package org.neo4j.ssl;

import java.io.File;
import java.io.IOException;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.util.UUID;
import org.bouncycastle.operator.OperatorCreationException;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.configuration.ssl.SslPolicyConfig;
import org.neo4j.test.rule.TestDirectory;

/* loaded from: input_file:org/neo4j/ssl/HostnameVerificationHelper.class */
public class HostnameVerificationHelper {
    public static final String POLICY_NAME = "fakePolicy";
    public static final SslPolicyConfig SSL_POLICY_CONFIG = new SslPolicyConfig(POLICY_NAME);
    private static final PkiUtils PKI_UTILS = new PkiUtils();

    public static Config aConfig(String str, TestDirectory testDirectory) throws GeneralSecurityException, IOException, OperatorCreationException {
        File directory = testDirectory.directory("base_directory_" + UUID.randomUUID().toString());
        File file = new File(directory, "certificate.crt");
        File file2 = new File(directory, "private.pem");
        File file3 = new File(directory, "revoked");
        File file4 = new File(directory, "trusted");
        file4.mkdirs();
        file3.mkdirs();
        PKI_UTILS.createSelfSignedCertificate(file, file2, str);
        return Config.builder().withSetting(SSL_POLICY_CONFIG.base_directory, directory.toString()).withSetting(SSL_POLICY_CONFIG.trusted_dir, file4.toString()).withSetting(SSL_POLICY_CONFIG.revoked_dir, file3.toString()).withSetting(SSL_POLICY_CONFIG.private_key, file2.toString()).withSetting(SSL_POLICY_CONFIG.public_certificate, file.toString()).withSetting(SSL_POLICY_CONFIG.tls_versions, "TLSv1.2").withSetting(SSL_POLICY_CONFIG.ciphers, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA").withSetting(SSL_POLICY_CONFIG.client_auth, "none").withSetting(SSL_POLICY_CONFIG.allow_key_generation, "false").withSetting(SSL_POLICY_CONFIG.trust_all, "false").withSetting(SSL_POLICY_CONFIG.verify_hostname, "true").build();
    }

    public static void trust(Config config, Config config2) throws IOException {
        SslPolicyConfig sslPolicyConfig = new SslPolicyConfig(POLICY_NAME);
        File file = (File) config.get(sslPolicyConfig.trusted_dir);
        File file2 = (File) config2.get(sslPolicyConfig.public_certificate);
        Files.copy(file2.toPath(), file.toPath().resolve(file2.getName()), new CopyOption[0]);
    }
}
