package com.floragunn.searchguard;

import com.floragunn.searchguard.AbstractUnitTest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.configuration.PrivilegesInterceptorImpl;
import com.floragunn.searchguard.http.HTTPClientCertAuthenticator;
import com.floragunn.searchguard.ssl.util.ExceptionUtils;
import com.google.common.base.Joiner;
import io.netty.handler.ssl.OpenSsl;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.TreeSet;
import org.apache.commons.io.FileUtils;
import org.apache.http.Header;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.ElasticsearchSecurityException;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.action.admin.cluster.repositories.put.PutRepositoryRequest;
import org.elasticsearch.action.admin.cluster.snapshots.create.CreateSnapshotRequest;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesResponse;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexResponse;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.indices.InvalidIndexNameException;
import org.elasticsearch.indices.InvalidTypeNameException;
import org.elasticsearch.node.Node;
import org.elasticsearch.node.PluginAwareNode;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.transport.Netty4Plugin;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:com/floragunn/searchguard/SGTests.class */
public class SGTests extends AbstractUnitTest {

    @Rule
    public final ExpectedException thrown = ExpectedException.none();

    @Rule
    public final TemporaryFolder repositoryPath = new TemporaryFolder();
    protected boolean allowOpenSSL = Boolean.parseBoolean(System.getenv("SG_ALLOW_OPENSSL"));

    @Test
    public void testEnsureOpenSSLAvailability() {
        if (this.allowOpenSSL) {
            Assert.assertTrue(String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable());
        }
    }

    @Test
    public void testDiscoveryWithoutInitialization() throws Exception {
        startES(Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"cn=dummy_to_activate_search_guard_plugin"}).build());
        Assert.assertEquals(3L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
        Assert.assertEquals(ClusterHealthStatus.GREEN, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getStatus());
    }

    @Test
    public void testCustomInterclusterRequestEvaluator() throws Exception {
        startES(Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).put("searchguard.cert.intercluster_request_evaluator_class", "com.floragunn.searchguard.AlwaysFalseInterClusterRequestEvaluator").build(), 5, 1);
        Assert.assertEquals(1L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
        Assert.assertEquals(ClusterHealthStatus.GREEN, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getStatus());
    }

    @Test
    public void testNodeClientDisallowedWithNonServerCertificate() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).build();
        startES(Settings.builder().put(build).putArray("searchguard.authcz.admin_dn", new String[]{"cn=dummy_to_activate_search_guard_plugin"}).build());
        Assert.assertEquals(3L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
        Assert.assertEquals(ClusterHealthStatus.GREEN, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getStatus());
        Settings build2 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put("node.client", true).put("path.home", ".").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").build();
        this.log.debug("Start node client");
        Node start = new PluginAwareNode(build2, new Class[]{Netty4Plugin.class, SearchGuardPlugin.class}).start();
        Throwable th = null;
        try {
            try {
                Assert.assertEquals(1L, ((NodesInfoResponse) start.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                Assert.assertEquals(3L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
                if (start != null) {
                    if (0 == 0) {
                        start.close();
                        return;
                    }
                    try {
                        start.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (start != null) {
                if (th != null) {
                    try {
                        start.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    start.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testNodeClientDisallowedWithNonServerCertificateFull() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"cn=dummy_to_activate_search_guard_plugin"}).build();
        startES(build);
        Assert.assertEquals(3L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
        Assert.assertEquals(ClusterHealthStatus.GREEN, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getStatus());
        Settings build2 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put("path.home", ".").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").build();
        this.log.debug("Start node client");
        Node start = new PluginAwareNode(build2, new Class[]{Netty4Plugin.class, SearchGuardPlugin.class}).start();
        Throwable th = null;
        try {
            try {
                Assert.assertEquals(1L, ((NodesInfoResponse) start.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                Assert.assertEquals(3L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
                if (start != null) {
                    if (0 == 0) {
                        start.close();
                        return;
                    }
                    try {
                        start.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (start != null) {
                if (th != null) {
                    try {
                        start.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    start.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testNodeClientAllowedWithServerCertificate() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).build();
        startES(build);
        Assert.assertEquals(3L, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getNumberOfNodes());
        Assert.assertEquals(ClusterHealthStatus.GREEN, ((ClusterHealthResponse) client().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet()).getStatus());
        Settings build2 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put("node.client", true).put("path.home", ".").put(build).build();
        this.log.debug("Start node client");
        Node start = new PluginAwareNode(build2, new Class[]{Netty4Plugin.class, SearchGuardPlugin.class}).start();
        Throwable th = null;
        try {
            try {
                Thread.sleep(50L);
                Assert.assertEquals(4L, ((NodesInfoResponse) start.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                if (start != null) {
                    if (0 == 0) {
                        start.close();
                        return;
                    }
                    try {
                        start.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (start != null) {
                if (th != null) {
                    try {
                        start.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    start.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void ensureInitViaRestDoesWork() throws Exception {
        startES(Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).put("searchguard.ssl.http.clientauth_mode", "REQUIRE").put("searchguard.ssl.http.enabled", true).put(new Object[]{"searchguard.ssl.http.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.http.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build());
        this.enableHTTPClientSSL = true;
        this.trustHTTPServerCertificate = true;
        this.sendHTTPClientCertificate = true;
        Assert.assertEquals(503L, executePutRequest("searchguard/config/0", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("___", ""))).getStatusCode());
        this.keystore = "kirk-keystore.jks";
        Assert.assertEquals(201L, executePutRequest("searchguard/config/0", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("___", ""))).getStatusCode());
    }

    @Test
    public void testHTTPClientCert() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).put("searchguard.ssl.http.clientauth_mode", "REQUIRE").put("searchguard.ssl.http.enabled", true).put(new Object[]{"searchguard.ssl.http.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.http.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).putArray("searchguard.ssl.http.enabled_protocols", new String[]{"TLSv1.1", "TLSv1.2"}).putArray("searchguard.ssl.http.enabled_ciphers", new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).putArray("searchguard.ssl.transport.enabled_protocols", new String[]{"TLSv1.1", "TLSv1.2"}).putArray("searchguard.ssl.transport.enabled_ciphers", new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config_clientcert.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("administration").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("praxis").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                this.enableHTTPClientSSL = true;
                this.trustHTTPServerCertificate = true;
                this.sendHTTPClientCertificate = true;
                this.keystore = "spock-keystore.jks";
                Assert.assertEquals(200L, executeGetRequest("_search", new Header[0]).getStatusCode());
                Assert.assertEquals(403L, executePutRequest("searchguard/config/0", "{}", new Header[0]).getStatusCode());
                this.keystore = "kirk-keystore.jks";
                Assert.assertEquals(200L, executePutRequest("searchguard/config/0", "{}", new Header[0]).getStatusCode());
                AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("_searchguard/authinfo", new Header[0]);
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                System.out.println(executeGetRequest.getBody());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testHTTPBasic() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        Settings build2 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build();
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("copysf")).actionGet();
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("administration").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("praxis").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("spock").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("kirk").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("role01_role02").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                Assert.assertEquals(5L, ((SearchResponse) transportClientImpl.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getTotalHits());
                Assert.assertEquals(5L, ((SearchResponse) transportClientImpl.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getTotalHits());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "config", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "internalusers", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "roles", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "rolesmapping", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "actiongroups", "0")).actionGet()).isExists());
