package com.floragunn.searchguard.auditlog.compliance;

import com.floragunn.searchguard.auditlog.AbstractAuditlogiUnitTest;
import com.floragunn.searchguard.auditlog.integration.TestAuditlogImpl;
import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.helper.cluster.ClusterConfiguration;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.util.Iterator;
import org.apache.http.Header;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/auditlog/compliance/ComplianceAuditlogTest.class */
public class ComplianceAuditlogTest extends AbstractAuditlogiUnitTest {
    @Test
    public void testSourceFilter() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.compliance.history.external_config_enabled", false).put("searchguard.compliance.history.read.watched_fields", "emp").put("searchguard.audit.config.disabled_transport_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.config.disabled_rest_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.threadpool.size", 0).build());
        boolean z = this.rh.sendHTTPClientCertificate;
        String str = this.rh.keystore;
        this.rh.sendHTTPClientCertificate = true;
        this.rh.keystore = "auditlog/kirk-keystore.jks";
        this.rh.executePutRequest("emp/doc/0?refresh", "{\"Designation\" : \"CEO\", \"Gender\" : \"female\", \"Salary\" : 100}", new Header[0]);
        this.rh.executePutRequest("emp/doc/1?refresh", "{\"Designation\" : \"IT\", \"Gender\" : \"male\", \"Salary\" : 200}", new Header[0]);
        this.rh.executePutRequest("emp/doc/2?refresh", "{\"Designation\" : \"IT\", \"Gender\" : \"female\", \"Salary\" : 300}", new Header[0]);
        this.rh.sendHTTPClientCertificate = z;
        this.rh.keystore = str;
        System.out.println("#### test source includes");
        TestAuditlogImpl.clear();
        RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("_search?pretty", "{   \"_source\":[      \"Gender\"   ],   \"from\":0,   \"size\":3,   \"query\":{      \"term\":{         \"Salary\": 300      }   }}", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        System.out.println(executePostRequest.getBody());
        Thread.sleep(1500L);
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue(TestAuditlogImpl.messages.size() >= 1);
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_DOC_READ"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("Designation"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("Salary"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("Gender"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testSourceFilterMsearch() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.compliance.history.external_config_enabled", false).put("searchguard.compliance.history.read.watched_fields", "emp").put("searchguard.audit.config.disabled_transport_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.config.disabled_rest_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.threadpool.size", 0).build());
        boolean z = this.rh.sendHTTPClientCertificate;
        String str = this.rh.keystore;
        this.rh.sendHTTPClientCertificate = true;
        this.rh.keystore = "auditlog/kirk-keystore.jks";
        this.rh.executePutRequest("emp/doc/0?refresh", "{\"Designation\" : \"CEO\", \"Gender\" : \"female\", \"Salary\" : 100}", new Header[0]);
        this.rh.executePutRequest("emp/doc/1?refresh", "{\"Designation\" : \"IT\", \"Gender\" : \"male\", \"Salary\" : 200}", new Header[0]);
        this.rh.executePutRequest("emp/doc/2?refresh", "{\"Designation\" : \"IT\", \"Gender\" : \"female\", \"Salary\" : 300}", new Header[0]);
        this.rh.sendHTTPClientCertificate = z;
        this.rh.keystore = str;
        System.out.println("#### test source includes");
        String str2 = "{}" + System.lineSeparator() + "{   \"_source\":[      \"Gender\"   ],   \"from\":0,   \"size\":3,   \"query\":{      \"term\":{         \"Salary\": 300      }   }}" + System.lineSeparator() + "{}" + System.lineSeparator() + "{   \"_source\":[      \"Designation\"   ],   \"from\":0,   \"size\":3,   \"query\":{      \"term\":{         \"Salary\": 200      }   }}" + System.lineSeparator();
        TestAuditlogImpl.clear();
        assertNotContains(this.rh.executePostRequest("_msearch?pretty", str2, new Header[]{encodeBasicHeader("admin", "admin")}), "*exception*");
        Assert.assertEquals(200L, r0.getStatusCode());
        Thread.sleep(1500L);
        System.out.println(TestAuditlogImpl.sb.toString());
        Assert.assertTrue("Was " + TestAuditlogImpl.messages.size(), TestAuditlogImpl.messages.size() == 2);
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_DOC_READ"));
        Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("Salary"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("Gender"));
        Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("Designation"));
        Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
    }

    @Test
    public void testInternalConfig() throws Exception {
        Settings build = Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", false).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", false).put("searchguard.compliance.history.write.log_diffs", true).put("searchguard.compliance.history.external_config_enabled", false).put("searchguard.compliance.history.internal_config_enabled", true).put("searchguard.audit.config.disabled_transport_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.config.disabled_rest_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.threadpool.size", 0).build();
