package org.neo4j.bolt;

import java.io.File;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.neo4j.bolt.BoltKernelExtension;
import org.neo4j.com.ports.allocation.PortAuthority;
import org.neo4j.helpers.AdvertisedSocketAddress;
import org.neo4j.kernel.configuration.BoltConnector;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.configuration.ssl.SslPolicyConfig;
import org.neo4j.kernel.internal.GraphDatabaseAPI;
import org.neo4j.ssl.SecureClient;
import org.neo4j.ssl.SslContextFactory;
import org.neo4j.ssl.SslResource;
import org.neo4j.ssl.SslResourceBuilder;
import org.neo4j.test.TestGraphDatabaseFactory;
import org.neo4j.test.rule.TestDirectory;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/neo4j/bolt/BoltTlsIT.class */
public class BoltTlsIT {
    private GraphDatabaseAPI db;
    private SslResource sslResource;

    @Parameterized.Parameter
    public TestSetup setup;

    @Rule
    public final TestDirectory testDirectory = TestDirectory.testDirectory();
    private SslPolicyConfig sslPolicy = new SslPolicyConfig("bolt");
    private BoltConnector bolt = new BoltConnector("bolt");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/bolt/BoltTlsIT$TestSetup.class */
    public static class TestSetup {
        private final String clientTlsVersions;
        private final String boltTlsVersions;
        private final boolean shouldSucceed;

        TestSetup(String str, String str2, boolean z) {
            this.clientTlsVersions = str;
            this.boltTlsVersions = str2;
            this.shouldSucceed = z;
        }

        public String toString() {
            return "TestSetup{clientTlsVersions='" + this.clientTlsVersions + "', boltTlsVersions='" + this.boltTlsVersions + "', shouldSucceed=" + this.shouldSucceed + '}';
        }
    }

    @Before
    public void setup() throws IOException {
        File file = new File(this.testDirectory.graphDbDir(), "certificates");
        Assert.assertTrue(file.mkdirs());
        this.sslResource = SslResourceBuilder.selfSignedKeyId(0).trustKeyId(0).install(file);
        createAndStartDb();
    }

    @Parameterized.Parameters(name = "{0}")
    public static Object[] params() {
        return new TestSetup[]{new TestSetup("TLSv1.1", "TLSv1.2", false), new TestSetup("TLSv1.2", "TLSv1.1", false), new TestSetup("TLSv1", "TLSv1.1", false), new TestSetup("TLSv1.1", "TLSv1.2", false), new TestSetup("TLSv1", "TLSv1", true), new TestSetup("TLSv1.1", "TLSv1.1", true), new TestSetup("TLSv1.2", "TLSv1.2", true), new TestSetup("SSLv3,TLSv1", "TLSv1.1,TLSv1.2", false), new TestSetup("TLSv1.1,TLSv1.2", "TLSv1.1,TLSv1.2", true)};
    }

    private void createAndStartDb() {
        this.db = new TestGraphDatabaseFactory().newImpermanentDatabaseBuilder(this.testDirectory.graphDbDir()).setConfig(this.bolt.enabled, "true").setConfig(this.bolt.listen_address, ":" + PortAuthority.allocatePort()).setConfig(BoltKernelExtension.Settings.ssl_policy, "bolt").setConfig(this.sslPolicy.allow_key_generation, "true").setConfig(this.sslPolicy.base_directory, "certificates").setConfig(this.sslPolicy.tls_versions, this.setup.boltTlsVersions).setConfig(this.sslPolicy.client_auth, "none").newGraphDatabase();
    }

    @After
    public void teardown() {
        if (this.db != null) {
            this.db.shutdown();
        }
    }

    @Test
    public void shouldRespectProtocolSelection() throws Exception {
        int port = ((AdvertisedSocketAddress) ((Config) this.db.getDependencyResolver().resolveDependency(Config.class)).get(this.bolt.advertised_address)).getPort();
        SecureClient secureClient = new SecureClient(SslContextFactory.makeSslContext(this.sslResource, false, SslContextFactory.SslParameters.protocols(this.setup.clientTlsVersions).ciphers(new String[0])));
        secureClient.connect(port);
        Assert.assertTrue(secureClient.sslHandshakeFuture().await(1L, TimeUnit.MINUTES));
        if (this.setup.shouldSucceed) {
            Assert.assertNull(secureClient.sslHandshakeFuture().cause());
        } else {
            Assert.assertNotNull(secureClient.sslHandshakeFuture().cause());
        }
    }
}
