package org.neo4j.ssl;

import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.junit.After;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.neo4j.ssl.SslContextFactory;
import org.neo4j.test.rule.TestDirectory;
import org.neo4j.test.rule.fs.DefaultFileSystemRule;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/neo4j/ssl/SslNegotiationTest.class */
public class SslNegotiationTest {
    private static final String OLD_CIPHER_A = "SSL_RSA_WITH_NULL_SHA";
    private static final String OLD_CIPHER_B = "SSL_RSA_WITH_RC4_128_MD5";
    private static final String OLD_CIPHER_C = "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
    private static final String NEW_CIPHER_A = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
    private static final String NEW_CIPHER_B = "TLS_RSA_WITH_AES_128_CBC_SHA256";
    private static final String NEW_CIPHER_C = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
    private static final String TLSv10 = "TLSv1";
    private static final String TLSv11 = "TLSv1.1";
    private static final String TLSv12 = "TLSv1.2";

    @Rule
    public TestDirectory testDir = TestDirectory.testDirectory();

    @Rule
    public DefaultFileSystemRule fsRule = new DefaultFileSystemRule();

    @Parameterized.Parameter
    public TestSetup setup;
    private SecureServer server;
    private SecureClient client;

    /* loaded from: input_file:org/neo4j/ssl/SslNegotiationTest$TestSetup.class */
    private static class TestSetup {
        private final SslContextFactory.SslParameters serverParams;
        private final SslContextFactory.SslParameters clientParams;
        private final boolean expectedSuccess;
        private final String expectedProtocol;
        private final String expectedCipher;

        private TestSetup(SslContextFactory.SslParameters sslParameters, SslContextFactory.SslParameters sslParameters2, boolean z) {
            this(sslParameters, sslParameters2, z, null, null);
        }

        private TestSetup(SslContextFactory.SslParameters sslParameters, SslContextFactory.SslParameters sslParameters2, boolean z, String str, String str2) {
            this.serverParams = sslParameters;
            this.clientParams = sslParameters2;
            this.expectedSuccess = z;
            this.expectedProtocol = str;
            this.expectedCipher = str2;
        }

        public String toString() {
            return "TestSetup{serverParams=" + this.serverParams + ", clientParams=" + this.clientParams + ", expectedSuccess=" + this.expectedSuccess + ", expectedProtocol='" + this.expectedProtocol + "', expectedCipher='" + this.expectedCipher + "'}";
        }
    }

    @Parameterized.Parameters(name = "{0}")
    public static Object[] params() {
        return new TestSetup[]{new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_A), true, TLSv10, OLD_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv10).ciphers(NEW_CIPHER_A), true, TLSv10, NEW_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11).ciphers(OLD_CIPHER_A), true, TLSv11, OLD_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_A), true, TLSv11, NEW_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_A), true, TLSv12, NEW_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11).ciphers(OLD_CIPHER_A), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_A), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_A), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_A), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_B), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_B), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_B), false), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_B, OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv10).ciphers(OLD_CIPHER_C, OLD_CIPHER_A), true, TLSv10, OLD_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_B, NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11).ciphers(NEW_CIPHER_C, NEW_CIPHER_A), true, TLSv11, NEW_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_B, NEW_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv12).ciphers(NEW_CIPHER_C, NEW_CIPHER_A), true, TLSv12, NEW_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10, TLSv11).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv11, TLSv12).ciphers(OLD_CIPHER_A), true, TLSv11, OLD_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv11, TLSv12).ciphers(OLD_CIPHER_A), SslContextFactory.SslParameters.protocols(TLSv10, TLSv11).ciphers(OLD_CIPHER_A), true, TLSv11, OLD_CIPHER_A), new TestSetup(SslContextFactory.SslParameters.protocols(TLSv10, TLSv11, TLSv12).ciphers(NEW_CIPHER_B), SslContextFactory.SslParameters.protocols(TLSv10, TLSv11, TLSv12).ciphers(NEW_CIPHER_B), true, TLSv12, NEW_CIPHER_B)};
    }

    @After
    public void cleanup() {
        if (this.client != null) {
            this.client.disconnect();
        }
        if (this.server != null) {
            this.server.stop();
        }
    }

    @Test
    public void shouldNegotiateCorrectly() throws Exception {
        SslResource install = SslResourceBuilder.selfSignedKeyId(0).trustKeyId(1).install(this.testDir.directory("server"));
        SslResource install2 = SslResourceBuilder.selfSignedKeyId(1).trustKeyId(0).install(this.testDir.directory("client"));
        this.server = new SecureServer(SslContextFactory.makeSslPolicy(install, this.setup.serverParams));
        this.server.start();
        this.client = new SecureClient(SslContextFactory.makeSslPolicy(install2, this.setup.clientParams));
        this.client.connect(this.server.port());
        try {
            Assert.assertTrue(this.client.sslHandshakeFuture().get(1L, TimeUnit.MINUTES).isActive());
            Assert.assertEquals(this.setup.expectedProtocol, this.client.protocol());
            Assert.assertEquals(this.setup.expectedCipher.substring(4), this.client.ciphers().substring(4));
        } catch (ExecutionException e) {
            Assert.assertFalse(this.setup.expectedSuccess);
        }
    }
}
