package com.floragunn.searchguard;

import com.floragunn.searchguard.support.SgUtils;
import com.floragunn.searchguard.test.DynamicSgConfig;
import com.floragunn.searchguard.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.rest.RestHelper;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import org.apache.http.Header;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.delete.DeleteIndexRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.indices.InvalidIndexNameException;
import org.elasticsearch.indices.InvalidTypeNameException;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/IndexIntegrationTests.class */
public class IndexIntegrationTests extends SingleClusterTest {
    @Test
    public void testComposite() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_composite_config.yml").setSgRoles("sg_roles_composite.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("klingonempire").type("ships").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("public").type("legends").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper.HttpResponse executePostRequest = nonSslRestHelper.executePostRequest("_msearch", "{\"index\":\"starfleet\", \"type\":\"ships\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator() + "{\"index\":\"klingonempire\", \"type\":\"ships\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator() + "{\"index\":\"public\", \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"bool\":{\"must\":{\"match_all\":{}}}}}" + System.lineSeparator(), encodeBasicHeader("worf", "worf"));
                Assert.assertEquals(200L, executePostRequest.getStatusCode());
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("\"_index\":\"klingonempire\""));
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("hits"));
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("no permissions for [indices:data/read/search]"));
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testBulkShards() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgRoles("sg_roles_bs.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("test").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("lorem").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                String str = "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field2\" : \"value1\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"3\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"4\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"test\", \"_type\" : \"type1\", \"_id\" : \"5\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"lorem\", \"_type\" : \"type1\", \"_id\" : \"1\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"lorem\", \"_type\" : \"type1\", \"_id\" : \"2\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"lorem\", \"_type\" : \"type1\", \"_id\" : \"3\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"lorem\", \"_type\" : \"type1\", \"_id\" : \"4\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"index\" : { \"_index\" : \"lorem\", \"_type\" : \"type1\", \"_id\" : \"5\" } }" + System.lineSeparator() + "{ \"field2\" : \"value2\" }" + System.lineSeparator() + "{ \"delete\" : { \"_index\" : \"lorem\", \"_type\" : \"type1\", \"_id\" : \"5\" } }" + System.lineSeparator();
                System.out.println("############ _bulk");
                RestHelper.HttpResponse executePostRequest = nonSslRestHelper.executePostRequest("_bulk?refresh=true&pretty=true", str, encodeBasicHeader("worf", "worf"));
                System.out.println(executePostRequest.getBody());
                Assert.assertEquals(200L, executePostRequest.getStatusCode());
                Assert.assertTrue(executePostRequest.getBody().contains("\"errors\" : true"));
                Assert.assertTrue(executePostRequest.getBody().contains("\"status\" : 201"));
                Assert.assertTrue(executePostRequest.getBody().contains("no permissions for"));
                System.out.println("############ check shards");
                System.out.println(nonSslRestHelper.executeGetRequest("_cat/shards?v", encodeBasicHeader("nagilum", "nagilum")));
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testCreateIndex() throws Exception {
        setup();
        RestHelper nonSslRestHelper = nonSslRestHelper();
        Assert.assertEquals("Unable to create index 'nag'", 200L, nonSslRestHelper.executePutRequest("nag1", null, encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        Assert.assertEquals("Unable to create index 'starfleet_library'", 200L, nonSslRestHelper.executePutRequest("starfleet_library", null, encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        this.clusterHelper.waitForCluster(ClusterHealthStatus.GREEN, TimeValue.timeValueSeconds(10L), this.clusterInfo.numNodes);
        Assert.assertEquals("Unable to close index 'starfleet_library'", 200L, nonSslRestHelper.executePostRequest("starfleet_library/_close", null, encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        RestHelper.HttpResponse executePostRequest = nonSslRestHelper.executePostRequest("starfleet_library/_open", null, encodeBasicHeader("nagilum", "nagilum"));
        Assert.assertEquals("Unable to open index 'starfleet_library'", 200L, executePostRequest.getStatusCode());
        Assert.assertTrue("open index 'starfleet_library' not acknowledged", executePostRequest.getBody().contains("acknowledged"));
        Assert.assertFalse("open index 'starfleet_library' not acknowledged", executePostRequest.getBody().contains("false"));
        this.clusterHelper.waitForCluster(ClusterHealthStatus.GREEN, TimeValue.timeValueSeconds(10L), this.clusterInfo.numNodes);
        Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("public", null, encodeBasicHeader("spock", "spock")).getStatusCode());
    }

    @Test
    public void testFilteredAlias() throws Exception {
        setup();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            internalTransportClient.index(new IndexRequest("theindex").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("otherindex").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias1").filter(QueryBuilders.termQuery("_type", "type1")).index("theindex"))).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias2").filter(QueryBuilders.termQuery("_type", "type2")).index("theindex"))).actionGet();
            internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().alias("alias3").filter(QueryBuilders.termQuery("_type", "type2")).index("otherindex"))).actionGet();
