package com.floragunn.searchguard.dlic.rest.api;

import com.fasterxml.jackson.databind.JsonNode;
import com.floragunn.searchguard.DefaultObjectMapper;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.support.SgJsonNode;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.util.List;
import org.apache.http.Header;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/RolesApiTest.class */
public class RolesApiTest extends AbstractRestApiUnitTest {
    @Test
    public void testPutRole() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        System.out.println(this.rh.executePutRequest("_searchguard/api/roles/admin", FileHelper.loadFile("restapi/simple_role.json"), new Header[0]).getBody());
        Assert.assertEquals(201L, r0.getStatusCode());
        System.out.println(this.rh.executePutRequest("_searchguard/api/roles/lala", "{ \"cluster_permissions\": [\"*\"] }", new Header[0]).getBody());
        Assert.assertEquals(201L, r0.getStatusCode());
        System.out.println(this.rh.executePutRequest("_searchguard/api/roles/empty", "{ \"cluster_permissions\": [] }", new Header[0]).getBody());
        Assert.assertEquals(201L, r0.getStatusCode());
    }

    @Test
    public void testAllRolesNotContainMetaHeader() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_searchguard/api/roles", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertFalse(executeGetRequest.getBody().contains("_sg_meta"));
    }

    @Test
    public void testPutDuplicateKeys() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("_searchguard/api/roles/dup", "{ \"cluster_permissions\": [\"*\"], \"cluster_permissions\": [\"*\"] }", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertTrue(executePutRequest.getBody().contains("JsonParseException"));
        assertHealthy();
    }

    @Test
    public void testPutUnknownKey() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("_searchguard/api/roles/dup", "{ \"unknownkey\": [\"*\"], \"cluster_permissions\": [\"*\"] }", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertTrue(executePutRequest.getBody().contains("invalid_keys"));
        assertHealthy();
    }

    @Test
    public void testPutInvalidJson() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("_searchguard/api/roles/dup", "{ \"invalid\"::{{ [\"*\"], \"cluster_permissions\": [\"*\"] }", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertTrue(executePutRequest.getBody().contains("JsonParseException"));
        assertHealthy();
    }

