import org.elasticsearch.gradle.ExportElasticsearchBuildResourcesTask
import org.elasticsearch.gradle.info.BuildParams
import org.elasticsearch.gradle.testclusters.ElasticsearchCluster
import org.elasticsearch.gradle.testclusters.ElasticsearchCluster

// Common config when running with a FIPS-140 runtime JVM
if (BuildParams.inFipsJvm) {
  allprojects {
    File fipsResourcesDir = new File(project.buildDir, 'fips-resources')
    boolean java8 = BuildParams.runtimeJavaVersion == JavaVersion.VERSION_1_8
    File fipsSecurity = new File(fipsResourcesDir, "fips_java${java8 ? '8' : ''}.security")
    File fipsPolicy = new File(fipsResourcesDir, "fips_java${java8 ? '8' : ''}.policy")
    File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks')
    project.pluginManager.withPlugin('elasticsearch.java') {
      TaskProvider<ExportElasticsearchBuildResourcesTask> fipsResourcesTask = project.tasks.register('fipsResources', ExportElasticsearchBuildResourcesTask)
      fipsResourcesTask.configure {
        outputDir = fipsResourcesDir
        copy fipsSecurity.name
        copy fipsPolicy.name
        copy 'cacerts.bcfks'
      }
      // This configuration can be removed once system modules are available
      configurations.create('extraFipsJars')
      dependencies {
        extraFipsJars 'org.bouncycastle:bc-fips:1.0.1'
        extraFipsJars 'org.bouncycastle:bctls-fips:1.0.9'
      }
      pluginManager.withPlugin("elasticsearch.testclusters") {
        testClusters.all {
          for (File dep : project.configurations.extraFipsJars.files) {
            extraJarFile dep
          }
          extraConfigFile "fips_java.security", fipsSecurity
          extraConfigFile "fips_java.policy", fipsPolicy
          extraConfigFile "cacerts.bcfks", fipsTrustStore
          systemProperty 'java.security.properties', '=${ES_PATH_CONF}/fips_java.security'
          systemProperty 'java.security.policy', '=${ES_PATH_CONF}/fips_java.policy'
          systemProperty 'javax.net.ssl.trustStore', '${ES_PATH_CONF}/cacerts.bcfks'
          systemProperty 'javax.net.ssl.trustStorePassword', 'password'
          systemProperty 'javax.net.ssl.keyStorePassword', 'password'
          systemProperty 'javax.net.ssl.keyStoreType', 'BCFKS'
        }
      }
      project.tasks.withType(Test).configureEach { Test task ->
        task.dependsOn('fipsResources')
        task.systemProperty('javax.net.ssl.trustStorePassword', 'password')
        task.systemProperty('javax.net.ssl.keyStorePassword', 'password')
        task.systemProperty('javax.net.ssl.trustStoreType', 'BCFKS')
        // Using the key==value format to override default JVM security settings and policy
        // see also: https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html
        task.systemProperty('java.security.properties', String.format(Locale.ROOT, "=%s", fipsSecurity))
        task.systemProperty('java.security.policy', String.format(Locale.ROOT, "=%s", fipsPolicy))
        task.systemProperty('javax.net.ssl.trustStore', fipsTrustStore)
      }
    }
  }
}