package org.neo4j.configuration.ssl;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.internal.helpers.collection.MapUtil;
import org.neo4j.string.SecureString;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.rule.TestDirectory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/configuration/ssl/SslPolicyConfigValidatorTest.class */
class SslPolicyConfigValidatorTest {

    @Inject
    private TestDirectory testDirectory;

    SslPolicyConfigValidatorTest() {
    }

    @Test
    void shouldFindPolicyDefaults() {
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        File directory = this.testDirectory.directory("home", new String[0]);
        Config build = Config.newBuilder().set(GraphDatabaseSettings.neo4j_home, directory.toPath().toAbsolutePath()).set(forScope.base_directory, Path.of("certificates/testing", new String[0])).build();
        File file = new File(directory, "certificates/testing/private.key");
        File file2 = new File(directory, "certificates/testing/public.crt");
        File file3 = new File(directory, "certificates/testing/trusted");
        File file4 = new File(directory, "certificates/testing/revoked");
        File file5 = ((Path) build.get(forScope.private_key)).toFile();
        File file6 = ((Path) build.get(forScope.public_certificate)).toFile();
        File file7 = ((Path) build.get(forScope.trusted_dir)).toFile();
        File file8 = ((Path) build.get(forScope.revoked_dir)).toFile();
        SecureString secureString = (SecureString) build.get(forScope.private_key_password);
        boolean booleanValue = ((Boolean) build.get(forScope.trust_all)).booleanValue();
        List list = (List) build.get(forScope.tls_versions);
        List list2 = (List) build.get(forScope.ciphers);
        ClientAuth clientAuth = (ClientAuth) build.get(forScope.client_auth);
        Assertions.assertEquals(file, file5);
        Assertions.assertEquals(file2, file6);
        Assertions.assertEquals(file3, file7);
        Assertions.assertEquals(file4, file8);
        Assertions.assertNull(secureString);
        Assertions.assertFalse(booleanValue);
        Assertions.assertEquals(Collections.singletonList("TLSv1.2"), list);
        Assertions.assertNull(list2);
        Assertions.assertEquals(ClientAuth.REQUIRE, clientAuth);
    }

    @Test
    void shouldFindPolicyOverrides() {
        Config.Builder newBuilder = Config.newBuilder();
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        newBuilder.set(GraphDatabaseSettings.neo4j_home, this.testDirectory.directory("home", new String[0]).toPath().toAbsolutePath());
        newBuilder.set(forScope.base_directory, Path.of("certificates/testing", new String[0]));
        File directory = this.testDirectory.directory("/path/to/my.key", new String[0]);
        File directory2 = this.testDirectory.directory("/path/to/my.crt", new String[0]);
        File directory3 = this.testDirectory.directory("/some/other/path/to/trusted", new String[0]);
        File directory4 = this.testDirectory.directory("/some/other/path/to/revoked", new String[0]);
        newBuilder.set(forScope.private_key, directory.toPath().toAbsolutePath());
        newBuilder.set(forScope.public_certificate, directory2.toPath().toAbsolutePath());
        newBuilder.set(forScope.trusted_dir, directory3.toPath().toAbsolutePath());
        newBuilder.set(forScope.revoked_dir, directory4.toPath().toAbsolutePath());
        newBuilder.set(forScope.trust_all, true);
        newBuilder.set(forScope.private_key_password, new SecureString("setecastronomy"));
        newBuilder.set(forScope.tls_versions, List.of("TLSv1.1", "TLSv1.2"));
        newBuilder.set(forScope.ciphers, List.of("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"));
        newBuilder.set(forScope.client_auth, ClientAuth.OPTIONAL);
        Config build = newBuilder.build();
        File file = ((Path) build.get(forScope.private_key)).toFile();
        File file2 = ((Path) build.get(forScope.public_certificate)).toFile();
        File file3 = ((Path) build.get(forScope.trusted_dir)).toFile();
        File file4 = ((Path) build.get(forScope.revoked_dir)).toFile();
        SecureString secureString = (SecureString) build.get(forScope.private_key_password);
        boolean booleanValue = ((Boolean) build.get(forScope.trust_all)).booleanValue();
        List list = (List) build.get(forScope.tls_versions);
        List list2 = (List) build.get(forScope.ciphers);
        ClientAuth clientAuth = (ClientAuth) build.get(forScope.client_auth);
        Assertions.assertEquals(directory, file);
        Assertions.assertEquals(directory2, file2);
        Assertions.assertEquals(directory3, file3);
        Assertions.assertEquals(directory4, file4);
        Assertions.assertTrue(booleanValue);
        Assertions.assertEquals("setecastronomy", secureString.getString());
        Assertions.assertEquals(Arrays.asList("TLSv1.1", "TLSv1.2"), list);
        Assertions.assertEquals(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), list2);
        Assertions.assertEquals(ClientAuth.OPTIONAL, clientAuth);
    }

