package com.floragunn.searchguard;

import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl;
import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.io.File;
import java.nio.charset.StandardCharsets;
import org.apache.commons.io.FileUtils;
import org.apache.http.Header;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/HttpIntegrationTests.class */
public class HttpIntegrationTests extends SingleClusterTest {
    @Test
    public void testHTTPBasic() throws Exception {
        Throwable th;
        setup(Settings.builder().putList("searchguard.authcz.rest_impersonation_user.worf", new String[]{"knuddel", "nonexists"}).build());
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th2 = null;
        try {
            try {
                internalTransportClient.admin().indices().create(new CreateIndexRequest("copysf")).actionGet();
                internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("v2").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("v3").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("spock").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("kirk").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("role01_role02").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_search", new Header[0]).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeDeleteRequest("nonexistentindex*", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest(".nonexistentindex*", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("searchguard/config/2", "{}", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("searchguard/config/0", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("xxxxyyyy/config/0", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("abc", "abc:abc")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("userwithnopassword", "")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("userwithblankpassword", "")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "wrongpasswd")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "Basic wrongheader")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "Basic ")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "Basic")).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("picard", "picard")).getStatusCode());
                for (int i = 0; i < 10; i++) {
                    Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "wrongpasswd")).getStatusCode());
                }
                Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("/theindex", "{}", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
                Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("/theindex/type/1?refresh=true", "{\"a\":0}", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeDeleteRequest("/theindex", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("/klingonempire", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("starfleet/_search", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("_search", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("searchguard/", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("/searchguard/_close", null, encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("/searchguard/_upgrade", null, encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("/searchguard/_mapping/config", "{}", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("searchguard/", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("searchguard/config/2", "{}", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("searchguard/config/0", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("searchguard/config/0", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("searchguard/config/0", "{}", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertTrue(nonSslRestHelper.executeGetRequest("_cat/indices/public?v", encodeBasicHeader("bug108", "nagilum")).getBody().contains("green"));
                Assert.assertEquals(200L, r0.getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("role01_role02/type01/_search?pretty", encodeBasicHeader("user_role01_role02_role03", "user_role01_role02_role03")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("role01_role02/type01/_search?pretty", encodeBasicHeader("user_role01", "user_role01")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("spock/type01/_search?pretty", encodeBasicHeader("spock", "spock")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("spock/type01/_search?pretty", encodeBasicHeader("kirk", "kirk")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("kirk/type01/_search?pretty", encodeBasicHeader("kirk", "kirk")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("_mapping/config", "{\"i\" : [\"4\"]}", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("searchguard/_mget", "{\"ids\" : [\"0\"]}", encodeBasicHeader("worf", "worf")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode());
                internalTransportClient = getInternalTransportClient();
                th = null;
            } finally {
            }
            try {
                try {
                    internalTransportClient.index(new IndexRequest("searchguard").type("sg").id("roles").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", FileHelper.readYamlContent("sg_roles_deny.yml")})).actionGet();
                    Assert.assertEquals(this.clusterInfo.numNodes, ((ConfigUpdateResponse) internalTransportClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"roles"})).actionGet()).getNodes().size());
                    if (internalTransportClient != null) {
                        if (0 != 0) {
                            try {
                                internalTransportClient.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            internalTransportClient.close();
