package org.neo4j.driver.internal.security;

import java.util.stream.Stream;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.neo4j.driver.ClientCertificateManager;
import org.neo4j.driver.Config;
import org.neo4j.driver.Logging;
import org.neo4j.driver.RevocationCheckingStrategy;
import org.neo4j.driver.exceptions.ClientException;
import org.neo4j.driver.internal.SecuritySettings;

/* loaded from: input_file:org/neo4j/driver/internal/security/SecurityPlansTest.class */
class SecurityPlansTest {
    SecurityPlansTest() {
    }

    private static Stream<String> selfSignedSchemes() {
        return Stream.of((Object[]) new String[]{"bolt+ssc", "neo4j+ssc"});
    }

    private static Stream<String> systemCertSchemes() {
        return Stream.of((Object[]) new String[]{"neo4j+s", "bolt+s"});
    }

    private static Stream<String> unencryptedSchemes() {
        return Stream.of((Object[]) new String[]{"neo4j", "bolt"});
    }

    private static Stream<String> allSecureSchemes() {
        return Stream.concat(selfSignedSchemes(), systemCertSchemes());
    }

    @MethodSource({"allSecureSchemes"})
    @ParameterizedTest
    void testEncryptionSchemeEnablesEncryption(String str) {
        Assertions.assertTrue(SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().build(), str, (ClientCertificateManager) null, Logging.none()).requiresEncryption());
    }

    @MethodSource({"systemCertSchemes"})
    @ParameterizedTest
    void testSystemCertCompatibleConfiguration(String str) {
        SecurityPlan createSecurityPlan = SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().build(), str, (ClientCertificateManager) null, Logging.none());
        Assertions.assertTrue(createSecurityPlan.requiresEncryption());
        Assertions.assertTrue(createSecurityPlan.requiresHostnameVerification());
        Assertions.assertEquals(RevocationCheckingStrategy.NO_CHECKS, createSecurityPlan.revocationCheckingStrategy());
    }

    @MethodSource({"selfSignedSchemes"})
    @ParameterizedTest
    void testSelfSignedCertConfigDisablesHostnameVerification(String str) {
        SecurityPlan createSecurityPlan = SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().build(), str, (ClientCertificateManager) null, Logging.none());
        Assertions.assertTrue(createSecurityPlan.requiresEncryption());
        Assertions.assertFalse(createSecurityPlan.requiresHostnameVerification());
    }

    @MethodSource({"allSecureSchemes"})
    @ParameterizedTest
    void testThrowsOnUserCustomizedEncryption(String str) {
        SecuritySettings build = new SecuritySettings.SecuritySettingsBuilder().withEncryption().build();
        Assertions.assertTrue(Assertions.assertThrows(ClientException.class, () -> {
            SecurityPlans.createSecurityPlan(build, str, (ClientCertificateManager) null, Logging.none());
        }).getMessage().contains(String.format("Scheme %s is not configurable with manual encryption and trust settings", str)));
    }

    @MethodSource({"allSecureSchemes"})
    @ParameterizedTest
    void testThrowsOnUserCustomizedTrustConfiguration(String str) {
        SecuritySettings build = new SecuritySettings.SecuritySettingsBuilder().withTrustStrategy(Config.TrustStrategy.trustAllCertificates()).build();
        Assertions.assertTrue(Assertions.assertThrows(ClientException.class, () -> {
            SecurityPlans.createSecurityPlan(build, str, (ClientCertificateManager) null, Logging.none());
        }).getMessage().contains(String.format("Scheme %s is not configurable with manual encryption and trust settings", str)));
    }

    @MethodSource({"allSecureSchemes"})
    @ParameterizedTest
    void testThrowsOnUserCustomizedTrustConfigurationAndEncryption(String str) {
        SecuritySettings build = new SecuritySettings.SecuritySettingsBuilder().withTrustStrategy(Config.TrustStrategy.trustSystemCertificates()).withEncryption().build();
        Assertions.assertTrue(Assertions.assertThrows(ClientException.class, () -> {
            SecurityPlans.createSecurityPlan(build, str, (ClientCertificateManager) null, Logging.none());
        }).getMessage().contains(String.format("Scheme %s is not configurable with manual encryption and trust settings", str)));
    }

    @MethodSource({"unencryptedSchemes"})
    @ParameterizedTest
    void testNoEncryption(String str) {
        Assertions.assertFalse(SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().build(), str, (ClientCertificateManager) null, Logging.none()).requiresEncryption());
    }

    @MethodSource({"unencryptedSchemes"})
    @ParameterizedTest
    void testConfiguredEncryption(String str) {
        Assertions.assertTrue(SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().withEncryption().build(), str, (ClientCertificateManager) null, Logging.none()).requiresEncryption());
    }

    @MethodSource({"unencryptedSchemes"})
    @ParameterizedTest
    void testConfiguredAllCertificates(String str) {
        Assertions.assertTrue(SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().withEncryption().withTrustStrategy(Config.TrustStrategy.trustAllCertificates()).build(), str, (ClientCertificateManager) null, Logging.none()).requiresEncryption());
    }

    @MethodSource({"unencryptedSchemes"})
    @ParameterizedTest
    void testConfigureStrictRevocationChecking(String str) {
        Assertions.assertEquals(RevocationCheckingStrategy.STRICT, SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().withTrustStrategy(Config.TrustStrategy.trustSystemCertificates().withStrictRevocationChecks()).withEncryption().build(), str, (ClientCertificateManager) null, Logging.none()).revocationCheckingStrategy());
    }

    @MethodSource({"unencryptedSchemes"})
    @ParameterizedTest
    void testConfigureVerifyIfPresentRevocationChecking(String str) {
        Assertions.assertEquals(RevocationCheckingStrategy.VERIFY_IF_PRESENT, SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().withTrustStrategy(Config.TrustStrategy.trustSystemCertificates().withVerifyIfPresentRevocationChecks()).withEncryption().build(), str, (ClientCertificateManager) null, Logging.none()).revocationCheckingStrategy());
    }

    @MethodSource({"unencryptedSchemes"})
    @ParameterizedTest
    void testRevocationCheckingDisabledByDefault(String str) {
        Assertions.assertEquals(RevocationCheckingStrategy.NO_CHECKS, SecurityPlans.createSecurityPlan(new SecuritySettings.SecuritySettingsBuilder().withTrustStrategy(Config.TrustStrategy.trustSystemCertificates()).withEncryption().build(), str, (ClientCertificateManager) null, Logging.none()).revocationCheckingStrategy());
    }
}
