package org.neo4j.ssl;

import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.StandardOpenOption;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.neo4j.io.fs.FileUtils;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.rule.TestDirectory;
import org.neo4j.test.ssl.SelfSignedCertificateFactory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/ssl/PkiUtilsTest.class */
class PkiUtilsTest {

    @Inject
    private TestDirectory testDirectory;

    PkiUtilsTest() {
    }

    @Test
    void shouldCreateASelfSignedCertificate() throws Exception {
        SelfSignedCertificateFactory selfSignedCertificateFactory = new SelfSignedCertificateFactory();
        File file = new File(this.testDirectory.homeDir(), "certificate");
        File file2 = new File(this.testDirectory.homeDir(), "key");
        selfSignedCertificateFactory.createSelfSignedCertificate(file, file2, "myhost");
        MatcherAssert.assertThat(Integer.valueOf(PkiUtils.loadCertificates(file).length), Matchers.is(Matchers.greaterThan(0)));
        MatcherAssert.assertThat(PkiUtils.loadPrivateKey(file2, (String) null), Matchers.notNullValue());
    }

    @Test
    void shouldLoadPEMCertificates() throws Throwable {
        MatcherAssert.assertThat(Integer.valueOf(PkiUtils.loadCertificates(new SelfSignedCertificate("example.com").certificate()).length), Matchers.equalTo(1));
    }

    @Test
    void shouldLoadPEMPrivateKey() throws Throwable {
        Assertions.assertNotNull(PkiUtils.loadPrivateKey(new SelfSignedCertificate("example.com").privateKey(), (String) null));
    }

    @Test
    void shouldLoadBinaryCertificates() throws Throwable {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate("example.com");
        File file = this.testDirectory.file("certificate", new String[0]);
        Assertions.assertTrue(file.createNewFile());
        byte[] encoded = PkiUtils.loadCertificates(selfSignedCertificate.certificate())[0].getEncoded();
        FileChannel open = FileChannel.open(file.toPath(), StandardOpenOption.WRITE);
        try {
            FileUtils.writeAll(open, ByteBuffer.wrap(encoded));
            if (open != null) {
                open.close();
            }
            MatcherAssert.assertThat(Integer.valueOf(PkiUtils.loadCertificates(file).length), Matchers.equalTo(1));
        } catch (Throwable th) {
            if (open != null) {
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void shouldReadEncryptedPrivateKey() throws Exception {
        File file = this.testDirectory.file("private.key", new String[0]);
        copy(getClass().getResource("test-certificates/encrypted/private.key"), file);
        MatcherAssert.assertThat(PkiUtils.loadPrivateKey(file, "neo4j").getAlgorithm(), Matchers.is("RSA"));
    }

    @Test
    void shouldThrowOnMissingPassphraseForEncryptedPrivateKey() throws Exception {
        File file = this.testDirectory.file("private.key", new String[0]);
        copy(getClass().getResource("test-certificates/encrypted/private.key"), file);
        Assertions.assertThrows(IOException.class, () -> {
            PkiUtils.loadPrivateKey(file, (String) null);
        });
    }

    private void copy(URL url, File file) throws IOException {
        InputStream openStream = url.openStream();
        try {
            OutputStream openAsOutputStream = this.testDirectory.getFileSystem().openAsOutputStream(file, false);
            while (openStream.available() > 0) {
                try {
                    byte[] bArr = new byte[8192];
                    openAsOutputStream.write(bArr, 0, openStream.read(bArr));
                } catch (Throwable th) {
                    if (openAsOutputStream != null) {
                        try {
                            openAsOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            if (openAsOutputStream != null) {
                openAsOutputStream.close();
            }
            if (openStream != null) {
                openStream.close();
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }
}
