package org.neo4j.driver.integration;

import java.net.URI;
import org.hamcrest.CoreMatchers;
import org.hamcrest.junit.MatcherAssert;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.neo4j.driver.Config;
import org.neo4j.driver.Driver;
import org.neo4j.driver.GraphDatabase;
import org.neo4j.driver.Session;
import org.neo4j.driver.exceptions.ServiceUnavailableException;
import org.neo4j.driver.util.DatabaseExtension;
import org.neo4j.driver.util.Neo4jSettings;
import org.neo4j.driver.util.ParallelizableIT;

@ParallelizableIT
/* loaded from: input_file:org/neo4j/driver/integration/EncryptionIT.class */
class EncryptionIT {

    @RegisterExtension
    static final DatabaseExtension neo4j = new DatabaseExtension();

    EncryptionIT() {
    }

    @Test
    void shouldOperateWithNoEncryptionWhenItIsOptionalInTheDatabase() {
        testMatchingEncryption(Neo4jSettings.BoltTlsLevel.OPTIONAL, false, neo4j.uri().getScheme());
    }

    @Test
    void shouldOperateWithEncryptionWhenItIsOptionalInTheDatabase() {
        testMatchingEncryption(Neo4jSettings.BoltTlsLevel.OPTIONAL, true, neo4j.uri().getScheme());
    }

    @Test
    void shouldFailWithoutEncryptionWhenItIsRequiredInTheDatabase() {
        testMismatchingEncryption(Neo4jSettings.BoltTlsLevel.REQUIRED, false);
    }

    @Test
    void shouldOperateWithEncryptionWhenItIsAlsoRequiredInTheDatabase() {
        testMatchingEncryption(Neo4jSettings.BoltTlsLevel.REQUIRED, true, neo4j.uri().getScheme());
    }

    @Test
    void shouldOperateWithEncryptionWhenConfiguredUsingBoltSscURI() {
        testMatchingEncryption(Neo4jSettings.BoltTlsLevel.REQUIRED, true, "bolt+ssc");
    }

    @Test
    void shouldFailWithEncryptionWhenItIsDisabledInTheDatabase() {
        testMismatchingEncryption(Neo4jSettings.BoltTlsLevel.DISABLED, true);
    }

    @Test
    void shouldOperateWithoutEncryptionWhenItIsAlsoDisabledInTheDatabase() {
        testMatchingEncryption(Neo4jSettings.BoltTlsLevel.DISABLED, false, neo4j.uri().getScheme());
    }

    private void testMatchingEncryption(Neo4jSettings.BoltTlsLevel boltTlsLevel, boolean z, String str) {
        neo4j.restartDb(Neo4jSettings.TEST_SETTINGS.updateWith(Neo4jSettings.BOLT_TLS_LEVEL, boltTlsLevel.toString()));
        Driver driver = GraphDatabase.driver(URI.create(String.format("%s://%s:%s", str, neo4j.uri().getHost(), Integer.valueOf(neo4j.uri().getPort()))), neo4j.authToken(), str.equals("bolt+ssc") ? Config.builder().build() : newConfig(z));
        try {
            MatcherAssert.assertThat(Boolean.valueOf(driver.isEncrypted()), CoreMatchers.equalTo(Boolean.valueOf(z)));
            Session session = driver.session();
            try {
                MatcherAssert.assertThat(Integer.valueOf(session.run("RETURN 1").next().get(0).asInt()), CoreMatchers.equalTo(1));
                if (session != null) {
                    session.close();
                }
                if (driver != null) {
                    driver.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (driver != null) {
                try {
                    driver.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void testMismatchingEncryption(Neo4jSettings.BoltTlsLevel boltTlsLevel, boolean z) {
        neo4j.restartDb(Neo4jSettings.TEST_SETTINGS.updateWith(Neo4jSettings.BOLT_TLS_LEVEL, boltTlsLevel.toString()));
        Config newConfig = newConfig(z);
        MatcherAssert.assertThat(Assertions.assertThrows(ServiceUnavailableException.class, () -> {
            GraphDatabase.driver(neo4j.uri(), neo4j.authToken(), newConfig).verifyConnectivity();
        }).getMessage(), CoreMatchers.startsWith("Connection to the database terminated"));
    }

    private static Config newConfig(boolean z) {
        return z ? configWithEncryption() : configWithoutEncryption();
    }

    private static Config configWithEncryption() {
        return Config.builder().withEncryption().withTrustStrategy(Config.TrustStrategy.trustAllCertificates()).build();
    }

    private static Config configWithoutEncryption() {
        return Config.builder().withoutEncryption().build();
    }
}
