package org.neo4j.bolt.testing.client;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.neo4j.bolt.testing.client.BoltTestConnection;
import org.neo4j.bolt.testing.client.error.BoltTestClientStateException;
import org.neo4j.bolt.testing.client.tls.NaiveTrustManager;

/* loaded from: input_file:org/neo4j/bolt/testing/client/SecureWebSocketConnection.class */
public final class SecureWebSocketConnection extends WebSocketConnection implements SecureBoltTestConnection {
    private static final Factory factory = new Factory();

    /* loaded from: input_file:org/neo4j/bolt/testing/client/SecureWebSocketConnection$Factory.class */
    private static class Factory implements BoltTestConnection.Factory {
        private Factory() {
        }

        @Override // org.neo4j.bolt.testing.client.BoltTestConnection.Factory
        public BoltTestConnection create(SocketAddress socketAddress) {
            if (socketAddress instanceof InetSocketAddress) {
                return new SecureWebSocketConnection((InetSocketAddress) socketAddress);
            }
            throw new IllegalArgumentException("Cannot initialize TLS WebSocket connection with address of type " + socketAddress.getClass().getSimpleName());
        }

        public String toString() {
            return "TLS WebSocket";
        }
    }

    public static BoltTestConnection.Factory factory() {
        return factory;
    }

    public SecureWebSocketConnection(InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
    }

    @Override // org.neo4j.bolt.testing.client.AbstractNettyConnection
    protected SslContext sslContext() throws SSLException {
        SslContextBuilder trustManager = SslContextBuilder.forClient().trustManager(NaiveTrustManager.getInstance());
        if (this.certificate != null) {
            trustManager.keyManager(this.privateKey, new X509Certificate[]{this.certificate});
        }
        return trustManager.build();
    }

    @Override // org.neo4j.bolt.testing.client.SecureBoltTestConnection
    public Set<X509Certificate> getServerCertificatesSeen() {
        if (this.sslEngine == null) {
            return Set.of();
        }
        try {
            return (Set) Arrays.stream(this.sslEngine.getSession().getPeerCertificates()).map(certificate -> {
                return (X509Certificate) certificate;
            }).collect(Collectors.toSet());
        } catch (SSLPeerUnverifiedException e) {
            return Set.of();
        }
    }

    @Override // org.neo4j.bolt.testing.client.WebSocketConnection
    protected URI webSocketAddress() {
        try {
            return new URI("wss", null, this.address.getHostString(), this.address.getPort(), "/", null, null);
        } catch (URISyntaxException e) {
            throw new BoltTestClientStateException("Failed to construct WebSocket address", e);
        }
    }
}
