package com.floragunn.searchguard.multitenancy.test;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.floragunn.searchguard.multitenancy.test.TenantAccessMatcher;
import com.floragunn.searchguard.support.WildcardMatcher;
import com.floragunn.searchguard.test.AbstractSGUnitTest;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.floragunn.searchguard.test.helper.cluster.TestSgConfig;
import com.floragunn.searchguard.test.helper.rest.GenericRestClient;
import com.google.common.collect.ImmutableMap;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.List;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.admin.indices.alias.Alias;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequest;
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesResponse;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.delete.DeleteIndexRequest;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.get.MultiGetItemResponse;
import org.elasticsearch.action.get.MultiGetRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.action.support.master.AcknowledgedResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.cluster.metadata.AliasMetadata;
import org.elasticsearch.xcontent.XContentType;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/multitenancy/test/MultitenancyTests.class */
public class MultitenancyTests {
    private static final TestSgConfig.User USER_DEPT_01 = new TestSgConfig.User("user_dept_01").attr("dept_no", "01").roles(new String[]{"sg_tenant_user_attrs"});
    private static final TestSgConfig.User USER_DEPT_02 = new TestSgConfig.User("user_dept_02").attr("dept_no", "02").roles(new String[]{"sg_tenant_user_attrs"});
    private static final TestSgConfig.User HR_USER_READ_ONLY = new TestSgConfig.User("hr_user_read_only").roles(new String[]{"hr_tenant_read_only_access"});
    private static final TestSgConfig.User HR_USER_READ_WRITE = new TestSgConfig.User("hr_user_read_write").roles(new String[]{"hr_tenant_read_write_access"});
    public static final String TENANT_WRITABLE = Boolean.toString(true);
    public static final String TENANT_NOT_WRITABLE = Boolean.toString(false);

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().resources("multitenancy").users(new TestSgConfig.User[]{USER_DEPT_01, USER_DEPT_02, HR_USER_READ_WRITE, HR_USER_READ_ONLY}).build();

    @After
    public void tearDown() throws Exception {
        Client internalNodeClient = cluster.getInternalNodeClient();
        try {
            MatcherAssert.assertThat(Boolean.valueOf(((AcknowledgedResponse) internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana*")).actionGet()).isAcknowledged()), Matchers.equalTo(true));
            if (internalNodeClient != null) {
                internalNodeClient.close();
            }
        } catch (Throwable th) {
            if (internalNodeClient != null) {
                try {
                    internalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testMt() throws Exception {
        Client internalNodeClient;
        try {
            GenericRestClient restClient = cluster.getRestClient("hr_employee", "hr_employee");
            try {
                Assert.assertEquals(restClient.putJson(".kibana/_doc/5.6.0?pretty", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "blafasel")}).getBody(), 403L, r0.getStatusCode());
                Assert.assertEquals(restClient.putJson(".kibana/_doc/5.6.0?pretty", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "business_intelligence")}).getBody(), 403L, r0.getStatusCode());
                Assert.assertEquals(restClient.delete(".kibana", new Header[]{new BasicHeader("sgtenant", "business_intelligence")}).getBody(), 403L, r0.getStatusCode());
                GenericRestClient.HttpResponse putJson = restClient.putJson(".kibana/_doc/5.6.0?pretty", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "human_resources")});
                Assert.assertEquals(putJson.getBody(), 201L, putJson.getStatusCode());
                Assert.assertTrue(putJson.getBody(), WildcardMatcher.match("*.kibana_*_humanresources*", putJson.getBody()));
                GenericRestClient.HttpResponse httpResponse = restClient.get(".kibana/_doc/5.6.0?pretty", new Header[]{new BasicHeader("sgtenant", "human_resources")});
                Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                Assert.assertTrue(httpResponse.getBody(), WildcardMatcher.match("*human_resources*", httpResponse.getBody()));
                if (restClient != null) {
                    restClient.close();
                }
                try {
                    internalNodeClient = cluster.getInternalNodeClient();
