package org.neo4j.driver.v1.integration;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.nio.channels.SocketChannel;
import javax.net.ssl.SSLHandshakeException;
import javax.xml.bind.DatatypeConverter;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.Mockito;
import org.neo4j.driver.internal.ConfigTest;
import org.neo4j.driver.internal.connector.socket.SSLSocketChannel;
import org.neo4j.driver.internal.spi.Logger;
import org.neo4j.driver.internal.util.CertificateTool;
import org.neo4j.driver.v1.Config;
import org.neo4j.driver.v1.Driver;
import org.neo4j.driver.v1.GraphDatabase;
import org.neo4j.driver.v1.ResultCursor;
import org.neo4j.driver.v1.util.CertificateToolTest;
import org.neo4j.driver.v1.util.Neo4jRunner;
import org.neo4j.driver.v1.util.TestNeo4j;

/* loaded from: input_file:org/neo4j/driver/v1/integration/SSLSocketChannelIT.class */
public class SSLSocketChannelIT {

    @Rule
    public TestNeo4j neo4j = new TestNeo4j();

    @Test
    public void shouldPerformTLSHandshakeWithEmptyKnownCertsFile() throws Throwable {
        File createTempFile = File.createTempFile("neo4j_known_certs", ".tmp");
        createTempFile.deleteOnExit();
        performTLSHandshakeUsingKnownCerts(createTempFile);
    }

    private void performTLSHandshakeUsingKnownCerts(File file) throws Throwable {
        Logger logger = (Logger) Mockito.mock(Logger.class);
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("localhost", 7687));
        new SSLSocketChannel("localhost", 7687, open, logger, Config.TlsAuthenticationConfig.usingKnownCerts(file)).close();
        ((Logger) Mockito.verify(logger, Mockito.atLeastOnce())).debug("TLS connection enabled", new Object[0]);
        ((Logger) Mockito.verify(logger, Mockito.atLeastOnce())).debug("TLS connection established", new Object[0]);
        ((Logger) Mockito.verify(logger, Mockito.atLeastOnce())).debug("TLS connection closed", new Object[0]);
    }

    @Test
    public void shouldFailTLSHandshakeDueToWrongCertInKnownCertsFile() throws Throwable {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("localhost", 7687));
        File createTempFile = File.createTempFile("neo4j_known_certs", ".tmp");
        createTempFile.deleteOnExit();
        createFakeServerCertPairInKnownCerts("localhost", 7687, createTempFile);
        SSLSocketChannel sSLSocketChannel = null;
        try {
            try {
                sSLSocketChannel = new SSLSocketChannel("localhost", 7687, open, (Logger) Mockito.mock(Logger.class), Config.TlsAuthenticationConfig.usingKnownCerts(createTempFile));
                sSLSocketChannel.close();
                if (sSLSocketChannel != null) {
                    sSLSocketChannel.close();
                }
            } catch (SSLHandshakeException e) {
                Assert.assertEquals("General SSLEngine problem", e.getMessage());
                Assert.assertEquals("General SSLEngine problem", e.getCause().getMessage());
                Assert.assertTrue(e.getCause().getCause().getMessage().contains("If you trust the certificate the server uses now, simply remove the line that starts with"));
                if (sSLSocketChannel != null) {
                    sSLSocketChannel.close();
                }
            }
        } catch (Throwable th) {
            if (sSLSocketChannel != null) {
                sSLSocketChannel.close();
            }
            throw th;
        }
    }

    private void createFakeServerCertPairInKnownCerts(String str, int i, File file) throws Throwable {
        String str2 = InetAddress.getByName(str).getHostAddress() + ":" + i;
        String printBase64Binary = DatatypeConverter.printBase64Binary(CertificateToolTest.generateSelfSignedCertificate().getEncoded());
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file, true));
        bufferedWriter.write(str2 + "," + printBase64Binary);
        bufferedWriter.newLine();
        bufferedWriter.close();
    }

    @Test
    public void shouldFailTLSHandshakeDueToServerCertNotSignedByKnownCA() throws Throwable {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("localhost", 7687));
        File createTempFile = File.createTempFile("neo4j_trusted_cert", ".tmp");
        createTempFile.deleteOnExit();
        CertificateTool.saveX509Cert(CertificateToolTest.generateSelfSignedCertificate(), createTempFile);
        SSLSocketChannel sSLSocketChannel = null;
        try {
            try {
                sSLSocketChannel = new SSLSocketChannel("localhost", 7687, open, (Logger) Mockito.mock(Logger.class), Config.TlsAuthenticationConfig.usingTrustedCert(createTempFile));
                sSLSocketChannel.close();
                if (sSLSocketChannel != null) {
                    sSLSocketChannel.close();
                }
            } catch (SSLHandshakeException e) {
                Assert.assertEquals("General SSLEngine problem", e.getMessage());
                Assert.assertEquals("General SSLEngine problem", e.getCause().getMessage());
                Assert.assertEquals("No trusted certificate found", e.getCause().getCause().getMessage());
                if (sSLSocketChannel != null) {
                    sSLSocketChannel.close();
                }
            }
        } catch (Throwable th) {
            if (sSLSocketChannel != null) {
                sSLSocketChannel.close();
            }
            throw th;
        }
    }

    @Test
    public void shouldPerformTLSHandshakeWithTrustedServerCert() throws Throwable {
        File createTempFile = File.createTempFile("neo4j_known_certs", ".tmp");
        createTempFile.deleteOnExit();
        performTLSHandshakeUsingKnownCerts(createTempFile);
        String serverCert = getServerCert(createTempFile);
        File createTempFile2 = File.createTempFile("neo4j_trusted_cert", ".tmp");
        createTempFile2.deleteOnExit();
        CertificateTool.saveX509Cert(serverCert, createTempFile2);
        Logger logger = (Logger) Mockito.mock(Logger.class);
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("localhost", 7687));
        new SSLSocketChannel("localhost", 7687, open, logger, Config.TlsAuthenticationConfig.usingTrustedCert(createTempFile2)).close();
        ((Logger) Mockito.verify(logger, Mockito.atLeastOnce())).debug("TLS connection enabled", new Object[0]);
        ((Logger) Mockito.verify(logger, Mockito.atLeastOnce())).debug("TLS connection established", new Object[0]);
        ((Logger) Mockito.verify(logger, Mockito.atLeastOnce())).debug("TLS connection closed", new Object[0]);
    }

    private String getServerCert(File file) throws Throwable {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        String readLine = bufferedReader.readLine();
        Assert.assertNotNull(readLine);
        String[] split = readLine.split(",");
        Assert.assertEquals(2L, split.length);
        String trim = split[1].trim();
        Assert.assertNull(bufferedReader.readLine());
        bufferedReader.close();
        return trim;
    }

    @Test
    public void shouldEstablishTLSConnection() throws Throwable {
        ConfigTest.deleteDefaultKnownCertFileIfExists();
        Driver driver = GraphDatabase.driver(URI.create(Neo4jRunner.DEFAULT_URL), Config.build().withTlsEnabled(true).toConfig());
        ResultCursor run = driver.session().run("RETURN 1");
        Assert.assertTrue(run.next());
        Assert.assertEquals(1L, run.get(0).asInt());
        Assert.assertFalse(run.next());
        driver.close();
    }
}
