package com.floragunn.searchguard;

import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.ssl.util.ExceptionUtils;
import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import org.apache.http.Header;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.xcontent.XContentType;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/TransportClientIntegrationTests.class */
public class TransportClientIntegrationTests extends SingleClusterTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @Test
    public void testTransportClient() throws Exception {
        ThreadContext.StoredContext stashContext;
        ThreadContext.StoredContext stashContext2;
        Settings build = Settings.builder().putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf", "nagilum"}).put("discovery.initial_state_timeout", "8s").build();
        setup(build);
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            Settings build2 = Settings.builder().put(build).put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")).put("searchguard.ssl.transport.keystore_alias", "spock").build();
            System.out.println("------- 0 ---------");
            TransportClient internalTransportClient2 = getInternalTransportClient(this.clusterInfo, build2);
            try {
                Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient2.admin().cluster().nodesInfo(new NodesInfoRequest(new String[0])).actionGet()).getNodes().size());
                System.out.println("------- 1 ---------");
                Assert.assertTrue(((CreateIndexResponse) internalTransportClient2.admin().indices().create(new CreateIndexRequest("vulcan")).actionGet()).isAcknowledged());
                System.out.println("------- 2 ---------");
                Assert.assertTrue(((IndexResponse) internalTransportClient2.index(new IndexRequest("vulcan").type("secrets").id("s1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"secret\":true}", XContentType.JSON)).actionGet()).getResult() == DocWriteResponse.Result.CREATED);
                System.out.println("------- 3 ---------");
                Assert.assertTrue(internalTransportClient2.prepareGet("vulcan", "secrets", "s1").setRealtime(true).get().isExists());
                System.out.println("------- 4 ---------");
                Assert.assertTrue(internalTransportClient2.prepareGet("vulcan", "secrets", "s1").setRealtime(false).get().isExists());
                System.out.println("------- 5 ---------");
                Assert.assertEquals(1L, ((SearchResponse) internalTransportClient2.search(new SearchRequest(new String[]{"vulcan"}).types(new String[]{"secrets"})).actionGet()).getHits().getHits().length);
                System.out.println("------- 6 ---------");
                Assert.assertFalse(internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(false).get().isExists());
                System.out.println("------- 7 ---------");
                Assert.assertFalse(internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(true).get().isExists());
                System.out.println("------- 8 ---------");
                Assert.assertEquals(0L, ((SearchResponse) internalTransportClient2.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getHits().length);
                System.out.println("------- 9 ---------");
                try {
                    internalTransportClient2.index(new IndexRequest("searchguard").type(getType()).id("config").source(new Object[]{"config", FileHelper.readYamlContent("sg_config.yml")})).actionGet();
                    Assert.fail();
                } catch (Exception e) {
                    System.out.println(e.getMessage());
                }
                System.out.println("------- 10 ---------");
                try {
                    stashContext2 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                    try {
                        internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf");
                        internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                        stashContext2.close();
                        Assert.fail();
                    } finally {
                    }
                } catch (ElasticsearchSecurityException e2) {
                    Assert.assertTrue(e2.getMessage(), e2.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                }
                System.out.println("------- 11 ---------");
                ThreadContext.StoredContext stashContext3 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                try {
                    try {
                        Header encodeBasicHeader = encodeBasicHeader("worf", "worf");
                        internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader.getName(), encodeBasicHeader.getValue());
                        internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                        Assert.fail();
                        stashContext3.close();
                    } finally {
                    }
                } catch (ElasticsearchSecurityException e3) {
                    Assert.assertTrue(e3.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                    stashContext3.close();
                }
                System.out.println("------- 12 ---------");
                stashContext3 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                try {
                    try {
                        Header encodeBasicHeader2 = encodeBasicHeader("worf", "worf111");
                        internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader2.getName(), encodeBasicHeader2.getValue());
                        internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                        Assert.fail();
                        stashContext3.close();
                    } catch (ElasticsearchSecurityException e4) {
                        e4.printStackTrace();
                        stashContext3.close();
                    }
                    System.out.println("------- 13 ---------");
                    try {
                        stashContext = internalTransportClient2.threadPool().getThreadContext().stashContext();
                    } catch (ElasticsearchSecurityException e5) {
                        Assert.assertEquals("'CN=spock,OU=client,O=client,L=Test,C=DE' is not allowed to impersonate as transport user 'gkar'", e5.getMessage());
                    }
                    try {
                        internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "gkar");
                        internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                        Assert.fail();
                        stashContext.close();
                        System.out.println("------- 12 ---------");
                        ThreadContext.StoredContext stashContext4 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                        try {
                            internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                            GetResponse getResponse = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                            Assert.assertFalse(getResponse.isExists());
                            Assert.assertTrue(getResponse.isSourceEmpty());
                            stashContext4.close();
                            System.out.println("------- 13 ---------");