                    try {
                        internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1592542611_humanresources")).actionGet();
                        if (internalNodeClient != null) {
                            internalNodeClient.close();
                        }
                    } finally {
                    }
                } catch (Exception e) {
                }
            } finally {
            }
        } catch (Throwable th) {
            try {
                internalNodeClient = cluster.getInternalNodeClient();
                try {
                    internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1592542611_humanresources")).actionGet();
                    if (internalNodeClient != null) {
                        internalNodeClient.close();
                    }
                } finally {
                }
            } catch (Exception e2) {
            }
            throw th;
        }
    }

    @Test
    public void testMtMulti() throws Exception {
        Client internalNodeClient = cluster.getInternalNodeClient();
        try {
            internalNodeClient.admin().indices().create(new CreateIndexRequest(".kibana_92668751_admin").settings(ImmutableMap.of("number_of_shards", 1, "number_of_replicas", 0))).actionGet();
            internalNodeClient.index(new IndexRequest(".kibana_92668751_admin").id("index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"type\" : \"index-pattern\",\"updated_at\" : \"2018-09-29T08:56:59.066Z\",\"index-pattern\" : {\"title\" : \"humanresources\"}}", XContentType.JSON)).actionGet();
            if (internalNodeClient != null) {
                internalNodeClient.close();
            }
            GenericRestClient restClient = cluster.getRestClient("admin", "admin");
            try {
                System.out.println("#### search");
                GenericRestClient.HttpResponse postJson = restClient.postJson(".kibana/_search/?pretty", "{\"query\" : {\"term\" : { \"_id\" : \"index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b\"}}}", new Header[]{new BasicHeader("sgtenant", "__user__")});
                Assert.assertEquals(200L, postJson.getStatusCode());
                Assert.assertFalse(postJson.getBody().contains("exception"));
                Assert.assertTrue(postJson.getBody().contains("humanresources"));
                Assert.assertTrue(postJson.getBody().contains("\"value\" : 1"));
                Assert.assertTrue(postJson.getBody().contains(".kibana_92668751_admin"));
                System.out.println("#### msearch");
                GenericRestClient.HttpResponse postJson2 = restClient.postJson("_msearch/?pretty", "{\"index\":\".kibana\", \"ignore_unavailable\": false}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator(), new Header[]{new BasicHeader("sgtenant", "__user__")});
                Assert.assertEquals(200L, postJson2.getStatusCode());
                Assert.assertFalse(postJson2.getBody().contains("exception"));
                Assert.assertTrue(postJson2.getBody().contains("humanresources"));
                Assert.assertTrue(postJson2.getBody().contains("\"value\" : 1"));
                Assert.assertTrue(postJson2.getBody().contains(".kibana_92668751_admin"));
                System.out.println("#### get");
                GenericRestClient.HttpResponse httpResponse = restClient.get(".kibana/_doc/index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b?pretty", new Header[]{new BasicHeader("sgtenant", "__user__")});
                Assert.assertEquals(200L, httpResponse.getStatusCode());
                Assert.assertFalse(httpResponse.getBody().contains("exception"));
                Assert.assertTrue(httpResponse.getBody().contains("humanresources"));
                Assert.assertTrue(httpResponse.getBody().contains("\"found\" : true"));
                Assert.assertTrue(httpResponse.getBody().contains(".kibana_92668751_admin"));
                System.out.println("#### mget");
                GenericRestClient.HttpResponse postJson3 = restClient.postJson("_mget/?pretty", "{\"docs\" : [{\"_index\" : \".kibana\",\"_id\" : \"index-pattern:9fbbd1a0-c3c5-11e8-a13f-71b8ea5a4f7b\"}]}", new Header[]{new BasicHeader("sgtenant", "__user__")});
                Assert.assertEquals(200L, postJson3.getStatusCode());
                Assert.assertFalse(postJson3.getBody().contains("exception"));
                Assert.assertTrue(postJson3.getBody().contains("humanresources"));
                Assert.assertTrue(postJson3.getBody().contains(".kibana_92668751_admin"));
