package com.floragunn.searchguard.test.helper.cluster;

import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.modules.SearchGuardModule;
import com.floragunn.searchguard.modules.SearchGuardModulesRegistry;
import com.floragunn.searchguard.sgconf.impl.CType;
import com.floragunn.searchguard.test.NodeSettingsSupplier;
import com.floragunn.searchguard.test.helper.cluster.LocalEsCluster;
import com.floragunn.searchguard.test.helper.cluster.TestSgConfig;
import com.floragunn.searchguard.test.helper.file.FileHelper;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.get.GetRequest;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.node.PluginAwareNode;
import org.elasticsearch.plugins.Plugin;
import org.junit.Assert;
import org.junit.rules.ExternalResource;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/LocalCluster.class */
public class LocalCluster extends ExternalResource implements AutoCloseable, EsClientProvider {
    private static final Logger log = LogManager.getLogger(LocalCluster.class);
    protected static final AtomicLong num;
    protected final String resourceFolder;
    private final List<Class<? extends Plugin>> plugins;
    private final ClusterConfiguration clusterConfiguration;
    private final TestSgConfig testSgConfig;
    private final Settings nodeOverride;
    private final String clusterName;
    private LocalEsCluster localCluster;

    /* loaded from: input_file:com/floragunn/searchguard/test/helper/cluster/LocalCluster$Builder.class */
    public static class Builder {
        private boolean sslEnabled;
        private String resourceFolder;
        private String httpKeystoreFilepath = "node-0-keystore.jks";
        private String httpTruststoreFilepath = "truststore.jks";
        private ClusterConfiguration clusterConfiguration = ClusterConfiguration.DEFAULT;
        private Settings.Builder nodeOverrideSettingsBuilder = Settings.builder();
        private List<String> disabledModules = new ArrayList();
        private List<Class<? extends Plugin>> plugins = new ArrayList();
        private TestSgConfig testSgConfig = new TestSgConfig().resources("/");
        private String clusterName = "local_cluster";

        public Builder sslEnabled() {
            this.sslEnabled = true;
            return this;
        }

        public Builder dependsOn(Object obj) {
            if (obj == null) {
                throw new IllegalStateException("Dependency not fulfilled");
            }
            return this;
        }

        public Builder resources(String str) {
            this.resourceFolder = str;
            this.testSgConfig.resources(str);
            return this;
        }

        public Builder clusterConfiguration(ClusterConfiguration clusterConfiguration) {
            this.clusterConfiguration = clusterConfiguration;
            return this;
        }

        public Builder singleNode() {
            this.clusterConfiguration = ClusterConfiguration.SINGLENODE;
            return this;
        }

        public Builder sgConfig(TestSgConfig testSgConfig) {
            this.testSgConfig = testSgConfig;
            return this;
        }

        public Builder setInSgConfig(String str, Object obj, Object... objArr) {
            this.testSgConfig.sgConfigSettings(str, obj, objArr);
            return this;
        }

        public Builder nodeSettings(Object... objArr) {
            for (int i = 0; i < objArr.length - 1; i += 2) {
                this.nodeOverrideSettingsBuilder.put(String.valueOf(objArr[i]), String.valueOf(objArr[i + 1]));
            }
            return this;
        }

        public Builder disableModule(Class<? extends SearchGuardModule<?>> cls) {
            this.disabledModules.add(cls.getName());
            return this;
        }

        public Builder plugin(Class<? extends Plugin> cls) {
            this.plugins.add(cls);
            return this;
        }

        public Builder remote(String str, LocalCluster localCluster) {
            InetSocketAddress transportAddress = localCluster.localCluster.masterNode().getTransportAddress();
            this.nodeOverrideSettingsBuilder.putList("cluster.remote." + str + ".seeds", new String[]{transportAddress.getHostString() + ":" + transportAddress.getPort()});
            return this;
        }

        public Builder users(TestSgConfig.User... userArr) {
            for (TestSgConfig.User user : userArr) {
                this.testSgConfig.user(user);
            }
            return this;
        }

        public Builder user(TestSgConfig.User user) {
            this.testSgConfig.user(user);
            return this;
        }

        public Builder user(String str, String str2, String... strArr) {
            this.testSgConfig.user(str, str2, strArr);
            return this;
        }

