package org.neo4j.driver.internal.security;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Scanner;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.mockito.Mockito;
import org.neo4j.driver.internal.net.BoltServerAddress;
import org.neo4j.driver.v1.Logger;

/* loaded from: input_file:org/neo4j/driver/internal/security/TrustOnFirstUseTrustManagerTest.class */
public class TrustOnFirstUseTrustManagerTest {
    private File knownCertsFile;
    private String knownServerIp;
    private int knownServerPort;
    private String knownServer;

    @Rule
    public TemporaryFolder testDir = new TemporaryFolder(new File("target"));
    private X509Certificate knownCertificate;

    @Before
    public void setup() throws Throwable {
        this.knownCertsFile = this.testDir.newFile();
        this.knownServerIp = "1.2.3.4";
        this.knownServerPort = 100;
        this.knownServer = this.knownServerIp + ":" + this.knownServerPort;
        this.knownCertificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(this.knownCertificate.getEncoded()).thenReturn("certificate".getBytes("UTF-8"));
        PrintWriter printWriter = new PrintWriter(this.knownCertsFile);
        printWriter.println(" # I am a comment.");
        printWriter.println(this.knownServer + " " + TrustOnFirstUseTrustManager.fingerprint(this.knownCertificate));
        printWriter.close();
    }

    @After
    public void teardown() {
        this.knownCertsFile.delete();
    }

    @Test
    public void shouldLoadExistingCert() throws Throwable {
        BoltServerAddress boltServerAddress = new BoltServerAddress(this.knownServerIp, this.knownServerPort);
        Logger logger = (Logger) Mockito.mock(Logger.class);
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(boltServerAddress, this.knownCertsFile, logger);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getEncoded()).thenReturn("fake certificate".getBytes());
        try {
            trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, (String) null);
            Assert.fail("Should not trust the fake certificate");
        } catch (CertificateException e) {
            Assert.assertTrue(e.getMessage().contains("If you trust the certificate the server uses now, simply remove the line that starts with"));
            Mockito.verifyNoMoreInteractions(new Object[]{logger});
        }
    }

    @Test
    public void shouldSaveNewCert() throws Throwable {
        BoltServerAddress boltServerAddress = new BoltServerAddress(this.knownServerIp, 200);
        Logger logger = (Logger) Mockito.mock(Logger.class);
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(boltServerAddress, this.knownCertsFile, logger);
        String fingerprint = TrustOnFirstUseTrustManager.fingerprint(this.knownCertificate);
        trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{this.knownCertificate}, (String) null);
        ((Logger) Mockito.verify(logger)).info("Adding %s as known and trusted certificate for %s.", new Object[]{fingerprint, "1.2.3.4:200"});
        Scanner scanner = new Scanner(this.knownCertsFile);
        Assert.assertEquals(this.knownServer + " " + fingerprint, nextLine(scanner));
        Assert.assertTrue(scanner.hasNextLine());
        Assert.assertEquals(this.knownServerIp + ":200 " + fingerprint, nextLine(scanner));
    }

    private String nextLine(Scanner scanner) {
        String nextLine;
        do {
            Assert.assertTrue(scanner.hasNext());
            nextLine = scanner.nextLine();
        } while (nextLine.trim().startsWith("#"));
        return nextLine;
    }

    @Test
    public void shouldThrowMeaningfulExceptionIfHasNoReadPermissionToKnownHostFile() throws Throwable {
        File file = (File) Mockito.mock(File.class);
        Mockito.when(Boolean.valueOf(file.canRead())).thenReturn(false);
        Mockito.when(Boolean.valueOf(file.exists())).thenReturn(true);
        try {
            new TrustOnFirstUseTrustManager(new BoltServerAddress(this.knownServerIp, this.knownServerPort), file, (Logger) null);
            Assert.fail("Should have failed in load certs");
        } catch (IOException e) {
            Assert.assertThat(e.getMessage(), CoreMatchers.containsString("you have no read permissions to it"));
        } catch (Exception e2) {
            Assert.fail("Should not get any other error besides no permission to read");
        }
    }

    @Test
    public void shouldThrowMeaningfulExceptionIfHasNoWritePermissionToKnownHostFile() throws Throwable {
        File file = (File) Mockito.mock(File.class);
        Mockito.when(Boolean.valueOf(file.exists())).thenReturn(false, new Boolean[]{true});
        Mockito.when(Boolean.valueOf(file.canWrite())).thenReturn(false);
        try {
            new TrustOnFirstUseTrustManager(new BoltServerAddress(this.knownServerIp, this.knownServerPort), file, (Logger) Mockito.mock(Logger.class)).checkServerTrusted(new X509Certificate[]{this.knownCertificate}, (String) null);
            Assert.fail("Should have failed in write to certs");
        } catch (CertificateException e) {
            Assert.assertThat(e.getCause().getMessage(), CoreMatchers.containsString("you have no write permissions to it"));
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail("Should not get any other error besides no permission to write");
        }
    }
}