                        }
                    }
                    Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode());
                    TransportClient internalTransportClient2 = getInternalTransportClient();
                    Throwable th5 = null;
                    try {
                        internalTransportClient2.index(new IndexRequest("searchguard").type("sg").id("roles").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", FileHelper.readYamlContent("sg_roles.yml")})).actionGet();
                        Assert.assertEquals(this.clusterInfo.numNodes, ((ConfigUpdateResponse) internalTransportClient2.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"roles"})).actionGet()).getNodes().size());
                        if (internalTransportClient2 != null) {
                            if (0 != 0) {
                                try {
                                    internalTransportClient2.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                internalTransportClient2.close();
                            }
                        }
                        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode());
                        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("_search?pretty", encodeBasicHeader("nagilum", "nagilum"));
                        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                        Assert.assertTrue(executeGetRequest.getBody().contains("\"total\" : 11"));
                        Assert.assertTrue(!executeGetRequest.getBody().contains("searchguard"));
                        RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("_nodes/stats?pretty", encodeBasicHeader("nagilum", "nagilum"));
                        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
                        Assert.assertTrue(executeGetRequest2.getBody().contains("total_in_bytes"));
                        Assert.assertTrue(executeGetRequest2.getBody().contains("max_file_descriptors"));
                        Assert.assertTrue(executeGetRequest2.getBody().contains("buffer_pools"));
                        Assert.assertFalse(executeGetRequest2.getBody().contains("\"nodes\" : { }"));
                        RestHelper.HttpResponse executePostRequest = nonSslRestHelper.executePostRequest("*/_upgrade", "", encodeBasicHeader("nagilum", "nagilum"));
                        System.out.println(executePostRequest.getBody());
                        System.out.println(executePostRequest.getStatusReason());
                        Assert.assertEquals(200L, executePostRequest.getStatusCode());
                        RestHelper.HttpResponse executePostRequest2 = nonSslRestHelper.executePostRequest("_bulk", "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator(), encodeBasicHeader("writer", "writer"));
                        System.out.println(executePostRequest2.getBody());
                        Assert.assertEquals(200L, executePostRequest2.getStatusCode());
                        Assert.assertTrue(executePostRequest2.getBody().contains("\"errors\":false"));
                        Assert.assertTrue(executePostRequest2.getBody().contains("\"status\":201"));
                        RestHelper.HttpResponse executeGetRequest3 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("sg_tenant", "unittesttenant"), encodeBasicHeader("worf", "worf"));
                        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
                        Assert.assertTrue(executeGetRequest3.getBody().contains("sg_tenants"));
                        Assert.assertTrue(executeGetRequest3.getBody().contains("unittesttenant"));
                        Assert.assertTrue(executeGetRequest3.getBody().contains("\"kltentrw\":true"));
                        Assert.assertTrue(executeGetRequest3.getBody().contains("\"user_name\":\"worf\""));
                        RestHelper.HttpResponse executeGetRequest4 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", encodeBasicHeader("worf", "worf"));
                        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
                        Assert.assertTrue(executeGetRequest4.getBody().contains("sg_tenants"));
                        Assert.assertTrue(executeGetRequest4.getBody().contains("\"user_requested_tenant\":null"));
                        Assert.assertTrue(executeGetRequest4.getBody().contains("\"kltentrw\":true"));
                        Assert.assertTrue(executeGetRequest4.getBody().contains("\"user_name\":\"worf\""));
                        Assert.assertTrue(executeGetRequest4.getBody().contains("\"custom_attribute_names\":[]"));
                        Assert.assertFalse(executeGetRequest4.getBody().contains("attributes="));
                        Assert.assertTrue(PrivilegesInterceptorImpl.count > 0);
                        RestHelper.HttpResponse executeGetRequest5 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo?pretty", encodeBasicHeader("custattr", "nagilum"));
                        Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
                        Assert.assertTrue(executeGetRequest5.getBody().contains("sg_tenants"));
                        Assert.assertTrue(executeGetRequest5.getBody().contains("\"user_requested_tenant\" : null"));
                        Assert.assertTrue(executeGetRequest5.getBody().contains("\"user_name\" : \"custattr\""));
                        Assert.assertTrue(executeGetRequest5.getBody().contains("\"custom_attribute_names\" : ["));
                        Assert.assertTrue(executeGetRequest5.getBody().contains("attr.internal.c3"));
