package org.neo4j.kernel.impl.security;

import inet.ipaddr.IPAddressString;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseInternalSettings;
import org.neo4j.graphdb.security.URLAccessValidationError;

/* loaded from: input_file:org/neo4j/kernel/impl/security/WebURLAccessRuleTest.class */
class WebURLAccessRuleTest {
    static final /* synthetic */ boolean $assertionsDisabled;

    WebURLAccessRuleTest() {
    }

    @Test
    void shouldThrowWhenUrlIsWithinBlockedRange() throws MalformedURLException {
        IPAddressString iPAddressString = new IPAddressString("127.0.0.0/8");
        IPAddressString iPAddressString2 = new IPAddressString("0:0:0:0:0:0:0:1/8");
        Iterator it = List.of("http://localhost/test.csv", "https://localhost/test.csv", "ftp://localhost/test.csv", "http://[::1]/test.csv").iterator();
        while (it.hasNext()) {
            URL url = new URL((String) it.next());
            Config defaults = Config.defaults(GraphDatabaseInternalSettings.cypher_ip_blocklist, List.of(iPAddressString, iPAddressString2));
            Assertions.assertThat(org.junit.jupiter.api.Assertions.assertThrows(URLAccessValidationError.class, () -> {
                URLAccessRules.webAccess().validate(defaults, url);
            }).getMessage()).contains(new CharSequence[]{"blocked via the configuration property unsupported.dbms.cypher_ip_blocklist"});
        }
    }

    @Test
    void validationShouldPassWhenUrlIsNotWithinBlockedRange() throws MalformedURLException, URLAccessValidationError {
        Iterator it = List.of("http://localhost/test.csv", "https://localhost/test.csv", "ftp://localhost/test.csv", "http://[::1]/test.csv").iterator();
        while (it.hasNext()) {
            URL url = new URL((String) it.next());
            URL validate = URLAccessRules.webAccess().validate(Config.defaults(), url);
            if (!$assertionsDisabled && validate != url) {
                throw new AssertionError();
            }
        }
    }

    @Test
    void shouldWorkWithNonRangeIps() throws MalformedURLException {
        IPAddressString iPAddressString = new IPAddressString("127.0.0.1");
        URL url = new URL("http://localhost/test.csv");
        Config defaults = Config.defaults(GraphDatabaseInternalSettings.cypher_ip_blocklist, List.of(iPAddressString));
        Assertions.assertThat(org.junit.jupiter.api.Assertions.assertThrows(URLAccessValidationError.class, () -> {
            URLAccessRules.webAccess().validate(defaults, url);
        }).getMessage()).contains(new CharSequence[]{"blocked via the configuration property unsupported.dbms.cypher_ip_blocklist"});
    }

    @Test
    void shouldFailForInvalidIps() throws Exception {
        IPAddressString iPAddressString = new IPAddressString("127.0.0.1");
        URL url = new URL("http://always.invalid/test.csv");
        Config defaults = Config.defaults(GraphDatabaseInternalSettings.cypher_ip_blocklist, List.of(iPAddressString));
        Assertions.assertThat(org.junit.jupiter.api.Assertions.assertThrows(URLAccessValidationError.class, () -> {
            URLAccessRules.webAccess().validate(defaults, url);
        }).getMessage()).contains(new CharSequence[]{"Unable to verify access to always.invalid"});
    }

    static {
        $assertionsDisabled = !WebURLAccessRuleTest.class.desiredAssertionStatus();
    }
}
