package org.neo4j.server;

import java.net.URI;
import java.security.SecureRandom;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.http.client.utils.URIBuilder;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.kernel.configuration.ConnectorPortRegister;
import org.neo4j.kernel.configuration.ssl.SslPolicyConfig;
import org.neo4j.server.helpers.CommunityServerBuilder;
import org.neo4j.ssl.ClientAuth;
import org.neo4j.test.server.ExclusiveServerTestBase;
import org.neo4j.test.server.HTTP;
import org.neo4j.test.server.InsecureTrustManager;

/* loaded from: input_file:org/neo4j/server/HttpsAccessIT.class */
public class HttpsAccessIT extends ExclusiveServerTestBase {
    private SSLSocketFactory originalSslSocketFactory;
    private CommunityNeoServer server;

    @Before
    public void setUp() {
        this.originalSslSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
    }

    @After
    public void tearDown() {
        HttpsURLConnection.setDefaultSSLSocketFactory(this.originalSslSocketFactory);
        this.server.stop();
    }

    @Test
    public void serverShouldSupportSsl() throws Exception {
        startServer();
        Assert.assertThat(Integer.valueOf(HTTP.GET(httpsUri()).status()), Matchers.is(200));
        Assert.assertThat(Integer.valueOf(HTTP.GET(this.server.baseUri().toString()).status()), Matchers.is(200));
    }

    @Test
    public void txEndpointShouldReplyWithHttpsWhenItReturnsURLs() throws Exception {
        startServer();
        String uri = this.server.baseUri().toString();
        HTTP.Response POST = HTTP.POST(uri + "db/data/transaction", HTTP.RawPayload.quotedJson("{'statements':[]}"));
        Assert.assertThat(POST.location(), CoreMatchers.startsWith(uri));
        Assert.assertThat(POST.get("commit").asText(), CoreMatchers.startsWith(uri));
    }

    @Test
    public void shouldExposeBaseUriWhenHttpEnabledAndHttpsDisabled() throws Exception {
        startServer(true, false);
        URI baseUri = this.server.baseUri();
        Assert.assertEquals("http", baseUri.getScheme());
        Assert.assertEquals(addressForConnector("http").getHost(), baseUri.getHost());
        Assert.assertEquals(r0.getPort(), baseUri.getPort());
    }

    @Test
    public void shouldExposeBaseUriWhenHttpDisabledAndHttpsEnabled() throws Exception {
        startServer(false, true);
        URI baseUri = this.server.baseUri();
        Assert.assertEquals("https", baseUri.getScheme());
        Assert.assertEquals(addressForConnector("https").getHost(), baseUri.getHost());
        Assert.assertEquals(r0.getPort(), baseUri.getPort());
    }

    private void startServer() throws Exception {
        startServer(true, true);
    }

    private void startServer(boolean z, boolean z2) throws Exception {
        CommunityServerBuilder usingDataDir = CommunityServerBuilder.serverOnRandomPorts().usingDataDir(this.folder.directory(this.name.getMethodName()).getAbsolutePath());
        if (!z) {
            usingDataDir.withHttpDisabled();
        }
        if (z2) {
            usingDataDir.withHttpsEnabled();
        }
        SslPolicyConfig sslPolicyConfig = new SslPolicyConfig("default");
        this.server = usingDataDir.withProperty("https.ssl_policy", "default").withProperty(sslPolicyConfig.base_directory.name(), this.folder.directory("cert").getAbsolutePath()).withProperty(sslPolicyConfig.allow_key_generation.name(), "true").withProperty(sslPolicyConfig.client_auth.name(), ClientAuth.NONE.name()).withProperty(sslPolicyConfig.ciphers.name(), getSupportedCipherSuites()).build();
        this.server.start();
        TrustManager[] trustManagerArr = {new InsecureTrustManager()};
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
    }

    private String httpsUri() throws Exception {
        HostnamePort addressForConnector = addressForConnector("https");
        Assert.assertNotNull(addressForConnector);
        return new URIBuilder().setScheme("https").setHost(addressForConnector.getHost()).setPort(addressForConnector.getPort()).build().toString();
    }

    private HostnamePort addressForConnector(String str) {
        return ((ConnectorPortRegister) this.server.database.getGraph().getDependencyResolver().resolveDependency(ConnectorPortRegister.class)).getLocalAddress(str);
    }

    private static String getSupportedCipherSuites() {
        return String.join(",", ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).getDefaultCipherSuites());
    }
}
