package org.neo4j.driver.internal;

import java.io.IOException;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import org.neo4j.driver.Config;
import org.neo4j.driver.exceptions.ClientException;
import org.neo4j.driver.internal.security.SecurityPlan;
import org.neo4j.driver.internal.security.SecurityPlanImpl;

/* loaded from: input_file:BOOT-INF/lib/neo4j-java-driver-4.4.5.jar:org/neo4j/driver/internal/SecuritySettings.class */
public class SecuritySettings implements Serializable {
    private static final long serialVersionUID = 4494615367164106576L;
    private static final boolean DEFAULT_ENCRYPTED = false;
    private static final Config.TrustStrategy DEFAULT_TRUST_STRATEGY = Config.TrustStrategy.trustSystemCertificates();
    private static final SecuritySettings DEFAULT = new SecuritySettings(false, DEFAULT_TRUST_STRATEGY);
    private final boolean encrypted;
    private final Config.TrustStrategy trustStrategy;

    /* loaded from: input_file:BOOT-INF/lib/neo4j-java-driver-4.4.5.jar:org/neo4j/driver/internal/SecuritySettings$SecuritySettingsBuilder.class */
    public static class SecuritySettingsBuilder {
        private boolean isCustomized = false;
        private boolean encrypted;
        private Config.TrustStrategy trustStrategy;

        public SecuritySettingsBuilder withEncryption() {
            this.encrypted = true;
            this.isCustomized = true;
            return this;
        }

        public SecuritySettingsBuilder withoutEncryption() {
            this.encrypted = false;
            this.isCustomized = true;
            return this;
        }

        public SecuritySettingsBuilder withTrustStrategy(Config.TrustStrategy trustStrategy) {
            this.trustStrategy = trustStrategy;
            this.isCustomized = true;
            return this;
        }

        public SecuritySettings build() {
            return this.isCustomized ? new SecuritySettings(this.encrypted, this.trustStrategy) : SecuritySettings.DEFAULT;
        }
    }

    public SecuritySettings(boolean z, Config.TrustStrategy trustStrategy) {
        this.encrypted = z;
        this.trustStrategy = trustStrategy == null ? DEFAULT_TRUST_STRATEGY : trustStrategy;
    }

    public boolean encrypted() {
        return this.encrypted;
    }

    public Config.TrustStrategy trustStrategy() {
        return this.trustStrategy;
    }

    private boolean isCustomized() {
        return (DEFAULT.encrypted() == encrypted() && DEFAULT.hasEqualTrustStrategy(this)) ? false : true;
    }

    private boolean hasEqualTrustStrategy(SecuritySettings securitySettings) {
        Config.TrustStrategy trustStrategy = this.trustStrategy;
        Config.TrustStrategy trustStrategy2 = securitySettings.trustStrategy;
        if (trustStrategy == trustStrategy2) {
            return true;
        }
        return trustStrategy.isHostnameVerificationEnabled() == trustStrategy2.isHostnameVerificationEnabled() && trustStrategy.strategy() == trustStrategy2.strategy() && trustStrategy.certFiles().equals(trustStrategy2.certFiles()) && trustStrategy.revocationStrategy() == trustStrategy2.revocationStrategy();
    }

    public SecurityPlan createSecurityPlan(String str) {
        Scheme.validateScheme(str);
        try {
            if (!Scheme.isSecurityScheme(str)) {
                return createSecurityPlanImpl(this.encrypted, this.trustStrategy);
            }
            assertSecuritySettingsNotUserConfigured(str);
            return createSecurityPlanFromScheme(str);
        } catch (IOException | GeneralSecurityException e) {
            throw new ClientException("Unable to establish SSL parameters", e);
        }
    }

    private void assertSecuritySettingsNotUserConfigured(String str) {
        if (isCustomized()) {
            throw new ClientException(String.format("Scheme %s is not configurable with manual encryption and trust settings", str));
        }
    }

    private SecurityPlan createSecurityPlanFromScheme(String str) throws GeneralSecurityException, IOException {
        return Scheme.isHighTrustScheme(str) ? SecurityPlanImpl.forSystemCASignedCertificates(true, RevocationStrategy.NO_CHECKS) : SecurityPlanImpl.forAllCertificates(false, RevocationStrategy.NO_CHECKS);
    }

    private static SecurityPlan createSecurityPlanImpl(boolean z, Config.TrustStrategy trustStrategy) throws GeneralSecurityException, IOException {
        if (!z) {
            return SecurityPlanImpl.insecure();
        }
        boolean isHostnameVerificationEnabled = trustStrategy.isHostnameVerificationEnabled();
        RevocationStrategy revocationStrategy = trustStrategy.revocationStrategy();
        switch (trustStrategy.strategy()) {
            case TRUST_CUSTOM_CA_SIGNED_CERTIFICATES:
                return SecurityPlanImpl.forCustomCASignedCertificates(trustStrategy.certFiles(), isHostnameVerificationEnabled, revocationStrategy);
            case TRUST_SYSTEM_CA_SIGNED_CERTIFICATES:
                return SecurityPlanImpl.forSystemCASignedCertificates(isHostnameVerificationEnabled, revocationStrategy);
            case TRUST_ALL_CERTIFICATES:
                return SecurityPlanImpl.forAllCertificates(isHostnameVerificationEnabled, revocationStrategy);
            default:
                throw new ClientException("Unknown TLS authentication strategy: " + trustStrategy.strategy().name());
        }
    }
}