                        Assert.assertTrue(executeGetRequest5.getBody().contains("attr.internal.c1"));
                        Assert.assertTrue(PrivilegesInterceptorImpl.count > 0);
                        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("v2/_search", encodeBasicHeader("custattr", "nagilum")).getStatusCode());
                        Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("v3/_search", encodeBasicHeader("custattr", "nagilum")).getStatusCode());
                        RestHelper.HttpResponse executePostRequest3 = nonSslRestHelper.executePostRequest("_reindex?pretty", "{\"source\": {\"index\": \"starfleet\"},\"dest\": {\"index\": \"copysf\"}}", encodeBasicHeader("nagilum", "nagilum"));
                        Assert.assertEquals(200L, executePostRequest3.getStatusCode());
                        Assert.assertTrue(executePostRequest3.getBody().contains("\"total\" : 1"));
                        Assert.assertTrue(executePostRequest3.getBody().contains("\"batches\" : 1"));
                        Assert.assertTrue(executePostRequest3.getBody().contains("\"failures\" : [ ]"));
                        RestHelper.HttpResponse executeGetRequest6 = nonSslRestHelper.executeGetRequest("/_searchguard/authinfo", new BasicHeader("sg_impersonate_as", "knuddel"), encodeBasicHeader("worf", "worf"));
                        Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
                        Assert.assertTrue(executeGetRequest6.getBody().contains("name=knuddel"));
                        Assert.assertFalse(executeGetRequest6.getBody().contains("worf"));
                        Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_searchguard/authinfo", new BasicHeader("sg_impersonate_as", "nonexists"), encodeBasicHeader("worf", "worf")).getStatusCode());
                        Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_searchguard/authinfo", new BasicHeader("sg_impersonate_as", "notallowed"), encodeBasicHeader("worf", "worf")).getStatusCode());
                    } catch (Throwable th7) {
                        if (internalTransportClient2 != null) {
                            if (0 != 0) {
                                try {
                                    internalTransportClient2.close();
                                } catch (Throwable th8) {
                                    th5.addSuppressed(th8);
                                }
                            } else {
                                internalTransportClient2.close();
                            }
                        }
                        throw th7;
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testHTTPSCompressionEnabled() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.builder().put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).put("http.compression", true).build(), true);
        RestHelper restHelper = restHelper();
        RestHelper.HttpResponse executeGetRequest = restHelper.executeGetRequest("_searchguard/sslinfo", encodeBasicHeader("nagilum", "nagilum"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        System.out.println(executeGetRequest);
        assertContains(executeGetRequest, "*ssl_protocol\":\"TLSv1.2*");
        RestHelper.HttpResponse executeGetRequest2 = restHelper.executeGetRequest("_nodes", encodeBasicHeader("nagilum", "nagilum"));
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        System.out.println(executeGetRequest2);
        assertNotContains(executeGetRequest2, "*\"compression\":\"false\"*");
        assertContains(executeGetRequest2, "*\"compression\":\"true\"*");
    }

    @Test
    public void testHTTPSCompression() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.builder().put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).build(), true);
        RestHelper restHelper = restHelper();
        RestHelper.HttpResponse executeGetRequest = restHelper.executeGetRequest("_searchguard/sslinfo", encodeBasicHeader("nagilum", "nagilum"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        System.out.println(executeGetRequest);
        assertContains(executeGetRequest, "*ssl_protocol\":\"TLSv1.2*");
        RestHelper.HttpResponse executeGetRequest2 = restHelper.executeGetRequest("_nodes", encodeBasicHeader("nagilum", "nagilum"));
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        System.out.println(executeGetRequest2);
        assertContains(executeGetRequest2, "*\"compression\":\"false\"*");
        assertNotContains(executeGetRequest2, "*\"compression\":\"true\"*");
    }

    @Test
    public void testHTTPAnon() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_anon.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", new Header[0]).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "wrong")).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new Header[0]);
        System.out.println(executeGetRequest.getBody());
        Assert.assertTrue(executeGetRequest.getBody().contains("sg_anonymous"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo?pretty=true", new Header[0]);
        System.out.println(executeGetRequest2.getBody());
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"remote_address\" : \""));
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        RestHelper.HttpResponse executeGetRequest3 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", encodeBasicHeader("nagilum", "nagilum"));
        System.out.println(executeGetRequest3.getBody());
        Assert.assertTrue(executeGetRequest3.getBody().contains("nagilum"));
        Assert.assertFalse(executeGetRequest3.getBody().contains("sg_anonymous"));
