package org.neo4j.bolt.testing.client;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.neo4j.bolt.testing.client.error.BoltTestClientClosedException;

/* loaded from: input_file:org/neo4j/bolt/testing/client/CertConfiguredSecureSocketConnection.class */
public final class CertConfiguredSecureSocketConnection extends SecureSocketConnection {
    private final X509Certificate rootCert;

    public CertConfiguredSecureSocketConnection(InetSocketAddress inetSocketAddress, X509Certificate x509Certificate) {
        super(inetSocketAddress);
        this.rootCert = x509Certificate;
    }

    @Override // org.neo4j.bolt.testing.client.SecureSocketConnection, org.neo4j.bolt.testing.client.AbstractNettyConnection
    protected SslContext sslContext() throws SSLException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "".toCharArray());
            keyStore.setCertificateEntry("rootCert", this.rootCert);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, new char[0]);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new BoltTestClientClosedException("Failed to initialize SslContext", e);
        }
    }

    public Set<BasicOCSPResp> getSeenOcspResponses() throws IOException, OCSPException {
        SSLEngine sSLEngine = this.sslEngine;
        if (sSLEngine == null) {
            return Set.of();
        }
        HashSet hashSet = new HashSet();
        for (byte[] bArr : ((ExtendedSSLSession) sSLEngine.getSession()).getStatusResponses()) {
            if (bArr.length > 0) {
                hashSet.add((BasicOCSPResp) new OCSPResp(bArr).getResponseObject());
            }
        }
        return hashSet;
    }
}
