package apoc.util;

import apoc.ApocConfig;
import inet.ipaddr.IPAddressString;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import junit.framework.TestCase;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.junit.jupiter.api.AfterEach;
import org.mockito.Mockito;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseInternalSettings;
import org.testcontainers.containers.GenericContainer;

/* loaded from: input_file:apoc/util/UtilIT.class */
public class UtilIT {
    private GenericContainer httpServer;

    private GenericContainer setUpServer(Config config, String str) {
        new ApocConfig(config);
        GenericContainer withExposedPorts = new GenericContainer("alpine").withCommand(new String[]{"/bin/sh", "-c", String.format("while true; do { echo -e 'HTTP/1.1 301 Moved Permanently\\r\\nLocation: %s'; echo ; } | nc -l -p 8000; done", str)}).withExposedPorts(new Integer[]{8000});
        withExposedPorts.start();
        Assume.assumeNotNull(new Object[]{withExposedPorts});
        Assume.assumeTrue(withExposedPorts.isRunning());
        return withExposedPorts;
    }

    @AfterEach
    public void tearDown() {
        if (this.httpServer != null) {
            this.httpServer.stop();
        }
    }

    @Test
    public void redirectShouldWorkWhenProtocolNotChangesWithUrlLocation() throws IOException {
        this.httpServer = setUpServer(null, "http://www.google.com");
        Assert.assertTrue(IOUtils.toString(Util.openInputStream(getServerUrl(this.httpServer), (Map) null, (String) null, (String) null), Charset.forName("UTF-8")).contains("<title>Google</title>"));
    }

    @Test
    public void redirectWithBlockedIPsWithUrlLocation() {
        List of = List.of(new IPAddressString("127.168.0.1/8"));
        Config config = (Config) Mockito.mock(Config.class);
        Mockito.when((List) config.get(GraphDatabaseInternalSettings.cypher_ip_blocklist)).thenReturn(of);
        this.httpServer = setUpServer(config, "http://127.168.0.1");
        String serverUrl = getServerUrl(this.httpServer);
        TestCase.assertTrue(((IOException) Assert.assertThrows(IOException.class, () -> {
            Util.openInputStream(serverUrl, (Map) null, (String) null, (String) null);
        })).getMessage().contains("access to /127.168.0.1 is blocked via the configuration property internal.dbms.cypher_ip_blocklist"));
    }

    @Test
    public void redirectWithProtocolUpgradeIsAllowed() throws IOException {
        List of = List.of(new IPAddressString("127.168.0.1/8"));
        Config config = (Config) Mockito.mock(Config.class);
        Mockito.when((List) config.get(GraphDatabaseInternalSettings.cypher_ip_blocklist)).thenReturn(of);
        this.httpServer = setUpServer(config, "https://www.google.com");
        Assert.assertTrue(IOUtils.toString(Util.openInputStream(getServerUrl(this.httpServer), (Map) null, (String) null, (String) null), Charset.forName("UTF-8")).contains("<title>Google</title>"));
    }

    @Test
    public void redirectWithProtocolDowngradeIsNotAllowed() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) Mockito.mock(HttpURLConnection.class);
        Mockito.when(Integer.valueOf(httpURLConnection.getResponseCode())).thenReturn(302);
        Mockito.when(httpURLConnection.getHeaderField("Location")).thenReturn("http://127.168.0.1");
        Mockito.when(httpURLConnection.getURL()).thenReturn(new URL("https://127.0.0.0"));
        TestCase.assertTrue(((RuntimeException) Assert.assertThrows(RuntimeException.class, () -> {
            Util.isRedirect(httpURLConnection);
        })).getMessage().contains("The redirect URI has a different protocol: http://127.168.0.1"));
    }

    @Test
    public void shouldFailForExceedingRedirectLimit() {
        Config config = (Config) Mockito.mock(Config.class);
        this.httpServer = setUpServer(config, "https://127.0.0.0");
        String serverUrl = getServerUrl(this.httpServer);
        ArrayList arrayList = new ArrayList();
        for (int i = 1; i <= 10; i++) {
            GenericContainer upServer = setUpServer(config, serverUrl);
            arrayList.add(upServer);
            serverUrl = getServerUrl(upServer);
        }
        String str = serverUrl;
        TestCase.assertTrue(((IOException) Assert.assertThrows(IOException.class, () -> {
            Util.openInputStream(str, (Map) null, (String) null, (String) null);
        })).getMessage().contains("Redirect limit exceeded"));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ((GenericContainer) it.next()).stop();
        }
    }

    @Test
    public void redirectShouldThrowExceptionWhenProtocolChangesWithFileLocation() {
        this.httpServer = setUpServer(null, "file:/etc/passwd");
        String serverUrl = getServerUrl(this.httpServer);
        Assert.assertEquals("The redirect URI has a different protocol: file:/etc/passwd", ((RuntimeException) Assert.assertThrows(RuntimeException.class, () -> {
            Util.openInputStream(serverUrl, (Map) null, (String) null, (String) null);
        })).getMessage());
    }

    private String getServerUrl(GenericContainer genericContainer) {
        return String.format("http://%s:%s", genericContainer.getContainerIpAddress(), genericContainer.getMappedPort(8000));
    }
}