                Assert.assertFalse(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "rolesmapping", "1")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "config", "0")).actionGet()).isExists());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(401L, executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeDeleteRequest("nonexistentindex*", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest(".nonexistentindex*", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePutRequest("searchguard/config/2", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(404L, executeGetRequest("searchguard/config/0", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(404L, executeGetRequest("xxxxyyyy/config/0", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("abc", "abc:abc"))).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("userwithnopassword", ""))).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("userwithblankpassword", ""))).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "wrongpasswd"))).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic wrongheader")).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic ")).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic")).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "")).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("picard", "picard"))).getStatusCode());
                for (int i = 0; i < 10; i++) {
                    Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "wrongpasswd"))).getStatusCode());
                }
                Assert.assertEquals(200L, executePutRequest("/theindex", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("theindexadmin", "theindexadmin"))).getStatusCode());
                Assert.assertEquals(201L, executePutRequest("/theindex/type/1?refresh=true", "{\"a\":0}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("theindexadmin", "theindexadmin"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("/theindex/_analyze?text=this+is+a+test", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("theindexadmin", "theindexadmin"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("_analyze?text=this+is+a+test", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("theindexadmin", "theindexadmin"))).getStatusCode());
                Assert.assertEquals(200L, executeDeleteRequest("/theindex", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("theindexadmin", "theindexadmin"))).getStatusCode());
                Assert.assertEquals(403L, executeDeleteRequest("/klingonempire", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("theindexadmin", "theindexadmin"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("starfleet/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("starfleet/ships/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executeDeleteRequest("searchguard/", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("/searchguard/_close", null, new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("/searchguard/_upgrade", null, new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePutRequest("/searchguard/_mapping/config", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("searchguard/", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePutRequest("searchguard/config/2", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("searchguard/config/0", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executeDeleteRequest("searchguard/config/0", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePutRequest("searchguard/config/0", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertTrue(executeGetRequest("_cat/indices/public", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("bug108", "nagilum"))).getBody().contains("green"));
                Assert.assertEquals(200L, r0.getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("role01_role02/type01/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("user_role01_role02_role03", "user_role01_role02_role03"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("role01_role02/type01/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("user_role01", "user_role01"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("spock/type01/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("spock", "spock"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("spock/type01/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("kirk", "kirk"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("kirk/type01/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("kirk", "kirk"))).getStatusCode());
                Assert.assertEquals(403L, executePutRequest("_mapping/config", "{\"i\" : [\"4\"]}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("searchguard/_mget", "{\"ids\" : [\"0\"]}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("starfleet/ships/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                AbstractUnitTest.TransportClientImpl transportClientImpl2 = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                Throwable th3 = null;
                try {
                    this.log.debug("Start transport client to init 2");
                    transportClientImpl2.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                    transportClientImpl2.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles_deny.yml")})).actionGet();
                    Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl2.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"roles"})).actionGet()).getNodes().size());
                    if (transportClientImpl2 != null) {
                        if (0 != 0) {
                            try {
                                transportClientImpl2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            transportClientImpl2.close();
                        }
                    }
                    Assert.assertEquals(403L, executeGetRequest("starfleet/ships/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                    transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                    Throwable th5 = null;
                    try {
                        try {
                            this.log.debug("Start transport client to init 3");
                            transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                            transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                            Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"roles"})).actionGet()).getNodes().size());
                            if (transportClientImpl != null) {
                                if (0 != 0) {
                                    try {
                                        transportClientImpl.close();
                                    } catch (Throwable th6) {
                                        th5.addSuppressed(th6);
                                    }
                                } else {
                                    transportClientImpl.close();
                                }
                            }
                            Assert.assertEquals(200L, executeGetRequest("starfleet/ships/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                            AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                            Assert.assertTrue(executeGetRequest.getBody().contains("\"total\" : 18"));
                            Assert.assertTrue(!executeGetRequest.getBody().contains("searchguard"));
                            AbstractUnitTest.HttpResponse executeGetRequest2 = executeGetRequest("_nodes/stats?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                            Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
                            Assert.assertTrue(executeGetRequest2.getBody().contains("total_in_bytes"));
                            Assert.assertTrue(executeGetRequest2.getBody().contains("max_file_descriptors"));
                            Assert.assertTrue(executeGetRequest2.getBody().contains("buffer_pools"));
                            Assert.assertFalse(executeGetRequest2.getBody().contains("\"nodes\" : { }"));
                            AbstractUnitTest.HttpResponse executePostRequest = executePostRequest("*/_upgrade", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                            System.out.println(executePostRequest.getBody());
                            System.out.println(executePostRequest.getStatusReason());
                            Assert.assertEquals(200L, executePostRequest.getStatusCode());
                            AbstractUnitTest.HttpResponse executePostRequest2 = executePostRequest("_bulk", "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field1\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator(), new BasicHeader("Authorization", "Basic " + encodeBasicHeader("writer", "writer")));
                            System.out.println(executePostRequest2.getBody());
                            Assert.assertEquals(200L, executePostRequest2.getStatusCode());
                            Assert.assertTrue(executePostRequest2.getBody().contains("\"errors\":false"));
                            Assert.assertTrue(executePostRequest2.getBody().contains("\"status\":201"));
                            AbstractUnitTest.HttpResponse executeGetRequest3 = executeGetRequest("_searchguard/authinfo", new BasicHeader("sg_tenant", "unittesttenant"), new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf")));
                            Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
                            Assert.assertTrue(executeGetRequest3.getBody().contains("sg_tenants"));
                            Assert.assertTrue(executeGetRequest3.getBody().contains("unittesttenant"));
                            Assert.assertTrue(executeGetRequest3.getBody().contains("\"kltentrw\":true"));
                            Assert.assertTrue(executeGetRequest3.getBody().contains("\"user_name\":\"worf\""));
                            AbstractUnitTest.HttpResponse executeGetRequest4 = executeGetRequest("_searchguard/authinfo", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf")));
                            Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
                            Assert.assertTrue(executeGetRequest4.getBody().contains("sg_tenants"));
                            Assert.assertTrue(executeGetRequest4.getBody().contains("\"user_requested_tenant\":null"));
                            Assert.assertTrue(executeGetRequest4.getBody().contains("\"kltentrw\":true"));
                            Assert.assertTrue(executeGetRequest4.getBody().contains("\"user_name\":\"worf\""));
                            Assert.assertTrue(PrivilegesInterceptorImpl.count > 0);
                            AbstractUnitTest.HttpResponse executePostRequest3 = executePostRequest("_reindex?pretty", "{\"source\": {\"index\": \"starfleet\"},\"dest\": {\"index\": \"copysf\"}}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                            Assert.assertEquals(200L, executePostRequest3.getStatusCode());
                            Assert.assertTrue(executePostRequest3.getBody().contains("\"total\" : 3"));
                            Assert.assertTrue(executePostRequest3.getBody().contains("\"batches\" : 1"));
                            ArrayList arrayList = new ArrayList();
                            for (int i2 = 0; i2 < 50; i2++) {
                                String str = "long_index_name_with_a_really_long_name_" + i2;
                                arrayList.add(str);
                                Assert.assertEquals(executePutRequest(str + "/doc/" + i2, "{\"content\":" + i2 + "}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getBody(), 201L, r0.getStatusCode());
                            }
                            AbstractUnitTest.HttpResponse executeGetRequest5 = executeGetRequest(Joiner.on(',').join(arrayList) + ",searchguard/_stats/store,docs", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                            System.out.println(executeGetRequest5.getBody());
                            System.out.println(executeGetRequest5.getStatusReason());
                            Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
                        } finally {
                        }
                    } finally {