                System.out.println("#### index");
                GenericRestClient.HttpResponse putJson = restClient.putJson(".kibana/_doc/abc?pretty", "{\"type\" : \"index-pattern\",\"updated_at\" : \"2017-09-29T08:56:59.066Z\",\"index-pattern\" : {\"title\" : \"xyz\"}}", new Header[]{new BasicHeader("sgtenant", "__user__")});
                Assert.assertEquals(201L, putJson.getStatusCode());
                Assert.assertFalse(putJson.getBody().contains("exception"));
                Assert.assertTrue(putJson.getBody().contains("\"result\" : \"created\""));
                Assert.assertTrue(putJson.getBody().contains(".kibana_92668751_admin"));
                System.out.println("#### bulk");
                GenericRestClient.HttpResponse putJson2 = restClient.putJson("_bulk?pretty", "{ \"index\" : { \"_index\" : \".kibana\", \"_id\" : \"b1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \".kibana\",\"_id\" : \"b2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator(), new Header[]{new BasicHeader("sgtenant", "__user__")});
                Assert.assertEquals(200L, putJson2.getStatusCode());
                Assert.assertFalse(putJson2.getBody().contains("exception"));
                Assert.assertTrue(putJson2.getBody().contains(".kibana_92668751_admin"));
                Assert.assertTrue(putJson2.getBody().contains("\"errors\" : false"));
                Assert.assertTrue(putJson2.getBody().contains("\"result\" : \"created\""));
                GenericRestClient.HttpResponse httpResponse2 = restClient.get("_cat/indices", new Header[0]);
                Assert.assertEquals(200L, httpResponse2.getStatusCode());
                Assert.assertTrue(httpResponse2.getBody().contains(".kibana_92668751_admin"));
                if (restClient != null) {
                    restClient.close();
                }
            } catch (Throwable th) {
                if (restClient != null) {
                    try {
                        restClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (internalNodeClient != null) {
                try {
                    internalNodeClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testKibanaAlias() throws Exception {
        try {
            Client internalNodeClient = cluster.getInternalNodeClient();
            try {
                internalNodeClient.admin().indices().create(new CreateIndexRequest(".kibana-6").alias(new Alias(".kibana")).settings(ImmutableMap.of("number_of_shards", 1, "number_of_replicas", 0))).actionGet();
                internalNodeClient.index(new IndexRequest(".kibana-6").id("6.2.2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", XContentType.JSON)).actionGet();
                if (internalNodeClient != null) {
                    internalNodeClient.close();
                }
                GenericRestClient restClient = cluster.getRestClient("kibanaro", "kibanaro");
                try {
                    Assert.assertEquals(200L, restClient.get(".kibana-6/_doc/6.2.2?pretty", new Header[0]).getStatusCode());
                    GenericRestClient.HttpResponse httpResponse = restClient.get(".kibana/_doc/6.2.2?pretty", new Header[0]);
                    Assert.assertEquals(200L, httpResponse.getStatusCode());
                    System.out.println(httpResponse.getBody());
                    if (restClient != null) {
                        restClient.close();
                    }
                    try {
                        internalNodeClient = cluster.getInternalNodeClient();
                        try {
                            internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana-6")).actionGet();
                            if (internalNodeClient != null) {
                                internalNodeClient.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            try {
                Client internalNodeClient2 = cluster.getInternalNodeClient();
                try {
                    internalNodeClient2.admin().indices().delete(new DeleteIndexRequest(".kibana-6")).actionGet();
                    if (internalNodeClient2 != null) {
                        internalNodeClient2.close();
                    }
                } finally {
                    if (internalNodeClient2 != null) {
                        try {
                            internalNodeClient2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                }
            } catch (Exception e2) {
            }
            throw th;
        }
    }

    @Test
    public void testKibanaAlias65() throws Exception {
        Client internalNodeClient;