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("alias*/_search", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("theindex/_search", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("alias3/_search", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_cat/indices", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testIndexTypeEvaluation() throws Exception {
        setup();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            internalTransportClient.index(new IndexRequest("foo1").type("bar").id("1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("foo2").type("bar").id("2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("foo").type("baz").id("3").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("fooba").type("z").id("4").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
            try {
                internalTransportClient.index(new IndexRequest("x#a").type("xxx").id("4a").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
                Assert.fail("Indexname can contain #");
            } catch (InvalidIndexNameException e) {
            }
            try {
                internalTransportClient.index(new IndexRequest("xa").type("x#a").id("4a").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":4}", XContentType.JSON)).actionGet();
                Assert.fail("Typename can contain #");
            } catch (InvalidTypeNameException e2) {
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/foo1/bar/_search?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            Assert.assertTrue(executeGetRequest.getBody().contains("\"content\" : 1"));
            RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("/foo2/bar/_search?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
            Assert.assertTrue(executeGetRequest2.getBody().contains("\"content\" : 2"));
            RestHelper.HttpResponse executeGetRequest3 = nonSslRestHelper.executeGetRequest("/foo/baz/_search?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
            Assert.assertTrue(executeGetRequest3.getBody().contains("\"content\" : 3"));
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/fooba/z/_search?pretty", encodeBasicHeader("baz", "worf")).getStatusCode());
            RestHelper.HttpResponse executeGetRequest4 = nonSslRestHelper.executeGetRequest("/foo1/bar/1?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
            Assert.assertTrue(executeGetRequest4.getBody().contains("\"found\" : true"));
            Assert.assertTrue(executeGetRequest4.getBody().contains("\"content\" : 1"));
            RestHelper.HttpResponse executeGetRequest5 = nonSslRestHelper.executeGetRequest("/foo2/bar/2?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
            Assert.assertTrue(executeGetRequest5.getBody().contains("\"content\" : 2"));
            Assert.assertTrue(executeGetRequest5.getBody().contains("\"found\" : true"));
            RestHelper.HttpResponse executeGetRequest6 = nonSslRestHelper.executeGetRequest("/foo/baz/3?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
            Assert.assertTrue(executeGetRequest6.getBody().contains("\"content\" : 3"));
            Assert.assertTrue(executeGetRequest6.getBody().contains("\"found\" : true"));
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/fooba/z/4?pretty", encodeBasicHeader("baz", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/foo*/_search?pretty", encodeBasicHeader("baz", "worf")).getStatusCode());
            RestHelper.HttpResponse executeGetRequest7 = nonSslRestHelper.executeGetRequest("/foo*,-fooba/bar/_search?pretty", encodeBasicHeader("baz", "worf"));
            Assert.assertEquals(200L, executeGetRequest7.getStatusCode());
            Assert.assertTrue(executeGetRequest7.getBody().contains("\"content\" : 1"));
            Assert.assertTrue(executeGetRequest7.getBody().contains("\"content\" : 2"));
        } finally {
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
        }
    }

    @Test
    public void testIndices() throws Exception {
        setup();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            internalTransportClient.index(new IndexRequest("nopermindex").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("logstash-1").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("logstash-2").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("logstash-3").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            internalTransportClient.index(new IndexRequest("logstash-4").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("YYYY.MM.dd", SgUtils.EN_Locale);
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
            internalTransportClient.index(new IndexRequest("logstash-" + simpleDateFormat.format(new Date())).type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/logstash-1/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("/logstash-nonex/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("/logstash-nonex,logstash-1/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/nopermindex/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/does-not-exist-and-no-perm/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/logstash-1/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("/logstash-nonex/_search", encodeBasicHeader("nouser", "nosuer")).getStatusCode());
            Assert.assertEquals(401L, nonSslRestHelper.executeGetRequest("/logstash-nonex/_search", new Header[0]).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_all/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/*/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/nopermindex,logstash-1,nonexist/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/logstash-1,nonexist/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/nonexist/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/%3Clogstash-%7Bnow%2Fd%7D%3E/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/%3Cnonex-%7Bnow%2Fd%7D%3E/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/%3Clogstash-%7Bnow%2Fd%7D%3E,logstash-*/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/%3Clogstash-%7Bnow%2Fd%7D%3E,logstash-1/_search", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("/logstash-b/logs/1", "{}", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("/%3Clogstash-cnew-%7Bnow%2Fd%7D%3E", "{}", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            Assert.assertEquals(201L, nonSslRestHelper.executePutRequest("/%3Clogstash-new-%7Bnow%2Fd%7D%3E/logs/1", "{}", encodeBasicHeader("logstash", "nagilum")).getStatusCode());
            RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/_cat/indices?v", encodeBasicHeader("nagilum", "nagilum"));
            Assert.assertEquals(200L, executeGetRequest.getStatusCode());
            System.out.println(executeGetRequest.getBody());
            Assert.assertTrue(executeGetRequest.getBody().contains("logstash-b"));
            Assert.assertTrue(executeGetRequest.getBody().contains("logstash-new-20"));
            Assert.assertTrue(executeGetRequest.getBody().contains("logstash-cnew-20"));
            Assert.assertFalse(executeGetRequest.getBody().contains("<"));
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (0 != 0) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAliases() throws Exception {
        setup(Settings.builder().put("searchguard.roles_mapping_resolution", "BOTH").build());
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("nopermindex").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-1").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-2").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-3").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-4").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-5").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-del").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-del-ok").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("logstash-" + new SimpleDateFormat("YYYY.MM.dd").format(new Date())).type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"nopermindex"}).alias("nopermalias"))).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"searchguard"}).alias("mysgi"))).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper nonSslRestHelper = nonSslRestHelper();
                Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("/mysgi/sg", "{}", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
                RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/mysgi/_search?pretty", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                assertContains(executeGetRequest, "*\"hits\" : {*\"total\" : 0,*\"hits\" : [ ]*");
                System.out.println("#### add alias to allowed index");
                Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("/logstash-1/_alias/alog1", "", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### add alias to not existing (no perm)");
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("/nonexitent/_alias/alnp", "", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### add alias to not existing (with perm)");
                Assert.assertEquals(404L, nonSslRestHelper.executePutRequest("/logstash-nonex/_alias/alnp", "", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### add alias to not allowed index");
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("/nopermindex/_alias/alnp", "", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### remove_index");
                Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("/_aliases", "{\"actions\" : [{ \"add\":  { \"index\": \"logstash-del-ok\", \"alias\": \"logstash-del\" } },{ \"remove_index\": { \"index\": \"logstash-del\" } }  ]}", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### get alias for permitted index");
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/logstash-1/_alias/alog1", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### get alias for all indices");
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_alias/alog1", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### get alias no perm");
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_alias/nopermalias", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
                System.out.println("#### create alias along with index");
                Assert.assertEquals(403L, nonSslRestHelper.executePutRequest("/beats-withalias", "{\"aliases\": {\"alias1\": {}}}", encodeBasicHeader("aliasmngt", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAliasResolution() throws Exception {
        setup(Settings.builder().build());
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("concreteindex-1").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"concreteindex-1"}).alias("calias-1"))).actionGet();
                internalTransportClient.index(new IndexRequest(".kibana-6").type("doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{".kibana-6"}).alias(".kibana"))).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("calias-1/_search?pretty", encodeBasicHeader("aliastest", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("calias-*/_search?pretty", encodeBasicHeader("aliastest", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("*kibana/_search?pretty", encodeBasicHeader("aliastest", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest(".ki*ana/_search?pretty", encodeBasicHeader("aliastest", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest(".kibana/_search?pretty", encodeBasicHeader("aliastest", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testCCSIndexResolve() throws Exception {
        setup();
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest(".abc-6").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("ggg:.abc-6,.abc-6/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*:.abc-6,.abc-6/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    @Ignore
    public void testCCSIndexResolve2() throws Exception {
        setup();
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest(".abc").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("xyz").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":2}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("noperm").type("logs").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":3}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper.HttpResponse executeGetRequest = nonSslRestHelper.executeGetRequest("/*:.abc,.abc/_search", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest.getStatusCode());
                Assert.assertTrue(executeGetRequest.getBody(), executeGetRequest.getBody().contains("\"content\":1"));
                RestHelper.HttpResponse executeGetRequest2 = nonSslRestHelper.executeGetRequest("/ba*bcuzh/_search", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertTrue(executeGetRequest2.getBody(), executeGetRequest2.getBody().contains("\"content\":12"));
                Assert.assertEquals(200L, executeGetRequest2.getStatusCode());
