package com.floragunn.searchguard.ssl;

import com.floragunn.searchguard.ssl.util.SSLConfigConstants;
import io.netty.handler.ssl.OpenSsl;
import java.util.HashSet;
import java.util.Random;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthRequest;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoRequest;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.node.Node;
import org.elasticsearch.node.PluginAwareNode;
import org.elasticsearch.transport.Netty4Plugin;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/ssl/OpenSSLTest.class */
public class OpenSSLTest extends SSLTest {
    @Before
    public void setup() {
        this.allowOpenSSL = true;
    }

    @Test
    public void testEnsureOpenSSLAvailability() {
        String str = System.getenv("SG_TEST_OPENSSL_OPT");
        System.out.println("SG_TEST_OPENSSL_OPT " + str);
        if (Boolean.parseBoolean(str)) {
            System.out.println("OpenSSL can be available");
        } else {
            System.out.println("OpenSSL must be available");
            Assert.assertTrue("OpenSSL not available: " + String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable());
        }
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttps() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttps();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsAndNodeSSL() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsAndNodeSSL();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpPlainFail() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpPlainFail();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsNoEnforce() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsNoEnforce();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsV3Fail() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsV3Fail();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test(timeout = 40000)
    public void testTransportClientSSL() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testTransportClientSSL();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test(timeout = 40000)
    public void testNodeClientSSL() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testNodeClientSSL();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test(timeout = 40000)
    public void testTransportClientSSLFail() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testTransportClientSSLFail();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsOptionalAuth() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsOptionalAuth();
    }

    @Test
    public void testAvailCiphersOpenSSL() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        HashSet hashSet = new HashSet();
        for (String str : SSLConfigConstants.getSecureSSLCiphers(Settings.EMPTY, false)) {
            if (OpenSsl.isCipherSuiteAvailable(str)) {
                hashSet.add(str);
            }
        }
        System.out.println("OpenSSL secure ciphers: " + hashSet);
        Assert.assertTrue(hashSet.size() > 0);
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsEnforceFail() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsEnforceFail();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    public void testCipherAndProtocols() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testCipherAndProtocols();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    public void testHttpsAndNodeSSLFailedCipher() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsAndNodeSSLFailedCipher();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsAndNodeSSLPem() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsAndNodeSSLPem();
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testHttpsAndNodeSSLPemEnc() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testHttpsAndNodeSSLPemEnc();
    }

    @Test
    public void testNodeClientSSLwithOpenSslTLSv13() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable() && ((long) OpenSsl.version()) > 269488137);
        Settings build = Settings.builder().put("searchguard.ssl.transport.enabled", true).put("searchguard.ssl.http.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.enable_openssl_if_available", this.allowOpenSSL).put("searchguard.ssl.transport.keystore_alias", "node-0").put("searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")).put("searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")).put("searchguard.ssl.transport.enforce_hostname_verification", false).put("searchguard.ssl.transport.resolve_hostname", false).putList("searchguard.ssl.transport.enabled_protocols", new String[]{"TLSv1.3"}).putList("searchguard.ssl.transport.enabled_ciphers", new String[]{"TLS_CHACHA20_POLY1305_SHA256"}).build();
        startES(build);
        Node start = new PluginAwareNode(Settings.builder().put("cluster.name", "searchguard_ssl_testcluster").put("path.home", ".").put("node.name", "client_node_" + new Random().nextInt()).put(build).build(), null, Netty4Plugin.class, SearchGuardSSLPlugin.class).start();
        Throwable th = null;
        try {
            try {
                Assert.assertFalse(((ClusterHealthResponse) start.client().admin().cluster().health(new ClusterHealthRequest().waitForNodes("4").timeout(TimeValue.timeValueSeconds(5L))).actionGet()).isTimedOut());
                Assert.assertEquals(4L, r0.getNumberOfNodes());
                Assert.assertEquals(4L, ((NodesInfoResponse) start.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet()).getNodes().size());
                if (start != null) {
                    if (0 != 0) {
                        try {
                            start.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        start.close();
                    }
                }
                Assert.assertFalse(executeSimpleRequest("_nodes/stats?pretty").contains("\"tx_size_in_bytes\" : 0"));
                Assert.assertFalse(executeSimpleRequest("_nodes/stats?pretty").contains("\"rx_count\" : 0"));
                Assert.assertFalse(executeSimpleRequest("_nodes/stats?pretty").contains("\"rx_size_in_bytes\" : 0"));
                Assert.assertFalse(executeSimpleRequest("_nodes/stats?pretty").contains("\"tx_count\" : 0"));
            } finally {
            }
        } catch (Throwable th3) {
            if (start != null) {
                if (th != null) {
                    try {
                        start.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    start.close();
                }
            }
            throw th3;
        }
    }

    @Override // com.floragunn.searchguard.ssl.SSLTest
    @Test
    public void testTLSv1() throws Exception {
        Assume.assumeTrue(OpenSsl.isAvailable());
        super.testTLSv1();
    }
}
