package com.floragunn.searchguard.test.helper.cluster;

import com.floragunn.codova.documents.DocumentParseException;
import com.floragunn.codova.documents.UnexpectedDocumentStructureException;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.SearchGuardModule;
import com.floragunn.searchguard.SearchGuardModulesRegistry;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.support.PrivilegedConfigClient;
import com.floragunn.searchguard.test.TestAlias;
import com.floragunn.searchguard.test.TestIndex;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.certificate.TestCertificates;
import com.floragunn.searchguard.test.helper.cluster.LocalEsCluster;
import com.floragunn.searchsupport.cstate.ComponentState;
import com.google.common.base.Strings;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.atomic.AtomicLong;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.awaitility.Awaitility;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.internal.Client;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.node.PluginAwareNode;
import org.elasticsearch.plugins.ExtensiblePlugin;
import org.elasticsearch.plugins.Plugin;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.rules.ExternalResource;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/LocalCluster.class */
public class LocalCluster extends ExternalResource implements AutoCloseable, EsClientProvider {
    private static final Logger log = LogManager.getLogger(LocalCluster.class);
    private static final ImmutableSet<String> MODULES_DISABLED_BY_DEFAULT;
    protected static final AtomicLong num;
    protected final String resourceFolder;
    private final List<Class<? extends Plugin>> plugins;
    private final ClusterConfiguration clusterConfiguration;
    private final TestSgConfig testSgConfig;
    private Settings nodeOverride;
    private final String clusterName;
    private final MinimumSearchGuardSettingsSupplierFactory minimumSearchGuardSettingsSupplierFactory;
    private final TestCertificates testCertificates;
    private final List<LocalCluster> clusterDependencies;
    private final Map<String, LocalCluster> remotes;
    private final List<TestIndex> testIndices;
    private final List<TestAlias> testAliases;
    private volatile LocalEsCluster localEsCluster;

    /* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/LocalCluster$Builder.class */
    public static class Builder {
        private boolean sslEnabled;
        private String resourceFolder;
        private TestCertificates testCertificates;
        private boolean enterpriseModulesEnabled;
        private final Settings.Builder nodeOverrideSettingsBuilder = Settings.builder();
        private final Set<String> disabledModules = new HashSet((Collection) LocalCluster.MODULES_DISABLED_BY_DEFAULT);
        private final List<Class<? extends Plugin>> plugins = new ArrayList();
        private Map<String, LocalCluster> remoteClusters = new HashMap();
        private List<LocalCluster> clusterDependencies = new ArrayList();
        private List<TestIndex> testIndices = new ArrayList();
        private List<TestAlias> testAliases = new ArrayList();
        private ClusterConfiguration clusterConfiguration = ClusterConfiguration.DEFAULT;
        private TestSgConfig testSgConfig = new TestSgConfig().resources("/");
        private String clusterName = "local_cluster";

        public Builder sslEnabled() {
            sslEnabled(TestCertificates.builder().ca("CN=root.ca.example.com,OU=SearchGuard,O=SearchGuard").addNodes("CN=node-0.example.com,OU=SearchGuard,O=SearchGuard").addClients("CN=client-0.example.com,OU=SearchGuard,O=SearchGuard").addAdminClients("CN=admin-0.example.com,OU=SearchGuard,O=SearchGuard").build());
            return this;
        }

        public Builder sslEnabled(TestCertificates testCertificates) {
            this.testCertificates = testCertificates;
            this.sslEnabled = true;
            return this;
        }

        public Builder dependsOn(Object obj) {
            if (obj == null) {
                throw new IllegalStateException("Dependency not fulfilled");
            }
            return this;
        }

        public Builder resources(String str) {
            this.resourceFolder = str;
            this.testSgConfig.resources(str);
            return this;
        }

        public Builder clusterConfiguration(ClusterConfiguration clusterConfiguration) {
            this.clusterConfiguration = clusterConfiguration;
            return this;
        }

        public Builder singleNode() {
            this.clusterConfiguration = ClusterConfiguration.SINGLENODE;
            return this;
        }

        public Builder sgConfig(TestSgConfig testSgConfig) {
            this.testSgConfig = testSgConfig;
            return this;
        }

        public Builder ignoreUnauthorizedIndices(boolean z) {
            this.testSgConfig.ignoreUnauthorizedIndices(z);
            return this;
        }

