package com.floragunn.searchguard;

import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.action.whoami.WhoAmIAction;
import com.floragunn.searchguard.action.whoami.WhoAmIRequest;
import com.floragunn.searchguard.action.whoami.WhoAmIResponse;
import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.io.File;
import org.apache.http.Header;
import org.apache.http.client.methods.HttpGet;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/InitializationIntegrationTests.class */
public class InitializationIntegrationTests extends SingleClusterTest {
    @Test
    public void testEnsureInitViaRestDoesWork() throws Exception {
        setup(Settings.EMPTY, null, Settings.builder().put("searchguard.ssl.http.clientauth_mode", "REQUIRE").put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("node-0-keystore.jks")).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("truststore.jks")).build(), false);
        RestHelper restHelper = restHelper();
        restHelper.enableHTTPClientSSL = true;
        restHelper.trustHTTPServerCertificate = true;
        restHelper.sendHTTPClientCertificate = true;
        Assert.assertEquals(503L, restHelper.executePutRequest("searchguard/config/0", "{}", encodeBasicHeader("___", "")).getStatusCode());
        Assert.assertEquals(503L, restHelper.executePutRequest("searchguard/sg/config", "{}", encodeBasicHeader("___", "")).getStatusCode());
        restHelper.keystore = "kirk-keystore.jks";
        Assert.assertEquals(201L, restHelper.executePutRequest("searchguard/sg/config", "{}", encodeBasicHeader("___", "")).getStatusCode());
        Assert.assertFalse(restHelper.executeSimpleRequest("_nodes/stats?pretty").contains("\"tx_size_in_bytes\" : 0"));
        Assert.assertFalse(restHelper.executeSimpleRequest("_nodes/stats?pretty").contains("\"rx_count\" : 0"));
        Assert.assertFalse(restHelper.executeSimpleRequest("_nodes/stats?pretty").contains("\"rx_size_in_bytes\" : 0"));
        Assert.assertFalse(restHelper.executeSimpleRequest("_nodes/stats?pretty").contains("\"tx_count\" : 0"));
    }

