package org.neo4j.driver.internal.security;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CompletionStage;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.neo4j.bolt.connection.ssl.SSLContexts;
import org.neo4j.bolt.connection.ssl.TrustManagerFactories;
import org.neo4j.driver.ClientCertificateManager;
import org.neo4j.driver.Logging;
import org.neo4j.driver.RevocationCheckingStrategy;
import org.neo4j.driver.internal.security.SecurityPlan;
import org.neo4j.driver.internal.util.Futures;

/* loaded from: input_file:org/neo4j/driver/internal/security/SecurityPlanImpl.class */
public class SecurityPlanImpl implements SecurityPlan {
    private final boolean requiresEncryption;
    private final boolean requiresClientAuth;
    private final boolean requiresHostnameVerification;
    private final RevocationCheckingStrategy revocationCheckingStrategy;
    private final Supplier<CompletionStage<SSLContext>> sslContextSupplier;

    public static SecurityPlan forAllCertificates(boolean z, RevocationCheckingStrategy revocationCheckingStrategy, ClientCertificateManager clientCertificateManager, Logging logging) throws NoSuchAlgorithmException, KeyManagementException {
        return new SecurityPlanImpl(SSLContexts::forAnyCertificate, z, revocationCheckingStrategy, clientCertificateManager, logging);
    }

    public static SecurityPlan forCustomCASignedCertificates(List<File> list, boolean z, RevocationCheckingStrategy revocationCheckingStrategy, ClientCertificateManager clientCertificateManager, Logging logging) throws GeneralSecurityException, IOException {
        TrustManagerFactory forCertificates = TrustManagerFactories.forCertificates(list, map(revocationCheckingStrategy));
        return new SecurityPlanImpl(keyManagerArr -> {
            return SSLContexts.forTrustManagers(keyManagerArr, forCertificates.getTrustManagers());
        }, z, revocationCheckingStrategy, clientCertificateManager, logging);
    }

    public static SecurityPlan forSystemCASignedCertificates(boolean z, RevocationCheckingStrategy revocationCheckingStrategy, ClientCertificateManager clientCertificateManager, Logging logging) throws GeneralSecurityException, IOException {
        TrustManagerFactory forSystemCertificates = TrustManagerFactories.forSystemCertificates(map(revocationCheckingStrategy));
        return new SecurityPlanImpl(keyManagerArr -> {
            return SSLContexts.forTrustManagers(keyManagerArr, forSystemCertificates.getTrustManagers());
        }, z, revocationCheckingStrategy, clientCertificateManager, logging);
    }

    public static SecurityPlan insecure() {
        return new SecurityPlanImpl();
    }

    private SecurityPlanImpl(SecurityPlan.SSLContextSupplier sSLContextSupplier, boolean z, RevocationCheckingStrategy revocationCheckingStrategy, ClientCertificateManager clientCertificateManager, Logging logging) throws NoSuchAlgorithmException, KeyManagementException {
        this.requiresEncryption = true;
        this.requiresHostnameVerification = z;
        this.revocationCheckingStrategy = revocationCheckingStrategy;
        SSLContextManager sSLContextManager = new SSLContextManager(clientCertificateManager, sSLContextSupplier, logging);
        Objects.requireNonNull(sSLContextManager);
        this.sslContextSupplier = sSLContextManager::getSSLContext;
        this.requiresClientAuth = clientCertificateManager != null;
    }

    private SecurityPlanImpl() {
        this.requiresEncryption = false;
        this.requiresHostnameVerification = false;
        this.revocationCheckingStrategy = RevocationCheckingStrategy.NO_CHECKS;
        this.sslContextSupplier = Futures::completedWithNull;
        this.requiresClientAuth = false;
    }

    @Override // org.neo4j.driver.internal.security.SecurityPlan
    public boolean requiresEncryption() {
        return this.requiresEncryption;
    }

    @Override // org.neo4j.driver.internal.security.SecurityPlan
    public boolean requiresClientAuth() {
        return this.requiresClientAuth;
    }

    @Override // org.neo4j.driver.internal.security.SecurityPlan
    public CompletionStage<SSLContext> sslContext() {
        return this.sslContextSupplier.get();
    }

    @Override // org.neo4j.driver.internal.security.SecurityPlan
    public boolean requiresHostnameVerification() {
        return this.requiresHostnameVerification;
    }

    @Override // org.neo4j.driver.internal.security.SecurityPlan
    public RevocationCheckingStrategy revocationCheckingStrategy() {
        return this.revocationCheckingStrategy;
    }

    private static org.neo4j.bolt.connection.ssl.RevocationCheckingStrategy map(RevocationCheckingStrategy revocationCheckingStrategy) {
        switch (revocationCheckingStrategy) {
            case NO_CHECKS:
                return org.neo4j.bolt.connection.ssl.RevocationCheckingStrategy.NO_CHECKS;
            case VERIFY_IF_PRESENT:
                return org.neo4j.bolt.connection.ssl.RevocationCheckingStrategy.VERIFY_IF_PRESENT;
            case STRICT:
                return org.neo4j.bolt.connection.ssl.RevocationCheckingStrategy.STRICT;
            default:
                throw new IncompatibleClassChangeError();
        }
    }
}
