package org.neo4j.bolt.v1.transport.integration;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.operator.OperatorCreationException;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.neo4j.bolt.v1.messaging.Neo4jPackV1;
import org.neo4j.bolt.v1.transport.socket.client.SecureSocketConnection;
import org.neo4j.kernel.configuration.BoltConnector;
import org.neo4j.kernel.configuration.ssl.LegacySslPolicyConfig;
import org.neo4j.ssl.PkiUtils;

/* loaded from: input_file:org/neo4j/bolt/v1/transport/integration/CertificatesIT.class */
public class CertificatesIT {
    private static File keyFile;
    private static File certFile;
    private static PkiUtils certFactory;
    private static TransportTestUtil util;

    @Rule
    public Neo4jWithSocket server = new Neo4jWithSocket(getClass(), map -> {
        map.put(LegacySslPolicyConfig.tls_certificate_file.name(), certFile.getAbsolutePath());
        map.put(LegacySslPolicyConfig.tls_key_file.name(), keyFile.getAbsolutePath());
        map.put(new BoltConnector("bolt").type.name(), "BOLT");
        map.put(new BoltConnector("bolt").enabled.name(), "true");
        map.put(new BoltConnector("bolt").listen_address.name(), "localhost:0");
    });

    @Test
    public void shouldUseConfiguredCertificate() throws Exception {
        SecureSocketConnection secureSocketConnection = new SecureSocketConnection();
        try {
            secureSocketConnection.connect(this.server.lookupConnector("bolt")).send(util.acceptedVersions(1L, 0L, 0L, 0L));
            MatcherAssert.assertThat(secureSocketConnection.getServerCertificatesSeen(), Matchers.contains(new X509Certificate[]{loadCertificateFromDisk()}));
        } finally {
            secureSocketConnection.disconnect();
        }
    }

    private X509Certificate loadCertificateFromDisk() throws CertificateException, IOException {
        X509Certificate[] loadCertificates = certFactory.loadCertificates(certFile);
        MatcherAssert.assertThat(Integer.valueOf(loadCertificates.length), CoreMatchers.equalTo(1));
        return loadCertificates[0];
    }

    @BeforeClass
    public static void setUp() throws IOException, GeneralSecurityException, OperatorCreationException {
        certFactory = new PkiUtils();
        keyFile = File.createTempFile("key", "pem");
        certFile = File.createTempFile("key", "pem");
        keyFile.deleteOnExit();
        certFile.deleteOnExit();
        keyFile.delete();
        certFile.delete();
        certFactory.createSelfSignedCertificate(certFile, keyFile, "my.domain");
        util = new TransportTestUtil(new Neo4jPackV1());
    }
}
