package com.floragunn.searchguard.auditlog.sink;

import com.floragunn.searchguard.auditlog.helper.MockAuditMessageFactory;
import com.floragunn.searchguard.auditlog.helper.TestHttpHandler;
import com.floragunn.searchguard.auditlog.impl.AuditMessage;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import java.io.FileInputStream;
import java.nio.file.Path;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.impl.bootstrap.HttpServer;
import org.apache.http.impl.bootstrap.ServerBootstrap;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.threadpool.ThreadPool;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/auditlog/sink/SinkProviderTLSTest.class */
public class SinkProviderTLSTest {
    protected HttpServer server = null;

    @Before
    @After
    public void tearDown() {
        if (this.server != null) {
            try {
                this.server.stop();
            } catch (Exception e) {
            }
        }
    }

    @Test
    public void testTlsConfigurationNoFallback() throws Exception {
        TestHttpHandler testHttpHandler = new TestHttpHandler();
        this.server = ServerBootstrap.bootstrap().setListenerPort(8083).setServerInfo("Test/1.1").setSslContext(createSSLContext()).registerHandler("*", testHttpHandler).create();
        this.server.start();
        Settings.Builder loadFromPath = Settings.builder().loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/sink/configuration_tls.yml"));
        loadFromPath.put("path.home", "/");
        loadFromPath.put("searchguard.audit.config.webhook.ssl.pemtrustedcas_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/root-ca.pem"));
        loadFromPath.put("searchguard.audit.endpoints.endpoint1.config.webhook.ssl.pemtrustedcas_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/root-ca.pem"));
        loadFromPath.put("searchguard.audit.endpoints.endpoint2.config.webhook.ssl.pemtrustedcas_content", FileHelper.loadFile("auditlog/root-ca.pem"));
        SinkProvider sinkProvider = new SinkProvider(loadFromPath.build(), (Client) null, (ThreadPool) null, (Path) null);
        Assert.assertEquals(true, Boolean.valueOf(sinkProvider.defaultSink.verifySSL));
        AuditMessage validAuditMessage = MockAuditMessageFactory.validAuditMessage();
        ((AuditLogSink) sinkProvider.allSinks.get("endpoint1")).store(validAuditMessage);
        Assert.assertTrue(testHttpHandler.method.equals("POST"));
        Assert.assertTrue(testHttpHandler.body != null);
        Assert.assertTrue(testHttpHandler.body.contains("{"));
        assertStringContainsAllKeysAndValues(testHttpHandler.body);
        testHttpHandler.reset();
        ((AuditLogSink) sinkProvider.allSinks.get("endpoint2")).store(validAuditMessage);
        Assert.assertTrue(testHttpHandler.method.equals("POST"));
        Assert.assertTrue(testHttpHandler.body != null);
        Assert.assertTrue(testHttpHandler.body.contains("{"));
        assertStringContainsAllKeysAndValues(testHttpHandler.body);
        testHttpHandler.reset();
        sinkProvider.defaultSink.store(validAuditMessage);
        Assert.assertTrue(testHttpHandler.method.equals("POST"));
        Assert.assertTrue(testHttpHandler.body != null);
        Assert.assertTrue(testHttpHandler.body.contains("{"));
        assertStringContainsAllKeysAndValues(testHttpHandler.body);
        this.server.stop();
    }

    private SSLContext createSSLContext() throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/truststore.jks").toFile()), "changeit".toCharArray());
        trustManagerFactory.init(keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/node-0-keystore.jks").toFile()), "changeit".toCharArray());
        keyManagerFactory.init(keyStore2, "changeit".toCharArray());
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    private void assertStringContainsAllKeysAndValues(String str) {
        System.out.println(str);
        Assert.assertTrue(str, str.contains("audit_format_version"));
        Assert.assertTrue(str, str.contains("audit_category"));
        Assert.assertTrue(str, str.contains("audit_format_version"));
        Assert.assertTrue(str, str.contains("audit_request_remote_address"));
        Assert.assertTrue(str, str.contains("audit_request_origin"));
        Assert.assertTrue(str, str.contains("audit_request_layer"));
        Assert.assertTrue(str, str.contains("audit_transport_request_type"));
        Assert.assertTrue(str, str.contains("@timestamp"));
        Assert.assertTrue(str, str.contains(AuditMessage.Category.FAILED_LOGIN.name()));
        Assert.assertTrue(str, str.contains("FAILED_LOGIN"));
        Assert.assertTrue(str, str.contains("John Doe"));
        Assert.assertTrue(str, str.contains("8.8.8.8"));
    }
}
