package com.floragunn.searchguard;

import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.cluster.ClusterConfiguration;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import com.google.common.collect.Lists;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.common.settings.Settings;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/SystemIntegratorsTests.class */
public class SystemIntegratorsTests extends SingleClusterTest {
    @Test
    public void testInjectedUserMalformed() throws Exception {
        setup(Settings.builder().put("searchguard.unsupported.inject_user.enabled", true).put("http.type", "com.floragunn.searchguard.http.UserInjectingServerTransport").build(), ClusterConfiguration.USERINJECTOR);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", null)).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "|||")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "||127.0.0:80|")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "username||ip|")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "username||ip:port|")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "username||ip:80|")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "username||127.0.x:80|")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "username||127.0.0:80|key1,value1,key2")).getStatusCode());
        Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "||127.0.0:80|key1,value1,key2,value2")).getStatusCode());
    }

    @Test
    public void testInjectedUser() throws Exception {
        setup(Settings.builder().put("searchguard.unsupported.inject_user.enabled", true).put("http.type", "com.floragunn.searchguard.http.UserInjectingServerTransport").build(), ClusterConfiguration.USERINJECTOR);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "admin||127.0.0:80|"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("User [name=admin, roles=[], requestedTenant=null]"));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"remote_address\":\"127.0.0.0:80\""));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"backend_roles\":[]"));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"custom_attribute_names\":[]"));
        RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "admin|role1|127.0.0:80|key1,value1"));
        Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
        Assert.assertTrue(executeGetRequest2.getBody().contains("User [name=admin, roles=[role1], requestedTenant=null]"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"remote_address\":\"127.0.0.0:80\""));
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"backend_roles\":[\"role1\"]"));
        Assert.assertTrue(executeGetRequest2.getBody().contains("\"custom_attribute_names\":[\"key1\"]"));
        RestHelper.HttpResponse executeGetRequest3 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "admin|role1,role2||key1,value1"));
        Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
        Assert.assertTrue(executeGetRequest3.getBody().contains("User [name=admin, roles=[role1, role2], requestedTenant=null]"));
        Assert.assertFalse(executeGetRequest3.getBody().contains("\"remote_address\":null"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("\"backend_roles\":[\"role1\",\"role2\"]"));
        Assert.assertTrue(executeGetRequest3.getBody().contains("\"custom_attribute_names\":[\"key1\"]"));
        RestHelper.HttpResponse executeGetRequest4 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "admin|role1,role2|8.8.8.8:8|key1,value1,key2,value2"));
        Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
        Assert.assertTrue(executeGetRequest4.getBody().contains("User [name=admin, roles=[role1, role2], requestedTenant=null]"));
        Assert.assertFalse(executeGetRequest4.getBody().contains("\"remote_address\":null"));
        Assert.assertTrue(executeGetRequest4.getBody().contains("\"backend_roles\":[\"role1\",\"role2\"]"));
        Assert.assertTrue(executeGetRequest4.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]"));
        RestHelper.HttpResponse executeGetRequest5 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "nagilum|role1,role2|8.8.8.8:8|key1,value1,key2,value2"));
        Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
        Assert.assertTrue(executeGetRequest5.getBody().contains("User [name=nagilum, roles=[role1, role2], requestedTenant=null]"));
        Assert.assertTrue(executeGetRequest5.getBody().contains("\"remote_address\":\"8.8.8.8:8\""));
        Assert.assertTrue(executeGetRequest5.getBody().contains("\"backend_roles\":[\"role1\",\"role2\"]"));
        Assert.assertTrue(executeGetRequest5.getBody().contains("\"sg_roles\":[\"sg_all_access\""));
        Assert.assertTrue(executeGetRequest5.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]"));
        RestHelper.HttpResponse executeGetRequest6 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "myuser|role1,vulcanadmin|8.8.8.8:8|key1,value1,key2,value2"));
        Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
        Assert.assertTrue(executeGetRequest6.getBody().contains("User [name=myuser, roles=[role1, vulcanadmin], requestedTenant=null]"));
        Assert.assertTrue(executeGetRequest6.getBody().contains("\"remote_address\":\"8.8.8.8:8\""));
        Assert.assertTrue(executeGetRequest6.getBody().contains("\"backend_roles\":[\"role1\",\"vulcanadmin\"]"));
        Assert.assertTrue(executeGetRequest6.getBody().contains("\"sg_roles\":[\"sg_public\",\"sg_role_vulcans_admin\"]"));
        Assert.assertTrue(executeGetRequest6.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]"));
        RestHelper.HttpResponse executeGetRequest7 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "myuser|role1,vulcanadmin|8.8.8.8:8|key1,value1,key2,value2|"));
        Assert.assertEquals(200L, executeGetRequest7.getStatusCode());
        Assert.assertTrue(executeGetRequest7.getBody().contains("User [name=myuser, roles=[role1, vulcanadmin], requestedTenant=null]"));
        Assert.assertTrue(executeGetRequest7.getBody().contains("\"remote_address\":\"8.8.8.8:8\""));
        Assert.assertTrue(executeGetRequest7.getBody().contains("\"backend_roles\":[\"role1\",\"vulcanadmin\"]"));
        Assert.assertTrue(executeGetRequest7.getBody().contains("\"sg_roles\":[\"sg_public\",\"sg_role_vulcans_admin\"]"));
        Assert.assertTrue(executeGetRequest7.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]"));
        RestHelper.HttpResponse executeGetRequest8 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "myuser|role1,vulcanadmin|8.8.8.8:8|key1,value1,key2,value2|mytenant"));
        Assert.assertEquals(200L, executeGetRequest8.getStatusCode());
        Assert.assertTrue(executeGetRequest8.getBody().contains("User [name=myuser, roles=[role1, vulcanadmin], requestedTenant=mytenant]"));
        Assert.assertTrue(executeGetRequest8.getBody().contains("\"remote_address\":\"8.8.8.8:8\""));
        Assert.assertTrue(executeGetRequest8.getBody().contains("\"backend_roles\":[\"role1\",\"vulcanadmin\"]"));
        Assert.assertTrue(executeGetRequest8.getBody().contains("\"sg_roles\":[\"sg_public\",\"sg_role_vulcans_admin\"]"));
        Assert.assertTrue(executeGetRequest8.getBody().contains("\"custom_attribute_names\":[\"key1\",\"key2\"]"));
        RestHelper.HttpResponse executeGetRequest9 = nonSslRestHelper.executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "myuser|role1,vulcanadmin|8.8.8.8:8||mytenant with whitespace"));
        Assert.assertEquals(200L, executeGetRequest9.getStatusCode());
        Assert.assertTrue(executeGetRequest9.getBody().contains("User [name=myuser, roles=[role1, vulcanadmin], requestedTenant=mytenant with whitespace]"));
        Assert.assertTrue(executeGetRequest9.getBody().contains("\"remote_address\":\"8.8.8.8:8\""));
        Assert.assertTrue(executeGetRequest9.getBody().contains("\"backend_roles\":[\"role1\",\"vulcanadmin\"]"));
        Assert.assertTrue(executeGetRequest9.getBody().contains("\"sg_roles\":[\"sg_public\",\"sg_role_vulcans_admin\"]"));
    }

