package com.floragunn.searchguard.enterprise.auditlog.integration;

import com.floragunn.searchguard.enterprise.auditlog.AbstractAuditlogiUnitTest;
import com.floragunn.searchguard.legacy.test.DynamicSgConfig;
import com.floragunn.searchguard.legacy.test.RestHelper;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchguard.test.helper.cluster.ClusterConfiguration;
import com.floragunn.searchguard.test.helper.cluster.ClusterHelper;
import com.floragunn.searchguard.test.helper.cluster.ClusterInfo;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import org.apache.http.Header;
import org.elasticsearch.common.settings.Settings;
import org.junit.After;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auditlog/integration/SSLAuditlogTest.class */
public class SSLAuditlogTest extends AbstractAuditlogiUnitTest {
    private ClusterInfo monitoringClusterInfo;
    private RestHelper rhMon;
    private final ClusterHelper monitoringCluster = new ClusterHelper("mon_n", 0);

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @After
    public void tearDown() throws Exception {
        this.monitoringCluster.stopCluster();
    }

    private void setupMonitoring() throws Exception {
        this.monitoringClusterInfo = this.monitoringCluster.startCluster(minimumSearchGuardSettings(defaultNodeSettings(Settings.EMPTY)), ClusterConfiguration.DEFAULT);
        initialize(PrivilegedConfigClient.adapt(this.monitoringCluster.nodeClient()), new DynamicSgConfig());
        this.rhMon = new RestHelper(this.monitoringClusterInfo, getResourceFolder());
    }

    @Test
    public void testExternalPemUserPass() throws Exception {
        setupMonitoring();
        setup(Settings.builder().put("searchguard.audit.type", "external_elasticsearch").put("searchguard.audit.config.http_endpoints", this.monitoringClusterInfo.httpHost + ":" + this.monitoringClusterInfo.httpPort).put("searchguard.audit.threadpool.size", 0).putList("searchguard.audit.ignore_users", new String[]{"*spock*", "admin", "CN=kirk,OU=client,O=client,L=Test,C=DE"}).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.enable_ssl", true).put("searchguard.audit.config.enable_ssl_client_auth", false).put("searchguard.audit.config.pemtrustedcas_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/chain-ca.pem")).put("searchguard.audit.config.pemcert_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/spock.crtfull.pem")).put("searchguard.audit.config.pemkey_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/spock.key.pem")).put("searchguard.audit.config.username", "admin").put("searchguard.audit.config.password", "admin").build());
        Assert.assertEquals(401L, this.rh.executeGetRequest("_search", new Header[0]).getStatusCode());
        Thread.sleep(5000L);
        Assert.assertEquals(200L, this.rhMon.executeGetRequest("sg7-auditlog*/_refresh", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rhMon.executeGetRequest("sg7-auditlog*/_search", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        assertNotContains(executeGetRequest, "*\"hits\":{\"total\":0,*");
        assertContains(executeGetRequest, "*\"failed\":0},\"hits\":*");
    }

    @Test
    public void testExternalPemClientAuth() throws Exception {
        setupMonitoring();
        setup(Settings.builder().put("searchguard.audit.type", "external_elasticsearch").put("searchguard.audit.config.http_endpoints", this.monitoringClusterInfo.httpHost + ":" + this.monitoringClusterInfo.httpPort).put("searchguard.audit.threadpool.size", 0).putList("searchguard.audit.ignore_users", new String[]{"*spock*", "admin", "CN=kirk,OU=client,O=client,L=Test,C=DE"}).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.enable_ssl", true).put("searchguard.audit.config.enable_ssl_client_auth", true).put("searchguard.audit.config.pemtrustedcas_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/chain-ca.pem")).put("searchguard.audit.config.pemcert_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/kirk.crtfull.pem")).put("searchguard.audit.config.pemkey_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/kirk.key.pem")).build());
        Assert.assertEquals(401L, this.rh.executeGetRequest("_search", new Header[0]).getStatusCode());
        Thread.sleep(5000L);
        Assert.assertEquals(200L, this.rhMon.executeGetRequest("sg7-auditlog*/_refresh", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rhMon.executeGetRequest("sg7-auditlog*/_search", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        assertNotContains(executeGetRequest, "*\"hits\":{\"total\":0,*");
        assertContains(executeGetRequest, "*\"failed\":0},\"hits\":*");
    }

    @Test
    public void testExternalPemUserPassTp() throws Exception {
        setupMonitoring();
        setup(Settings.builder().put("searchguard.audit.type", "external_elasticsearch").put("searchguard.audit.config.http_endpoints", this.monitoringClusterInfo.httpHost + ":" + this.monitoringClusterInfo.httpPort).put("searchguard.audit.threadpool.size", 0).putList("searchguard.audit.ignore_users", new String[]{"*spock*", "admin", "CN=kirk,OU=client,O=client,L=Test,C=DE"}).put("searchguard.audit.enable_transport", true).put("searchguard.audit.resolve_bulk_requests", true).put("searchguard.audit.config.enable_ssl", true).put("searchguard.audit.config.pemtrustedcas_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/chain-ca.pem")).put("searchguard.audit.config.username", "admin").put("searchguard.audit.config.password", "admin").build());
        Assert.assertEquals(401L, this.rh.executeGetRequest("_search", new Header[0]).getStatusCode());
        Thread.sleep(5000L);
        Assert.assertEquals(200L, this.rhMon.executeGetRequest("sg7-auditlog*/_refresh", new Header[]{encodeBasicHeader("admin", "admin")}).getStatusCode());
        RestHelper.HttpResponse executeGetRequest = this.rhMon.executeGetRequest("sg7-auditlog-*/_search", new Header[]{encodeBasicHeader("admin", "admin")});
        Assert.assertEquals(200L, executeGetRequest.getStatusCode());
        assertNotContains(executeGetRequest, "*\"hits\":{\"total\":0,*");
        assertContains(executeGetRequest, "*\"failed\":0},\"hits\":*");
    }
}