                    }
                } catch (Throwable th7) {
                    if (transportClientImpl2 != null) {
                        if (0 != 0) {
                            try {
                                transportClientImpl2.close();
                            } catch (Throwable th8) {
                                th3.addSuppressed(th8);
                            }
                        } else {
                            transportClientImpl2.close();
                        }
                    }
                    throw th7;
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testSnapshot() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).put("searchguard.enable_snapshot_restore_privilege", true).put("searchguard.check_snapshot_restore_write_privileges", false).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet();
                transportClientImpl.admin().cluster().createSnapshot(new CreateSnapshotRequest("vulcangov", "vulcangov_1").indices(new String[]{"vulcangov"}).includeGlobalState(true).waitForCompletion(true)).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("searchguard").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/searchguard"))).actionGet();
                transportClientImpl.admin().cluster().createSnapshot(new CreateSnapshotRequest("searchguard", "searchguard_1").indices(new String[]{"searchguard"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("all").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/all"))).actionGet();
                transportClientImpl.admin().cluster().createSnapshot(new CreateSnapshotRequest("all", "all_1").indices(new String[]{"*"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
                ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet();
                Assert.assertEquals(3L, configUpdateResponse.getNodes().size());
                System.out.println(configUpdateResponse.getNodesMap());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(200L, executeGetRequest("_snapshot/vulcangov", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/vulcangov/vulcangov_1", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_with_global_state_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/searchguard", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/searchguard/searchguard_1", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/all", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/all/all_1", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/unknown-snapshot/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testSnapshotCheckWritePrivileges() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).put("searchguard.enable_snapshot_restore_privilege", true).put("searchguard.check_snapshot_restore_write_privileges", true).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet();
                transportClientImpl.admin().cluster().createSnapshot(new CreateSnapshotRequest("vulcangov", "vulcangov_1").indices(new String[]{"vulcangov"}).includeGlobalState(true).waitForCompletion(true)).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("searchguard").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/searchguard"))).actionGet();
                transportClientImpl.admin().cluster().createSnapshot(new CreateSnapshotRequest("searchguard", "searchguard_1").indices(new String[]{"searchguard"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("all").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/all"))).actionGet();
                transportClientImpl.admin().cluster().createSnapshot(new CreateSnapshotRequest("all", "all_1").indices(new String[]{"*"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
                ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet();
                Assert.assertEquals(3L, configUpdateResponse.getNodes().size());
                System.out.println(configUpdateResponse.getNodesMap());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(200L, executeGetRequest("_snapshot/vulcangov", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/vulcangov/vulcangov_1", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_with_global_state_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/searchguard", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/searchguard/searchguard_1", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/all", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_snapshot/all/all_1", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/all/unknown-snapshot/_restore?wait_for_completion=true", "", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_restore_1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("restoreuser", "restoreuser"))).getStatusCode());
                Assert.assertEquals(200L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_restore_2a\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("restoreuser", "restoreuser"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("restoreuser", "restoreuser"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_2\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("restoreuser", "restoreuser"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_3\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("restoreuser", "restoreuser"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_4\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("restoreuser", "restoreuser"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testConfigHotReload() throws Exception {
        BasicHeader basicHeader;
        AbstractUnitTest.TransportClientImpl transportClientImpl;
        Throwable th;
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        Settings build2 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build();
        AbstractUnitTest.TransportClientImpl transportClientImpl2 = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th2 = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl2.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl2.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                System.out.println("ööööö 1");
                transportClientImpl2.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                System.out.println("ööööö 2");
                transportClientImpl2.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                System.out.println("ööööö 3");
                transportClientImpl2.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl2.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl2.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl2.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl2.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl2 != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl2.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        transportClientImpl2.close();
                    }
                }
                basicHeader = new BasicHeader("Authorization", "Basic " + encodeBasicHeader("spock", "spock"));
                for (InetSocketTransportAddress inetSocketTransportAddress : this.httpAdresses) {
                    AbstractUnitTest.HttpResponse executeRequest = executeRequest(new HttpGet("http://" + inetSocketTransportAddress.getHost() + ":" + inetSocketTransportAddress.getPort() + "/_searchguard/authinfo?pretty=true"), basicHeader);
                    Assert.assertTrue(executeRequest.getBody().contains("spock"));
                    Assert.assertFalse(executeRequest.getBody().contains("additionalrole"));
                    Assert.assertTrue(executeRequest.getBody().contains("vulcan"));
                }
                transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                th = null;
            } finally {
            }
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users_spock_add_roles.yml")})).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                for (InetSocketTransportAddress inetSocketTransportAddress2 : this.httpAdresses) {
                    this.log.debug("http://" + inetSocketTransportAddress2.getHost() + ":" + inetSocketTransportAddress2.getPort());
                    AbstractUnitTest.HttpResponse executeRequest2 = executeRequest(new HttpGet("http://" + inetSocketTransportAddress2.getHost() + ":" + inetSocketTransportAddress2.getPort() + "/_searchguard/authinfo?pretty=true"), basicHeader);
                    Assert.assertTrue(executeRequest2.getBody().contains("spock"));
                    Assert.assertTrue(executeRequest2.getBody().contains("additionalrole1"));
                    Assert.assertTrue(executeRequest2.getBody().contains("additionalrole2"));
                    Assert.assertFalse(executeRequest2.getBody().contains("starfleet"));
                }
                transportClientImpl2 = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                Throwable th5 = null;
                try {
                    try {
                        this.log.debug("Start transport client to init");
                        transportClientImpl2.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                        Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl2.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                        transportClientImpl2.index(new IndexRequest("searchguard").type("config").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"config", readYamlContent("sg_config_host.yml")})).actionGet();
                        Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl2.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                        if (transportClientImpl2 != null) {
                            if (0 != 0) {
                                try {
                                    transportClientImpl2.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                transportClientImpl2.close();
                            }
                        }
                        for (InetSocketTransportAddress inetSocketTransportAddress3 : this.httpAdresses) {
                            AbstractUnitTest.HttpResponse executeRequest3 = executeRequest(new HttpGet("http://" + inetSocketTransportAddress3.getHost() + ":" + inetSocketTransportAddress3.getPort() + "/_searchguard/authinfo?pretty=true"), new Header[0]);
                            this.log.debug(executeRequest3.getBody());
                            Assert.assertTrue(executeRequest3.getBody().contains("sg_role_host1"));
                            Assert.assertTrue(executeRequest3.getBody().contains("sg_role_host2"));
                            Assert.assertTrue(executeRequest3.getBody().contains("sg_host_127.0.0.1"));
                            Assert.assertTrue(executeRequest3.getBody().contains("roles=[]"));
                            Assert.assertEquals(200L, executeRequest3.getStatusCode());
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Throwable th7) {
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                throw th7;
            }
        } finally {
        }
    }

    @Test
    public void testCreateIndex() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals("Expected 3 nodes", 3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertTrue("Alias creation not acknowledged", ((IndicesAliasesResponse) transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy"}).alias("sf"))).actionGet()).isAcknowledged());
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                Assert.assertEquals("Unable to create index 'nag'", 200L, executePutRequest("nag1", null, new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals("Unable to create index 'starfleet_library'", 200L, executePutRequest("starfleet_library", null, new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                waitForGreenClusterState(this.esNode1.client());