        try {
            internalNodeClient = cluster.getInternalNodeClient();
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("number_of_shards", 1);
                hashMap.put("number_of_replicas", 0);
                internalNodeClient.admin().indices().create(new CreateIndexRequest(".kibana_1").alias(new Alias(".kibana")).settings(hashMap)).actionGet();
                internalNodeClient.index(new IndexRequest(".kibana_1").id("6.2.2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", XContentType.JSON)).actionGet();
                internalNodeClient.index(new IndexRequest(".kibana_-900636979_kibanaro").id("6.2.2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", XContentType.JSON)).actionGet();
                if (internalNodeClient != null) {
                    internalNodeClient.close();
                }
                GenericRestClient restClient = cluster.getRestClient("kibanaro", "kibanaro");
                try {
                    GenericRestClient.HttpResponse httpResponse = restClient.get(".kibana/_doc/6.2.2?pretty", new Header[]{new BasicHeader("sgtenant", "__user__")});
                    Assert.assertEquals(200L, httpResponse.getStatusCode());
                    System.out.println(httpResponse.getBody());
                    Assert.assertTrue(httpResponse.getBody().contains(".kibana_-900636979_kibanaro"));
                    if (restClient != null) {
                        restClient.close();
                    }
                    try {
                        internalNodeClient = cluster.getInternalNodeClient();
                        try {
                            internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1")).actionGet();
                            if (internalNodeClient != null) {
                                internalNodeClient.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            try {
                internalNodeClient = cluster.getInternalNodeClient();
            } catch (Exception e2) {
            }
            try {
                internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1")).actionGet();
                if (internalNodeClient != null) {
                    internalNodeClient.close();
                }
                throw th;
            } finally {
                if (internalNodeClient != null) {
                    try {
                        internalNodeClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            }
        }
    }

    @Test
    public void testKibanaAliasKibana_7_12() throws Exception {
        Client internalNodeClient;
        try {
            Client internalNodeClient2 = cluster.getInternalNodeClient();
            try {
                internalNodeClient2.admin().indices().create(new CreateIndexRequest(".kibana_-815674808_kibana712aliastest_7.12.0_001").alias(new Alias(".kibana_-815674808_kibana712aliastest_7.12.0")).settings(ImmutableMap.of("number_of_shards", 1, "number_of_replicas", 0))).actionGet();
                internalNodeClient2.index(new IndexRequest(".kibana_-815674808_kibana712aliastest_7.12.0").id("test").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", XContentType.JSON)).actionGet();
                if (internalNodeClient2 != null) {
                    internalNodeClient2.close();
                }
                GenericRestClient restClient = cluster.getRestClient("admin", "admin", "kibana_7_12_alias_test");
                try {
                    GenericRestClient.HttpResponse httpResponse = restClient.get(".kibana_7.12.0/_doc/test", new Header[0]);
                    Assert.assertEquals(httpResponse.getBody(), 200L, httpResponse.getStatusCode());
                    Assert.assertEquals(httpResponse.getBody(), ".kibana_-815674808_kibana712aliastest_7.12.0_001", httpResponse.toJsonNode().path("_index").textValue());
                    if (restClient != null) {
                        restClient.close();
                    }
                    try {
                        internalNodeClient = cluster.getInternalNodeClient();
                        try {
                            internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_-815674808_kibana712aliastest_7.12.0_001")).actionGet();
                            if (internalNodeClient != null) {
                                internalNodeClient.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            try {
                internalNodeClient = cluster.getInternalNodeClient();
            } catch (Exception e2) {
            }
            try {
                internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_-815674808_kibana712aliastest_7.12.0_001")).actionGet();
                if (internalNodeClient != null) {
                    internalNodeClient.close();
                }
                throw th;
            } finally {
                if (internalNodeClient != null) {
                    try {
                        internalNodeClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            }
        }
    }

    @Test
    public void testAliasCreationKibana_7_12() throws Exception {
        Client internalNodeClient;
        try {
            RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient("admin", "admin", "kibana_7_12_alias_creation_test");
            try {
                Client internalNodeClient2 = cluster.getInternalNodeClient();
                try {
                    IndexResponse index = restHighLevelClient.index(new IndexRequest(".kibana_7.12.0_001").id("test").source(ImmutableMap.of("buildNum", 15460)).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE), RequestOptions.DEFAULT);
                    Assert.assertEquals(index.toString(), index.getResult(), DocWriteResponse.Result.CREATED);
                    Assert.assertEquals(index.toString(), ".kibana_1482524924_kibana712aliascreationtest_7.12.0_001", index.getIndex());
                    AcknowledgedResponse updateAliases = restHighLevelClient.indices().updateAliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().index(".kibana_7.12.0_001").alias(".kibana_7.12.0")), RequestOptions.DEFAULT);
                    Assert.assertTrue(updateAliases.toString(), updateAliases.isAcknowledged());
                    GetResponse getResponse = restHighLevelClient.get(new GetRequest(".kibana_7.12.0", "test"), RequestOptions.DEFAULT);
                    Assert.assertEquals(getResponse.toString(), ".kibana_1482524924_kibana712aliascreationtest_7.12.0_001", getResponse.getIndex());
                    GetAliasesResponse getAliasesResponse = (GetAliasesResponse) internalNodeClient2.admin().indices().getAliases(new GetAliasesRequest(new String[]{".kibana_1482524924_kibana712aliascreationtest_7.12.0"})).actionGet();
                    Assert.assertNotNull(getAliasesResponse.getAliases().toString(), getAliasesResponse.getAliases().get(".kibana_1482524924_kibana712aliascreationtest_7.12.0_001"));
                    Assert.assertEquals(getAliasesResponse.getAliases().toString(), ".kibana_1482524924_kibana712aliascreationtest_7.12.0", ((AliasMetadata) ((List) getAliasesResponse.getAliases().get(".kibana_1482524924_kibana712aliascreationtest_7.12.0_001")).get(0)).alias());
                    if (internalNodeClient2 != null) {
                        internalNodeClient2.close();
                    }
                    if (restHighLevelClient != null) {
                        restHighLevelClient.close();
                    }
                    try {
                        internalNodeClient = cluster.getInternalNodeClient();
                        try {
                            internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1482524924_kibana712aliascreationtest_7.12.0_001")).actionGet();
                            if (internalNodeClient != null) {
                                internalNodeClient.close();
                            }
                        } catch (Throwable th) {
                            throw th;
                        }
                    } catch (Exception e) {
                    }
                } catch (Throwable th2) {
                    if (internalNodeClient2 != null) {
                        try {
                            internalNodeClient2.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            } catch (Throwable th4) {
                if (restHighLevelClient != null) {
                    try {
                        restHighLevelClient.close();
                    } catch (Throwable th5) {
                        th4.addSuppressed(th5);
                    }
                }
                throw th4;
            }
        } catch (Throwable th6) {
            try {
                internalNodeClient = cluster.getInternalNodeClient();
                try {
                    internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1482524924_kibana712aliascreationtest_7.12.0_001")).actionGet();
                    if (internalNodeClient != null) {
                        internalNodeClient.close();
                    }
                } finally {
                    if (internalNodeClient != null) {
                        try {
