package com.floragunn.searchguard;

import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.common.settings.Settings;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/SearchGuardRolesTests.class */
public class SearchGuardRolesTests extends SingleClusterTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @Test
    public void testSGRAnon() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgInternalUsers("sg_internal_users_sgr.yml").setSgConfig("sg_config_anon.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("_searchguard/authinfo?pretty", new Header[0]);
        Assert.assertTrue(executeGetRequest.getBody().contains("sg_anonymous"));
        Assert.assertFalse(executeGetRequest.getBody().contains("xyz_sgr"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo?pretty", encodeBasicHeader("sgr_user", "nagilum"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("sgr_user"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("xyz_sgr"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("backend_roles=[abc_ber]"));
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
    }

    @Test
    public void testSGR() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgInternalUsers("sg_internal_users_sgr.yml"), Settings.EMPTY, true);
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("_searchguard/authinfo?pretty", encodeBasicHeader("sgr_user", "nagilum"));
        Assert.assertTrue(executeGetRequest.getBody().contains("sgr_user"));
        Assert.assertTrue(executeGetRequest.getBody().contains("xyz_sgr"));
        Assert.assertTrue(executeGetRequest.getBody().contains("backend_roles=[abc_ber]"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
    }

    @Test
    public void testSGRImpersonation() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgInternalUsers("sg_internal_users_sgr.yml"), Settings.builder().putList("searchguard.authcz.rest_impersonation_user.sgr_user", new String[]{"sgr_impuser"}).build(), true);
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("_searchguard/authinfo?pretty", encodeBasicHeader("sgr_user", "nagilum"), new BasicHeader("sg_impersonate_as", "sgr_impuser"));
        Assert.assertFalse(executeGetRequest.getBody().contains("sgr_user"));
        Assert.assertTrue(executeGetRequest.getBody().contains("sgr_impuser"));
        Assert.assertFalse(executeGetRequest.getBody().contains("xyz_sgr"));
        Assert.assertTrue(executeGetRequest.getBody().contains("xyz_impsgr"));
        Assert.assertTrue(executeGetRequest.getBody().contains("backend_roles=[ert_ber]"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertEquals(200L, r0.executeGetRequest("*/_search?pretty", encodeBasicHeader("sgr_user", "nagilum"), new BasicHeader("sg_impersonate_as", "sgr_impuser")).getStatusCode());
    }
}
