package org.opensearch.neuralsearch;

import java.io.IOException;
import java.security.KeyStore;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.ParseException;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.util.Timeout;
import org.junit.After;
import org.opensearch.client.Request;
import org.opensearch.client.Response;
import org.opensearch.client.RestClient;
import org.opensearch.client.RestClientBuilder;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.unit.TimeValue;
import org.opensearch.common.util.concurrent.ThreadContext;
import org.opensearch.core.xcontent.DeprecationHandler;
import org.opensearch.core.xcontent.MediaType;
import org.opensearch.core.xcontent.NamedXContentRegistry;
import org.opensearch.core.xcontent.XContentParser;
import org.opensearch.neuralsearch.util.TestUtils;
import org.opensearch.test.rest.OpenSearchRestTestCase;

/* loaded from: input_file:org/opensearch/neuralsearch/OpenSearchSecureRestTestCase.class */
public abstract class OpenSearchSecureRestTestCase extends OpenSearchRestTestCase {
    private static final String PROTOCOL_HTTP = "http";
    private static final String PROTOCOL_HTTPS = "https";
    private static final String SYS_PROPERTY_KEY_HTTPS = "https";
    private static final String SYS_PROPERTY_KEY_CLUSTER_ENDPOINT = "tests.rest.cluster";
    private static final String SYS_PROPERTY_KEY_USER = "user";
    private static final String SYS_PROPERTY_KEY_PASSWORD = "password";
    private static final String DEFAULT_SOCKET_TIMEOUT = "60s";
    private static final String INTERNAL_INDICES_PREFIX = ".";
    private static String protocol;
    private final Set<String> IMMUTABLE_INDEX_PREFIXES = Set.of(TestUtils.NEURAL_SEARCH_BWC_PREFIX, TestUtils.SECURITY_AUDITLOG_PREFIX, TestUtils.OPENSEARCH_SYSTEM_INDEX_PREFIX);

    protected String getProtocol() {
        if (protocol == null) {
            protocol = readProtocolFromSystemProperty();
        }
        return protocol;
    }

    private String readProtocolFromSystemProperty() {
        String str = "true";
        if (!((Boolean) Optional.ofNullable(System.getProperty("https")).map(str::equalsIgnoreCase).orElse(false)).booleanValue()) {
            return PROTOCOL_HTTP;
        }
        if (Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_CLUSTER_ENDPOINT)).isEmpty()) {
            throw new RuntimeException("cluster url should be provided for security enabled testing");
        }
        return "https";
    }

    protected RestClient buildClient(Settings settings, HttpHost[] httpHostArr) throws IOException {
        RestClientBuilder builder = RestClient.builder(httpHostArr);
        if ("https".equals(getProtocol())) {
            configureHttpsClient(builder, settings);
        } else {
            configureClient(builder, settings);
        }
        return builder.build();
    }

    private void configureHttpsClient(RestClientBuilder restClientBuilder, Settings settings) {
        Map buildDefaultHeaders = ThreadContext.buildDefaultHeaders(settings);
        Header[] headerArr = new Header[buildDefaultHeaders.size()];
        int i = 0;
        for (Map.Entry entry : buildDefaultHeaders.entrySet()) {
            int i2 = i;
            i++;
            headerArr[i2] = new BasicHeader((String) entry.getKey(), entry.getValue());
        }
        restClientBuilder.setDefaultHeaders(headerArr);
        restClientBuilder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
            String str = (String) Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_USER)).orElseThrow(() -> {
                return new RuntimeException("user name is missing");
            });
            String str2 = (String) Optional.ofNullable(System.getProperty(SYS_PROPERTY_KEY_PASSWORD)).orElseThrow(() -> {
                return new RuntimeException("password is missing");
            });
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(new AuthScope((String) null, -1), new UsernamePasswordCredentials(str, str2.toCharArray()));
            try {
                return httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider).setConnectionManager(PoolingAsyncClientConnectionManagerBuilder.create().setMaxConnPerRoute(10).setMaxConnTotal(30).setTlsStrategy(ClientTlsStrategyBuilder.create().setHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSslContext(SSLContextBuilder.create().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str3) -> {
                    return true;
                }).build()).build()).build());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
        String str = settings.get("client.socket.timeout");
        TimeValue parseTimeValue = TimeValue.parseTimeValue(str == null ? DEFAULT_SOCKET_TIMEOUT : str, "client.socket.timeout");
        restClientBuilder.setRequestConfigCallback(builder -> {
            Timeout ofMilliseconds = Timeout.ofMilliseconds(Math.toIntExact(parseTimeValue.getMillis()));
            builder.setConnectTimeout(ofMilliseconds);
            builder.setResponseTimeout(ofMilliseconds);
            return builder;
        });
        if (settings.hasValue("client.path.prefix")) {
            restClientBuilder.setPathPrefix(settings.get("client.path.prefix"));
        }
    }

    protected boolean preserveIndicesUponCompletion() {
        return true;
    }

    @After
    public void deleteExternalIndices() throws IOException, ParseException {
        Response performRequest = client().performRequest(new Request("GET", "/_cat/indices?format=json&expand_wildcards=all"));
        XContentParser createParser = MediaType.fromMediaType(performRequest.getEntity().getContentType()).xContent().createParser(NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, performRequest.getEntity().getContent());
        try {
            for (String str : (List) (createParser.nextToken() == XContentParser.Token.START_ARRAY ? (List) createParser.listOrderedMap().stream().map(obj -> {
                return (Map) obj;
            }).collect(Collectors.toList()) : Collections.singletonList(createParser.mapOrdered())).stream().map(map -> {
                return (String) map.get("index");
            }).filter(str2 -> {
                return str2 != null;
            }).filter(str3 -> {
                return !str3.startsWith(INTERNAL_INDICES_PREFIX);
            }).collect(Collectors.toList())) {
                if (!skipDeleteIndex(str)) {
                    adminClient().performRequest(new Request("DELETE", "/" + str));
                }
            }
            if (createParser != null) {
                createParser.close();
            }
        } catch (Throwable th) {
            if (createParser != null) {
                try {
                    createParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private boolean getSkipDeleteModelIndexFlag() {
        return Boolean.parseBoolean(System.getProperty(TestUtils.SKIP_DELETE_MODEL_INDEX, "false"));
    }

    private boolean skipDeleteModelIndex(String str) {
        return ".opensearch-knn-models".equals(str) && getSkipDeleteModelIndexFlag();
    }

    private boolean skipDeleteIndex(String str) {
        if (str == null || TestUtils.OPENDISTRO_SECURITY.equals(str)) {
            return true;
        }
        Stream<String> stream = this.IMMUTABLE_INDEX_PREFIXES.stream();
        Objects.requireNonNull(str);
        return !stream.noneMatch(str::startsWith) || skipDeleteModelIndex(str);
    }
}
