package org.neo4j.driver.internal.security;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.neo4j.driver.internal.BoltServerAddress;
import org.neo4j.driver.internal.util.CertificateTool;
import org.neo4j.driver.v1.Logger;

/* loaded from: input_file:WEB-INF/lib/neo4j-java-driver-1.6.3.jar:org/neo4j/driver/internal/security/SecurityPlan.class */
public class SecurityPlan {
    private final boolean requiresEncryption;
    private final SSLContext sslContext;
    private final boolean routingCompatible;

    public static SecurityPlan forAllCertificates() throws GeneralSecurityException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(new KeyManager[0], new TrustManager[]{new TrustAllTrustManager()}, null);
        return new SecurityPlan(true, sSLContext, true);
    }

    public static SecurityPlan forCustomCASignedCertificates(File file) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
        keyStore.load(null, null);
        CertificateTool.loadX509Cert(file, keyStore);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), null);
        return new SecurityPlan(true, sSLContext, true);
    }

    public static SecurityPlan forSystemCASignedCertificates() throws NoSuchAlgorithmException, KeyStoreException {
        return new SecurityPlan(true, SSLContext.getDefault(), true);
    }

    @Deprecated
    public static SecurityPlan forTrustOnFirstUse(File file, BoltServerAddress boltServerAddress, Logger logger) throws IOException, KeyManagementException, NoSuchAlgorithmException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(new KeyManager[0], new TrustManager[]{new TrustOnFirstUseTrustManager(boltServerAddress, file, logger)}, null);
        return new SecurityPlan(true, sSLContext, false);
    }

    public static SecurityPlan insecure() {
        return new SecurityPlan(false, null, true);
    }

    private SecurityPlan(boolean z, SSLContext sSLContext, boolean z2) {
        this.requiresEncryption = z;
        this.sslContext = sSLContext;
        this.routingCompatible = z2;
    }

    public boolean requiresEncryption() {
        return this.requiresEncryption;
    }

    public boolean isRoutingCompatible() {
        return this.routingCompatible;
    }

    public SSLContext sslContext() {
        return this.sslContext;
    }
}
