package org.neo4j.driver.internal.security;

import java.io.IOException;
import java.security.GeneralSecurityException;
import org.neo4j.driver.Config;
import org.neo4j.driver.RevocationCheckingStrategy;
import org.neo4j.driver.exceptions.ClientException;
import org.neo4j.driver.internal.Scheme;
import org.neo4j.driver.internal.SecuritySettings;

/* loaded from: input_file:org/neo4j/driver/internal/security/SecurityPlans.class */
public class SecurityPlans {
    public static SecurityPlan createSecurityPlan(SecuritySettings securitySettings, String str) {
        Scheme.validateScheme(str);
        try {
            if (!Scheme.isSecurityScheme(str)) {
                return createSecurityPlanImpl(securitySettings.encrypted(), securitySettings.trustStrategy());
            }
            assertSecuritySettingsNotUserConfigured(securitySettings, str);
            return createSecurityPlanFromScheme(str);
        } catch (IOException | GeneralSecurityException e) {
            throw new ClientException("Unable to establish SSL parameters", e);
        }
    }

    private static void assertSecuritySettingsNotUserConfigured(SecuritySettings securitySettings, String str) {
        if (isCustomized(securitySettings)) {
            throw new ClientException(String.format("Scheme %s is not configurable with manual encryption and trust settings", str));
        }
    }

    public static boolean isCustomized(SecuritySettings securitySettings) {
        return (SecuritySettings.DEFAULT.encrypted() == securitySettings.encrypted() && hasEqualTrustStrategy(securitySettings)) ? false : true;
    }

    private static boolean hasEqualTrustStrategy(SecuritySettings securitySettings) {
        Config.TrustStrategy trustStrategy = SecuritySettings.DEFAULT.trustStrategy();
        Config.TrustStrategy trustStrategy2 = securitySettings.trustStrategy();
        if (trustStrategy == trustStrategy2) {
            return true;
        }
        return trustStrategy.isHostnameVerificationEnabled() == trustStrategy2.isHostnameVerificationEnabled() && trustStrategy.strategy() == trustStrategy2.strategy() && trustStrategy.certFiles().equals(trustStrategy2.certFiles()) && trustStrategy.revocationCheckingStrategy() == trustStrategy2.revocationCheckingStrategy();
    }

    private static SecurityPlan createSecurityPlanFromScheme(String str) throws GeneralSecurityException, IOException {
        return Scheme.isHighTrustScheme(str) ? SecurityPlanImpl.forSystemCASignedCertificates(true, RevocationCheckingStrategy.NO_CHECKS) : SecurityPlanImpl.forAllCertificates(false, RevocationCheckingStrategy.NO_CHECKS);
    }

    private static SecurityPlan createSecurityPlanImpl(boolean z, Config.TrustStrategy trustStrategy) throws GeneralSecurityException, IOException {
        if (!z) {
            return SecurityPlanImpl.insecure();
        }
        boolean isHostnameVerificationEnabled = trustStrategy.isHostnameVerificationEnabled();
        RevocationCheckingStrategy revocationCheckingStrategy = trustStrategy.revocationCheckingStrategy();
        switch (trustStrategy.strategy()) {
            case TRUST_CUSTOM_CA_SIGNED_CERTIFICATES:
                return SecurityPlanImpl.forCustomCASignedCertificates(trustStrategy.certFiles(), isHostnameVerificationEnabled, revocationCheckingStrategy);
            case TRUST_SYSTEM_CA_SIGNED_CERTIFICATES:
                return SecurityPlanImpl.forSystemCASignedCertificates(isHostnameVerificationEnabled, revocationCheckingStrategy);
            case TRUST_ALL_CERTIFICATES:
                return SecurityPlanImpl.forAllCertificates(isHostnameVerificationEnabled, revocationCheckingStrategy);
            default:
                throw new ClientException("Unknown TLS authentication strategy: " + trustStrategy.strategy().name());
        }
    }
}