        public Builder user(String str, String str2, TestSgConfig.Role... roleArr) {
            this.testSgConfig.user(str, str2, roleArr);
            return this;
        }

        public Builder roles(TestSgConfig.Role... roleArr) {
            this.testSgConfig.roles(roleArr);
            return this;
        }

        public Builder clusterName(String str) {
            this.clusterName = str;
            return this;
        }

        public LocalCluster build() {
            try {
                if (this.sslEnabled) {
                    this.nodeOverrideSettingsBuilder.put("searchguard.ssl.http.enabled", true).put("searchguard.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath(this.resourceFolder != null ? this.resourceFolder + "/" + this.httpKeystoreFilepath : this.httpKeystoreFilepath)).put("searchguard.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath(this.resourceFolder != null ? this.resourceFolder + "/" + this.httpTruststoreFilepath : this.httpTruststoreFilepath));
                }
                if (this.disabledModules.size() > 0) {
                    this.nodeOverrideSettingsBuilder.putList(SearchGuardModulesRegistry.DISABLED_MODULES.getKey(), this.disabledModules);
                }
                this.clusterName += "_" + LocalCluster.num.incrementAndGet();
                return new LocalCluster(this.clusterName, this.resourceFolder, this.testSgConfig, this.nodeOverrideSettingsBuilder.build(), this.clusterConfiguration, this.plugins);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public LocalCluster(String str, String str2, TestSgConfig testSgConfig, Settings settings, ClusterConfiguration clusterConfiguration, List<Class<? extends Plugin>> list) {
        this.resourceFolder = str2;
        this.plugins = list;
        this.clusterConfiguration = clusterConfiguration;
        this.testSgConfig = testSgConfig;
        this.nodeOverride = settings;
        this.clusterName = str;
        painlessWhitelistKludge();
        start();
    }

    protected void before() throws Throwable {
        if (this.localCluster == null) {
            start();
        }
    }

    protected void after() {
        if (this.localCluster != null) {
            try {
                if (this.localCluster.isStarted()) {
                    try {
                        Thread.sleep(1234L);
                        this.localCluster.destroy();
                        this.localCluster = null;
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            } catch (Throwable th) {
                this.localCluster = null;
                throw th;
            }
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        if (this.localCluster != null) {
            try {
                if (this.localCluster.isStarted()) {
                    try {
                        Thread.sleep(100L);
                        this.localCluster.destroy();
                        this.localCluster = null;
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            } catch (Throwable th) {
                this.localCluster = null;
                throw th;
            }
        }
    }

    public <X> X getInjectable(Class<X> cls) {
        return (X) this.localCluster.masterNode().getInjectable(cls);
    }

    public PluginAwareNode node() {
        return this.localCluster.masterNode().esNode();
    }

    public List<LocalEsCluster.Node> nodes() {
        return this.localCluster.allNodes();
    }

    public LocalEsCluster.Node getNodeByName(String str) {
        return this.localCluster.getNodeByName(str);
    }

    public void updateSgConfig(CType cType, String str, Map<String, Object> map) {
        try {
            Client adminCertClient = getAdminCertClient();
            try {
                log.info("Updating config " + cType + "." + str + ": " + map);
                NestedValueMap fromJsonString = NestedValueMap.fromJsonString(new String(Base64.getDecoder().decode(String.valueOf(((GetResponse) adminCertClient.get(new GetRequest("searchguard", cType.toLCString())).actionGet()).getSource().get(cType.toLCString())))));
                fromJsonString.put(str, (Map<?, ?>) map);
                if (log.isTraceEnabled()) {
                    log.trace("Updated config: " + fromJsonString);
                }
                IndexResponse indexResponse = (IndexResponse) adminCertClient.index(new IndexRequest("searchguard").id(cType.toLCString()).setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source(new Object[]{cType.toLCString(), BytesReference.fromByteBuffer(ByteBuffer.wrap(fromJsonString.toJsonString().getBytes("utf-8")))})).actionGet();
                if (indexResponse.getResult() != DocWriteResponse.Result.UPDATED) {
                    throw new RuntimeException("Updated failed " + indexResponse);
                }
                ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) adminCertClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest((String[]) CType.lcStringValues().toArray(new String[0]))).actionGet();
                if (configUpdateResponse.hasFailures()) {
                    throw new RuntimeException("ConfigUpdateResponse produced failures: " + configUpdateResponse.failures());
                }
                if (adminCertClient != null) {
                    adminCertClient.close();
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private void start() {
        try {
            this.localCluster = new LocalEsCluster(this.clusterName, this.clusterConfiguration, minimumSearchGuardSettings(ccs(this.nodeOverride)), this.resourceFolder, this.plugins);
            this.localCluster.start();
            if (this.testSgConfig != null) {
                initSearchGuardIndex(this.testSgConfig);
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private void painlessWhitelistKludge() {
    }