                RestHelper.HttpResponse executeGetRequest3 = nonSslRestHelper.executeGetRequest("/*:.abc/_search", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertTrue(executeGetRequest3.getBody(), executeGetRequest3.getBody().contains("\"content\":1"));
                Assert.assertEquals(200L, executeGetRequest3.getStatusCode());
                RestHelper.HttpResponse executeGetRequest4 = nonSslRestHelper.executeGetRequest("/*:xyz,xyz/_search", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest4.getStatusCode());
                Assert.assertTrue(executeGetRequest4.getBody(), executeGetRequest4.getBody().contains("\"content\":2"));
                RestHelper.HttpResponse executeGetRequest5 = nonSslRestHelper.executeGetRequest("/*:.abc/_search", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest5.getStatusCode());
                Assert.assertTrue(executeGetRequest5.getBody(), executeGetRequest5.getBody().contains("\"content\":1"));
                RestHelper.HttpResponse executeGetRequest6 = nonSslRestHelper.executeGetRequest("/*:xyz/_search", encodeBasicHeader("nagilum", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest6.getStatusCode());
                Assert.assertTrue(executeGetRequest6.getBody(), executeGetRequest6.getBody().contains("\"content\":2"));
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/.abc/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/xyz/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*:.abc,.abc/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*:xyz,xyz/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*:.abc/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*:xyz/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*:noperm/_search", encodeBasicHeader("ccsresolv", "nagilum")).getStatusCode());
                RestHelper.HttpResponse executeGetRequest7 = nonSslRestHelper.executeGetRequest("/*:noperm/_search", encodeBasicHeader("ccsresolv", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest7.getStatusCode());
                System.out.println(executeGetRequest7.getBody());
                RestHelper.HttpResponse executeGetRequest8 = nonSslRestHelper.executeGetRequest("/*:noexists/_search", encodeBasicHeader("ccsresolv", "nagilum"));
                Assert.assertEquals(200L, executeGetRequest8.getStatusCode());
                System.out.println(executeGetRequest8.getBody());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testIndexResolveIgnoreUnavailable() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_respect_indices_options.yml").setSgRoles("sg_roles_bs.yml"), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("test").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet();
                internalTransportClient.index(new IndexRequest("lorem").type("type1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                RestHelper.HttpResponse executePostRequest = nonSslRestHelper.executePostRequest("_msearch", "{\"index\": [\"tes*\",\"-.searchguard\",\"-missing\"], \"ignore_unavailable\": true}" + System.lineSeparator() + "{\"size\":10, \"query\":{\"match_all\":{}}}" + System.lineSeparator(), encodeBasicHeader("worf", "worf"));
                Assert.assertEquals(200L, executePostRequest.getStatusCode());
                Assert.assertTrue(executePostRequest.getBody(), executePostRequest.getBody().contains("\"hits\":{\"total\":1"));
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testIndexResolveIndicesAlias() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("foo-index").type("_doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet();
                internalTransportClient.admin().indices().aliases(new IndicesAliasesRequest().addAliasAction(IndicesAliasesRequest.AliasActions.add().indices(new String[]{"foo-index"}).alias("foo-alias"))).actionGet();
                internalTransportClient.admin().indices().delete(new DeleteIndexRequest("foo-index")).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                Assert.assertFalse(nonSslRestHelper.executeGetRequest("/_cat/aliases", encodeBasicHeader("nagilum", "nagilum")).getBody().contains("foo"));
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/foo-alias/_search", encodeBasicHeader("foo_index", "nagilum")).getStatusCode());
                Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("/foo-index/_search", encodeBasicHeader("foo_index", "nagilum")).getStatusCode());
                Assert.assertEquals(404L, nonSslRestHelper.executeGetRequest("/foo-alias/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testIndexResolveMinus() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig(), Settings.EMPTY, true);
        RestHelper nonSslRestHelper = nonSslRestHelper();
        TransportClient internalTransportClient = getInternalTransportClient();
        Throwable th = null;
        try {
            try {
                internalTransportClient.index(new IndexRequest("foo-abc").type("_doc").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"field2\":\"init\"}", XContentType.JSON)).actionGet();
                if (internalTransportClient != null) {
                    if (0 != 0) {
                        try {
                            internalTransportClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        internalTransportClient.close();
                    }
                }
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/**/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/**,-foo*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/*,-foo*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/**,-searchg*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*,-searchg*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("/*,-searchg*,-foo*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(403L, nonSslRestHelper.executeGetRequest("/_all,-searchg*/_search", encodeBasicHeader("foo_all", "nagilum")).getStatusCode());
                Assert.assertEquals(400L, nonSslRestHelper.executeGetRequest("/_all,-searchg*/_search", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            } finally {
            }
        } catch (Throwable th3) {
            if (internalTransportClient != null) {
                if (th != null) {
                    try {
                        internalTransportClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    internalTransportClient.close();
                }
            }
            throw th3;
        }
    }
}
