package org.neo4j.driver.v1.tck;

import cucumber.api.java.After;
import cucumber.api.java.en.And;
import cucumber.api.java.en.Given;
import cucumber.api.java.en.Then;
import cucumber.api.java.en.When;
import java.io.File;
import java.security.cert.X509Certificate;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.neo4j.driver.internal.util.CertificateTool;
import org.neo4j.driver.v1.Config;
import org.neo4j.driver.v1.Driver;
import org.neo4j.driver.v1.GraphDatabase;
import org.neo4j.driver.v1.Session;
import org.neo4j.driver.v1.exceptions.SecurityException;
import org.neo4j.driver.v1.util.CertificateToolTest;
import org.neo4j.driver.v1.util.Neo4jRunner;
import org.neo4j.driver.v1.util.Neo4jSettings;

/* loaded from: input_file:org/neo4j/driver/v1/tck/DriverSecurityComplianceSteps.class */
public class DriverSecurityComplianceSteps {
    private Driver driver;
    private File knownHostsFile;
    private Throwable exception;
    private Config driverKittenConfig;
    private Driver driverKitten;
    private File certificate;

    @Given("^a running Neo4j Database$")
    public void aRunningDatabase() throws Throwable {
    }

    @When("I connect via a TLS-enabled transport for the first time for the given hostname and port$")
    public void firstUseConnect() throws Throwable {
        this.knownHostsFile = tempFile("known_hosts", ".tmp");
        this.driver = GraphDatabase.driver(Neo4jRunner.DEFAULT_URI, Neo4jRunner.DEFAULT_AUTH_TOKEN, Config.build().withEncryptionLevel(Config.EncryptionLevel.REQUIRED).withTrustStrategy(Config.TrustStrategy.trustOnFirstUse(this.knownHostsFile)).toConfig());
    }

    @Then("sessions should simply work$")
    public void sessionsShouldSimplyWork() throws Throwable {
        Assert.assertNull(this.exception);
        Session session = this.driver.session();
        Throwable th = null;
        try {
            Assert.assertEquals(session.run("RETURN 1").single().get(0).asInt(), 1L);
            if (session != null) {
                if (0 == 0) {
                    session.close();
                    return;
                }
                try {
                    session.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (session != null) {
                if (0 != 0) {
                    try {
                        session.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    session.close();
                }
            }
            throw th3;
        }
    }

    @Given("^a running Neo4j Database that I have connected to with a TLS-enabled transport in the past$")
    public void aRunningNeoJDatabaseThatIHaveConnectedTo() throws Throwable {
        firstUseConnect();
        sessionsShouldSimplyWork();
    }

    @When("^I connect via a TLS-enabled transport again$")
    public void iConnectViaATlsEnabledTransportAgain() throws Throwable {
        try {
            this.driver = GraphDatabase.driver(Neo4jRunner.DEFAULT_URI, Neo4jRunner.DEFAULT_AUTH_TOKEN, Config.build().withEncryptionLevel(Config.EncryptionLevel.REQUIRED).withTrustStrategy(Config.TrustStrategy.trustOnFirstUse(this.knownHostsFile)).toConfig());
        } catch (Exception e) {
            this.driver = null;
            this.exception = e;
        }
    }

    @And("^the database has changed which certificate it uses$")
    public void theDatabaseHasChangedWhichCertificateItUses() throws Throwable {
        this.driver.close();
        File tempFile = tempFile("temp_cert", ".cert");
        File tempFile2 = tempFile("temp_key", ".key");
        CertificateToolTest.SelfSignedCertificateGenerator selfSignedCertificateGenerator = new CertificateToolTest.SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.saveSelfSignedCertificate(tempFile);
        selfSignedCertificateGenerator.savePrivateKey(tempFile2);
        DriverComplianceIT.neo4j.updateEncryptionKeyAndCert(tempFile2, tempFile);
    }

    @Then("^creating sessions should fail$")
    public void creatingSessionsShouldFail() throws Throwable {
        if (this.driver != null) {
            try {
                Session session = this.driver.session();
                Throwable th = null;
                try {
                    session.run("RETURN 1");
                    if (session != null) {
                        if (0 != 0) {
                            try {
                                session.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            session.close();
                        }
                    }
                } finally {
                }
            } catch (Exception e) {
                this.exception = e;
            }
        }
    }

    @And("^I should get a helpful error explaining that the certificate has changed$")
    public void iShouldGetAHelpfulErrorExplainingThatCertificateChanged(String str) throws Throwable {
        Assert.assertThat(this.exception, CoreMatchers.notNullValue());
        Assert.assertThat(this.exception, CoreMatchers.instanceOf(SecurityException.class));
        Throwable rootCause = getRootCause(this.exception);
        Assert.assertThat(rootCause.toString(), CoreMatchers.containsString("Unable to connect to neo4j at `localhost:7687`, because the certificate the server uses has changed. This is a security feature to protect against man-in-the-middle attacks."));
        Assert.assertThat(rootCause.toString(), CoreMatchers.containsString("If you trust the certificate the server uses now, simply remove the line that starts with `localhost:7687` in the file"));
        Assert.assertThat(rootCause.toString(), CoreMatchers.containsString("The old certificate saved in file is:"));
        Assert.assertThat(rootCause.toString(), CoreMatchers.containsString("The New certificate received is:"));
    }