        TestAuditlogImpl.clear();
        setup(build);
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            Iterator it = new DynamicSgConfig().setSgRoles("sg_roles_2.yml").getDynamicConfig(getResourceFolder()).iterator();
            while (it.hasNext()) {
                internalTransportClient.index((IndexRequest) it.next()).actionGet();
            }
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_search?pretty", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            System.out.println(executeGetRequest.getBody());
            Thread.sleep(1500L);
            System.out.println(TestAuditlogImpl.sb.toString());
            Assert.assertTrue(TestAuditlogImpl.messages.size() > 25);
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_INTERNAL_CONFIG_READ"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_INTERNAL_CONFIG_WRITE"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("anonymous_auth_enabled"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/suggest"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("internalusers"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("sg_all_access"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("indices:data/read/suggest"));
            Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("eyJzZWFyY2hndWFy"));
            Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("eyJBTEwiOlsiaW"));
            Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("eyJhZG1pbiI6e"));
            Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("eyJzZ19hb"));
            Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("eyJzZ19hbGx"));
            Assert.assertFalse(TestAuditlogImpl.sb.toString().contains("dvcmYiOnsiY2x"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("\\\"op\\\":\\\"remove\\\",\\\"path\\\":\\\"/sg_worf\\\""));
            Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testExternalConfig() throws Exception {
        Settings build = Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", false).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", false).put("searchguard.compliance.history.external_config_enabled", true).put("searchguard.compliance.history.internal_config_enabled", false).put("searchguard.audit.config.disabled_transport_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.config.disabled_rest_categories", "authenticated,GRANTED_PRIVILEGES").put("searchguard.audit.threadpool.size", 0).build();
        TestAuditlogImpl.clear();
        setup(build);
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            Iterator it = new DynamicSgConfig().setSgRoles("sg_roles_2.yml").getDynamicConfig(getResourceFolder()).iterator();
            while (it.hasNext()) {
                internalTransportClient.index((IndexRequest) it.next()).actionGet();
            }
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_search?pretty", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            System.out.println(executeGetRequest.getBody());
            Thread.sleep(1500L);
            System.out.println(TestAuditlogImpl.sb.toString());
            Assert.assertEquals(3L, TestAuditlogImpl.messages.size());
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("external_configuration"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("COMPLIANCE_EXTERNAL_CONFIG"));
            Assert.assertTrue(TestAuditlogImpl.sb.toString().contains("elasticsearch_yml"));
            Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUpdate() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", false).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.compliance.history.external_config_enabled", false).put("searchguard.compliance.history.internal_config_enabled", false).put("searchguard.compliance.history.write.watched_indices", "finance").put("searchguard.compliance.history.read.watched_fields", "humanresources,Designation,FirstName,LastName").put("searchguard.audit.threadpool.size", 0).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.prepareIndex("humanresources", "employees", "100").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).setSource(new Object[]{"Age", 456}).execute().actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            TestAuditlogImpl.clear();
            RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("humanresources/employees/100/_update?pretty", "{\"doc\": {\"Age\":123}}", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executePostRequest.getStatusCode());
            System.out.println(executePostRequest.getBody());
            Thread.sleep(1500L);
            Assert.assertTrue(TestAuditlogImpl.messages.isEmpty());
            Assert.assertTrue(validateMsgs(TestAuditlogImpl.messages));
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUpdatePerf() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", false).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.compliance.history.external_config_enabled", false).put("searchguard.compliance.history.internal_config_enabled", false).put("searchguard.compliance.history.write.watched_indices", "humanresources").put("searchguard.compliance.history.read.watched_fields", "humanresources,*").put("searchguard.audit.threadpool.size", 0).build());