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("searchguard").type("sg").id("config").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", FileHelper.readYamlContent("sg_config.yml")})).actionGet();
                internalTransportClient.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("internalusers").source(new Object[]{"internalusers", FileHelper.readYamlContent("sg_internal_users.yml")})).actionGet();
                Assert.assertEquals(this.clusterInfo.numNodes, ((ConfigUpdateResponse) internalTransportClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new Header[0]).getStatusCode());
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "wrong")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testHTTPClientCert() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_clientcert.yml"), Settings.builder().put("searchguard.ssl.http.clientauth_mode", "REQUIRE").put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).putList("searchguard.ssl.http.enabled_protocols", new String[]{"TLSv1.1", "TLSv1.2"}).putList("searchguard.ssl.http.enabled_ciphers", new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).putList("searchguard.ssl.transport.enabled_protocols", new String[]{"TLSv1.1", "TLSv1.2"}).putList("searchguard.ssl.transport.enabled_ciphers", new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).build(), true);
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("vulcangov").type("type").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(this.clusterInfo.numNodes, ((ConfigUpdateResponse) internalTransportClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper restHelper = restHelper();
                restHelper.enableHTTPClientSSL = true;
                restHelper.trustHTTPServerCertificate = true;
                restHelper.sendHTTPClientCertificate = true;
                restHelper.keystore = "spock-keystore.jks";
                Assert.assertEquals(200L, restHelper.executeGetRequest("_search", new Header[0]).getStatusCode());
                Assert.assertEquals(403L, restHelper.executePutRequest("searchguard/sg/x", "{}", new Header[0]).getStatusCode());
                restHelper.keystore = "kirk-keystore.jks";
                Assert.assertEquals(201L, restHelper.executePutRequest("searchguard/sg/y", "{}", new Header[0]).getStatusCode());
                RestHelper.HttpResponse executeGetRequest = restHelper.executeGetRequest("_searchguard/authinfo", new Header[0]);
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                System.out.println(executeGetRequest.getBody());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testHTTPPlaintextErrMsg() throws Exception {
        try {
            setup(Settings.builder().put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).put("searchguard.ssl.http.enabled", true).build());
            nonSslRestHelper().executeGetRequest("", encodeBasicHeader("worf", "worf"));
            Assert.fail();
        } catch (Exception e) {
            Assert.assertTrue(FileUtils.readFileToString(new File("unittest.log"), StandardCharsets.UTF_8).contains("speaks http plaintext instead of ssl, will close the channel"));
        }
    }

    @Test
    public void testHTTPProxyDefault() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_proxy.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user", "scotty"), encodeBasicHeader("nagilum-wrong", "nagilum-wrong")).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user-wrong", "scotty"), encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        Assert.assertEquals(500L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "a"), new BasicHeader("x-proxy-user", "scotty"), encodeBasicHeader("nagilum-wrong", "nagilum-wrong")).getStatusCode());
        Assert.assertEquals(500L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "a,b,c"), new BasicHeader("x-proxy-user", "scotty")).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user", "scotty")).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("X-Proxy-User", "scotty")).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user", "scotty"), new BasicHeader("x-proxy-roles", "starfleet,engineer")).getStatusCode());
    }

    @Test
    public void testHTTPProxyRolesSeparator() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_proxy_custom.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Assert.assertTrue("Expected one backend role since separator is incorrect", nonSslRestHelper.executeGetRequest("/_searchguard/authinfo", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("user", "scotty"), new BasicHeader("roles", "starfleet,engineer")).getBody().contains("\"backend_roles\":[\"starfleet,engineer\"]"));
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/_searchguard/authinfo", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("user", "scotty"), new BasicHeader("roles", "starfleet;engineer"));
        Assert.assertTrue("Expected two backend roles string since separator is correct: " + executeGetRequest.getBody(), executeGetRequest.getBody().contains("\"backend_roles\":[\"starfleet\",\"engineer\"]"));
    }

    @Test
    public void testHTTPBasic2() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.EMPTY);
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.EMPTY);
        Throwable th = null;
        try {
            internalTransportClient.admin().indices().create(new CreateIndexRequest("copysf")).actionGet();
            internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("spock").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("kirk").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("role01_role02").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeDeleteRequest("nonexistentindex*", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest(".nonexistentindex*", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("searchguard/config/2", "{}", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("searchguard/config/0", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("xxxxyyyy/config/0", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("abc", "abc:abc")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("userwithnopassword", "")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("userwithblankpassword", "")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "wrongpasswd")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "Basic wrongheader")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "Basic ")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "Basic")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", new BasicHeader("Authorization", "")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("picard", "picard")).getStatusCode());
            for (int i = 0; i < 10; i++) {
                Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("worf", "wrongpasswd")).getStatusCode());
            }
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("/theindex", "{}", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
            Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("/theindex/type/1?refresh=true", "{\"a\":0}", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeDeleteRequest("/theindex", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("/klingonempire", encodeBasicHeader("theindexadmin", "theindexadmin")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("starfleet/_search", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("_search", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("starfleet/ships/_search?pretty", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("searchguard/", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("/searchguard/_close", null, encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("/searchguard/_upgrade", null, encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("/searchguard/_mapping/config", "{}", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("searchguard/", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("searchguard/config/2", "{}", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("searchguard/config/0", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeDeleteRequest("searchguard/config/0", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("searchguard/config/0", "{}", encodeBasicHeader("worf", "worf")).getStatusCode());
            System.out.println(nonSslRestHelper.executeGetRequest("_cat/indices/public", encodeBasicHeader("bug108", "nagilum")).getBody());
            Assert.assertEquals(200L, r0.getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("role01_role02/type01/_search?pretty", encodeBasicHeader("user_role01_role02_role03", "user_role01_role02_role03")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("role01_role02/type01/_search?pretty", encodeBasicHeader("user_role01", "user_role01")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("spock/type01/_search?pretty", encodeBasicHeader("spock", "spock")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("spock/type01/_search?pretty", encodeBasicHeader("kirk", "kirk")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("kirk/type01/_search?pretty", encodeBasicHeader("kirk", "kirk")).getStatusCode());
            System.out.println("ok");
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testBulk() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgRoles("sg_roles_bulk.yml"), Settings.builder().put("searchguard.roles_mapping_resolution", "BOTH").build());
        RestHelper.HttpResponse executePostRequest = nonSslRestHelper().executePostRequest("_bulk", "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator(), encodeBasicHeader("bulk", "nagilum"));
        System.out.println(executePostRequest.getBody());
        Assert.assertEquals(200L, executePostRequest.getStatusCode());
        Assert.assertTrue(executePostRequest.getBody().contains("\"errors\":false"));
        Assert.assertTrue(executePostRequest.getBody().contains("\"status\":201"));
    }

    @Test
    public void test557() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.builder().put("searchguard.roles_mapping_resolution", "BOTH").build());
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.EMPTY);
        Throwable th = null;
        try {
            try {
                internalTransportClient.admin().indices().create(new CreateIndexRequest("copysf")).actionGet();
                internalTransportClient.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper nonSslRestHelper = nonSslRestHelper();
                RestHelper.HttpResponse executePostRequest = nonSslRestHelper.executePostRequest("/*/_search", "{\"size\":0,\"aggs\":{\"indices\":{\"terms\":{\"field\":\"_index\",\"size\":10}}}}", encodeBasicHeader("nagilum", "nagilum"));
                System.out.println(executePostRequest.getBody());
                Assert.assertEquals(200L, executePostRequest.getStatusCode());
                Assert.assertTrue(executePostRequest.getBody().contains("starfleet_academy"));
                RestHelper.HttpResponse executePostRequest2 = nonSslRestHelper.executePostRequest("/*/_search", "{\"size\":0,\"aggs\":{\"indices\":{\"terms\":{\"field\":\"_index\",\"size\":10}}}}", encodeBasicHeader("557", "nagilum"));
                System.out.println(executePostRequest2.getBody());
                Assert.assertEquals(200L, executePostRequest2.getStatusCode());
                Assert.assertTrue(executePostRequest2.getBody().contains("starfleet_academy"));
