package org.neo4j.ssl;

import java.io.File;
import java.io.FileNotFoundException;
import java.nio.file.Path;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.configuration.ssl.SslPolicyConfig;
import org.neo4j.configuration.ssl.SslPolicyScope;
import org.neo4j.io.fs.FileUtils;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.ssl.config.SslPolicyLoader;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.rule.TestDirectory;
import org.neo4j.test.ssl.SelfSignedCertificateFactory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/ssl/SslPolicyLoaderTest.class */
class SslPolicyLoaderTest {

    @Inject
    private TestDirectory testDirectory;
    private File home;
    private File publicCertificateFile;
    private File privateKeyFile;

    SslPolicyLoaderTest() {
    }

    @BeforeEach
    void setup() throws Exception {
        this.home = this.testDirectory.directory("home", new String[0]);
        File file = new File(this.home, "certificates/default");
        this.publicCertificateFile = new File(file, "public.crt");
        this.privateKeyFile = new File(file, "private.key");
        new SelfSignedCertificateFactory().createSelfSignedCertificate(this.publicCertificateFile, this.privateKeyFile, "localhost");
        File file2 = new File(file, "trusted");
        file2.mkdir();
        FileUtils.copyFile(this.publicCertificateFile, new File(file2, "public.crt"));
        new File(file, "revoked").mkdir();
    }

    @Test
    void shouldLoadBaseCryptographicObjects() throws Exception {
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        SslPolicy policy = SslPolicyLoader.create(Config.newBuilder().set(GraphDatabaseSettings.neo4j_home, this.home.toPath().toAbsolutePath()).set(forScope.enabled, Boolean.TRUE).set(forScope.base_directory, Path.of("certificates/default", new String[0])).build(), NullLogProvider.getInstance()).getPolicy(SslPolicyScope.TESTING);
        Assertions.assertNotNull(policy);
        Assertions.assertNotNull(policy.privateKey());
        Assertions.assertNotNull(policy.certificateChain());
        Assertions.assertNotNull(policy.nettyClientContext());
        Assertions.assertNotNull(policy.nettyServerContext());
    }

    @Test
    void shouldComplainIfMissingPrivateKey() {
        shouldComplainIfMissingFile(this.privateKeyFile);
    }

    @Test
    void shouldComplainIfMissingPublicCertificate() {
        shouldComplainIfMissingFile(this.publicCertificateFile);
    }

    private void shouldComplainIfMissingFile(File file) {
        FileUtils.deleteFile(file);
        SslPolicyConfig forScope = SslPolicyConfig.forScope(SslPolicyScope.TESTING);
        Config build = Config.newBuilder().set(GraphDatabaseSettings.neo4j_home, this.home.toPath().toAbsolutePath()).set(forScope.enabled, Boolean.TRUE).set(forScope.base_directory, Path.of("certificates/default", new String[0])).build();
        MatcherAssert.assertThat(((Exception) Assertions.assertThrows(Exception.class, () -> {
            SslPolicyLoader.create(build, NullLogProvider.getInstance());
        })).getCause(), Matchers.instanceOf(FileNotFoundException.class));
    }

    @Test
    void shouldThrowIfPolicyNameDoesNotExist() {
        SslPolicyLoader create = SslPolicyLoader.create(Config.newBuilder().set(GraphDatabaseSettings.neo4j_home, this.home.toPath().toAbsolutePath()).set(SslPolicyConfig.forScope(SslPolicyScope.TESTING).base_directory, Path.of("certificates/default", new String[0])).build(), NullLogProvider.getInstance());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            create.getPolicy(SslPolicyScope.BOLT);
        });
    }

    @Test
    void shouldReturnNullPolicyIfNullRequested() {
        Assertions.assertNull(SslPolicyLoader.create(Config.defaults(), NullLogProvider.getInstance()).getPolicy((SslPolicyScope) null));
    }
}