                            internalNodeClient.close();
                        } catch (Throwable th7) {
                            th.addSuppressed(th7);
                        }
                    }
                }
            } catch (Exception e2) {
            }
            throw th6;
        }
    }

    @Test
    public void testMgetWithKibanaAlias() throws Exception {
        try {
            Client internalNodeClient = cluster.getInternalNodeClient();
            try {
                RestHighLevelClient restHighLevelClient = cluster.getRestHighLevelClient("hr_employee", "hr_employee", "human_resources");
                try {
                    HashMap hashMap = new HashMap();
                    hashMap.put("number_of_shards", 3);
                    hashMap.put("number_of_replicas", 0);
                    internalNodeClient.admin().indices().create(new CreateIndexRequest(".kibana_1592542611_humanresources_2").alias(new Alias(".kibana_1592542611_humanresources")).settings(hashMap)).actionGet();
                    MultiGetRequest multiGetRequest = new MultiGetRequest();
                    for (int i = 0; i < 100; i++) {
                        internalNodeClient.index(new IndexRequest(".kibana_1592542611_humanresources").id("d" + i).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", XContentType.JSON)).actionGet();
                        multiGetRequest.add(new MultiGetRequest.Item(".kibana", "d" + i));
                    }
                    for (MultiGetItemResponse multiGetItemResponse : restHighLevelClient.mget(multiGetRequest, RequestOptions.DEFAULT).getResponses()) {
                        if (multiGetItemResponse.getFailure() != null) {
                            Assert.fail(multiGetItemResponse.getFailure().getMessage() + "\n" + multiGetItemResponse.getFailure());
                        }
                    }
                    if (restHighLevelClient != null) {
                        restHighLevelClient.close();
                    }
                    if (internalNodeClient != null) {
                        internalNodeClient.close();
                    }
                    try {
                        internalNodeClient = cluster.getInternalNodeClient();
                        try {
                            internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1592542611_humanresources_2")).actionGet();
                            if (internalNodeClient != null) {
                                internalNodeClient.close();
                            }
                        } finally {
                            if (internalNodeClient != null) {
                                try {
                                    internalNodeClient.close();
                                } catch (Throwable th) {
                                    th.addSuppressed(th);
                                }
                            }
                        }
                    } catch (Exception e) {
                    }
                } catch (Throwable th2) {
                    if (restHighLevelClient != null) {
                        try {
                            restHighLevelClient.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            } catch (Throwable th4) {
                throw th4;
            }
        } catch (Throwable th5) {
            try {
                Client internalNodeClient2 = cluster.getInternalNodeClient();
                try {
                    internalNodeClient2.admin().indices().delete(new DeleteIndexRequest(".kibana_1592542611_humanresources_2")).actionGet();
                    if (internalNodeClient2 != null) {
                        internalNodeClient2.close();
                    }
                } catch (Throwable th6) {
                    if (internalNodeClient2 != null) {
                        try {
                            internalNodeClient2.close();
                        } catch (Throwable th7) {
                            th6.addSuppressed(th7);
                        }
                    }
                    throw th6;
                }
            } catch (Exception e2) {
            }
            throw th5;
        }
    }

    @Test
    public void testUserAttributesInTenantPattern() throws Exception {
        Client internalNodeClient;
        try {
            GenericRestClient restClient = cluster.getRestClient(USER_DEPT_01);
            try {
                GenericRestClient.HttpResponse httpResponse = restClient.get("_searchguard/authinfo", new Header[0]);