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testITT1635() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_dnfof.yml").setSgRoles("sg_roles_itt1635.yml"), Settings.builder().put("searchguard.roles_mapping_resolution", "BOTH").build());
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.EMPTY);
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("esb-prod-1").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("esb-prod-2").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("esb-prod-3").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("esb-prod-4").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("esb-prod-5").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":5}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-1", "esb-prod-2", "esb-prod-3", "esb-prod-4", "esb-prod-5"}).alias("esb-prod-all"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-1"}).alias("esb-alias-1"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-2"}).alias("esb-alias-2"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-3"}).alias("esb-alias-3"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-4"}).alias("esb-alias-4"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-5"}).alias("esb-alias-5"))).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper nonSslRestHelper = nonSslRestHelper();
                System.out.println("###1");
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/esb-prod-*/_search?pretty", encodeBasicHeader("itt1635", "nagilum")).getStatusCode());
                System.out.println("###2");
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/esb-alias-*/_search?pretty", encodeBasicHeader("itt1635", "nagilum")).getStatusCode());
                System.out.println("###3");
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/esb-prod-all/_search?pretty", encodeBasicHeader("itt1635", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTenantInfo() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.builder().build());
        TransportClient internalTransportClient = getInternalTransportClient(this.clusterInfo, Settings.EMPTY);
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest(".kibana-6").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana_-1139640511_admin1").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana_-1386441176_praxisrw").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana_-634608247_abcdef22").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana_-12345_123456").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana2_-12345_123456").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana_9876_xxx_ccc").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana_fff_eee").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("esb-prod-5").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":5}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{".kibana-6"}).alias(".kibana"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-5"}).alias(".kibana_-2014056163_kltentrw"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"esb-prod-5"}).alias("esb-alias-5"))).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper nonSslRestHelper = nonSslRestHelper();
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_searchguard/tenantinfo?pretty", encodeBasicHeader("itt1635", "nagilum")).getStatusCode());
                RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/_searchguard/tenantinfo?pretty", encodeBasicHeader("kibanaserver", "kibanaserver"));
                System.out.println(executeGetRequest.getBody());
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                Assert.assertTrue(executeGetRequest.getBody().contains("\".kibana_-1139640511_admin1\" : \"admin_1\""));
                Assert.assertTrue(executeGetRequest.getBody().contains("\".kibana_-1386441176_praxisrw\" : \"praxisrw\""));
                Assert.assertTrue(executeGetRequest.getBody().contains(".kibana_-2014056163_kltentrw\" : \"kltentrw\""));
                Assert.assertTrue(executeGetRequest.getBody().contains("\".kibana_-634608247_abcdef22\" : \"abcdef_2_2\""));
                Assert.assertTrue(executeGetRequest.getBody().contains("\".kibana_-12345_123456\" : \"__private__\""));
                Assert.assertFalse(executeGetRequest.getBody().contains(".kibana-6"));
                Assert.assertFalse(executeGetRequest.getBody().contains("esb-"));
                Assert.assertFalse(executeGetRequest.getBody().contains("xxx"));
                Assert.assertFalse(executeGetRequest.getBody().contains(".kibana2"));
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testRestImpersonation() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_rest_impersonation.yml"), Settings.builder().putList("searchguard.authcz.rest_impersonation_user.worf", new String[]{"someotherusernotininternalusersfile"}).build());
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("/_searchguard/authinfo", new BasicHeader("sg_impersonate_as", "someotherusernotininternalusersfile"), encodeBasicHeader("worf", "worf"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("name=someotherusernotininternalusersfile"));
        Assert.assertFalse(executeGetRequest.getBody().contains("worf"));
    }

    @Test
    public void testSslOnlyMode() throws Exception {
        setupSslOnlyMode(Settings.builder().put("searchguard.ssl_only", true).build());
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/_searchguard/sslinfo", new Header[0]).getStatusCode());
        Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("/xyz/_doc/1", "{\"a\":5}", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/_mappings", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/_search", new Header[0]).getStatusCode());
    }
}