    @Test
    void shouldAcceptAllValidPemPolicyKeys() {
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        Config.Builder builder = Config.newBuilder().set(forScope.base_directory, Path.of("xyz", new String[0])).set(forScope.revoked_dir, Path.of("xyz", new String[0])).set(forScope.trust_all, false).set(forScope.client_auth, ClientAuth.NONE).set(forScope.tls_versions, List.of("xyz")).set(forScope.ciphers, List.of("xyz")).set(forScope.verify_hostname, true).set(forScope.private_key, Path.of("xyz", new String[0])).set(forScope.public_certificate, Path.of("xyz", new String[0])).set(forScope.trusted_dir, Path.of("xyz", new String[0])).set(forScope.private_key_password, new SecureString("xyz"));
        Objects.requireNonNull(builder);
        Assertions.assertDoesNotThrow(builder::build);
    }

    @Test
    void shouldThrowOnUnknownPolicySetting() throws IOException {
        File createFile = this.testDirectory.createFile("test.conf", new String[0]);
        Files.write(createFile.toPath(), Arrays.asList("dbms.ssl.policy.testing.trust_all=xyz", "dbms.ssl.policy.testing.color=blue"), new OpenOption[0]);
        MatcherAssert.assertThat(((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            Config.newBuilder().fromFile(createFile).build();
        })).getMessage(), Matchers.containsString("Error evaluating value for setting"));
    }

    @Test
    void shouldThrowOnDirectPolicySetting() throws IOException {
        File createFile = this.testDirectory.createFile("test.conf", new String[0]);
        Files.write(createFile.toPath(), Arrays.asList("dbms.ssl.policy.base_directory.trust_all=xyz", "dbms.ssl.policy.base_directory=path"), new OpenOption[0]);
        Config.Builder fromFile = Config.newBuilder().set(GraphDatabaseSettings.strict_config_validation, true).fromFile(createFile);
        Objects.requireNonNull(fromFile);
        MatcherAssert.assertThat(((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, fromFile::build)).getMessage(), Matchers.containsString("No declared setting with name: dbms.ssl.policy."));
    }

    @Test
    void shouldIgnoreUnknownNonPolicySettings() throws IOException {
        File createFile = this.testDirectory.createFile("test.conf", new String[0]);
        Files.write(createFile.toPath(), Arrays.asList("dbms.ssl.unknown=xyz", "dbms.ssl.something=xyz", "dbms.unrelated.totally=xyz"), new OpenOption[0]);
        MatcherAssert.assertThat(((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            Config.newBuilder().set(GraphDatabaseSettings.strict_config_validation, true).fromFile(createFile).build();
        })).getMessage(), Matchers.containsString("Unrecognized setting"));
    }

    private static Map<String, String> params(String... strArr) {
        return Collections.unmodifiableMap(MapUtil.stringMap(strArr));
    }
}