                Assert.assertEquals("Unable to close index 'starfleet_library'", 200L, executePostRequest("starfleet_library/_close", null, new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                waitForGreenClusterState(this.esNode1.client());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testHTTPProxy() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).put("searchguard.cache.ttl_minutes", 0).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config_proxy.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("administration").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("praxis").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                Assert.assertEquals(401L, executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user", "scotty"), new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum-wrong", "nagilum-wrong"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user-wrong", "scotty"), new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(500L, executeGetRequest("", new BasicHeader("x-forwarded-for", "a"), new BasicHeader("x-proxy-user", "scotty"), new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum-wrong", "nagilum-wrong"))).getStatusCode());
                Assert.assertEquals(500L, executeGetRequest("", new BasicHeader("x-forwarded-for", "a,b,c"), new BasicHeader("x-proxy-user", "scotty")).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user", "scotty")).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("X-Proxy-User", "scotty")).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("x-forwarded-for", "localhost,192.168.0.1,10.0.0.2"), new BasicHeader("x-proxy-user", "scotty"), new BasicHeader("x-proxy-roles", "starfleet,engineer")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTransportClient() throws Exception {
        ThreadContext.StoredContext stashContext;
        ThreadContext.StoredContext stashContext2;
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).build();
        Settings build2 = Settings.builder().put(build).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf", "nagilum"}).build();
        System.out.println(build.getAsMap());
        startES(build2);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            this.log.debug("Start transport client to init");
            transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
            Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
            transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
            System.out.println("------- Begin INIT ---------");
            transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
            if (transportClientImpl != null) {
                if (0 != 0) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            System.out.println("------- INIT complete ---------");
            Settings build3 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("spock-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").build();
            System.out.println("------- 0 ---------");
            AbstractUnitTest.TransportClientImpl transportClientImpl2 = new AbstractUnitTest.TransportClientImpl(this, build3, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
            Throwable th3 = null;
            try {
                this.log.debug("Start transport client to use");
                transportClientImpl2.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl2.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                System.out.println("------- 1 ---------");
                Assert.assertTrue(((CreateIndexResponse) transportClientImpl2.admin().indices().create(new CreateIndexRequest("vulcan")).actionGet()).isAcknowledged());
                System.out.println("------- 2 ---------");
                Assert.assertTrue(((IndexResponse) transportClientImpl2.index(new IndexRequest("vulcan").type("secrets").id("s1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"secret\":true}", XContentType.JSON)).actionGet()).getResult() == DocWriteResponse.Result.CREATED);
                System.out.println("------- 3 ---------");
                Assert.assertTrue(transportClientImpl2.prepareGet("vulcan", "secrets", "s1").setRealtime(true).get().isExists());
                System.out.println("------- 4 ---------");
                Assert.assertTrue(transportClientImpl2.prepareGet("vulcan", "secrets", "s1").setRealtime(false).get().isExists());
                System.out.println("------- 5 ---------");
                Assert.assertEquals(1L, ((SearchResponse) transportClientImpl2.search(new SearchRequest(new String[]{"vulcan"}).types(new String[]{"secrets"})).actionGet()).getHits().getHits().length);
                System.out.println("------- 6 ---------");
                Assert.assertFalse(transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(false).get().isExists());
                System.out.println("------- 7 ---------");
                Assert.assertFalse(transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(true).get().isExists());
                System.out.println("------- 8 ---------");
                Assert.assertEquals(0L, ((SearchResponse) transportClientImpl2.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getHits().length);
                System.out.println("------- 9 ---------");
                try {
                    transportClientImpl2.index(new IndexRequest("searchguard").type("config").id("0").source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                    Assert.fail();
                } catch (Exception e) {
                    System.out.println(e.getMessage());
                }
                System.out.println("------- 10 ---------");
                try {
                    stashContext2 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                } catch (ElasticsearchSecurityException e2) {
                    Assert.assertTrue(e2.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                }
                try {
                    transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf");
                    transportClientImpl2.prepareGet("vulcan", "secrets", "s1").get();
                    stashContext2.close();
                    Assert.fail();
                    System.out.println("------- 11 ---------");
                    ThreadContext.StoredContext stashContext3 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                    try {
                        try {
                            transportClientImpl2.threadPool().getThreadContext().putHeader("Authorization", "basic " + encodeBasicHeader("worf", "worf"));
                            transportClientImpl2.prepareGet("vulcan", "secrets", "s1").get();
                            Assert.fail();
                            stashContext3.close();
                        } finally {
                        }
                    } catch (ElasticsearchSecurityException e3) {
                        Assert.assertTrue(e3.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                        stashContext3.close();
                    }
                    try {
                        System.out.println("------- 12 ---------");
                        stashContext3 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                        try {
                            transportClientImpl2.threadPool().getThreadContext().putHeader("Authorization", "basic " + encodeBasicHeader("worf", "worf111"));
                            transportClientImpl2.prepareGet("vulcan", "secrets", "s1").get();
                            Assert.fail();
                            stashContext3.close();
                        } catch (ElasticsearchSecurityException e4) {
                            Assert.assertTrue(e4.getMessage().contains("Cannot authenticate"));
                            stashContext3.close();
                        }
                        System.out.println("------- 13 ---------");
                        try {
                            stashContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                        } catch (ElasticsearchSecurityException e5) {
                            Assert.assertEquals("'CN=spock,OU=client,O=client,L=Test,C=DE' is not allowed to impersonate as 'gkar'", e5.getMessage());
                        }
                        try {
                            transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "gkar");
                            transportClientImpl2.prepareGet("vulcan", "secrets", "s1").get();
                            Assert.fail();
                            stashContext.close();
                            System.out.println("------- 12 a ---------");
                            ThreadContext.StoredContext stashContext4 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                            try {
                                transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                GetResponse getResponse = transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.TRUE.booleanValue()).get();
                                Assert.assertFalse(getResponse.isExists());
                                Assert.assertTrue(getResponse.isSourceEmpty());
                                stashContext4.close();
                                System.out.println("------- 13 ---------");
                                ThreadContext.StoredContext stashContext5 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                try {
                                    transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                    GetResponse getResponse2 = transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.FALSE.booleanValue()).get();
                                    Assert.assertFalse(getResponse2.isExists());
                                    Assert.assertTrue(getResponse2.isSourceEmpty());
                                    stashContext5.close();
                                    stashContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                    try {
                                        transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                        String scrollId = transportClientImpl2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get().getScrollId();
                                        stashContext.close();
                                        ThreadContext.StoredContext storedContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                        try {
                                            try {
                                                transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "worf");
                                                transportClientImpl2.prepareSearchScroll(scrollId).get();
                                                Assert.fail();
                                                storedContext.close();
                                            } finally {
                                                storedContext.close();
                                            }
                                        } catch (Exception e6) {
                                            Throwable rootCause = ExceptionUtils.getRootCause(e6);
                                            e6.printStackTrace();
                                            Assert.assertTrue(rootCause.getMessage().contains("Wrong user in scroll context"));
                                            storedContext.close();
                                        }
                                        try {
                                            System.out.println("------- 14 ---------");
                                            boolean z = false;
