package org.neo4j.bolt.testing.client.tls;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.neo4j.internal.helpers.HostnamePort;

/* loaded from: input_file:org/neo4j/bolt/testing/client/tls/CertConfiguredSecureSocketConnection.class */
public class CertConfiguredSecureSocketConnection extends SecureSocketConnection {
    private final X509Certificate rootCert;

    public CertConfiguredSecureSocketConnection(HostnamePort hostnamePort, X509Certificate x509Certificate) {
        super(hostnamePort);
        this.rootCert = x509Certificate;
    }

    @Override // org.neo4j.bolt.testing.client.tls.SecureSocketConnection
    protected SSLContext createSslContext() throws IOException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, "".toCharArray());
        keyStore.setCertificateEntry("rootCert", this.rootCert);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    @Override // org.neo4j.bolt.testing.client.tls.SecureSocketConnection
    public Set<X509Certificate> getServerCertificatesSeen() {
        try {
            return (Set) Arrays.stream(((SSLSocket) this.socket).getSession().getPeerCertificates()).map(certificate -> {
                return (X509Certificate) certificate;
            }).collect(Collectors.toSet());
        } catch (SSLPeerUnverifiedException e) {
            throw new RuntimeException("Failed retrieving client-seen certificates", e);
        }
    }

    public Set<BasicOCSPResp> getSeenOcspResponses() throws IOException, OCSPException {
        HashSet hashSet = new HashSet();
        for (byte[] bArr : ((ExtendedSSLSession) ((SSLSocket) this.socket).getSession()).getStatusResponses()) {
            if (bArr.length > 0) {
                hashSet.add((BasicOCSPResp) new OCSPResp(bArr).getResponseObject());
            }
        }
        return hashSet;
    }
}