                            ThreadContext.StoredContext stashContext5 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                            try {
                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                GetResponse getResponse2 = internalTransportClient2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.FALSE.booleanValue()).get();
                                Assert.assertFalse(getResponse2.isExists());
                                Assert.assertTrue(getResponse2.isSourceEmpty());
                                stashContext5.close();
                                System.out.println("------- 13.1 ---------");
                                ThreadContext.StoredContext stashContext6 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                try {
                                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                    String scrollId = internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get().getScrollId();
                                    stashContext6.close();
                                    System.out.println("------- 13.2 ---------");
                                    ThreadContext.StoredContext stashContext7 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                    try {
                                        internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                        internalTransportClient2.prepareSearchScroll(scrollId).get();
                                        stashContext7.close();
                                        System.out.println("------- 14 ---------");
                                        boolean z = false;
                                        ThreadContext.StoredContext stashContext8 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                        try {
                                            try {
                                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                                                z = true;
                                                stashContext8.close();
                                                stashContext8 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                Header encodeBasicHeader3 = encodeBasicHeader("worf", "worf");
                                                internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader3.getName(), encodeBasicHeader3.getValue());
                                                internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                                                Assert.fail();
                                                stashContext8.close();
                                            } finally {
                                            }
                                        } catch (ElasticsearchSecurityException e6) {
                                            Assert.assertTrue(e6.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                                            Assert.assertTrue(z);
                                            stashContext8.close();
                                        }
                                        System.out.println("------- 15 ---------");
                                        stashContext8 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                        try {
                                            internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                            GetResponse getResponse3 = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                                            Assert.assertFalse(getResponse3.isExists());
                                            Assert.assertTrue(getResponse3.isSourceEmpty());
                                            stashContext8.close();
                                            System.out.println("------- 15 0---------");
                                            ThreadContext.StoredContext stashContext9 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                            try {
                                                try {
                                                    Header encodeBasicHeader4 = encodeBasicHeader("worf", "worf");
                                                    internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader4.getName(), encodeBasicHeader4.getValue());
                                                    internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                                                    Assert.fail();
                                                    stashContext9.close();
                                                } catch (Exception e7) {
                                                    Assert.assertTrue(e7.getMessage().contains("no permissions for [indices:data/read/get] and User worf"));
                                                    stashContext9.close();
                                                }
                                                System.out.println("------- 15 1---------");
                                                ThreadContext.StoredContext stashContext10 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                try {
                                                    Header encodeBasicHeader5 = encodeBasicHeader("nagilum", "nagilum");
                                                    internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader5.getName(), encodeBasicHeader5.getValue());
                                                    GetResponse getResponse4 = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                                                    Assert.assertFalse(getResponse4.isExists());
                                                    Assert.assertTrue(getResponse4.isSourceEmpty());
                                                    stashContext10.close();
                                                    System.out.println("------- 16---------");
                                                    ThreadContext.StoredContext stashContext11 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                    try {
                                                        internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                        GetResponse getResponse5 = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.FALSE.booleanValue()).get();
                                                        Assert.assertFalse(getResponse5.isExists());
                                                        Assert.assertTrue(getResponse5.isSourceEmpty());
                                                        stashContext11.close();
                                                        stashContext = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                        try {
                                                            internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                            SearchResponse searchResponse = internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get();
                                                            stashContext.close();
                                                            Assert.assertNotNull(searchResponse.getScrollId());