                Assert.assertEquals("true", httpResponse.toJsonNode().path("sg_tenants").path("dept_01").asText());
                Assert.assertEquals("", httpResponse.toJsonNode().path("sg_tenants").path("dept_02").asText());
                Assert.assertEquals(restClient.putJson(".kibana/config/user_attr_test", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "dept_01")}).getBody(), 201L, r0.getStatusCode());
                Assert.assertEquals(restClient.putJson(".kibana/config/user_attr_test", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "dept_02")}).getBody(), 403L, r0.getStatusCode());
                if (restClient != null) {
                    restClient.close();
                }
                restClient = cluster.getRestClient(USER_DEPT_02);
                try {
                    GenericRestClient.HttpResponse httpResponse2 = restClient.get("_searchguard/authinfo", new Header[0]);
                    Assert.assertEquals("", httpResponse2.toJsonNode().path("sg_tenants").path("dept_01").asText());
                    Assert.assertEquals("true", httpResponse2.toJsonNode().path("sg_tenants").path("dept_02").asText());
                    Assert.assertEquals(restClient.putJson(".kibana/config/user_attr_test", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "dept_01")}).getBody(), 403L, r0.getStatusCode());
                    Assert.assertEquals(restClient.putJson(".kibana/config/user_attr_test", "{\"buildNum\": 15460, \"defaultIndex\": \"humanresources\", \"tenant\": \"human_resources\"}", new Header[]{new BasicHeader("sgtenant", "dept_02")}).getBody(), 201L, r0.getStatusCode());
                    if (restClient != null) {
                        restClient.close();
                    }
                    try {
                        internalNodeClient = cluster.getInternalNodeClient();
                        try {
                            internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1592542611_humanresources")).actionGet();
                            if (internalNodeClient != null) {
                                internalNodeClient.close();
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            try {
                internalNodeClient = cluster.getInternalNodeClient();
                try {
                    internalNodeClient.admin().indices().delete(new DeleteIndexRequest(".kibana_1592542611_humanresources")).actionGet();
                    if (internalNodeClient != null) {
                        internalNodeClient.close();
                    }
                } finally {
                }
            } catch (Exception e2) {
            }
            throw th;
        }
    }

    @Test
    public void checksActionsOfReadOnlyUserAgainstMultitenancy() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(HR_USER_READ_ONLY, new Header[]{new BasicHeader("sgtenant", "test_tenant_ro")});
        try {
            assertAdminCanCreateTenantAndDefaultKibanaIndices(restClient, "test_tenant_ro");
            assertTenantWriteable(restClient, "test_tenant_ro", TENANT_NOT_WRITABLE);
            MatcherAssert.assertThat(restClient, TenantAccessMatcher.canPerformFollowingActions(EnumSet.noneOf(TenantAccessMatcher.Action.class)));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void checksActionsOfReadWriteUserAgainstMultitenancy() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(HR_USER_READ_WRITE, new Header[]{new BasicHeader("sgtenant", "test_tenant_rw")});
        try {
            assertAdminCanCreateTenantAndDefaultKibanaIndices(restClient, "test_tenant_rw");
            assertTenantWriteable(restClient, "test_tenant_rw", TENANT_WRITABLE);
            MatcherAssert.assertThat(restClient, TenantAccessMatcher.canPerformFollowingActions(EnumSet.of(TenantAccessMatcher.Action.CREATE_DOCUMENT, TenantAccessMatcher.Action.UPDATE_DOCUMENT, TenantAccessMatcher.Action.UPDATE_INDEX, TenantAccessMatcher.Action.DELETE_INDEX)));
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void checksActionsOfReadOnlyAnonymousAgainstMultitenancy() throws Exception {
        BasicHeader basicHeader = new BasicHeader("sgtenant", "SGS_GLOBAL_TENANT");
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient restClient = cluster.getRestClient(new Header[]{basicHeader});
            try {
                GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/api/roles/sg_anonymous", "{\n  \"cluster_permissions\": [\n    \"SGS_CLUSTER_COMPOSITE_OPS_RO\"\n  ],\n  \"tenant_permissions\": [\n    {\n      \"tenant_patterns\": [\n        \"SGS_GLOBAL_TENANT\"\n      ],\n      \"allowed_actions\": [\n        \"SGS_KIBANA_ALL_READ\"\n      ]\n    }\n  ],\n  \"index_permissions\": [\n    {\n      \"index_patterns\": [\n        \".kibana\"\n      ],\n      \"allowed_actions\": [\n        \"indices:data/read/search\",\n        \"indices:data/read/msearch\",\n        \"indices:data/read/mget\",\n        \"indices:data/read/get\",\n        \"indices:admin/get\",\n        \"indices:data/write/index\",\n        \"indices:data/write/bulk\",\n        \"indices:data/write/bulk[s]\",\n        \"indices:data/write/delete\",\n        \"indices:admin/close\",\n        \"indices:admin/delete\"\n      ]\n    }\n  ]\n}", new Header[0]);
                MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.anyOf(Matchers.equalTo(200), Matchers.equalTo(201)));
                assertAdminCanCreateTenantAndDefaultKibanaIndices(restClient, "SGS_GLOBAL_TENANT");
                assertTenantWriteable(restClient, "SGS_GLOBAL_TENANT", TENANT_NOT_WRITABLE);
                MatcherAssert.assertThat(restClient, TenantAccessMatcher.canPerformFollowingActions(EnumSet.noneOf(TenantAccessMatcher.Action.class)));
                if (restClient != null) {
                    restClient.close();
                }
                if (adminCertRestClient != null) {
                    adminCertRestClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void checksActionsOfReadWriteAnonymousAgainstMultitenancy() throws Exception {
        BasicHeader basicHeader = new BasicHeader("sgtenant", "SGS_GLOBAL_TENANT");
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient restClient = cluster.getRestClient(new Header[]{basicHeader});
            try {
                GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("/_searchguard/api/roles/sg_anonymous", "{\n  \"cluster_permissions\": [\n    \"SGS_CLUSTER_COMPOSITE_OPS_RO\",\n    \"indices:data/write/bulk\"\n  ],\n  \"tenant_permissions\": [\n    {\n      \"tenant_patterns\": [\n        \"SGS_GLOBAL_TENANT\"\n      ],\n      \"allowed_actions\": [\n        \"SGS_KIBANA_ALL_READ\",\n        \"SGS_KIBANA_ALL_WRITE\"\n      ]\n    }\n  ],\n  \"index_permissions\": [\n    {\n      \"index_patterns\": [\n        \".kibana\"\n      ],\n      \"allowed_actions\": [\n        \"indices:data/read/search\",\n        \"indices:data/read/msearch\",\n        \"indices:data/read/mget\",\n        \"indices:data/read/get\",\n        \"indices:admin/get\",\n        \"indices:data/write/index\",\n        \"indices:data/write/bulk\",\n        \"indices:data/write/bulk[s]\",\n        \"indices:data/write/delete\",\n        \"indices:admin/close\",\n        \"indices:admin/delete\"\n      ]\n    }\n  ]\n}", new Header[0]);
                MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.anyOf(Matchers.equalTo(200), Matchers.equalTo(201)));
                assertAdminCanCreateTenantAndDefaultKibanaIndices(restClient, "SGS_GLOBAL_TENANT");
                assertTenantWriteable(restClient, "SGS_GLOBAL_TENANT", TENANT_WRITABLE);
                MatcherAssert.assertThat(restClient, TenantAccessMatcher.canPerformFollowingActions(EnumSet.of(TenantAccessMatcher.Action.CREATE_DOCUMENT, TenantAccessMatcher.Action.UPDATE_DOCUMENT, TenantAccessMatcher.Action.UPDATE_INDEX, TenantAccessMatcher.Action.DELETE_INDEX)));
                if (restClient != null) {
                    restClient.close();
                }
                if (adminCertRestClient != null) {
                    adminCertRestClient.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void assertTenantWriteable(GenericRestClient genericRestClient, String str, String str2) throws Exception {
        MatcherAssert.assertThat(new ObjectMapper().readTree(genericRestClient.get("/_searchguard/authinfo?pretty", new Header[0]).getBody()).findValue("sg_tenants").findValue(str).asText(), Matchers.equalTo(str2));
    }

    private static void assertAdminCanCreateTenantAndDefaultKibanaIndices(GenericRestClient genericRestClient, String str) throws Exception {
        GenericRestClient.HttpResponse putJson = genericRestClient.putJson(".kibana/_doc/5.6.0", "{\"buildNum\": 15460, \"defaultIndex\": \"anon\", \"tenant\": \"" + str + "\"}", new Header[]{AbstractSGUnitTest.encodeBasicHeader("admin", "admin")});
        MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(201));
        GenericRestClient.HttpResponse putJson2 = genericRestClient.putJson(".kibana/_doc/5.6.0", "{\"buildNum\": 15460, \"defaultIndex\": \"anon\", \"tenant\": \"" + str + "\"}", new Header[]{AbstractSGUnitTest.encodeBasicHeader("admin", "admin"), new BasicHeader("sgtenant", null)});
        MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(201));
    }
}