                                            storedContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                            try {
                                                transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                transportClientImpl2.prepareGet("vulcan", "secrets", "s1").get();
                                                z = true;
                                                storedContext.close();
                                                storedContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                                transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                transportClientImpl2.threadPool().getThreadContext().putHeader("Authorization", "basic " + encodeBasicHeader("worf", "worf"));
                                                transportClientImpl2.prepareGet("vulcan", "secrets", "s1").get();
                                                Assert.fail();
                                                storedContext.close();
                                            } catch (ElasticsearchSecurityException e7) {
                                                Assert.assertTrue(e7.getMessage().startsWith("no permissions for [indices:data/read/get]"));
                                                Assert.assertTrue(z);
                                                storedContext.close();
                                            }
                                            System.out.println("------- 15 ---------");
                                            storedContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                            try {
                                                transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                GetResponse getResponse3 = transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.TRUE.booleanValue()).get();
                                                Assert.assertFalse(getResponse3.isExists());
                                                Assert.assertTrue(getResponse3.isSourceEmpty());
                                                storedContext.close();
                                                ThreadContext.StoredContext stashContext6 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                                try {
                                                    transportClientImpl2.threadPool().getThreadContext().putHeader("Authorization", "basic " + encodeBasicHeader("nagilum", "nagilum"));
                                                    GetResponse getResponse4 = transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.TRUE.booleanValue()).get();
                                                    Assert.assertFalse(getResponse4.isExists());
                                                    Assert.assertTrue(getResponse4.isSourceEmpty());
                                                    stashContext6.close();
                                                    System.out.println("------- 16---------");
                                                    stashContext2 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                                    try {
                                                        transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                        GetResponse getResponse5 = transportClientImpl2.prepareGet("searchguard", "config", "0").setRealtime(Boolean.FALSE.booleanValue()).get();
                                                        Assert.assertFalse(getResponse5.isExists());
                                                        Assert.assertTrue(getResponse5.isSourceEmpty());
                                                        stashContext2.close();
                                                        System.out.println("------- 17---------");
                                                        ThreadContext.StoredContext stashContext7 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                                        try {
                                                            transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                            SearchResponse searchResponse = transportClientImpl2.prepareSearch(new String[]{"starfleet"}).setTypes(new String[]{"ships"}).setScroll(TimeValue.timeValueMinutes(5L)).get();
                                                            Assert.assertEquals(0L, searchResponse.getFailedShards());
                                                            stashContext7.close();
                                                            Assert.assertNotNull(searchResponse.getScrollId());
                                                            System.out.println("------- 18---------");
                                                            ThreadContext.StoredContext stashContext8 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                                                            try {
                                                                transportClientImpl2.threadPool().getThreadContext().putHeader("sg_impersonate_as", "nagilum");
                                                                SearchResponse searchResponse2 = transportClientImpl2.prepareSearchScroll(searchResponse.getScrollId()).get();
                                                                Assert.assertNotNull(searchResponse2);
                                                                System.out.println(Strings.toString(searchResponse2));
                                                                Assert.assertEquals(0L, searchResponse2.getFailedShards());
                                                                Assert.assertEquals(1L, searchResponse2.getHits().getTotalHits());
                                                                stashContext8.close();
                                                                System.out.println("------- TRC end ---------");
                                                                if (transportClientImpl2 != null) {
                                                                    if (0 != 0) {
                                                                        try {
                                                                            transportClientImpl2.close();
                                                                        } catch (Throwable th4) {
                                                                            th3.addSuppressed(th4);
                                                                        }
                                                                    } else {
                                                                        transportClientImpl2.close();
                                                                    }
                                                                }
                                                                System.out.println("------- CTC end ---------");
                                                            } finally {
                                                                stashContext8.close();
                                                            }
                                                        } finally {
                                                            stashContext7.close();
                                                        }
                                                    } finally {
                                                        stashContext2.close();
                                                    }
                                                } finally {
                                                    stashContext6.close();
                                                }
                                            } finally {
                                                storedContext.close();
                                            }
                                        } finally {
                                            storedContext.close();
                                        }
                                    } finally {
                                        stashContext.close();
                                    }
                                } finally {
                                    stashContext5.close();
                                }
                            } finally {
                                stashContext4.close();
                            }
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Throwable th5) {
                if (transportClientImpl2 != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl2.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        transportClientImpl2.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (transportClientImpl != null) {
                if (0 != 0) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testSpecialUsernames() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("administration").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("praxis").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("bug.99", "nagilum"))).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("a", "b"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("\"'+-,;_?*@<>!$%&/()=#", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("§ÄÖÜäöüß", "nagilum"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testHTTPAnon() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        Settings build2 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build();
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config_anon.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("administration").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("praxis").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                Assert.assertEquals(200L, executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "wrong"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("_searchguard/authinfo", new Header[0]);
                System.out.println(executeGetRequest.getBody());
                Assert.assertTrue(executeGetRequest.getBody().contains("sg_anonymous"));
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                AbstractUnitTest.HttpResponse executeGetRequest2 = executeGetRequest("_searchguard/authinfo?pretty=true", new Header[0]);
                System.out.println(executeGetRequest2.getBody());
                Assert.assertTrue(executeGetRequest2.getBody().contains("\"remote_address\" : \""));
                Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
                AbstractUnitTest.HttpResponse executeGetRequest3 = executeGetRequest("_searchguard/authinfo", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                System.out.println(executeGetRequest3.getBody());
                Assert.assertTrue(executeGetRequest3.getBody().contains("nagilum"));
                Assert.assertFalse(executeGetRequest3.getBody().contains("sg_anonymous"));
                Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
                transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build2, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                Throwable th3 = null;
                try {
                    try {
                        this.log.debug("Start transport client to init");
                        transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                        Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                        transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                        transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                        Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                        if (transportClientImpl != null) {