                                                            stashContext2 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                            try {
                                                                try {
                                                                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf");
                                                                    internalTransportClient2.prepareSearchScroll(searchResponse.getScrollId()).get();
                                                                    Assert.fail();
                                                                    stashContext2.close();
                                                                } catch (Exception e8) {
                                                                    Throwable rootCause = ExceptionUtils.getRootCause(e8);
                                                                    e8.printStackTrace();
                                                                    Assert.assertTrue(rootCause.getMessage().contains("Wrong user in scroll context"));
                                                                    stashContext2.close();
                                                                }
                                                                ThreadContext.StoredContext stashContext12 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                                try {
                                                                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                                    Assert.assertEquals(0L, internalTransportClient2.prepareSearchScroll(internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get().getScrollId()).get().getFailedShards());
                                                                    stashContext12.close();
                                                                    System.out.println("------- TRC end ---------");
                                                                    if (internalTransportClient2 != null) {
                                                                        internalTransportClient2.close();
                                                                    }
                                                                    System.out.println("------- CTC end ---------");
                                                                } finally {
                                                                    stashContext12.close();
                                                                }
                                                            } finally {
                                                                stashContext2.close();
                                                            }
                                                        } finally {
                                                            stashContext.close();
                                                        }
                                                    } finally {
                                                        stashContext11.close();
                                                    }
                                                } finally {
                                                    stashContext10.close();
                                                }
                                            } finally {
                                                stashContext9.close();
                                            }
                                        } finally {
                                            stashContext8.close();
                                        }
                                    } finally {
                                        stashContext7.close();
                                    }
                                } finally {
                                    stashContext6.close();
                                }
                            } finally {
                                stashContext5.close();
                            }
                        } finally {
                            stashContext4.close();
                        }
                    } finally {
                    }
                } finally {
                    stashContext3.close();
                }
            } catch (Throwable th) {
                if (internalTransportClient2 != null) {
                    try {
                        internalTransportClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTransportClientImpersonation() throws Exception {
        setup(Settings.builder().putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf", "nagilum"}).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            Assert.assertFalse(((ConfigUpdateResponse) internalTransportClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).hasFailures());
            Assert.assertEquals(this.clusterInfo.numNodes, r0.getNodes().size());
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            TransportClient internalTransportClient2 = getInternalTransportClient(this.clusterInfo, Settings.builder().put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").put("request.headers.sg_impersonate_as", "worf").build());
            try {
                Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient2.admin().cluster().nodesInfo(new NodesInfoRequest(new String[0])).actionGet()).getNodes().size());
                if (internalTransportClient2 != null) {
                    internalTransportClient2.close();
                }
            } catch (Throwable th) {
                if (internalTransportClient2 != null) {
                    try {
                        internalTransportClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTransportClientImpersonationWildcard() throws Exception {
        setup(Settings.builder().putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"*"}).build());
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.builder().put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").put("request.headers.sg_impersonate_as", "worf").build());
        try {
            Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient.admin().cluster().nodesInfo(new NodesInfoRequest(new String[0])).actionGet()).getNodes().size());
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testTransportClientUsernameAttribute() throws Exception {
        ThreadContext.StoredContext stashContext;
        ThreadContext.StoredContext stashContext2;
        Settings build = Settings.builder().putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf", "nagilum", "nonexist"}).put("discovery.initial_state_timeout", "8s").build();
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml").setSgRolesMapping("sg_roles_mapping_transport_username.yml").setSgInternalUsers("sg_internal_users_transport_username.yml"), build);
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            Settings build2 = Settings.builder().put(build).put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")).put("searchguard.ssl.transport.keystore_alias", "spock").build();
            System.out.println("------- 0 ---------");
            TransportClient internalTransportClient2 = getInternalTransportClient(this.clusterInfo, build2);
            try {
                Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient2.admin().cluster().nodesInfo(new NodesInfoRequest(new String[0])).actionGet()).getNodes().size());
                System.out.println("------- 1 ---------");
                Assert.assertTrue(((CreateIndexResponse) internalTransportClient2.admin().indices().create(new CreateIndexRequest("vulcan")).actionGet()).isAcknowledged());
                System.out.println("------- 2 ---------");
                Assert.assertTrue(((IndexResponse) internalTransportClient2.index(new IndexRequest("vulcan").type("secrets").id("s1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"secret\":true}", XContentType.JSON)).actionGet()).getResult() == DocWriteResponse.Result.CREATED);
                System.out.println("------- 3 ---------");
                Assert.assertTrue(internalTransportClient2.prepareGet("vulcan", "secrets", "s1").setRealtime(true).get().isExists());
                System.out.println("------- 4 ---------");
                Assert.assertTrue(internalTransportClient2.prepareGet("vulcan", "secrets", "s1").setRealtime(false).get().isExists());
                System.out.println("------- 5 ---------");
                Assert.assertEquals(1L, ((SearchResponse) internalTransportClient2.search(new SearchRequest(new String[]{"vulcan"}).types(new String[]{"secrets"})).actionGet()).getHits().getHits().length);
                System.out.println("------- 6 ---------");
                Assert.assertFalse(internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(false).get().isExists());
                System.out.println("------- 7 ---------");
                Assert.assertFalse(internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(true).get().isExists());
                System.out.println("------- 8 ---------");
                Assert.assertEquals(0L, ((SearchResponse) internalTransportClient2.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getHits().length);
                System.out.println("------- 9 ---------");
                try {
                    internalTransportClient2.index(new IndexRequest("searchguard").type(getType()).id("config").source(new Object[]{"config", FileHelper.readYamlContent("sg_config.yml")})).actionGet();
                    Assert.fail();
                } catch (Exception e) {
                    System.out.println(e.getMessage());
                }
                System.out.println("------- 10 ---------");
                try {
                    stashContext = internalTransportClient2.threadPool().getThreadContext().stashContext();
                } catch (ElasticsearchSecurityException e2) {
                    Assert.assertTrue(e2.getMessage(), e2.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                }
                try {
                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf");
                    internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                    stashContext.close();
                    Assert.fail();
                    System.out.println("------- 11 ---------");
                    ThreadContext.StoredContext stashContext3 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                    try {
                        try {
                            Header encodeBasicHeader = encodeBasicHeader("worf", "worf");
                            internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader.getName(), encodeBasicHeader.getValue());
                            internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                            Assert.fail();
                            stashContext3.close();
                        } finally {
                        }
                    } catch (ElasticsearchSecurityException e3) {
                        Assert.assertTrue(e3.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                        stashContext3.close();
                    }
                    System.out.println("------- 12 ---------");
                    stashContext3 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                    try {
                        try {
                            Header encodeBasicHeader2 = encodeBasicHeader("worf", "worf111");
                            internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader2.getName(), encodeBasicHeader2.getValue());
                            internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                            Assert.fail();
                            stashContext3.close();
                        } catch (ElasticsearchSecurityException e4) {
                            e4.printStackTrace();
                            stashContext3.close();
                        }
                        System.out.println("------- 13 ---------");
                        try {
                            stashContext2 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                            try {
                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "gkar");
                                internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                                Assert.fail();
                                stashContext2.close();
                            } finally {
                            }
                        } catch (ElasticsearchSecurityException e5) {
                            Assert.assertEquals("'CN=spock,OU=client,O=client,L=Test,C=DE' is not allowed to impersonate as transport user 'gkar'", e5.getMessage());
                        }
                        System.out.println("------- 12 ---------");
                        stashContext = internalTransportClient2.threadPool().getThreadContext().stashContext();
                        try {
                            internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                            GetResponse getResponse = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                            Assert.assertFalse(getResponse.isExists());
                            Assert.assertTrue(getResponse.isSourceEmpty());
                            stashContext.close();
                            System.out.println("------- 13 ---------");
                            ThreadContext.StoredContext stashContext4 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                            try {
                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                GetResponse getResponse2 = internalTransportClient2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.FALSE.booleanValue()).get();
                                Assert.assertFalse(getResponse2.isExists());
                                Assert.assertTrue(getResponse2.isSourceEmpty());
                                stashContext4.close();
                                System.out.println("------- 13.1 ---------");
                                ThreadContext.StoredContext stashContext5 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                try {
                                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                    String scrollId = internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get().getScrollId();
                                    stashContext5.close();
                                    System.out.println("------- 13.2 ---------");