    @Given("^two drivers")
    public void twoDrivers() {
    }

    @When("^I configure one of them to use a different location for its known hosts storage$")
    public void twoDriversWithDifferentKnownHostsFiles() throws Throwable {
        firstUseConnect();
        sessionsShouldSimplyWork();
        this.driverKittenConfig = Config.build().withEncryptionLevel(Config.EncryptionLevel.REQUIRED).withTrustStrategy(Config.TrustStrategy.trustOnFirstUse(tempFile("known_hosts", ".tmp"))).toConfig();
    }

    @Then("^the two drivers should not interfere with one another's known hosts files$")
    public void twoDriversShouldNotInterfereWithEachOther() throws Throwable {
        theDatabaseHasChangedWhichCertificateItUses();
        iConnectViaATlsEnabledTransportAgain();
        creatingSessionsShouldFail();
        iShouldGetAHelpfulErrorExplainingThatCertificateChanged("nah");
        this.driverKitten = GraphDatabase.driver(Neo4jRunner.DEFAULT_URI, Neo4jRunner.DEFAULT_AUTH_TOKEN, this.driverKittenConfig);
        Session session = this.driverKitten.session();
        Throwable th = null;
        try {
            Assert.assertEquals(session.run("RETURN 1").single().get(0).asInt(), 1L);
            if (session != null) {
                if (0 == 0) {
                    session.close();
                    return;
                }
                try {
                    session.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (session != null) {
                if (0 != 0) {
                    try {
                        session.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    session.close();
                }
            }
            throw th3;
        }
    }

    @Given("^a driver configured to use a trusted certificate$")
    public void aDriverConfiguredToUseATrustedCertificate() throws Throwable {
    }

    @And("^a running Neo4j Database using a certificate signed by the same trusted certificate$")
    public void aRunningNeo4jDatabaseUsingACertificateSignedByTheSameTrustedCertificate() throws Throwable {
        this.certificate = tempFile("temp_root_cert", ".cert");
        File tempFile = tempFile("temp_root_key", ".key");
        CertificateToolTest.SelfSignedCertificateGenerator selfSignedCertificateGenerator = new CertificateToolTest.SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.saveSelfSignedCertificate(this.certificate);
        selfSignedCertificateGenerator.savePrivateKey(tempFile);
        File tempFile2 = tempFile("temp_cert", ".cert");
        File tempFile3 = tempFile("temp_key", ".key");
        CertificateToolTest.CertificateSigningRequestGenerator certificateSigningRequestGenerator = new CertificateToolTest.CertificateSigningRequestGenerator();
        X509Certificate sign = selfSignedCertificateGenerator.sign(certificateSigningRequestGenerator.certificateSigningRequest(), certificateSigningRequestGenerator.publicKey());
        certificateSigningRequestGenerator.savePrivateKey(tempFile3);
        CertificateTool.saveX509Cert(sign, tempFile2);
        DriverComplianceIT.neo4j.updateEncryptionKeyAndCert(tempFile3, tempFile2);
    }

    @When("^I connect via a TLS-enabled transport$")
    public void iConnectViaATlsEnabledTransport() {
        try {
            this.driver = GraphDatabase.driver(Neo4jRunner.DEFAULT_URI, Neo4jRunner.DEFAULT_AUTH_TOKEN, Config.build().withEncryption().withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(this.certificate)).toConfig());
        } catch (Exception e) {
            this.driver = null;
            this.exception = e;
        }
    }

    @And("^a running Neo4j Database using that exact trusted certificate$")
    public void aRunningNeo4jDatabaseUsingThatExactTrustedCertificate() {
        this.certificate = new File(Neo4jRunner.HOME_DIR, Neo4jSettings.DEFAULT_TLS_CERT_PATH);
    }

    @And("^a running Neo4j Database using a certificate not signed by the trusted certificate$")
    public void aRunningNeo4jDatabaseUsingACertNotSignedByTheTrustedCertificates() throws Throwable {
        this.certificate = tempFile("temp_cert", ".cert");
        CertificateTool.saveX509Cert(CertificateToolTest.generateSelfSignedCertificate(), this.certificate);
    }

    @And("^I should get a helpful error explaining that no trusted certificate found$")
    public void iShouldGetAHelpfulErrorExplainingThatCertificatedNotSigned() throws Throwable {
        Assert.assertThat(this.exception, CoreMatchers.notNullValue());
        Assert.assertThat(this.exception, CoreMatchers.instanceOf(SecurityException.class));
        Assert.assertThat(getRootCause(this.exception).toString(), CoreMatchers.containsString("Signature does not match."));
    }

    @After({"@tls"})
    public void clearAfterEachScenario() throws Throwable {
        if (this.driver != null) {
            this.driver.close();
        }
        this.driver = null;
        this.knownHostsFile = null;
        this.exception = null;
        if (this.driverKitten != null) {
            this.driverKitten.close();
            this.driverKitten = null;
        }
    }

    @After({"@modifies_db_config"})
    public void resetDbWithDefaultSettings() throws Throwable {
        DriverComplianceIT.neo4j.restart();
    }

    private File tempFile(String str, String str2) throws Throwable {
        File createTempFile = File.createTempFile(str, str2);
        createTempFile.deleteOnExit();
        return createTempFile;
    }

    private Throwable getRootCause(Throwable th) {
        Throwable th2 = th;
        while (true) {
            Throwable th3 = th2;
            if (th3.getCause() == null) {
                return th3;
            }
            th2 = th3.getCause();
        }
    }
}