                            if (0 != 0) {
                                try {
                                    transportClientImpl.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                transportClientImpl.close();
                            }
                        }
                        Assert.assertEquals(401L, executeGetRequest("", new Header[0]).getStatusCode());
                        Assert.assertEquals(401L, executeGetRequest("_searchguard/authinfo", new Header[0]).getStatusCode());
                        Assert.assertEquals(401L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "wrong"))).getStatusCode());
                        Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testTransportClientImpersonation() throws Exception {
        Throwable th;
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).build();
        Settings build2 = Settings.builder().put(build).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf", "nagilum"}).build();
        System.out.println(build.getAsMap());
        startES(build2);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th2 = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                System.out.println("------- Begin INIT ---------");
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- INIT complete ---------");
                Settings build3 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("spock-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").put("request.headers.sg_impersonate_as", "worf").build();
                System.out.println("------- 0 ---------");
                transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build3, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                th = null;
            } finally {
            }
            try {
                try {
                    this.log.debug("Start transport client to use");
                    transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                    Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                    System.out.println("------- TRC end ---------");
                    if (transportClientImpl != null) {
                        if (0 != 0) {
                            try {
                                transportClientImpl.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            transportClientImpl.close();
                        }
                    }
                    System.out.println("------- CTC end ---------");
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testTransportClientImpersonationWildcard() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).build();
        Settings build2 = Settings.builder().put(build).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"*"}).build();
        System.out.println(build.getAsMap());
        startES(build2);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                System.out.println("------- Begin INIT ---------");
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- INIT complete ---------");
                Settings build3 = Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("spock-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").put("request.headers.sg_impersonate_as", "worf").build();
                System.out.println("------- 0 ---------");
                transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, build3, asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                Throwable th3 = null;
                try {
                    try {
                        this.log.debug("Start transport client to use");
                        transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                        Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                        System.out.println("------- TRC end ---------");
                        if (transportClientImpl != null) {
                            if (0 != 0) {
                                try {
                                    transportClientImpl.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                transportClientImpl.close();
                            }
                        }
                        System.out.println("------- CTC end ---------");
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testFilteredAlias() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("theindex").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("theindex").type("type2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias1").filter(QueryBuilders.termQuery("_type", "type1")).index("theindex"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias2").filter(QueryBuilders.termQuery("_type", "type2")).index("theindex"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                Assert.assertEquals(403L, executeGetRequest("alias*/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testMultiget() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("mindex1").type("type").id("1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("mindex2").type("type").id("2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet();
                Assert.assertEquals(3L, configUpdateResponse.getNodes().size());
                System.out.println("------- End INIT2 --------- " + configUpdateResponse.getNodes().size());
                System.out.println(configUpdateResponse.getNodes().get(0));
                System.out.println(configUpdateResponse.getNodes().get(1));
                System.out.println(configUpdateResponse.getNodes().get(2));
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                AbstractUnitTest.HttpResponse executePostRequest = executePostRequest("_mget?refresh=true", "{\"docs\" : [{\"_index\" : \"mindex1\",\"_type\" : \"type\",\"_id\" : \"1\" }, {\"_index\" : \"mindex2\", \"_type\" : \"type\", \"_id\" : \"2\"}]}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("picard", "picard")));
                System.out.println(executePostRequest.getBody());
                Assert.assertEquals(200L, executePostRequest.getStatusCode());
                Assert.assertFalse(executePostRequest.getBody().contains("type2"));
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testSingle() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("shakespeare").type("type").id("1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("shakespeare/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("picard", "picard")));
                System.out.println(executeGetRequest.getBody());
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                Assert.assertTrue(executeGetRequest.getBody().contains("\"content\":1"));
                Assert.assertEquals(200L, executeHeadRequest("shakespeare", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("picard", "picard"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testComposite() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_composite_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles_composite.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                AbstractUnitTest.HttpResponse executePostRequest = executePostRequest("_msearch", "{\"index\":\"starfleet\", \"type\":\"ships\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator() + "{\"index\":\"klingonempire\", \"type\":\"ships\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator() + "{\"index\":\"public\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf")));
                Assert.assertEquals(200L, executePostRequest.getStatusCode());
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("\"_index\":\"klingonempire\""));
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("hits"));
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("no permissions for [indices:data/read/search]"));
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testIndexTypeEvaluation() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            this.log.debug("Start transport client to init");
            transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
            Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
            transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
            transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
            System.out.println("------- End INIT ---------");
            transportClientImpl.index(new IndexRequest("foo1").type("bar").id("1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            transportClientImpl.index(new IndexRequest("foo2").type("bar").id("2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
            transportClientImpl.index(new IndexRequest("foo").type("baz").id("3").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
            transportClientImpl.index(new IndexRequest("fooba").type("z").id("4").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
            try {
                transportClientImpl.index(new IndexRequest("x#a").type("xxx").id("4a").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
                Assert.fail("Indexname can contain #");
            } catch (InvalidIndexNameException e) {
            }
            try {
                transportClientImpl.index(new IndexRequest("xa").type("x#a").id("4a").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
                Assert.fail("Typename can contain #");
            } catch (InvalidTypeNameException e2) {
            }
            Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
            if (transportClientImpl != null) {
                if (0 != 0) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("/foo1/bar/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            Assert.assertTrue(executeGetRequest.getBody().contains("\"content\" : 1"));
            AbstractUnitTest.HttpResponse executeGetRequest2 = executeGetRequest("/foo2/bar/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
            Assert.assertTrue(executeGetRequest2.getBody().contains("\"content\" : 2"));
            AbstractUnitTest.HttpResponse executeGetRequest3 = executeGetRequest("/foo/baz/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
            Assert.assertTrue(executeGetRequest3.getBody().contains("\"content\" : 3"));
            Assert.assertEquals(403L, executeGetRequest("/fooba/z/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf"))).getStatusCode());
            AbstractUnitTest.HttpResponse executeGetRequest4 = executeGetRequest("/foo1/bar/1?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
            Assert.assertTrue(executeGetRequest4.getBody().contains("\"found\" : true"));
            Assert.assertTrue(executeGetRequest4.getBody().contains("\"content\" : 1"));
            AbstractUnitTest.HttpResponse executeGetRequest5 = executeGetRequest("/foo2/bar/2?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
            Assert.assertTrue(executeGetRequest5.getBody().contains("\"content\" : 2"));
            Assert.assertTrue(executeGetRequest5.getBody().contains("\"found\" : true"));
            AbstractUnitTest.HttpResponse executeGetRequest6 = executeGetRequest("/foo/baz/3?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
            Assert.assertTrue(executeGetRequest6.getBody().contains("\"content\" : 3"));
            Assert.assertTrue(executeGetRequest6.getBody().contains("\"found\" : true"));
            Assert.assertEquals(403L, executeGetRequest("/fooba/z/4?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf"))).getStatusCode());
            Assert.assertEquals(403L, executeGetRequest("/foo*/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf"))).getStatusCode());
            AbstractUnitTest.HttpResponse executeGetRequest7 = executeGetRequest("/foo*,-fooba/bar/_search?pretty", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("baz", "worf")));