        TestAuditlogImpl.clear();
        for (int i = 0; i < 1; i++) {
            Assert.assertEquals(201L, this.rh.executePostRequest("humanresources/employees/" + i + "", "{\"customer\": {\"Age\":" + i + "}}", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            System.out.println("==================");
            Assert.assertEquals(200L, this.rh.executePostRequest("humanresources/employees/" + i + "", "{\"customer\": {\"Age\":" + (i + 2) + "}}", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            System.out.println("==================");
            Assert.assertEquals(200L, this.rh.executePostRequest("humanresources/employees/" + i + "/_update?pretty", "{\"doc\": {\"doesel\":" + (i + 3) + "}}", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        }
        Thread.sleep(1500L);
        System.out.println("Messages: " + TestAuditlogImpl.messages.size());
    }

    @Test
    public void testWriteHistory() throws Exception {
        setup(Settings.builder().put("searchguard.audit.type", TestAuditlogImpl.class.getName()).put("searchguard.audit.enable_transport", false).put("searchguard.audit.enable_rest", false).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.compliance.history.write.log_diffs", true).put("searchguard.compliance.history.write.watched_indices", "humanresources").put("searchguard.audit.threadpool.size", 0).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.prepareIndex("humanresources", "employees", "100").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).setSource(new Object[]{"Age", 456}).execute().actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            TestAuditlogImpl.clear();
            RestHelper.HttpResponse executePostRequest = this.rh.executePostRequest("humanresources/employees/100/_update?pretty", "{\"doc\": {\"Age\":123}}", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executePostRequest.getStatusCode());
            System.out.println(executePostRequest.getBody());
            Thread.sleep(1500L);
            System.out.println(TestAuditlogImpl.sb.toString());
            Assert.assertTrue(TestAuditlogImpl.sb.toString().split(".*audit_compliance_diff_content.*replace.*").length == 2);
            TestAuditlogImpl.clear();
            RestHelper.HttpResponse executePostRequest2 = this.rh.executePostRequest("humanresources/employees/100?pretty", "{\"Age\":555}", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executePostRequest2.getStatusCode());
            System.out.println(executePostRequest2.getBody());
            Thread.sleep(1500L);
            System.out.println(TestAuditlogImpl.sb.toString());
            Assert.assertTrue(TestAuditlogImpl.sb.toString().split(".*audit_compliance_diff_content.*replace.*").length == 2);
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testImmutableIndex() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.builder().put("searchguard.compliance.immutable_indices", "myindex1").put("searchguard.audit.type", "debug").build(), true, ClusterConfiguration.DEFAULT);
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.EMPTY);
        try {
            internalTransportClient.admin().indices().create(new CreateIndexRequest("myindex1").mapping("mytype1", FileHelper.loadFile("mapping1.json"), XContentType.JSON)).actionGet();
            internalTransportClient.admin().indices().create(new CreateIndexRequest("myindex2").mapping("mytype2", FileHelper.loadFile("mapping1.json"), XContentType.JSON)).actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            System.out.println("############ immutable 1");
            String loadFile = FileHelper.loadFile("auditlog/data1.json");
            String loadFile2 = FileHelper.loadFile("auditlog/data1mod.json");
            Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("myindex1/mytype1/1?refresh", loadFile, new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("myindex1/mytype1/1?refresh", loadFile2, new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("myindex1/mytype1/1?refresh", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("myindex1/mytype1/1", new Header[]{encodeBasicHeader("admin", "admin")});
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            Assert.assertFalse(executeGetRequest.getBody().contains("city"));
            Assert.assertTrue(executeGetRequest.getBody().contains("\"found\":true,"));
            System.out.println("############ immutable 2");
            Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("myindex2/mytype2/1?refresh", loadFile, new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("myindex2/mytype2/1?refresh", loadFile2, new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            Assert.assertTrue(nonSslRestHelper.executeGetRequest("myindex2/mytype2/1", new Header[]{encodeBasicHeader("admin", "admin")}).getBody().contains("city"));
            Assert.assertEquals(200L, nonSslRestHelper.executeDeleteRequest("myindex2/mytype2/1?refresh", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
            Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("myindex2/mytype2/1", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
