package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.util.Map;
import org.apache.http.Header;
import org.elasticsearch.common.settings.Settings;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/RolesApiTest.class */
public class RolesApiTest extends AbstractRestApiUnitTest {
    @Test
    public void testRolesApi() throws Exception {
        setup();
        this.rh.keystore = "kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeGetRequest("_searchguard/api/configuration/roles", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertEquals(8L, Settings.builder().loadFromSource(executeGetRequest.getBody()).build().getAsMap().size());
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/roles/nothinghthere", new Header[0]).getStatusCode());
        Assert.assertEquals(400L, this.rh.executeGetRequest("/_searchguard/api/roles/", new Header[0]).getStatusCode());
        Assert.assertEquals(400L, this.rh.executeGetRequest("/_searchguard/api/roles", new Header[0]).getStatusCode());
        setupStarfleetIndex();
        addUserWithPassword("picard", "picard", new String[]{"starfleet", "captains"}, 201);
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkReadAccess(200, "picard", "picard", "sf", "public", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/roles/idonotexist", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
        checkReadAccess(200, "picard", "picard", "sf", "public", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(200L, this.rh.executeDeleteRequest("/_searchguard/api/roles/sg_role_starfleet", new Header[0]).getStatusCode());
        checkReadAccess(403, "picard", "picard", "sf", "ships", 0);
        checkReadAccess(403, "picard", "picard", "sf", "public", 0);
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(403, "picard", "picard", "sf", "public", 0);
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", "", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.PAYLOAD_MANDATORY.getMessage(), Settings.builder().loadFromSource(executePutRequest.getBody()).build().get("reason"));
        Settings build = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("roles_not_parseable.json"), new Header[0]).getBody()).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage(), build.get("reason"));
        Settings build2 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("roles_invalid_keys.json"), new Header[0]).getBody()).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage(), build2.get("reason"));
        Assert.assertTrue(build2.get("invalid_keys.keys").contains("indizes"));
        Assert.assertTrue(build2.get("invalid_keys.keys").contains("kluster"));
        Settings build3 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("roles_wrong_datatype.json"), new Header[0]).getBody()).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build3.get("reason"));
        Assert.assertTrue(build3.get("indices").equals("Object expected"));
        Assert.assertTrue(build3.get("cluster").equals("Array expected"));
        Assert.assertEquals(201L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("roles_starfleet.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkReadAccess(200, "picard", "picard", "sf", "public", 0);
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(201L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_captains.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = false;
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkReadAccess(200, "picard", "picard", "sf", "public", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(200, "picard", "picard", "sf", "public", 0);
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(400L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_multiple.json"), new Header[0]).getStatusCode());
        Assert.assertEquals(400L, this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_multiple_2.json"), new Header[0]).getStatusCode());
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executePutRequest2 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_captains_tenants.json"), new Header[0]);
        Assert.assertEquals(200L, executePutRequest2.getStatusCode());
        Map asMap = Settings.builder().loadFromSource(executePutRequest2.getBody()).build().getAsMap();
        Assert.assertEquals(2L, asMap.size());
        Assert.assertEquals(asMap.get("status"), "OK");
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Map asMap2 = Settings.builder().loadFromSource(executeGetRequest2.getBody()).build().getAsMap();
        Assert.assertEquals(5L, asMap2.size());
        Assert.assertEquals(asMap2.get("sg_role_starfleet_captains.tenants.tenant1"), "RO");
        Assert.assertEquals(asMap2.get("sg_role_starfleet_captains.tenants.tenant2"), "RW");
        RestHelper.HttpResponse executePutRequest3 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_captains_tenants2.json"), new Header[0]);
        Assert.assertEquals(200L, executePutRequest3.getStatusCode());
        Map asMap3 = Settings.builder().loadFromSource(executePutRequest3.getBody()).build().getAsMap();
        Assert.assertEquals(2L, asMap3.size());
        Assert.assertEquals(asMap3.get("status"), "OK");
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Map asMap4 = Settings.builder().loadFromSource(executeGetRequest3.getBody()).build().getAsMap();
        Assert.assertEquals(7L, asMap4.size());
        Assert.assertEquals(asMap4.get("sg_role_starfleet_captains.tenants.tenant1"), "RO");
        Assert.assertEquals(asMap4.get("sg_role_starfleet_captains.tenants.tenant2"), "RW");
        Assert.assertEquals(asMap4.get("sg_role_starfleet_captains.tenants.tenant3"), "RO");
        Assert.assertEquals(asMap4.get("sg_role_starfleet_captains.tenants.tenant4"), "RW");
        RestHelper.HttpResponse executePutRequest4 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_captains_no_tenants.json"), new Header[0]);
        Assert.assertEquals(200L, executePutRequest4.getStatusCode());
        Map asMap5 = Settings.builder().loadFromSource(executePutRequest4.getBody()).build().getAsMap();
        Assert.assertEquals(2L, asMap5.size());
        Assert.assertEquals(asMap5.get("status"), "OK");
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Map asMap6 = Settings.builder().loadFromSource(executeGetRequest4.getBody()).build().getAsMap();
        Assert.assertEquals(3L, asMap6.size());
        Assert.assertNull(asMap6.get("sg_role_starfleet_captains.tenants.tenant1"));
        Assert.assertNull(asMap6.get("sg_role_starfleet_captains.tenants.tenant2"));
        Assert.assertNull(asMap6.get("sg_role_starfleet_captains.tenants.tenant3"));
        Assert.assertNull(asMap6.get("sg_role_starfleet_captains.tenants.tenant4"));
        RestHelper.HttpResponse executePutRequest5 = this.rh.executePutRequest("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("roles_captains_tenants_malformed.json"), new Header[0]);
        Assert.assertEquals(400L, executePutRequest5.getStatusCode());
        Map asMap7 = Settings.builder().loadFromSource(executePutRequest5.getBody()).build().getAsMap();
        Assert.assertEquals(asMap7.get("status"), "error");
        Assert.assertEquals(asMap7.get("reason"), AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage());
    }
}
