package org.neo4j.configuration.ssl;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.string.SecureString;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.utils.TestDirectory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/configuration/ssl/SslPolicyConfigValidatorTest.class */
class SslPolicyConfigValidatorTest {

    @Inject
    private TestDirectory testDirectory;

    SslPolicyConfigValidatorTest() {
    }

    @Test
    void shouldFindPolicyDefaults() {
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        Path directory = this.testDirectory.directory("home");
        Config build = Config.newBuilder().set(GraphDatabaseSettings.neo4j_home, directory.toAbsolutePath()).set(forScope.base_directory, Path.of("certificates/testing", new String[0])).build();
        Path resolve = directory.resolve("certificates/testing/private.key");
        Path resolve2 = directory.resolve("certificates/testing/public.crt");
        Path resolve3 = directory.resolve("certificates/testing/trusted");
        Path resolve4 = directory.resolve("certificates/testing/revoked");
        Path path = (Path) build.get(forScope.private_key);
        Path path2 = (Path) build.get(forScope.public_certificate);
        Path path3 = (Path) build.get(forScope.trusted_dir);
        Path path4 = (Path) build.get(forScope.revoked_dir);
        SecureString secureString = (SecureString) build.get(forScope.private_key_password);
        boolean booleanValue = ((Boolean) build.get(forScope.trust_all)).booleanValue();
        List list = (List) build.get(forScope.tls_versions);
        List list2 = (List) build.get(forScope.ciphers);
        ClientAuth clientAuth = (ClientAuth) build.get(forScope.client_auth);
        Assertions.assertEquals(resolve, path);
        Assertions.assertEquals(resolve2, path2);
        Assertions.assertEquals(resolve3, path3);
        Assertions.assertEquals(resolve4, path4);
        Assertions.assertNull(secureString);
        Assertions.assertFalse(booleanValue);
        Assertions.assertEquals(List.of("TLSv1.2", "TLSv1.3"), list);
        Assertions.assertNull(list2);
        Assertions.assertEquals(ClientAuth.REQUIRE, clientAuth);
    }

    @Test
    void shouldFindPolicyOverrides() {
        Config.Builder newBuilder = Config.newBuilder();
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        newBuilder.set(GraphDatabaseSettings.neo4j_home, this.testDirectory.directory("home").toAbsolutePath());
        newBuilder.set(forScope.base_directory, Path.of("certificates/testing", new String[0]));
        Path directory = this.testDirectory.directory("path/to/my.key");
        Path directory2 = this.testDirectory.directory("path/to/my.crt");
        Path directory3 = this.testDirectory.directory("some/other/path/to/trusted");
        Path directory4 = this.testDirectory.directory("some/other/path/to/revoked");
        newBuilder.set(forScope.private_key, directory.toAbsolutePath());
        newBuilder.set(forScope.public_certificate, directory2.toAbsolutePath());
        newBuilder.set(forScope.trusted_dir, directory3.toAbsolutePath());
        newBuilder.set(forScope.revoked_dir, directory4.toAbsolutePath());
        newBuilder.set(forScope.trust_all, true);
        newBuilder.set(forScope.private_key_password, new SecureString("setecastronomy"));
        newBuilder.set(forScope.tls_versions, List.of("TLSv1.1", "TLSv1.2"));
        newBuilder.set(forScope.ciphers, List.of("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"));
        newBuilder.set(forScope.client_auth, ClientAuth.OPTIONAL);
        Config build = newBuilder.build();
        Path path = (Path) build.get(forScope.private_key);
        Path path2 = (Path) build.get(forScope.public_certificate);
        Path path3 = (Path) build.get(forScope.trusted_dir);
        Path path4 = (Path) build.get(forScope.revoked_dir);
        SecureString secureString = (SecureString) build.get(forScope.private_key_password);
        boolean booleanValue = ((Boolean) build.get(forScope.trust_all)).booleanValue();
        List list = (List) build.get(forScope.tls_versions);
        List list2 = (List) build.get(forScope.ciphers);
        ClientAuth clientAuth = (ClientAuth) build.get(forScope.client_auth);
        Assertions.assertEquals(directory, path);
        Assertions.assertEquals(directory2, path2);
        Assertions.assertEquals(directory3, path3);
        Assertions.assertEquals(directory4, path4);
        Assertions.assertTrue(booleanValue);
        Assertions.assertEquals("setecastronomy", secureString.getString());
        Assertions.assertEquals(Arrays.asList("TLSv1.1", "TLSv1.2"), list);
        Assertions.assertEquals(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"), list2);
        Assertions.assertEquals(ClientAuth.OPTIONAL, clientAuth);
    }

    @Test
    void shouldAcceptAllValidPemPolicyKeys() {
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        Config.Builder builder = Config.newBuilder().set(forScope.base_directory, Path.of("xyz", new String[0])).set(forScope.revoked_dir, Path.of("xyz", new String[0])).set(forScope.trust_all, false).set(forScope.client_auth, ClientAuth.NONE).set(forScope.tls_versions, List.of("xyz")).set(forScope.ciphers, List.of("xyz")).set(forScope.verify_hostname, true).set(forScope.private_key, Path.of("xyz", new String[0])).set(forScope.public_certificate, Path.of("xyz", new String[0])).set(forScope.trusted_dir, Path.of("xyz", new String[0])).set(forScope.private_key_password, new SecureString("xyz"));
        Objects.requireNonNull(builder);
        Assertions.assertDoesNotThrow(builder::build);
    }

    @Test
    void shouldThrowOnUnknownPolicySetting() throws IOException {
        Path createFile = this.testDirectory.createFile("test.conf");
        Files.write(createFile, Arrays.asList("dbms.ssl.policy.testing.trust_all=xyz", "dbms.ssl.policy.testing.color=blue"), new OpenOption[0]);
        org.assertj.core.api.Assertions.assertThat(((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            Config.newBuilder().fromFile(createFile).build();
        })).getMessage()).contains(new CharSequence[]{"Error evaluating value for setting"});
    }

    @Test
    void shouldThrowOnDirectPolicySetting() throws IOException {
        Path createFile = this.testDirectory.createFile("test.conf");
        Files.write(createFile, Arrays.asList("dbms.ssl.policy.base_directory.trust_all=xyz", "dbms.ssl.policy.base_directory=path"), new OpenOption[0]);
        Config.Builder fromFile = Config.newBuilder().set(GraphDatabaseSettings.strict_config_validation, true).fromFile(createFile);
        Objects.requireNonNull(fromFile);
        org.assertj.core.api.Assertions.assertThat(((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, fromFile::build)).getMessage()).contains(new CharSequence[]{"No declared setting with name: dbms.ssl.policy."});
    }

    @Test
    void shouldIgnoreUnknownNonPolicySettings() throws IOException {
        Path createFile = this.testDirectory.createFile("test.conf");
        Files.write(createFile, Arrays.asList("dbms.ssl.unknown=xyz", "dbms.ssl.something=xyz", "dbms.unrelated.totally=xyz"), new OpenOption[0]);
        org.assertj.core.api.Assertions.assertThat(((IllegalArgumentException) Assertions.assertThrows(IllegalArgumentException.class, () -> {
            Config.newBuilder().set(GraphDatabaseSettings.strict_config_validation, true).fromFile(createFile).build();
        })).getMessage()).contains(new CharSequence[]{"Unrecognized setting"});
    }
}