        public Builder sgConfigSettings(String str, Object obj, Object... objArr) {
            this.testSgConfig.sgConfigSettings(str, obj, objArr);
            return this;
        }

        public Builder authzDebug(boolean z) {
            this.testSgConfig.authzDebug(z);
            return this;
        }

        public Builder nodeSettings(Object... objArr) {
            for (int i = 0; i < objArr.length - 1; i += 2) {
                String valueOf = String.valueOf(objArr[i]);
                Object obj = objArr[i + 1];
                if (obj instanceof List) {
                    this.nodeOverrideSettingsBuilder.putList(valueOf, (List) ((List) obj).stream().map(String::valueOf).collect(Collectors.toList()));
                } else {
                    this.nodeOverrideSettingsBuilder.put(valueOf, String.valueOf(obj));
                }
            }
            return this;
        }

        public Builder enterpriseModulesEnabled() {
            this.enterpriseModulesEnabled = true;
            return this;
        }

        public Builder disableModule(Class<? extends SearchGuardModule> cls) {
            this.disabledModules.add(cls.getName());
            return this;
        }

        public Builder enableModule(Class<? extends SearchGuardModule> cls) {
            this.disabledModules.remove(cls.getName());
            return this;
        }

        public Builder plugin(Class<? extends Plugin> cls) {
            this.plugins.add(cls);
            return this;
        }

        public Builder remote(String str, LocalCluster localCluster) {
            this.remoteClusters.put(str, localCluster);
            this.clusterDependencies.add(localCluster);
            return this;
        }

        public Builder indices(TestIndex... testIndexArr) {
            this.testIndices.addAll(Arrays.asList(testIndexArr));
            return this;
        }

        public Builder aliases(TestAlias... testAliasArr) {
            this.testAliases.addAll(Arrays.asList(testAliasArr));
            return this;
        }

        public Builder users(TestSgConfig.User... userArr) {
            for (TestSgConfig.User user : userArr) {
                this.testSgConfig.user(user);
            }
            return this;
        }

        public Builder user(TestSgConfig.User user) {
            this.testSgConfig.user(user);
            return this;
        }

        public Builder user(String str, String str2, String... strArr) {
            this.testSgConfig.user(str, TestSgConfig.UserPassword.of(str2), strArr);
            return this;
        }

        public Builder user(String str, String str2, TestSgConfig.Role... roleArr) {
            this.testSgConfig.user(str, TestSgConfig.UserPassword.of(str2), roleArr);
            return this;
        }

        public Builder roles(TestSgConfig.Role... roleArr) {
            this.testSgConfig.roles(roleArr);
            return this;
        }

        public Builder roleMapping(TestSgConfig.RoleMapping... roleMappingArr) {
            this.testSgConfig.roleMapping(roleMappingArr);
            return this;
        }

        public Builder roleToRoleMapping(TestSgConfig.Role role, String... strArr) {
            this.testSgConfig.roleToRoleMapping(role, strArr);
            return this;
        }

        public Builder authc(TestSgConfig.Authc authc) {
            this.testSgConfig.authc(authc);
            return this;
        }

        public Builder frontendMultiTenancy(TestSgConfig.FrontendMultiTenancy frontendMultiTenancy) {
            this.testSgConfig.frontendMultiTenancy(frontendMultiTenancy);
            return this;
        }

        public Builder tenants(TestSgConfig.Tenant... tenantArr) {
            this.testSgConfig.tenants(tenantArr);
            return this;
        }

        public Builder dlsFls(TestSgConfig.DlsFls dlsFls) {
            this.testSgConfig.dlsFls(dlsFls);
            return this;
        }

        public Builder authTokenService(TestSgConfig.AuthTokenService authTokenService) {
            this.testSgConfig.authTokenService(authTokenService);
            return this;
        }

        public Builder var(String str, Supplier<Object> supplier) {
            this.testSgConfig.var(str, supplier);
            return this;
        }

        public Builder clusterName(String str) {
            this.clusterName = str;
            return this;
        }

        public Builder configIndexName(String str) {
            this.testSgConfig.configIndexName(str);
            return this;
        }