    @Test
    public void testInjectedUserDisabled() throws Exception {
        setup(Settings.builder().put("http.type", "com.floragunn.searchguard.http.UserInjectingServerTransport").build(), ClusterConfiguration.USERINJECTOR);
        Assert.assertEquals(401L, nonSslRestHelper().executeGetRequest("_searchguard/authinfo", new BasicHeader("injected_user", "admin|role1|127.0.0:80|key1,value1")).getStatusCode());
    }

    @Test
    public void testInjectedAdminUser() throws Exception {
        setup(Settings.builder().put("searchguard.unsupported.inject_user.enabled", true).put("searchguard.unsupported.inject_user.admin.enabled", true).putList("searchguard.authcz.admin_dn", Lists.newArrayList(new String[]{"CN=kirk,OU=client,O=client,L=Test,C=DE", "injectedadmin"})).put("http.type", "com.floragunn.searchguard.http.UserInjectingServerTransport").build(), ClusterConfiguration.USERINJECTOR);
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("searchguard/_search?pretty", new BasicHeader("injected_user", "injectedadmin|role1|127.0.0:80|key1,value1"));
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        Assert.assertTrue(executeGetRequest.getBody().contains("\"_id\" : \"config\""));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"_id\" : \"roles\""));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"_id\" : \"internalusers\""));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"_id\" : \"tattr\""));
        Assert.assertTrue(executeGetRequest.getBody().contains("\"total\" : 6"));
        Assert.assertEquals(403L, r0.executeGetRequest("searchguard/_search?pretty", new BasicHeader("injected_user", "wrongadmin|role1|127.0.0:80|key1,value1")).getStatusCode());
    }

    @Test
    public void testInjectedAdminUserAdminInjectionDisabled() throws Exception {
        setup(Settings.builder().put("searchguard.unsupported.inject_user.enabled", true).putList("searchguard.authcz.admin_dn", Lists.newArrayList(new String[]{"CN=kirk,OU=client,O=client,L=Test,C=DE", "injectedadmin"})).put("http.type", "com.floragunn.searchguard.http.UserInjectingServerTransport").build(), ClusterConfiguration.USERINJECTOR);
        RestHelper.HttpResponse executeGetRequest = nonSslRestHelper().executeGetRequest("searchguard/_search?pretty", new BasicHeader("injected_user", "injectedadmin|role1|127.0.0:80|key1,value1"));
        Assert.assertEquals(403L, executeGetRequest.getStatusCode());
        Assert.assertFalse(executeGetRequest.getBody().contains("\"_id\" : \"config\""));
        Assert.assertFalse(executeGetRequest.getBody().contains("\"_id\" : \"roles\""));
        Assert.assertFalse(executeGetRequest.getBody().contains("\"_id\" : \"internalusers\""));
        Assert.assertFalse(executeGetRequest.getBody().contains("\"_id\" : \"tattr\""));
        Assert.assertFalse(executeGetRequest.getBody().contains("\"total\" : 6"));
    }
}
