From afbc10cfb2178ac7436623df605e48a0a92d18ea Mon Sep 17 00:00:00 2001
From: Andriy Redko <andriy.redko@aiven.io>
Date: Thu, 28 Mar 2024 10:44:00 -0400
Subject: [PATCH] Address code review comments, added more tests

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
---
 .../ssl/OpenSearchSecuritySSLPluginTest.java  | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/src/test/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPluginTest.java b/src/test/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPluginTest.java
index 0e705df459..48c5e75472 100644
--- a/src/test/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPluginTest.java
+++ b/src/test/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPluginTest.java
@@ -26,6 +26,7 @@
 import org.opensearch.common.settings.ClusterSettings;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.http.HttpServerTransport;
+import org.opensearch.http.netty4.ssl.SecureNetty4HttpServerTransport;
 import org.opensearch.plugins.SecureHttpTransportSettingsProvider;
 import org.opensearch.plugins.SecureTransportSettingsProvider;
 import org.opensearch.plugins.TransportExceptionHandler;
@@ -35,8 +36,12 @@
 import org.opensearch.security.test.helper.file.FileHelper;
 import org.opensearch.telemetry.tracing.noop.NoopTracer;
 import org.opensearch.transport.Transport;
+import org.opensearch.transport.TransportAdapterProvider;
+
+import io.netty.channel.ChannelInboundHandlerAdapter;
 
 import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.instanceOf;
 import static org.hamcrest.CoreMatchers.not;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -125,6 +130,10 @@ public void testRegisterSecureHttpTransport() throws IOException {
                 NoopTracer.INSTANCE
             );
             assertThat(transports, hasKey("org.opensearch.security.ssl.http.netty.SecuritySSLNettyHttpServerTransport"));
+            assertThat(
+                transports.get("org.opensearch.security.ssl.http.netty.SecuritySSLNettyHttpServerTransport").get(),
+                not(nullValue())
+            );
         }
     }
 
@@ -142,6 +151,7 @@ public void testRegisterSecureTransport() throws IOException {
                 NoopTracer.INSTANCE
             );
             assertThat(transports, hasKey("org.opensearch.security.ssl.http.netty.SecuritySSLNettyTransport"));
+            assertThat(transports.get("org.opensearch.security.ssl.http.netty.SecuritySSLNettyTransport").get(), not(nullValue()));
         }
     }
 
@@ -247,4 +257,62 @@ public void testRegisterSecureTransportWithDuplicateSettings() throws IOExceptio
             }
         }
     }
+
+    @Test
+    public void testRegisterSecureHttpTransportWithRequestHeaderVerifier() throws IOException {
+        class LocalHeaderVerifier extends ChannelInboundHandlerAdapter {}
+
+        final SecureHttpTransportSettingsProvider provider = new SecureHttpTransportSettingsProvider() {
+            @Override
+            public Collection<TransportAdapterProvider<HttpServerTransport>> getHttpTransportAdapterProviders(Settings settings) {
+                return List.of(new TransportAdapterProvider<HttpServerTransport>() {
+
+                    @Override
+                    public String name() {
+                        // TODO Auto-generated method stub
+                        return SecureNetty4HttpServerTransport.REQUEST_HEADER_VERIFIER;
+                    }
+
+                    @SuppressWarnings("unchecked")
+                    @Override
+                    public <C> Optional<C> create(Settings settings, HttpServerTransport transport, Class<C> adapterClass) {
+                        return Optional.of((C) new LocalHeaderVerifier());
+                    }
+
+                });
+            }
+
+            @Override
+            public Optional<TransportExceptionHandler> buildHttpServerExceptionHandler(Settings settings, HttpServerTransport transport) {
+                return Optional.empty();
+            }
+
+            @Override
+            public Optional<SSLEngine> buildSecureHttpServerEngine(Settings settings, HttpServerTransport transport) throws SSLException {
+                return Optional.empty();
+            }
+        };
+
+        try (OpenSearchSecuritySSLPlugin plugin = new OpenSearchSecuritySSLPlugin(settings, null, false)) {
+            final Map<String, Supplier<HttpServerTransport>> transports = plugin.getSecureHttpTransports(
+                settings,
+                MOCK_POOL,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                clusterSettings,
+                secureHttpTransportSettingsProvider,
+                NoopTracer.INSTANCE
+            );
+            assertThat(transports, hasKey("org.opensearch.security.ssl.http.netty.SecuritySSLNettyHttpServerTransport"));
+
+            final HttpServerTransport transport = transports.get(
+                "org.opensearch.security.ssl.http.netty.SecuritySSLNettyHttpServerTransport"
+            ).get();
+            assertThat(transport, instanceOf(SecureNetty4HttpServerTransport.class));
+        }
+    }
 }