package org.neo4j.driver.internal.connector.socket;

import java.io.File;
import java.io.PrintWriter;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Scanner;
import javax.xml.bind.DatatypeConverter;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/neo4j/driver/internal/connector/socket/TrustOnFirstUseTrustManagerTest.class */
public class TrustOnFirstUseTrustManagerTest {
    private static File knownCertsFile;
    private static String knownServerIp;
    private static int knownServerPort;
    private static String knownServer;

    @BeforeClass
    public static void setup() throws Throwable {
        knownCertsFile = File.createTempFile("neo4j_known_certs", ".tmp");
        knownServerIp = "1.2.3.4";
        knownServerPort = 100;
        knownServer = knownServerIp + ":" + knownServerPort;
        String printBase64Binary = DatatypeConverter.printBase64Binary("certificate".getBytes());
        PrintWriter printWriter = new PrintWriter(knownCertsFile);
        printWriter.println(" # I am a comment.");
        printWriter.println(knownServer + "," + printBase64Binary);
        printWriter.close();
    }

    @AfterClass
    public static void teardown() {
        knownCertsFile.delete();
    }

    @Test
    public void shouldLoadExistingCert() throws Throwable {
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(knownServerIp, knownServerPort, knownCertsFile);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getEncoded()).thenReturn("fake certificate".getBytes());
        try {
            trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, (String) null);
            Assert.fail("Should not trust the fake certificate");
        } catch (CertificateException e) {
            Assert.assertTrue(e.getMessage().contains("If you trust the certificate the server uses now, simply remove the line that starts with"));
        }
    }

    @Test
    public void shouldSaveNewCert() throws Throwable {
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(knownServerIp, 200, knownCertsFile);
        byte[] bytes = "certificate".getBytes();
        String printBase64Binary = DatatypeConverter.printBase64Binary(bytes);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getEncoded()).thenReturn(bytes);
        try {
            trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, (String) null);
        } catch (CertificateException e) {
            Assert.fail("Should trust the certificate the first time it is seen");
            e.printStackTrace();
        }
        Scanner scanner = new Scanner(knownCertsFile);
        Assert.assertEquals(knownServer + "," + printBase64Binary, nextLine(scanner));
        Assert.assertTrue(scanner.hasNextLine());
        Assert.assertEquals(knownServerIp + ":200," + printBase64Binary, nextLine(scanner));
    }

    private String nextLine(Scanner scanner) {
        String nextLine;
        do {
            Assert.assertTrue(scanner.hasNext());
            nextLine = scanner.nextLine();
        } while (nextLine.trim().startsWith("#"));
        return nextLine;
    }
}