    @Test
    public void testRolesApi() throws Exception {
        setup();
        this.rh.keystore = "restapi/kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeGetRequest("_searchguard/api/roles", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertEquals(1L, DefaultObjectMapper.readTree(executeGetRequest.getBody()).size());
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/roles/nothinghthere", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/roles/", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/roles", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"cluster_permissions\":[\"*\"]"));
        Assert.assertFalse(executeGetRequest2.getBody().contains("\"cluster_permissions\" : ["));
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/_searchguard/api/roles?pretty", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Assert.assertFalse(executeGetRequest3.getBody().contains("\"cluster_permissions\":[\"*\"]"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("\"cluster_permissions\" : ["));
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/roles/sg_internal", new Header[0]).getStatusCode());
        setupStarfleetIndex();
        addUserWithPassword("picard", "picard", new String[]{"starfleet", "captains"}, 201);
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(400, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/roles/idonotexist", new Header[0]).getStatusCode());
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_transport_client", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_internal", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
        checkWriteAccess(403, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_role_starfleet", new Header[0]).getStatusCode());
        checkReadAccess(403, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 0);
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", "", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.PAYLOAD_MANDATORY.getMessage(), DefaultObjectMapper.readTree(executePutRequest.getBody()).get("reason").asText());
        JsonNode readTree = DefaultObjectMapper.readTree(this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_not_parseable.json"), new Header[0]).getBody());
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage(), readTree.get("reason").asText());
        JsonNode readTree2 = DefaultObjectMapper.readTree(this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_invalid_keys.json"), new Header[0]).getBody());
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage(), readTree2.get("reason").asText());
        Assert.assertTrue(readTree2.get("invalid_keys").get("keys").asText().contains("indexx_permissions"));
        Assert.assertTrue(readTree2.get("invalid_keys").get("keys").asText().contains("kluster_permissions"));
        JsonNode readTree3 = DefaultObjectMapper.readTree(this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_wrong_datatype.json"), new Header[0]).getBody());
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), readTree3.get("reason").asText());
        Assert.assertTrue(readTree3.get("cluster_permissions").asText().equals("Array expected"));
        Assert.assertEquals(403L, this.rh.executePutRequest("/_searchguard/api/roles/sg_transport_client", FileHelper.loadFile("restapi/roles_captains.json"), new Header[0]).getStatusCode());
        Assert.assertEquals(403L, this.rh.executePutRequest("/_searchguard/api/roles/sg_internal", FileHelper.loadFile("restapi/roles_captains.json"), new Header[0]).getStatusCode());
        Assert.assertEquals(201L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_starfleet.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(400, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(201L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(400, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_complete_invalid.json"), new Header[0]).getStatusCode());
        Assert.assertEquals(400L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_multiple_2.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePutRequest2 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants.json"), new Header[0]);
        Assert.assertEquals(200L, executePutRequest2.getStatusCode());
        JsonNode readTree4 = DefaultObjectMapper.readTree(executePutRequest2.getBody());
        Assert.assertEquals(2L, readTree4.size());
        Assert.assertEquals(readTree4.get("status").asText(), "OK");
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        System.out.println(executeGetRequest4.getBody());
        JsonNode readTree5 = DefaultObjectMapper.readTree(executeGetRequest4.getBody());
        Assert.assertEquals(1L, readTree5.size());
        Assert.assertEquals(new SgJsonNode(readTree5).getDotted("sg_role_starfleet_captains.tenant_permissions").get(1).get("tenant_patterns").get(0).asString(), "tenant1");
        Assert.assertEquals(new SgJsonNode(readTree5).getDotted("sg_role_starfleet_captains.tenant_permissions").get(1).get("allowed_actions").get(0).asString(), "SGS_KIBANA_ALL_READ");
        Assert.assertEquals(new SgJsonNode(readTree5).getDotted("sg_role_starfleet_captains.tenant_permissions").get(0).get("tenant_patterns").get(0).asString(), "tenant2");
        Assert.assertEquals(new SgJsonNode(readTree5).getDotted("sg_role_starfleet_captains.tenant_permissions").get(0).get("allowed_actions").get(0).asString(), "SGS_KIBANA_ALL_WRITE");
        RestHelper.HttpResponse executePutRequest3 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants2.json"), new Header[0]);
        Assert.assertEquals(200L, executePutRequest3.getStatusCode());
        JsonNode readTree6 = DefaultObjectMapper.readTree(executePutRequest3.getBody());