        public LocalCluster build() {
            try {
                if (this.sslEnabled) {
                    this.nodeOverrideSettingsBuilder.put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.transport.pemtrustedcas_filepath", this.testCertificates.getCaCertFile().getPath()).put("searchguard.ssl.http.pemtrustedcas_filepath", this.testCertificates.getCaCertFile().getPath());
                }
                this.nodeOverrideSettingsBuilder.put("searchguard.enterprise_modules_enabled", this.enterpriseModulesEnabled);
                if (this.disabledModules.size() > 0) {
                    this.nodeOverrideSettingsBuilder.putList(SearchGuardModulesRegistry.DISABLED_MODULES.getKey(), new ArrayList(this.disabledModules));
                }
                this.clusterName += "_" + LocalCluster.num.incrementAndGet();
                return new LocalCluster(this.clusterName, this.resourceFolder, this.testSgConfig, this.nodeOverrideSettingsBuilder.build(), this.clusterConfiguration, this.plugins, this.testCertificates, this.clusterDependencies, this.remoteClusters, this.testIndices, this.testAliases);
            } catch (Exception e) {
                LocalCluster.log.error("Failed to build LocalCluster", e);
                throw new RuntimeException(e);
            }
        }

        public LocalCluster start() {
            LocalCluster build = build();
            build.start();
            return build;
        }
    }

    private LocalCluster(String str, String str2, TestSgConfig testSgConfig, Settings settings, ClusterConfiguration clusterConfiguration, List<Class<? extends Plugin>> list, TestCertificates testCertificates, List<LocalCluster> list2, Map<String, LocalCluster> map, List<TestIndex> list3, List<TestAlias> list4) {
        this.resourceFolder = str2;
        this.plugins = list;
        this.clusterConfiguration = clusterConfiguration;
        this.testSgConfig = testSgConfig;
        this.nodeOverride = settings;
        this.clusterName = str;
        this.minimumSearchGuardSettingsSupplierFactory = new MinimumSearchGuardSettingsSupplierFactory(str2, testCertificates);
        this.testCertificates = testCertificates;
        this.remotes = map;
        this.clusterDependencies = list2;
        this.testIndices = list3;
        this.testAliases = list4;
        painlessWhitelistKludge();
    }

    public void before() throws Throwable {
        if (this.localEsCluster == null) {
            for (LocalCluster localCluster : this.clusterDependencies) {
                if (!localCluster.isStarted()) {
                    localCluster.before();
                }
            }
            for (Map.Entry<String, LocalCluster> entry : this.remotes.entrySet()) {
                InetSocketAddress transportAddress = entry.getValue().localEsCluster.masterNode().getTransportAddress();
                this.nodeOverride = Settings.builder().put(this.nodeOverride).putList("cluster.remote." + entry.getKey() + ".seeds", new String[]{transportAddress.getHostString() + ":" + transportAddress.getPort()}).build();
            }
            start();
        }
    }

    protected void after() {
        if (this.localEsCluster != null) {
            try {
                if (this.localEsCluster.isStarted()) {
                    try {
                        Thread.sleep(1234L);
                        this.localEsCluster.destroy();
                        this.localEsCluster = null;
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            } catch (Throwable th) {
                this.localEsCluster = null;
                throw th;
            }
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        if (this.localEsCluster != null) {
            try {
                if (this.localEsCluster.isStarted()) {
                    try {
                        Thread.sleep(100L);
                        this.localEsCluster.destroy();
                        this.localEsCluster = null;
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            } catch (Throwable th) {
                this.localEsCluster = null;
                throw th;
            }
        }
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public String getClusterName() {
        return this.clusterName;
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public TestCertificates getTestCertificates() {
        return this.testCertificates;
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public InetSocketAddress getHttpAddress() {
        return this.localEsCluster.clientNode().getHttpAddress();
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public InetSocketAddress getTransportAddress() {
        return this.localEsCluster.clientNode().getTransportAddress();
    }

    public Client getInternalNodeClient() {
        return this.localEsCluster.clientNode().getInternalNodeClient();
    }

    public Client getPrivilegedInternalNodeClient() {
        return PrivilegedConfigClient.adapt(getInternalNodeClient());
    }

    public <X> X getInjectable(Class<X> cls) {
        return (X) this.localEsCluster.masterNode().getInjectable(cls);
    }

    public PluginAwareNode node() {
        return this.localEsCluster.masterNode().esNode();
    }

    public List<LocalEsCluster.Node> nodes() {
        return this.localEsCluster.getAllNodes();
    }