            Assert.assertEquals(200L, executeGetRequest7.getStatusCode());
            Assert.assertTrue(executeGetRequest7.getBody().contains("\"content\" : 1"));
            Assert.assertTrue(executeGetRequest7.getBody().contains("\"content\" : 2"));
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (0 != 0) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testXff() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).put("searchguard.ssl.http.enabled", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config_xff.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("secrets").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("planet").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("captains").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("students").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_academy").type("alumni").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("public").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet_library").type("administration").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("klingonempire").type("praxis").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("public").type("hall_of_fame").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("spock").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("kirk").type("type01").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"starfleet", "starfleet_academy", "starfleet_library"}).alias("sf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"klingonempire", "vulcangov"}).alias("nonsf"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"public"}).alias("unrestricted"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("_searchguard/authinfo", new BasicHeader("x-forwarded-for", "10.0.0.7"), new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf")));
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                Assert.assertTrue(executeGetRequest.getBody().contains("10.0.0.7"));
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testDnParsingCertAuth() throws Exception {
        HTTPClientCertAuthenticator hTTPClientCertAuthenticator = new HTTPClientCertAuthenticator(Settings.builder().put("username_attribute", "cn").put("roles_attribute", "l").build());
        Assert.assertEquals("abc", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("cn=abc,cn=xxx,l=ert,st=zui,c=qwe")).getUsername());
        Assert.assertEquals("abc", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("cn=abc,l=ert,st=zui,c=qwe")).getUsername());
        Assert.assertEquals("abc", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("CN=abc,L=ert,st=zui,c=qwe")).getUsername());
        Assert.assertEquals("abc", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("l=ert,cn=abc,st=zui,c=qwe")).getUsername());
        Assert.assertNull(hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("L=ert,CN=abc,c,st=zui,c=qwe")));
        Assert.assertEquals("abc", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("l=ert,st=zui,c=qwe,cn=abc")).getUsername());
        Assert.assertEquals("abc", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("L=ert,st=zui,c=qwe,CN=abc")).getUsername());
        Assert.assertEquals("L=ert,st=zui,c=qwe", hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("L=ert,st=zui,c=qwe")).getUsername());
        Assert.assertArrayEquals(new String[]{"ert"}, hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("cn=abc,l=ert,st=zui,c=qwe")).getBackendRoles().toArray(new String[0]));
        Assert.assertArrayEquals(new String[]{"bleh", "ert"}, new TreeSet(hTTPClientCertAuthenticator.extractCredentials((RestRequest) null, newThreadContext("cn=abc,l=ert,L=bleh,st=zui,c=qwe")).getBackendRoles()).toArray(new String[0]));
        Assert.assertEquals("cn=abc,l=ert,st=zui,c=qwe", new HTTPClientCertAuthenticator(Settings.builder().build()).extractCredentials((RestRequest) null, newThreadContext("cn=abc,l=ert,st=zui,c=qwe")).getUsername());
    }

    @Test
    public void testHTTPPlaintextErrMsg() throws Exception {
        new ByteArrayOutputStream();
        try {
            Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put(new Object[]{"searchguard.ssl.http.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.http.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).put("searchguard.ssl.http.enabled", true).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).build();
            startES(build);
            AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
            Throwable th = null;
            try {
                try {
                    this.log.debug("Start transport client to init");
                    transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                    Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                    transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                    transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                    transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                    transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                    transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                    transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                    ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet();
                    Assert.assertEquals(3L, configUpdateResponse.getNodes().size());
                    System.out.println(configUpdateResponse.getNodesMap());
                    if (transportClientImpl != null) {
                        if (0 != 0) {
                            try {
                                transportClientImpl.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            transportClientImpl.close();
                        }
                    }
                    System.out.println("------- End INIT ---------");
                    executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf")));
                    Assert.fail();
                } finally {
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Exception e) {
            Assert.assertTrue(FileUtils.readFileToString(new File("unittest.log"), StandardCharsets.UTF_8).contains("speaks http plaintext instead of ssl, will close the channel"));
        }
    }

    @Test
    public void testSnapshotRestore() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).putArray("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).putArray("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", new String[]{"worf"}).put("searchguard.enable_snapshot_restore_privilege", true).put("searchguard.check_snapshot_restore_write_privileges", true).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups_packaged.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("testsnap1").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}")).actionGet();
                transportClientImpl.index(new IndexRequest("testsnap2").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}")).actionGet();
                transportClientImpl.index(new IndexRequest("testsnap3").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}")).actionGet();
                transportClientImpl.index(new IndexRequest("testsnap4").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}")).actionGet();
                transportClientImpl.index(new IndexRequest("testsnap5").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}")).actionGet();
                transportClientImpl.index(new IndexRequest("testsnap6").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}")).actionGet();
                transportClientImpl.admin().cluster().putRepository(new PutRepositoryRequest("bckrepo").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/bckrepo"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(200L, executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("snapresuser", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("snapresuser", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("snapresuser", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("snapresuser", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("snapresuser", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("snapresuser", "nagilum"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testDNSpecials() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-untspec5-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.nodes_dn", new String[]{"EMAILADDRESS=unt@tst.com,CN=node-untspec5.example.com,OU=SSL,O=Te\\, st,L=Test,C=DE"}).putArray("searchguard.authcz.admin_dn", new String[]{"EMAILADDRESS=abc@xyz.com,CN=unittestspecial1, OU=client, O=cli\\, ent, L=Test, C=DE"}).put("searchguard.cert.oid", "1.2.3.4.5.6").build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("unittestspecial1-keystore.jks")}).put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                Assert.assertEquals(5L, ((SearchResponse) transportClientImpl.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getTotalHits());
                Assert.assertEquals(5L, ((SearchResponse) transportClientImpl.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getTotalHits());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "config", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "internalusers", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "roles", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "rolesmapping", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "actiongroups", "0")).actionGet()).isExists());
                Assert.assertFalse(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "rolesmapping", "1")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "config", "0")).actionGet()).isExists());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(401L, executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testDNSpecials1() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-untspec6-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.nodes_dn", new String[]{"EMAILADDRESS=unt@tst.com,CN=node-untspec6.example.com,OU=SSL,O=Te\\, st,L=Test,C=DE"}).putArray("searchguard.authcz.admin_dn", new String[]{"EMAILADDREss=abc@xyz.com,CN=unittestspecial2, oU=Client, O=cli\\, ent, L=Test, C=DE"}).put("searchguard.cert.oid", "1.2.3.4.5.6").build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("unittestspecial2-keystore.jks")}).put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("vulcangov").type("kolinahr").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                Assert.assertEquals(5L, ((SearchResponse) transportClientImpl.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getTotalHits());
                Assert.assertEquals(5L, ((SearchResponse) transportClientImpl.search(new SearchRequest(new String[]{"searchguard"})).actionGet()).getHits().getTotalHits());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "config", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "internalusers", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "roles", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "rolesmapping", "0")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "actiongroups", "0")).actionGet()).isExists());
                Assert.assertFalse(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "rolesmapping", "1")).actionGet()).isExists());
                Assert.assertTrue(((GetResponse) transportClientImpl.get(new GetRequest("searchguard", "config", "0")).actionGet()).isExists());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(401L, executeGetRequest("", new Header[0]).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("worf", "worf"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testDisabled() throws Exception {
        startES(Settings.builder().put("searchguard.disabled", true).build());
        AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("_search", new Header[0]);
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody(), executeGetRequest.getBody().contains("hits"));
    }

    @Test
    public void testFilteredAliasOk() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                System.out.println("------- End INIT ---------");
                transportClientImpl.index(new IndexRequest("theindex1").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("theindex2").type("type2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias1").filter(QueryBuilders.termQuery("_type", "type1")).index("theindex1"))).actionGet();
                transportClientImpl.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias2").filter(QueryBuilders.termQuery("_type", "type2")).index("theindex2"))).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                Assert.assertEquals(200L, executeGetRequest("alias*/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("_cat/indices", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum"))).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testIndices() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build();
        startES(build);
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("nopermindex").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("logstash-1").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("logstash-2").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("logstash-3").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("logstash-4").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                transportClientImpl.index(new IndexRequest("logstash-" + new SimpleDateFormat("YYYY.MM.dd").format(new Date())).type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- End INIT ---------");
                Assert.assertEquals(200L, executeGetRequest("/logstash-1/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(404L, executeGetRequest("/logstash-nonex/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/nopermindex/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/_all/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/*/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/nopermindex,logstash-1,nonexist/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/logstash-1,nonexist/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/nonexist/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("/%3Clogstash-%7Bnow%2Fd%7D%3E/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(403L, executeGetRequest("/%3Cnonex-%7Bnow%2Fd%7D%3E/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("/%3Clogstash-%7Bnow%2Fd%7D%3E,logstash-*/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executeGetRequest("/%3Clogstash-%7Bnow%2Fd%7D%3E,logstash-1/_search", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(201L, executePutRequest("/logstash-b/logs/1", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(200L, executePutRequest("/%3Clogstash-cnew-%7Bnow%2Fd%7D%3E", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                Assert.assertEquals(201L, executePutRequest("/%3Clogstash-new-%7Bnow%2Fd%7D%3E/logs/1", "{}", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("logstash", "nagilum"))).getStatusCode());
                AbstractUnitTest.HttpResponse executeGetRequest = executeGetRequest("/_cat/indices?v", new BasicHeader("Authorization", "Basic " + encodeBasicHeader("nagilum", "nagilum")));
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                System.out.println(executeGetRequest.getBody());
                Assert.assertTrue(executeGetRequest.getBody().contains("logstash-b"));
                Assert.assertTrue(executeGetRequest.getBody().contains("logstash-new-20"));
                Assert.assertTrue(executeGetRequest.getBody().contains("logstash-cnew-20"));
                Assert.assertFalse(executeGetRequest.getBody().contains("<"));
            } finally {
            }
        } catch (Throwable th3) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTransportClientDoubleAuth() throws Exception {
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")}).put(new Object[]{"searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")}).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).build();
        startES(Settings.builder().put(build).putArray("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"}).build());
        AbstractUnitTest.TransportClientImpl transportClientImpl = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("kirk-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "kirk").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
        Throwable th = null;
        try {
            try {
                this.log.debug("Start transport client to init");
                transportClientImpl.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                Assert.assertEquals(3L, ((NodesInfoResponse) transportClientImpl.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                transportClientImpl.admin().indices().create(new CreateIndexRequest("searchguard")).actionGet();
                System.out.println("------- Begin INIT ---------");
                transportClientImpl.index(new IndexRequest("searchguard").type("config").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"config", readYamlContent("sg_config_dummy.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("internalusers").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"internalusers", readYamlContent("sg_internal_users.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("roles").id("0").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{"roles", readYamlContent("sg_roles.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("rolesmapping").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"rolesmapping", readYamlContent("sg_roles_mapping.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("searchguard").type("actiongroups").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).id("0").source(new Object[]{"actiongroups", readYamlContent("sg_action_groups.yml")})).actionGet();
                transportClientImpl.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                Assert.assertEquals(3L, ((ConfigUpdateResponse) transportClientImpl.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet()).getNodes().size());
                if (transportClientImpl != null) {
                    if (0 != 0) {
                        try {
                            transportClientImpl.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        transportClientImpl.close();
                    }
                }
                System.out.println("------- INIT complete ---------");
                AbstractUnitTest.TransportClientImpl transportClientImpl2 = new AbstractUnitTest.TransportClientImpl(this, Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put(build).put(new Object[]{"searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("spock-keystore.jks")}).put("searchguard.ssl.transport.keystore_alias", "spock").put("path.home", ".").build(), asCollection(Netty4Plugin.class, SearchGuardPlugin.class));
                Throwable th3 = null;
                try {
                    transportClientImpl2.addTransportAddress(new InetSocketTransportAddress(new InetSocketAddress(this.nodeHost, this.nodePort)));
                    System.out.println("------- Start 1 ---------");
                    ThreadContext.StoredContext stashContext = transportClientImpl2.threadPool().getThreadContext().stashContext();
                    try {
                        transportClientImpl2.threadPool().getThreadContext().putHeader("Authorization", "basic " + encodeBasicHeader("dummy", "dummy"));
                        Assert.assertNotNull((ClusterHealthResponse) transportClientImpl2.admin().cluster().health(new ClusterHealthRequest()).actionGet());
                        Assert.assertEquals(3L, r0.getNumberOfNodes());
                        stashContext.close();
                        System.out.println("------- Start 2 ---------");
                        ThreadContext.StoredContext stashContext2 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                        try {
                            try {
                                transportClientImpl2.threadPool().getThreadContext().putHeader("Authorization", "basic " + encodeBasicHeader("nouser", "nouser"));
                                Assert.assertNotNull((ClusterHealthResponse) transportClientImpl2.admin().cluster().health(new ClusterHealthRequest()).actionGet());
                                Assert.assertEquals(3L, r0.getNumberOfNodes());
                                stashContext2.close();
                            } catch (Throwable th4) {
                                stashContext2 = stashContext2;
                                throw th4;
                            }
                        } catch (Exception e) {
                            System.out.println(e.getMessage());
                            stashContext2.close();
                        }
                        System.out.println("------- Start 3 ---------");
                        stashContext2 = transportClientImpl2.threadPool().getThreadContext().stashContext();
                        try {
                            Assert.assertNotNull((ClusterHealthResponse) transportClientImpl2.admin().cluster().health(new ClusterHealthRequest()).actionGet());
                            Assert.assertEquals(3L, r0.getNumberOfNodes());
                            stashContext2.close();
                            if (transportClientImpl2 != null) {
                                if (0 == 0) {
                                    transportClientImpl2.close();
                                    return;
                                }
                                try {
                                    transportClientImpl2.close();
                                } catch (Throwable th5) {
                                    th3.addSuppressed(th5);
                                }
                            }
                        } finally {
                            stashContext2.close();
                        }
                    } catch (Throwable th6) {
                        stashContext.close();
                        throw th6;
                    }
                } catch (Throwable th7) {
                    if (transportClientImpl2 != null) {
                        if (0 != 0) {
                            try {
                                transportClientImpl2.close();
                            } catch (Throwable th8) {
                                th3.addSuppressed(th8);
                            }
                        } else {
                            transportClientImpl2.close();
                        }
                    }
                    throw th7;
                }
            } catch (Throwable th9) {
                th = th9;
                throw th9;
            }
        } catch (Throwable th10) {
            if (transportClientImpl != null) {
                if (th != null) {
                    try {
                        transportClientImpl.close();
                    } catch (Throwable th11) {
                        th.addSuppressed(th11);
                    }
                } else {
                    transportClientImpl.close();
                }
            }
            throw th10;
        }
    }

    private ThreadContext newThreadContext(String str) {
        ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
        threadContext.putTransient("_sg_ssl_principal", str);
        return threadContext;
    }

    static {
        System.setProperty("sg.nowarn.client", "true");
    }
}
