package org.neo4j.ssl;

import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.nio.file.Path;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.rule.TestDirectory;
import org.neo4j.test.ssl.SelfSignedCertificateFactory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/ssl/PkiUtilsTest.class */
class PkiUtilsTest {

    @Inject
    private TestDirectory testDirectory;

    PkiUtilsTest() {
    }

    @Test
    void shouldCreateASelfSignedCertificate() throws Exception {
        SelfSignedCertificateFactory selfSignedCertificateFactory = new SelfSignedCertificateFactory();
        Path resolve = this.testDirectory.homePath().resolve("certificate");
        Path resolve2 = this.testDirectory.homePath().resolve("key");
        selfSignedCertificateFactory.createSelfSignedCertificate(resolve, resolve2, "myhost");
        Assertions.assertThat(PkiUtils.loadCertificates(resolve).length).isGreaterThan(0);
        Assertions.assertThat(PkiUtils.loadPrivateKey(resolve2, (String) null)).isNotNull();
    }

    @Test
    void shouldLoadPEMCertificates() throws Throwable {
        Assertions.assertThat(PkiUtils.loadCertificates(new SelfSignedCertificate("example.com").certificate().toPath()).length).isEqualTo(1);
    }

    @Test
    void shouldLoadPEMPrivateKey() throws Throwable {
        org.junit.jupiter.api.Assertions.assertNotNull(PkiUtils.loadPrivateKey(new SelfSignedCertificate("example.com").privateKey().toPath(), (String) null));
    }

    @Test
    void shouldReadEncryptedPrivateKey() throws Exception {
        Path file = this.testDirectory.file("private.key");
        copy(getClass().getResource("test-certificates/encrypted/private.key"), file);
        Assertions.assertThat(PkiUtils.loadPrivateKey(file, "neo4j").getAlgorithm()).isEqualTo("RSA");
    }

    @Test
    void shouldThrowOnMissingPassphraseForEncryptedPrivateKey() throws Exception {
        Path file = this.testDirectory.file("private.key");
        copy(getClass().getResource("test-certificates/encrypted/private.key"), file);
        org.junit.jupiter.api.Assertions.assertThrows(IOException.class, () -> {
            PkiUtils.loadPrivateKey(file, (String) null);
        });
    }

    private void copy(URL url, Path path) throws IOException {
        InputStream openStream = url.openStream();
        try {
            OutputStream openAsOutputStream = this.testDirectory.getFileSystem().openAsOutputStream(path, false);
            try {
                openStream.transferTo(openAsOutputStream);
                if (openAsOutputStream != null) {
                    openAsOutputStream.close();
                }
                if (openStream != null) {
                    openStream.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