    public LocalEsCluster.Node getNodeByName(String str) {
        return this.localEsCluster.getNodeByName(str);
    }

    public LocalEsCluster.Node getRandomClientNode() {
        return this.localEsCluster.randomClientNode();
    }

    public void updateSgConfig(CType<?> cType, String str, Map<String, Object> map) {
        try {
            PrivilegedConfigClient adapt = PrivilegedConfigClient.adapt(getInternalNodeClient());
            try {
                log.info("Updating config {}.{}:{}", cType, str, map);
                String configIndexName = getConfigIndexName();
                NestedValueMap fromJsonString = NestedValueMap.fromJsonString(loadConfig(cType, adapt, configIndexName));
                if (Strings.isNullOrEmpty(str)) {
                    fromJsonString.putAllFromAnyMap(map);
                } else {
                    fromJsonString.put(str, (Map<?, ?>) map);
                }
                if (log.isTraceEnabled()) {
                    log.trace("Updated config: " + fromJsonString);
                }
                writeConfigToIndexAndReload(adapt, cType, configIndexName, fromJsonString.toJsonString());
                if (adapt != null) {
                    adapt.close();
                }
            } finally {
            }
        } catch (IOException | DocumentParseException | UnexpectedDocumentStructureException e) {
            throw new RuntimeException(e);
        }
    }

    public void updateSgConfig(CType<?> cType, Map<String, Object> map) {
        updateSgConfig(cType, null, map);
    }

    public void updateRolesConfig(TestSgConfig.Role... roleArr) {
        NestedValueMap nestedValueMap = new NestedValueMap();
        Stream map = Arrays.stream(roleArr).map((v0) -> {
            return v0.toJsonMap();
        });
        Objects.requireNonNull(nestedValueMap);
        map.forEach((v1) -> {
            r1.putAllFromAnyMap(v1);
        });
        updateSgConfig(CType.ROLES, nestedValueMap);
    }

    public void updateRolesMappingsConfig(TestSgConfig.RoleMapping... roleMappingArr) {
        NestedValueMap nestedValueMap = new NestedValueMap();
        Stream map = Arrays.stream(roleMappingArr).map((v0) -> {
            return v0.toJsonMap();
        });
        Objects.requireNonNull(nestedValueMap);
        map.forEach((v1) -> {
            r1.putAllFromAnyMap(v1);
        });
        updateSgConfig(CType.ROLESMAPPING, nestedValueMap);
    }

    private static void writeConfigToIndexAndReload(Client client, CType<?> cType, String str, String str2) {
        DocWriteResponse docWriteResponse = (DocWriteResponse) client.index(new IndexRequest(str).id(cType.toLCString()).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{cType.toLCString(), BytesReference.fromByteBuffer(ByteBuffer.wrap(stringToUtfByteArray(str2)))})).actionGet();
        if (!ImmutableSet.of(DocWriteResponse.Result.UPDATED, DocWriteResponse.Result.CREATED).contains(docWriteResponse.getResult())) {
            throw new RuntimeException("Updated failed " + docWriteResponse);
        }
        ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) client.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest((String[]) CType.lcStringValues().toArray(new String[0]))).actionGet();
        if (configUpdateResponse.hasFailures()) {
            throw new RuntimeException("ConfigUpdateResponse produced failures: " + configUpdateResponse.failures());
        }
    }

    private static byte[] stringToUtfByteArray(String str) {
        try {
            return str.getBytes("utf-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Cannot convert configuration string to byte array", e);
        }
    }

    private static String loadConfig(CType<?> cType, Client client, String str) {
        return new String(Base64.getDecoder().decode(String.valueOf(((GetResponse) client.get(new GetRequest(str, cType.toLCString())).actionGet()).getSource().get(cType.toLCString()))));
    }

    private String getConfigIndexName() {
        return ((ConfigurationRepository) getInjectable(ConfigurationRepository.class)).getEffectiveSearchGuardIndex();
    }