    @Test
    public void testWhoAmI() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgInternalUsers("sg_internal_empty.yml").setSgRoles("sg_roles_deny.yml"), Settings.EMPTY, true);
        TransportClient userTransportClient = getUserTransportClient(this.clusterInfo, "spock-keystore.jks", Settings.EMPTY);
        Throwable th = null;
        try {
            WhoAmIResponse whoAmIResponse = (WhoAmIResponse) userTransportClient.execute(WhoAmIAction.INSTANCE, new WhoAmIRequest()).actionGet();
            System.out.println(whoAmIResponse);
            Assert.assertEquals(whoAmIResponse.toString(), "CN=spock,OU=client,O=client,L=Test,C=DE", whoAmIResponse.getDn());
            Assert.assertFalse(whoAmIResponse.toString(), whoAmIResponse.isAdmin());
            Assert.assertFalse(whoAmIResponse.toString(), whoAmIResponse.isAuthenticated());
            Assert.assertFalse(whoAmIResponse.toString(), whoAmIResponse.isNodeCertificateRequest());
            if (userTransportClient != null) {
                if (0 != 0) {
                    try {
                        userTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    userTransportClient.close();
                }
            }
            TransportClient userTransportClient2 = getUserTransportClient(this.clusterInfo, "node-0-keystore.jks", Settings.EMPTY);
            Throwable th3 = null;
            try {
                try {
                    WhoAmIResponse whoAmIResponse2 = (WhoAmIResponse) userTransportClient2.execute(WhoAmIAction.INSTANCE, new WhoAmIRequest()).actionGet();
                    System.out.println(whoAmIResponse2);
                    Assert.assertEquals(whoAmIResponse2.toString(), "CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE", whoAmIResponse2.getDn());
                    Assert.assertFalse(whoAmIResponse2.toString(), whoAmIResponse2.isAdmin());
                    Assert.assertFalse(whoAmIResponse2.toString(), whoAmIResponse2.isAuthenticated());
                    Assert.assertTrue(whoAmIResponse2.toString(), whoAmIResponse2.isNodeCertificateRequest());
                    if (userTransportClient2 != null) {
                        if (0 == 0) {
                            userTransportClient2.close();
                            return;
                        }
                        try {
                            userTransportClient2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th3 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (userTransportClient2 != null) {
                    if (th3 != null) {
                        try {
                            userTransportClient2.close();
                        } catch (Throwable th7) {
                            th3.addSuppressed(th7);
                        }
                    } else {
                        userTransportClient2.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (userTransportClient != null) {
                if (0 != 0) {
                    try {
                        userTransportClient.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    userTransportClient.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void testConfigHotReload() throws Exception {
        setup();
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Header encodeBasicHeader = encodeBasicHeader("spock", "spock");
        for (TransportAddress transportAddress : this.clusterInfo.httpAdresses) {
            RestHelper.HttpResponse executeRequest = nonSslRestHelper.executeRequest(new HttpGet("http://" + transportAddress.getAddress() + ":" + transportAddress.getPort() + "/_searchguard/authinfo?pretty=true"), encodeBasicHeader);
            Assert.assertTrue(executeRequest.getBody().contains("spock"));
            Assert.assertFalse(executeRequest.getBody().contains("additionalrole"));
            Assert.assertTrue(executeRequest.getBody().contains("vulcan"));
        }
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                internalTransportClient.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("internalusers").source(new Object[]{"internalusers", FileHelper.readYamlContent("sg_internal_users_spock_add_roles.yml")})).actionGet();
                Assert.assertEquals(this.clusterInfo.numNodes, ((ConfigUpdateResponse) internalTransportClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                for (TransportAddress transportAddress2 : this.clusterInfo.httpAdresses) {
                    this.log.debug("http://" + transportAddress2.getAddress() + ":" + transportAddress2.getPort());
                    RestHelper.HttpResponse executeRequest2 = nonSslRestHelper.executeRequest(new HttpGet("http://" + transportAddress2.getAddress() + ":" + transportAddress2.getPort() + "/_searchguard/authinfo?pretty=true"), encodeBasicHeader);
                    Assert.assertTrue(executeRequest2.getBody().contains("spock"));
                    Assert.assertTrue(executeRequest2.getBody().contains("additionalrole1"));
                    Assert.assertTrue(executeRequest2.getBody().contains("additionalrole2"));
                    Assert.assertFalse(executeRequest2.getBody().contains("starfleet"));
                }
                TransportClient internalTransportClient2 = getInternalTransportClient();
                Throwable th3 = null;
                try {
                    Assert.assertEquals(this.clusterInfo.numNodes, ((NodesInfoResponse) internalTransportClient2.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                    internalTransportClient2.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("config").source(new Object[]{"config", FileHelper.readYamlContent("sg_config_anon.yml")})).actionGet();
                    Assert.assertEquals(this.clusterInfo.numNodes, ((ConfigUpdateResponse) internalTransportClient2.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config"})).actionGet()).getNodes().size());
                    if (internalTransportClient2 != null) {
                        if (0 != 0) {
                            try {
                                internalTransportClient2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            internalTransportClient2.close();
                        }
                    }
                    for (TransportAddress transportAddress3 : this.clusterInfo.httpAdresses) {
                        RestHelper.HttpResponse executeRequest3 = nonSslRestHelper.executeRequest(new HttpGet("http://" + transportAddress3.getAddress() + ":" + transportAddress3.getPort() + "/_searchguard/authinfo?pretty=true"), new Header[0]);
                        this.log.debug(executeRequest3.getBody());
                        Assert.assertTrue(executeRequest3.getBody().contains("sg_role_host1"));
                        Assert.assertTrue(executeRequest3.getBody().contains("sg_anonymous"));
                        Assert.assertTrue(executeRequest3.getBody().contains("name=sg_anonymous"));
                        Assert.assertTrue(executeRequest3.getBody().contains("roles=[sg_anonymous_backendrole]"));
                        Assert.assertEquals(200L, executeRequest3.getStatusCode());
                    }
                } catch (Throwable th5) {
                    if (internalTransportClient2 != null) {
                        if (0 != 0) {
                            try {
                                internalTransportClient2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            internalTransportClient2.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testDefaultConfig() throws Exception {
        System.setProperty("sg.default_init.dir", new File("./sgconfig").getAbsolutePath());
        setup(Settings.EMPTY, null, Settings.builder().put("searchguard.allow_default_init_sgindex", true).build(), false);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Thread.sleep(10000L);
        Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("", encodeBasicHeader("admin", "admin")).getStatusCode());
    }

    @Test
    public void testDisabled() throws Exception {
        setup(Settings.EMPTY, null, Settings.builder().put("searchguard.disabled", true).build(), false);
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("_search", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody(), executeGetRequest.getBody().contains("hits"));
    }

    @Test
    public void testDiscoveryWithoutInitialization() throws Exception {
        setup(Settings.EMPTY, null, Settings.EMPTY, false);
        Assert.assertEquals(this.clusterInfo.numNodes, ((ClusterHealthResponse) this.clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
        Assert.assertEquals(ClusterHealthStatus.GREEN, ((ClusterHealthResponse) this.clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getStatus());
    }

    @Test
    public void testDefaultInit() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.builder().put("searchguard.allow_default_init_sgindex", true).build(), false);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Thread.sleep(5000L);
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("_searchguard/license?pretty", encodeBasicHeader("admin", "admin"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        System.out.println(executeGetRequest.getBody());
        assertContains(executeGetRequest, "*TRIAL*");
        assertNotContains(executeGetRequest, "*FULL*");
    }
}
