value\": { \"password\": \"testpassword2\", \"backend_roles\": [\"testrole2\"] } }]", new Header[]{new BasicHeader("Content-Type", "application/json")});
        Assert.assertEquals(400L, executePatchRequest.getStatusCode());
        Assert.assertTrue(executePatchRequest.getBody().contains("error"));
        Assert.assertTrue(executePatchRequest.getBody().contains("xxx"));
    }

    @Test
    public void testUserApiWithDots() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_searchguard/api/" + CType.INTERNALUSERS.toLCString(), new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertEquals(35L, Settings.builder().loadFromSource(executeGetRequest.getBody(), XContentType.JSON).build().size());
        addUserWithPassword(".my.dotuser0", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        addUserWithPassword(".my.dot.user0", "12345678", 201);
        addUserWithHash(".my.dotuser1", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        addUserWithPassword(".my.dot.user2", "12345678", 201);
    }

    @Test
    public void testUserApiNoPasswordChange() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("user1", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        Assert.assertEquals(200L, this.rh.executePutRequest("/_searchguard/api/internalusers/user1", "{\"hash\":\"$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m\",\"password\":\"\",\"backend_roles\":[\"admin\",\"rolea\"]}", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/internalusers/user1", new Header[0]).getStatusCode());
        addUserWithHash("user2", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        Assert.assertEquals(200L, this.rh.executePutRequest("/_searchguard/api/internalusers/user2", "{\"password\":\"\",\"backend_roles\":[\"admin\",\"rolex\"]}", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/internalusers/user2", new Header[0]).getStatusCode());
    }

    @Test
    public void testDontReturnSensitiveDataUponInvalidRequests() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("user1", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/internalusers/user1", "{\"12312\"---\"$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m\",\"password\":\"secret\",\"xyz\":[\"admina\",\"rolea\"]}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertThat(executePutRequest.getBody(), CoreMatchers.not(CoreMatchers.containsString("secret")));
        Assert.assertThat(executePutRequest.getBody(), CoreMatchers.not(CoreMatchers.containsString("password")));
    }
}
