import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis
import org.elasticsearch.gradle.info.BuildParams

apply plugin: 'elasticsearch.build'

archivesBaseName = 'elasticsearch-security-cli'

dependencies {
  compileOnly project(":server")
  compileOnly project(path: xpackModule('core'), configuration: 'default')
  compile "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
  compile "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
  testImplementation('com.google.jimfs:jimfs:1.1') {
    // this is provided by the runtime classpath, from the security project
    exclude group: 'com.google.guava', module: 'guava'
  }
  testRuntimeOnly 'com.google.guava:guava:19.0'
  testCompile project(":test:framework")
  testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
}

dependencyLicenses {
  mapping from: /bc.*/, to: 'bouncycastle'
}

forbiddenPatterns {
  exclude '**/*.p12'
  exclude '**/*.jks'
}

thirdPartyAudit {
  ignoreMissingClasses(
    // Used in org.bouncycastle.pqc.crypto.qtesla.QTeslaKeyEncodingTests
    'junit.framework.Assert',
    'junit.framework.TestCase'
  )
}

if (BuildParams.inFipsJvm) {
  test.enabled = false
  jarHell.enabled = false
  testingConventions.enabled = false
  // Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
  // not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
  tasks.withType(CheckForbiddenApis).configureEach {
    bundledSignatures -= "jdk-non-portable"
  }
}