                                    ThreadContext.StoredContext stashContext6 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                    try {
                                        internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                        internalTransportClient2.prepareSearchScroll(scrollId).get();
                                        stashContext6.close();
                                        System.out.println("------- 14 ---------");
                                        boolean z = false;
                                        ThreadContext.StoredContext stashContext7 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                        try {
                                            try {
                                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                                                z = true;
                                                stashContext7.close();
                                                stashContext7 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                Header encodeBasicHeader3 = encodeBasicHeader("worf", "worf");
                                                internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader3.getName(), encodeBasicHeader3.getValue());
                                                internalTransportClient2.prepareGet("vulcan", "secrets", "s1").get();
                                                Assert.fail();
                                                stashContext7.close();
                                            } finally {
                                            }
                                        } catch (ElasticsearchSecurityException e6) {
                                            Assert.assertTrue(e6.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                                            Assert.assertTrue(z);
                                            stashContext7.close();
                                        }
                                        System.out.println("------- 15 ---------");
                                        stashContext7 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                        try {
                                            internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                            GetResponse getResponse3 = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                                            Assert.assertFalse(getResponse3.isExists());
                                            Assert.assertTrue(getResponse3.isSourceEmpty());
                                            stashContext7.close();
                                            System.out.println("------- 15 0---------");
                                            ThreadContext.StoredContext storedContext = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                            try {
                                                try {
                                                    Header encodeBasicHeader4 = encodeBasicHeader("worf", "worf");
                                                    internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader4.getName(), encodeBasicHeader4.getValue());
                                                    internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                                                    Assert.fail();
                                                    storedContext.close();
                                                } finally {
                                                    storedContext.close();
                                                }
                                            } catch (Exception e7) {
                                                Assert.assertTrue(e7.getMessage().contains("no permissions for [indices:data/read/get] and User worf"));
                                                storedContext.close();
                                            }
                                            System.out.println("------- 15 1---------");
                                            storedContext = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                            try {
                                                Header encodeBasicHeader5 = encodeBasicHeader("nagilum", "nagilum");
                                                internalTransportClient2.threadPool().getThreadContext().putHeader(encodeBasicHeader5.getName(), encodeBasicHeader5.getValue());
                                                GetResponse getResponse4 = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.TRUE.booleanValue()).get();
                                                Assert.assertFalse(getResponse4.isExists());
                                                Assert.assertTrue(getResponse4.isSourceEmpty());
                                                storedContext.close();
                                                System.out.println("------- 16---------");
                                                ThreadContext.StoredContext stashContext8 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                try {
                                                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                    GetResponse getResponse5 = internalTransportClient2.prepareGet("searchguard", getType(), "config").setRealtime(Boolean.FALSE.booleanValue()).get();
                                                    Assert.assertFalse(getResponse5.isExists());
                                                    Assert.assertTrue(getResponse5.isSourceEmpty());
                                                    stashContext8.close();
                                                    ThreadContext.StoredContext stashContext9 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                    try {
                                                        internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                        SearchResponse searchResponse = internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get();
                                                        stashContext9.close();
                                                        Assert.assertNotNull(searchResponse.getScrollId());
                                                        ThreadContext.StoredContext stashContext10 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                        try {
                                                            try {
                                                                internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf");
                                                                internalTransportClient2.prepareSearchScroll(searchResponse.getScrollId()).get();
                                                                Assert.fail();
                                                                stashContext10.close();
                                                            } finally {
                                                                stashContext10.close();
                                                            }
                                                        } catch (Exception e8) {
