package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import com.google.common.base.Strings;
import java.util.List;
import org.apache.http.Header;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/UserApiTest.class */
public class UserApiTest extends AbstractRestApiUnitTest {
    @Test
    public void testUserApi() throws Exception {
        setup();
        this.rh.keystore = "kirk-keystore.jks";
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest = this.rh.executeGetRequest("_searchguard/api/configuration/internalusers", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertEquals(8L, Settings.builder().loadFromSource(executeGetRequest.getBody(), XContentType.JSON).build().size());
        RestHelper.HttpResponse executeGetRequest2 = this.rh.executeGetRequest("/_searchguard/api/user/admin", new Header[0]);
        Assert.assertEquals(executeGetRequest2.getBody(), 200L, executeGetRequest2.getStatusCode());
        Settings build = Settings.builder().loadFromSource(executeGetRequest2.getBody(), XContentType.JSON).build();
        Assert.assertEquals(1L, build.size());
        Assert.assertEquals("$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG", build.get("admin.hash"));
        Assert.assertEquals(404L, this.rh.executeGetRequest("/_searchguard/api/user/nothinghthere", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/user/", new Header[0]).getStatusCode());
        Assert.assertEquals(200L, this.rh.executeGetRequest("/_searchguard/api/user", new Header[0]).getStatusCode());
        Assert.assertEquals(405L, this.rh.executePutRequest("/_searchguard/api/user/", "{hash: \"123\"}", new Header[0]).getStatusCode());
        RestHelper.HttpResponse executePutRequest = this.rh.executePutRequest("/_searchguard/api/user/nagilum", "{some: \"thing\" asd  other: \"thing\"}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest.getStatusCode());
        Assert.assertEquals(Settings.builder().loadFromSource(executePutRequest.getBody(), XContentType.JSON).build().get("reason"), AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage());
        RestHelper.HttpResponse executePutRequest2 = this.rh.executePutRequest("/_searchguard/api/user/nagilum", "{some: \"thing\", other: \"thing\"}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest2.getStatusCode());
        Settings.builder().loadFromSource(executePutRequest2.getBody(), XContentType.JSON).build();
        RestHelper.HttpResponse executePutRequest3 = this.rh.executePutRequest("/_searchguard/api/user/nagilum", "{\"some\": \"thing\", \"other\": \"thing\"}", new Header[0]);
        Assert.assertEquals(400L, executePutRequest3.getStatusCode());
        Settings build2 = Settings.builder().loadFromSource(executePutRequest3.getBody(), XContentType.JSON).build();
        Assert.assertEquals(build2.get("reason"), AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage());
        Assert.assertTrue(build2.get("invalid_keys.keys").contains("some"));
        Assert.assertTrue(build2.get("invalid_keys.keys").contains("other"));
        checkGeneralAccess(401, "nagilum", "nagilum");
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("sarek", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 403);
        this.rh.sendHTTPClientCertificate = true;
        addUserWithHash("nagilum", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        checkGeneralAccess(200, "nagilum", "nagilum");
        this.rh.sendHTTPClientCertificate = true;
        Assert.assertEquals(405L, this.rh.executeDeleteRequest("/_searchguard/api/user", new Header[0]).getStatusCode());
        Assert.assertEquals(404L, this.rh.executeDeleteRequest("/_searchguard/api/user/picard", new Header[0]).getStatusCode());
        Assert.assertEquals(403L, this.rh.executeDeleteRequest("/_searchguard/api/user/sarek", new Header[0]).getStatusCode());
        deleteUser("nagilum");
        this.rh.sendHTTPClientCertificate = false;
        checkGeneralAccess(401, "nagilum", "nagilum");
        this.rh.sendHTTPClientCertificate = true;
        addUserWithPassword("nagilum", "correctpassword", 201);
        this.rh.sendHTTPClientCertificate = false;
        checkGeneralAccess(401, "nagilum", "wrongpassword");
        checkGeneralAccess(200, "nagilum", "correctpassword");
        deleteUser("nagilum");
        this.rh.sendHTTPClientCertificate = true;
        addUserWithoutPasswordOrHash("nagilum", new String[]{"starfleet"}, 400);
        addUserWithHash("nagilum", "$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m", 201);
        addUserWithoutPasswordOrHash("nagilum", new String[]{"starfleet"}, 200);
        RestHelper.HttpResponse executeGetRequest3 = this.rh.executeGetRequest("/_searchguard/api/user/nagilum", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Assert.assertTrue(Settings.builder().loadFromSource(executeGetRequest3.getBody(), XContentType.JSON).build().get("nagilum.hash").equals("$2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m"));
        setupStarfleetIndex();
        this.rh.sendHTTPClientCertificate = true;
        Settings build3 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/user/picard", FileHelper.loadFile("users_wrong_datatypes.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build3.get("reason"));
        Assert.assertTrue(build3.get("roles").equals("Array expected"));
        this.rh.sendHTTPClientCertificate = false;
        this.rh.sendHTTPClientCertificate = true;
        Settings build4 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/user/picard", FileHelper.loadFile("users_wrong_datatypes.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build4.get("reason"));
        Assert.assertTrue(build4.get("roles").equals("Array expected"));
        this.rh.sendHTTPClientCertificate = false;
        this.rh.sendHTTPClientCertificate = true;
        Settings build5 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/user/picard", FileHelper.loadFile("users_wrong_datatypes2.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build5.get("reason"));
        Assert.assertTrue(build5.get("password").equals("String expected"));
        Assert.assertTrue(build5.get("roles") == null);
        this.rh.sendHTTPClientCertificate = false;
        this.rh.sendHTTPClientCertificate = true;
        Settings build6 = Settings.builder().loadFromSource(this.rh.executePutRequest("/_searchguard/api/user/picard", FileHelper.loadFile("users_wrong_datatypes3.json"), new Header[0]).getBody(), XContentType.JSON).build();
        Assert.assertEquals(400L, r0.getStatusCode());
        Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), build6.get("reason"));
        Assert.assertTrue(build6.get("roles").equals("Array expected"));
        this.rh.sendHTTPClientCertificate = false;
        addUserWithPassword("picard", "picard", 201);
        checkGeneralAccess(403, "picard", "picard");
        checkReadAccess(403, "picard", "picard", "sf", "ships", 0);
        addUserWithPassword("picard", "picard", new String[]{"starfleet"}, 200);
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(403, "picard", "picard", "sf", "ships", 1);
        addUserWithPassword("picard", "picard", new String[]{"starfleet", "captains"}, 200);
        checkReadAccess(200, "picard", "picard", "sf", "ships", 0);
        checkWriteAccess(201, "picard", "picard", "sf", "ships", 1);
        this.rh.sendHTTPClientCertificate = true;
        RestHelper.HttpResponse executeGetRequest4 = this.rh.executeGetRequest("/_searchguard/api/user/picard", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Settings build7 = Settings.builder().loadFromSource(executeGetRequest4.getBody(), XContentType.JSON).build();
        Assert.assertNotEquals((Object) null, Strings.emptyToNull(build7.get("picard.hash")));
        List asList = build7.getAsList("picard.roles");
        Assert.assertNotNull(asList);
        Assert.assertEquals(2L, asList.size());
        Assert.assertTrue(asList.contains("starfleet"));
        Assert.assertTrue(asList.contains("captains"));
    }
}