    protected void initSearchGuardIndex(TestSgConfig testSgConfig) {
        log.info("Initializing Search Guard index");
        Client adminCertClient = getAdminCertClient();
        try {
            testSgConfig.initIndex(adminCertClient);
            Assert.assertTrue(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "config")).actionGet()).isExists());
            Assert.assertTrue(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "internalusers")).actionGet()).isExists());
            Assert.assertTrue(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "roles")).actionGet()).isExists());
            Assert.assertTrue(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "rolesmapping")).actionGet()).isExists());
            Assert.assertTrue(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "actiongroups")).actionGet()).isExists());
            Assert.assertFalse(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "rolesmapping_xcvdnghtu165759i99465")).actionGet()).isExists());
            Assert.assertTrue(((GetResponse) adminCertClient.get(new GetRequest("searchguard", "config")).actionGet()).isExists());
            if (adminCertClient != null) {
                adminCertClient.close();
            }
        } catch (Throwable th) {
            if (adminCertClient != null) {
                try {
                    adminCertClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private Settings ccs(Settings settings) {
        return settings;
    }

    protected Settings.Builder minimumSearchGuardSettingsBuilder(int i, boolean z) {
        try {
            String str = getResourceFolder() == null ? "" : getResourceFolder() + "/";
            Settings.Builder put = Settings.builder().put("searchguard.ssl.http.enable_openssl_if_available", false).put("searchguard.ssl.transport.enable_openssl_if_available", false).put("searchguard.ssl.transport.keystore_alias", "node-0").put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath(str + "node-0-keystore.jks")).put("searchguard.ssl.transport.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath(str + "truststore.jks")).put("searchguard.ssl.transport.enforce_hostname_verification", false);
            if (!z) {
                put.putList("searchguard.authcz.admin_dn", new String[]{"CN=kirk,OU=client,O=client,l=tEst, C=De"});
                put.put("searchguard.background_init_if_sgindex_not_exist", false);
            }
            return put;
        } catch (FileNotFoundException e) {
            throw new RuntimeException(e);
        }
    }

    protected NodeSettingsSupplier minimumSearchGuardSettings(final Settings settings) {
        return new NodeSettingsSupplier() { // from class: com.floragunn.searchguard.test.helper.cluster.LocalCluster.1
            @Override // com.floragunn.searchguard.test.NodeSettingsSupplier
            public Settings get(int i) {
                return LocalCluster.this.minimumSearchGuardSettingsBuilder(i, false).put(settings).build();
            }
        };
    }

    protected NodeSettingsSupplier minimumSearchGuardSettingsSslOnly(final Settings settings) {
        return new NodeSettingsSupplier() { // from class: com.floragunn.searchguard.test.helper.cluster.LocalCluster.2
            @Override // com.floragunn.searchguard.test.NodeSettingsSupplier
            public Settings get(int i) {
                return LocalCluster.this.minimumSearchGuardSettingsBuilder(i, true).put(settings).build();
            }
        };
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public String getResourceFolder() {
        return this.resourceFolder;
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public InetSocketAddress getHttpAddress() {
        return this.localCluster.clientNode().getHttpAddress();
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public InetSocketAddress getTransportAddress() {
        return this.localCluster.clientNode().getTransportAddress();
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public String getClusterName() {
        return this.localCluster.getClusterName();
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public SSLIOSessionStrategy getSSLIOSessionStrategy() {
        return this.localCluster.getSSLIOSessionStrategy();
    }

    @Override // com.floragunn.searchguard.test.helper.cluster.EsClientProvider
    public Client getInternalNodeClient() {
        return this.localCluster.clientNode().getInternalNodeClient();
    }

    static {
        System.setProperty("sg.default_init.dir", new File("./sgconfig").getAbsolutePath());
        num = new AtomicLong();
    }
}