    public <T> T callAndRestoreConfig(CType<?> cType, Callable<T> callable) throws Exception {
        PrivilegedConfigClient adapt = PrivilegedConfigClient.adapt(getInternalNodeClient());
        try {
            String configIndexName = getConfigIndexName();
            String loadConfig = loadConfig(cType, adapt, configIndexName);
            try {
                T call = callable.call();
                writeConfigToIndexAndReload(adapt, cType, configIndexName, loadConfig);
                if (adapt != null) {
                    adapt.close();
                }
                return call;
            } catch (Throwable th) {
                writeConfigToIndexAndReload(adapt, cType, configIndexName, loadConfig);
                throw th;
            }
        } catch (Throwable th2) {
            if (adapt != null) {
                try {
                    adapt.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
            }
            throw th2;
        }
    }

    public boolean isStarted() {
        return this.localEsCluster != null;
    }

    public Random getRandom() {
        return this.localEsCluster.getRandom();
    }

    private void start() {
        try {
            this.localEsCluster = new LocalEsCluster(this.clusterName, this.clusterConfiguration, this.minimumSearchGuardSettingsSupplierFactory.minimumSearchGuardSettings(this.nodeOverride), this.plugins, this.testCertificates);
            this.localEsCluster.start();
            Client internalNodeClient = getInternalNodeClient();
            try {
                Iterator<TestIndex> it = this.testIndices.iterator();
                while (it.hasNext()) {
                    it.next().create(internalNodeClient);
                }
                Iterator<TestAlias> it2 = this.testAliases.iterator();
                while (it2.hasNext()) {
                    it2.next().create(internalNodeClient);
                }
                if (internalNodeClient != null) {
                    internalNodeClient.close();
                }
                waitForSignalsInitialization();
                if (this.testSgConfig != null) {
                    initSearchGuardIndex(this.testSgConfig);
                }
            } finally {
            }
        } catch (Exception e) {
            log.error("Local ES cluster start failed", e);
            throw new RuntimeException(e);
        }
    }

    private void painlessWhitelistKludge() {
        try {
            final ClassLoader classLoader = getClass().getClassLoader();
            final Class<?> cls = Class.forName("org.elasticsearch.painless.spi.PainlessExtension");
            Plugin plugin = (ExtensiblePlugin) Class.forName("org.elasticsearch.painless.PainlessPlugin").getConstructor(new Class[0]).newInstance(new Object[0]);
            plugin.loadExtensions(new ExtensiblePlugin.ExtensionLoader() { // from class: com.floragunn.searchguard.test.helper.cluster.LocalCluster.1
                public <T> List<T> loadExtensions(Class<T> cls2) {
                    return cls2.equals(cls) ? (List) StreamSupport.stream(ServiceLoader.load(cls, classLoader).spliterator(), false).collect(Collectors.toList()) : Collections.emptyList();
                }
            });
            plugin.close();
        } catch (ClassNotFoundException e) {
        } catch (Exception e2) {
            log.error("Error while applying painlessWhitelistKludge", e2);
        }
    }

    private void initSearchGuardIndex(TestSgConfig testSgConfig) {
        log.info("Initializing Search Guard index");
        PrivilegedConfigClient adapt = PrivilegedConfigClient.adapt(getInternalNodeClient());
        try {
            testSgConfig.initIndex(adapt);
            if (adapt != null) {
                adapt.close();
            }
        } catch (Throwable th) {
            if (adapt != null) {
                try {
                    adapt.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void waitForSignalsInitialization() {
        if (this.nodeOverride.getAsList(SearchGuardModulesRegistry.DISABLED_MODULES.getKey()).contains("com.floragunn.signals.SignalsModule")) {
            return;
        }
        Awaitility.await().atMost(Duration.ofSeconds(60L)).pollInterval(Duration.ofMillis(25L)).untilAsserted(() -> {
            ComponentState componentState = ((SearchGuardModulesRegistry) getInjectable(SearchGuardModulesRegistry.class)).getComponentState("signals");
            MatcherAssert.assertThat("Modules registry should contain signals module state", componentState, Matchers.notNullValue());
            MatcherAssert.assertThat("Signals module should be initialized or disabled", componentState.getState(), Matchers.anyOf(Matchers.equalTo(ComponentState.State.INITIALIZED), Matchers.equalTo(ComponentState.State.DISABLED)));
        });
    }

    static {
        System.setProperty("sg.default_init.dir", new File("./sgconfig").getAbsolutePath());
        MODULES_DISABLED_BY_DEFAULT = ImmutableSet.of("com.floragunn.searchguard.authtoken.AuthTokenModule", "com.floragunn.signals.SignalsModule");
        num = new AtomicLong();
    }
}