                                                            Throwable rootCause = ExceptionUtils.getRootCause(e8);
                                                            e8.printStackTrace();
                                                            Assert.assertTrue(rootCause.getMessage().contains("Wrong user in scroll context"));
                                                            stashContext10.close();
                                                        }
                                                        stashContext10 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                        try {
                                                            internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                            Assert.assertEquals(0L, internalTransportClient2.prepareSearchScroll(internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get().getScrollId()).get().getFailedShards());
                                                            stashContext10.close();
                                                            stashContext2 = internalTransportClient2.threadPool().getThreadContext().stashContext();
                                                            try {
                                                                try {
                                                                    internalTransportClient2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nonexist");
                                                                    Assert.assertEquals(0L, internalTransportClient2.prepareSearchScroll(internalTransportClient2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get().getScrollId()).get().getFailedShards());
                                                                    stashContext2.close();
                                                                } catch (Exception e9) {
                                                                    Throwable rootCause2 = ExceptionUtils.getRootCause(e9);
                                                                    Assert.assertTrue(rootCause2.getMessage(), rootCause2.getMessage().contains("No such transport user: nonexist"));
                                                                    stashContext2.close();
                                                                }
                                                                System.out.println("------- TRC end ---------");
                                                                if (internalTransportClient2 != null) {
                                                                    internalTransportClient2.close();
                                                                }
                                                                System.out.println("------- CTC end ---------");
                                                            } finally {
                                                                stashContext2.close();
                                                            }
                                                        } finally {
                                                            stashContext10.close();
                                                        }
                                                    } finally {
                                                        stashContext9.close();
                                                    }
                                                } finally {
                                                    stashContext8.close();
                                                }
                                            } finally {
                                                storedContext.close();
                                            }
                                        } finally {
                                            stashContext7.close();
                                        }
                                    } finally {
                                        stashContext6.close();
                                    }
                                } finally {
                                    stashContext5.close();
                                }
                            } finally {
                                stashContext4.close();
                            }
                        } finally {
                            stashContext.close();
                        }
                    } finally {
                        stashContext3.close();
                    }
                } finally {
                }
            } catch (Throwable th) {
                if (internalTransportClient2 != null) {
                    try {
                        internalTransportClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTransportClientImpersonationUsernameAttribute() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml").setSgRolesMapping("sg_roles_mapping_transport_username.yml").setSgInternalUsers("sg_internal_users_transport_username.yml"), Settings.builder().putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf", "nagilum"}).build());
        TransportClient internalTransportClient = getInternalTransportClient();
        try {
            internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            Assert.assertFalse(((ConfigUpdateResponse) internalTransportClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).hasFailures());
            Assert.assertEquals(this.clusterInfo.numNodes, r0.getNodes().size());
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
            TransportClient internalTransportClient2 = getInternalTransportClient(this.clusterInfo, Settings.builder().put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").put("request.headers.sg_impersonate_as", "worf").build());
            try {
                Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient2.admin().cluster().nodesInfo(new NodesInfoRequest(new String[0])).actionGet()).getNodes().size());
                if (internalTransportClient2 != null) {
                    internalTransportClient2.close();
                }
            } catch (Throwable th) {
                if (internalTransportClient2 != null) {
                    try {
                        internalTransportClient2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTransportClientImpersonationWildcardUsernameAttribute() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml").setSgRolesMapping("sg_roles_mapping_transport_username.yml").setSgInternalUsers("sg_internal_users_transport_username.yml"), Settings.builder().putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"*"}).build());
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.builder().put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").put("request.headers.sg_impersonate_as", "worf").build());
        try {
            Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient.admin().cluster().nodesInfo(new NodesInfoRequest(new String[0])).actionGet()).getNodes().size());
            if (internalTransportClient != null) {
                internalTransportClient.close();
            }
        } catch (Throwable th) {
            if (internalTransportClient != null) {
                try {
                    internalTransportClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
