package org.neo4j.server;

import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientRequest;
import com.sun.jersey.api.client.ClientResponse;
import java.net.URI;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.eclipse.jetty.http.HttpHeader;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.neo4j.kernel.configuration.ssl.SslPolicyConfig;
import org.neo4j.server.configuration.ServerSettings;
import org.neo4j.server.helpers.CommunityServerBuilder;
import org.neo4j.ssl.ClientAuth;
import org.neo4j.test.server.ExclusiveServerTestBase;
import org.neo4j.test.server.InsecureTrustManager;

/* loaded from: input_file:org/neo4j/server/HttpHeadersIT.class */
public class HttpHeadersIT extends ExclusiveServerTestBase {
    private static final String HSTS_HEADER_VALUE = "max-age=31536000; includeSubDomains; preload";
    private SSLSocketFactory originalSslSocketFactory;
    private CommunityNeoServer server;

    @Before
    public void setUp() {
        this.originalSslSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
    }

    @After
    public void tearDown() throws Exception {
        HttpsURLConnection.setDefaultSSLSocketFactory(this.originalSslSocketFactory);
        if (this.server != null) {
            this.server.stop();
        }
    }

    @Test
    public void shouldNotSendJettyVersionWithHttpResponseHeaders() throws Exception {
        startServer();
        testNoJettyVersionInResponseHeaders(httpUri());
    }

    @Test
    public void shouldNotSendJettyVersionWithHttpsResponseHeaders() throws Exception {
        startServer();
        testNoJettyVersionInResponseHeaders(httpsUri());
    }

    @Test
    public void shouldNotSendHstsHeaderWithHttpResponse() throws Exception {
        startServer(HSTS_HEADER_VALUE);
        Assert.assertNull(runRequestAndGetHstsHeaderValue(httpUri()));
    }

    @Test
    public void shouldSendHstsHeaderWithHttpsResponse() throws Exception {
        startServer(HSTS_HEADER_VALUE);
        Assert.assertEquals(HSTS_HEADER_VALUE, runRequestAndGetHstsHeaderValue(httpsUri()));
    }

    @Test
    public void shouldNotSendHstsHeaderWithHttpsResponseWhenNotConfigured() throws Exception {
        startServer();
        Assert.assertNull(runRequestAndGetHstsHeaderValue(httpsUri()));
    }

    private void startServer() throws Exception {
        startServer(null);
    }

    private void startServer(String str) throws Exception {
        this.server = buildServer(str);
        this.server.start();
    }

    private CommunityNeoServer buildServer(String str) throws Exception {
        SslPolicyConfig sslPolicyConfig = new SslPolicyConfig("default");
        CommunityServerBuilder withProperty = CommunityServerBuilder.serverOnRandomPorts().withHttpsEnabled().usingDataDir(this.folder.directory(this.name.getMethodName()).getAbsolutePath()).withProperty("https.ssl_policy", "default").withProperty(sslPolicyConfig.base_directory.name(), this.folder.directory("cert").getAbsolutePath()).withProperty(sslPolicyConfig.allow_key_generation.name(), "true").withProperty(sslPolicyConfig.client_auth.name(), ClientAuth.NONE.name()).withProperty(sslPolicyConfig.ciphers.name(), getSupportedCipherInACommaSeparatedString());
        if (str != null) {
            withProperty.withProperty(ServerSettings.http_strict_transport_security.name(), str);
        }
        return withProperty.build();
    }

    private URI httpUri() {
        return this.server.baseUri();
    }

    private URI httpsUri() {
        return (URI) this.server.httpsUri().orElseThrow(IllegalStateException::new);
    }

    private static void testNoJettyVersionInResponseHeaders(URI uri) throws Exception {
        Map<String, List<String>> runRequestAndGetHeaders = runRequestAndGetHeaders(uri);
        Assert.assertNull(runRequestAndGetHeaders.get(HttpHeader.SERVER.asString()));
        Iterator<List<String>> it = runRequestAndGetHeaders.values().iterator();
        while (it.hasNext()) {
            Assert.assertFalse(it.next().stream().anyMatch(str -> {
                return str.toLowerCase().contains("jetty");
            }));
        }
    }

    private static String runRequestAndGetHstsHeaderValue(URI uri) throws Exception {
        return runRequestAndGetHeaderValue(uri, HttpHeader.STRICT_TRANSPORT_SECURITY.asString());
    }

    private static String runRequestAndGetHeaderValue(URI uri, String str) throws Exception {
        List<String> runRequestAndGetHeaderValues = runRequestAndGetHeaderValues(uri, str);
        if (runRequestAndGetHeaderValues.isEmpty()) {
            return null;
        }
        if (runRequestAndGetHeaderValues.size() == 1) {
            return runRequestAndGetHeaderValues.get(0);
        }
        throw new IllegalStateException("Unexpected number of " + HttpHeader.STRICT_TRANSPORT_SECURITY.asString() + " header values: " + runRequestAndGetHeaderValues);
    }

    private static List<String> runRequestAndGetHeaderValues(URI uri, String str) throws Exception {
        return runRequestAndGetHeaders(uri).getOrDefault(str, Collections.emptyList());
    }

    private static Map<String, List<String>> runRequestAndGetHeaders(URI uri) throws Exception {
        ClientResponse handle = createClient().handle(createClientRequest(uri.resolve("db/data/transaction/commit")));
        Assert.assertEquals(200L, handle.getStatus());
        return handle.getHeaders();
    }

    private static ClientRequest createClientRequest(URI uri) {
        return ClientRequest.create().header("Accept", "application/json").build(uri, "POST");
    }

    private static Client createClient() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{new InsecureTrustManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        return Client.create();
    }

    private static String getSupportedCipherInACommaSeparatedString() throws Exception {
        return String.join(",", ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).getDefaultCipherSuites());
    }
}
