package org.neo4j.driver.internal.async.connection;

import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.handler.ssl.SslHandler;
import java.security.GeneralSecurityException;
import java.util.List;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import org.hamcrest.Matchers;
import org.hamcrest.junit.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.neo4j.driver.RevocationCheckingStrategy;
import org.neo4j.driver.internal.BoltServerAddress;
import org.neo4j.driver.internal.logging.DevNullLogging;
import org.neo4j.driver.internal.security.SecurityPlan;
import org.neo4j.driver.internal.security.SecurityPlanImpl;
import org.neo4j.driver.internal.util.Clock;
import org.neo4j.driver.internal.util.FakeClock;

/* loaded from: input_file:org/neo4j/driver/internal/async/connection/NettyChannelInitializerTest.class */
class NettyChannelInitializerTest {
    private final EmbeddedChannel channel = new EmbeddedChannel();

    NettyChannelInitializerTest() {
    }

    @AfterEach
    void tearDown() {
        this.channel.finishAndReleaseAll();
    }

    @Test
    void shouldAddSslHandlerWhenRequiresEncryption() throws Exception {
        newInitializer(trustAllCertificates()).initChannel(this.channel);
        Assertions.assertNotNull(this.channel.pipeline().get(SslHandler.class));
    }

    @Test
    void shouldNotAddSslHandlerWhenDoesNotRequireEncryption() {
        newInitializer(SecurityPlanImpl.insecure()).initChannel(this.channel);
        Assertions.assertNull(this.channel.pipeline().get(SslHandler.class));
    }

    @Test
    void shouldAddSslHandlerWithHandshakeTimeout() throws Exception {
        newInitializer(trustAllCertificates(), 424242).initChannel(this.channel);
        SslHandler sslHandler = this.channel.pipeline().get(SslHandler.class);
        Assertions.assertNotNull(sslHandler);
        Assertions.assertEquals(424242, sslHandler.getHandshakeTimeoutMillis());
    }

    @Test
    void shouldUpdateChannelAttributes() {
        Clock clock = (Clock) Mockito.mock(Clock.class);
        Mockito.when(Long.valueOf(clock.millis())).thenReturn(42L);
        newInitializer(SecurityPlanImpl.insecure(), Integer.MAX_VALUE, clock).initChannel(this.channel);
        Assertions.assertEquals(BoltServerAddress.LOCAL_DEFAULT, ChannelAttributes.serverAddress(this.channel));
        Assertions.assertEquals(42L, ChannelAttributes.creationTimestamp(this.channel));
        Assertions.assertNotNull(ChannelAttributes.messageDispatcher(this.channel));
    }

    @Test
    void shouldIncludeSniHostName() throws Exception {
        BoltServerAddress boltServerAddress = new BoltServerAddress("database.neo4j.com", 8989);
        new NettyChannelInitializer(boltServerAddress, trustAllCertificates(), 10000, Clock.SYSTEM, DevNullLogging.DEV_NULL_LOGGING).initChannel(this.channel);
        List<SNIServerName> serverNames = this.channel.pipeline().get(SslHandler.class).engine().getSSLParameters().getServerNames();
        MatcherAssert.assertThat(serverNames, Matchers.hasSize(1));
        MatcherAssert.assertThat(serverNames.get(0), Matchers.instanceOf(SNIHostName.class));
        MatcherAssert.assertThat(((SNIHostName) serverNames.get(0)).getAsciiName(), Matchers.equalTo(boltServerAddress.host()));
    }

    @Test
    void shouldEnableHostnameVerificationWhenConfigured() throws Exception {
        testHostnameVerificationSetting(true, "HTTPS");
    }

    @Test
    void shouldNotEnableHostnameVerificationWhenNotConfigured() throws Exception {
        testHostnameVerificationSetting(false, null);
    }

    private void testHostnameVerificationSetting(boolean z, String str) throws Exception {
        newInitializer(SecurityPlanImpl.forAllCertificates(z, RevocationCheckingStrategy.NO_CHECKS)).initChannel(this.channel);
        Assertions.assertEquals(str, this.channel.pipeline().get(SslHandler.class).engine().getSSLParameters().getEndpointIdentificationAlgorithm());
    }

    private static NettyChannelInitializer newInitializer(SecurityPlan securityPlan) {
        return newInitializer(securityPlan, Integer.MAX_VALUE);
    }

    private static NettyChannelInitializer newInitializer(SecurityPlan securityPlan, int i) {
        return newInitializer(securityPlan, i, new FakeClock());
    }

    private static NettyChannelInitializer newInitializer(SecurityPlan securityPlan, int i, Clock clock) {
        return new NettyChannelInitializer(BoltServerAddress.LOCAL_DEFAULT, securityPlan, i, clock, DevNullLogging.DEV_NULL_LOGGING);
    }

    private static SecurityPlan trustAllCertificates() throws GeneralSecurityException {
        return SecurityPlanImpl.forAllCertificates(false, RevocationCheckingStrategy.NO_CHECKS);
    }
}