        Assert.assertEquals(2L, readTree6.size());
        Assert.assertEquals(readTree6.get("status").asText(), "OK");
        RestHelper.HttpResponse executeGetRequest5 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
        JsonNode readTree7 = DefaultObjectMapper.readTree(executeGetRequest5.getBody());
        Assert.assertEquals(1L, readTree7.size());
        Assert.assertEquals(new SgJsonNode(readTree7).getDotted("sg_role_starfleet_captains.tenant_permissions").get(0).get("tenant_patterns").get(0).asString(), "tenant2");
        Assert.assertEquals(new SgJsonNode(readTree7).getDotted("sg_role_starfleet_captains.tenant_permissions").get(0).get("tenant_patterns").get(1).asString(), "tenant4");
        Assert.assertEquals(new SgJsonNode(readTree7).getDotted("sg_role_starfleet_captains.tenant_permissions").get(0).get("allowed_actions").get(0).asString(), "SGS_KIBANA_ALL_WRITE");
        Assert.assertEquals(new SgJsonNode(readTree7).getDotted("sg_role_starfleet_captains.tenant_permissions").get(1).get("tenant_patterns").get(0).asString(), "tenant1");
        Assert.assertEquals(new SgJsonNode(readTree7).getDotted("sg_role_starfleet_captains.tenant_permissions").get(1).get("tenant_patterns").get(1).asString(), "tenant3");
        Assert.assertEquals(new SgJsonNode(readTree7).getDotted("sg_role_starfleet_captains.tenant_permissions").get(1).get("allowed_actions").get(0).asString(), "SGS_KIBANA_ALL_READ");
        RestHelper.HttpResponse executePutRequest4 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_no_tenants.json"), new Header[0]);
        Assert.assertEquals(200L, executePutRequest4.getStatusCode());
        JsonNode readTree8 = DefaultObjectMapper.readTree(executePutRequest4.getBody());
        Assert.assertEquals(2L, readTree8.size());
        Assert.assertEquals(readTree8.get("status").asText(), "OK");
        RestHelper.HttpResponse executeGetRequest6 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
        JsonNode readTree9 = DefaultObjectMapper.readTree(executeGetRequest6.getBody());
        Assert.assertEquals(1L, readTree9.size());
        Assert.assertFalse(new SgJsonNode(readTree9).getDotted("sg_role_starfleet_captains.cluster_permissions").get(0).isNull());
        Assert.assertTrue(new SgJsonNode(readTree9).getDotted("sg_role_starfleet_captains.tenant_permissions").get(0).isNull());
        RestHelper.HttpResponse executePutRequest5 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants_malformed.json"), new Header[0]);
        Assert.assertEquals(400L, executePutRequest5.getStatusCode());
        JsonNode readTree10 = DefaultObjectMapper.readTree(executePutRequest5.getBody());
        Assert.assertEquals(readTree10.get("status").asText(), "error");
        Assert.assertEquals(readTree10.get("reason").asText(), AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executePatchRequest("/_searchguard/api/roles/imnothere", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/roles/sg_transport_client", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executePatchRequest("/_searchguard/api/roles/sg_internal", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest = this.rh.executePatchRequest("/_searchguard/api/roles/sg_role_starfleet", "[{ \"op\": \"add\", \"path\": \"/hidden\", \"value\": true }]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest.getStatusCode());
        Assert.assertTrue(executePatchRequest.getBody(), executePatchRequest.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/imnothere/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/sg_transport_client/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/sg_internal/a\", \"value\": [ \"foo\", \"bar\" ] }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(403L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"remove\", \"path\": \"/sg_transport_client\" }]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"remove\", \"path\": \"/sg_internal\"}]", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePatchRequest2 = this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/newnewnew\", \"value\": {  \"hidden\": true, \"index_permissions\" : [ {\"index_patterns\" : [ \"sf\" ],\"allowed_actions\" : [ \"READ\" ]}] }}]", new Header[0]);
        Assert.assertEquals(400L, executePatchRequest2.getStatusCode());
        Assert.assertTrue(executePatchRequest2.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/bulknew1\", \"value\": {   \"index_permissions\" : [ {\"index_patterns\" : [ \"sf\" ],\"allowed_actions\" : [ \"READ\" ]}] }}]", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest7 = this.rh.executeGetRequest("/_searchguard/api/roles/bulknew1", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest7.getStatusCode());
        List asList = new SgJsonNode(DefaultObjectMapper.readTree(executeGetRequest7.getBody())).get("bulknew1").get("index_permissions").get(0).get("allowed_actions").asList();
        Assert.assertNotNull(asList);
        Assert.assertEquals(1L, asList.size());
        Assert.assertTrue(asList.contains("READ"));
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executePatchRequest("/_searchguard/api/roles", "[{ \"op\": \"remove\", \"path\": \"/bulknew1\"}]", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/roles/bulknew1", new Header[0]).getStatusCode());
        Assert.assertEquals(this.rh.executePutRequest("/_searchguard/api/roles/sg_field_mask_valid", FileHelper.loadFile("restapi/roles_field_masks_valid.json"), new Header[0]).getBody(), 201L, r0.getStatusCode());
        Assert.assertEquals(400L, this.rh.executePutRequest("/_searchguard/api/roles/sg_field_mask_invalid", FileHelper.loadFile("restapi/roles_field_masks_invalid.json"), new Header[0]).getStatusCode());
    }
}
