package org.neo4j.driver.internal.security;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Scanner;
import org.hamcrest.CoreMatchers;
import org.hamcrest.junit.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.neo4j.driver.internal.BoltServerAddress;
import org.neo4j.driver.v1.Logger;

/* loaded from: input_file:org/neo4j/driver/internal/security/TrustOnFirstUseTrustManagerTest.class */
class TrustOnFirstUseTrustManagerTest {
    private File knownCertsFile;
    private String knownServerIp;
    private int knownServerPort;
    private String knownServer;
    private X509Certificate knownCertificate;

    TrustOnFirstUseTrustManagerTest() {
    }

    @BeforeEach
    void setUp() throws Throwable {
        this.knownCertsFile = Files.createTempFile(Paths.get("target", new String[0]), "known-certs", "", new FileAttribute[0]).toFile();
        this.knownServerIp = "1.2.3.4";
        this.knownServerPort = 100;
        this.knownServer = this.knownServerIp + ":" + this.knownServerPort;
        this.knownCertificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(this.knownCertificate.getEncoded()).thenReturn("certificate".getBytes(StandardCharsets.UTF_8));
        PrintWriter printWriter = new PrintWriter(this.knownCertsFile);
        Throwable th = null;
        try {
            printWriter.println(" # I am a comment.");
            printWriter.println(this.knownServer + " " + TrustOnFirstUseTrustManager.fingerprint(this.knownCertificate));
            if (printWriter != null) {
                if (0 == 0) {
                    printWriter.close();
                    return;
                }
                try {
                    printWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (printWriter != null) {
                if (0 != 0) {
                    try {
                        printWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    printWriter.close();
                }
            }
            throw th3;
        }
    }

    @AfterEach
    void tearDown() throws IOException {
        Files.deleteIfExists(this.knownCertsFile.toPath());
    }

    @Test
    void shouldLoadExistingCert() throws Throwable {
        BoltServerAddress boltServerAddress = new BoltServerAddress(this.knownServerIp, this.knownServerPort);
        Logger logger = (Logger) Mockito.mock(Logger.class);
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(boltServerAddress, this.knownCertsFile, logger);
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getEncoded()).thenReturn("fake certificate".getBytes());
        Assertions.assertTrue(((CertificateException) Assertions.assertThrows(CertificateException.class, () -> {
            trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, (String) null);
        })).getMessage().contains("If you trust the certificate the server uses now, simply remove the line that starts with"));
        Mockito.verifyNoMoreInteractions(new Object[]{logger});
    }

    @Test
    void shouldSaveNewCert() throws Throwable {
        BoltServerAddress boltServerAddress = new BoltServerAddress(this.knownServerIp, 200);
        Logger logger = (Logger) Mockito.mock(Logger.class);
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(boltServerAddress, this.knownCertsFile, logger);
        String fingerprint = TrustOnFirstUseTrustManager.fingerprint(this.knownCertificate);
        trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{this.knownCertificate}, (String) null);
        ((Logger) Mockito.verify(logger)).info("Adding %s as known and trusted certificate for %s.", new Object[]{fingerprint, "1.2.3.4:200"});
        Scanner scanner = new Scanner(this.knownCertsFile);
        Throwable th = null;
        try {
            try {
                Assertions.assertEquals(this.knownServer + " " + fingerprint, nextLine(scanner));
                Assertions.assertTrue(scanner.hasNextLine());
                Assertions.assertEquals(this.knownServerIp + ":200 " + fingerprint, nextLine(scanner));
                if (scanner != null) {
                    if (0 == 0) {
                        scanner.close();
                        return;
                    }
                    try {
                        scanner.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (scanner != null) {
                if (th != null) {
                    try {
                        scanner.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    scanner.close();
                }
            }
            throw th4;
        }
    }

    private String nextLine(Scanner scanner) {
        String nextLine;
        do {
            Assertions.assertTrue(scanner.hasNext());
            nextLine = scanner.nextLine();
        } while (nextLine.trim().startsWith("#"));
        return nextLine;
    }

    @Test
    void shouldThrowMeaningfulExceptionIfHasNoReadPermissionToKnownHostFile() {
        File file = (File) Mockito.mock(File.class);
        Mockito.when(Boolean.valueOf(file.canRead())).thenReturn(false);
        Mockito.when(Boolean.valueOf(file.exists())).thenReturn(true);
        BoltServerAddress boltServerAddress = new BoltServerAddress(this.knownServerIp, this.knownServerPort);
        MatcherAssert.assertThat(((IOException) Assertions.assertThrows(IOException.class, () -> {
            new TrustOnFirstUseTrustManager(boltServerAddress, file, (Logger) null);
        })).getMessage(), CoreMatchers.containsString("you have no read permissions to it"));
    }

    @Test
    void shouldThrowMeaningfulExceptionIfHasNoWritePermissionToKnownHostFile() throws Throwable {
        File file = (File) Mockito.mock(File.class);
        Mockito.when(Boolean.valueOf(file.exists())).thenReturn(false, new Boolean[]{true});
        Mockito.when(Boolean.valueOf(file.canWrite())).thenReturn(false);
        TrustOnFirstUseTrustManager trustOnFirstUseTrustManager = new TrustOnFirstUseTrustManager(new BoltServerAddress(this.knownServerIp, this.knownServerPort), file, (Logger) Mockito.mock(Logger.class));
        MatcherAssert.assertThat(((CertificateException) Assertions.assertThrows(CertificateException.class, () -> {
            trustOnFirstUseTrustManager.checkServerTrusted(new X509Certificate[]{this.knownCertificate}, (String) null);
        })).getCause().getMessage(), CoreMatchers.containsString("you have no write permissions to it"));
    }
}
