package org.neo4j.security;

import java.time.Clock;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.cypher.internal.security.FormatException;
import org.neo4j.cypher.internal.security.SecureHasher;
import org.neo4j.dbms.DatabaseManagementSystemSettings;
import org.neo4j.dbms.database.DefaultSystemGraphComponent;
import org.neo4j.dbms.database.DefaultSystemGraphInitializer;
import org.neo4j.dbms.database.SystemGraphComponents;
import org.neo4j.dbms.database.SystemGraphInitializer;
import org.neo4j.internal.kernel.api.security.AbstractSecurityLog;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.security.BasicSystemGraphRealmTestHelper;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy;
import org.neo4j.server.security.auth.UserRepository;
import org.neo4j.server.security.systemgraph.BasicSystemGraphRealm;
import org.neo4j.server.security.systemgraph.SystemGraphRealmHelper;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponent;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.rule.TestDirectory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/security/BasicSystemGraphRealmIT.class */
class BasicSystemGraphRealmIT {
    private BasicSystemGraphRealmTestHelper.TestDatabaseManager dbManager;
    private SystemGraphRealmHelper realmHelper;
    private Config defaultConfig;

    @Inject
    private TestDirectory testDirectory;
    private UserRepository oldUsers;
    private UserRepository initialPassword;
    private BasicSystemGraphRealm realm;
    private SystemGraphInitializer systemGraphInitializer;

    BasicSystemGraphRealmIT() {
    }

    @BeforeEach
    void setUp() {
        this.dbManager = new BasicSystemGraphRealmTestHelper.TestDatabaseManager(this.testDirectory);
        this.realmHelper = new SystemGraphRealmHelper(SystemGraphRealmHelper.makeSystemSupplier(this.dbManager), new SecureHasher());
        this.defaultConfig = Config.defaults();
        this.oldUsers = new InMemoryUserRepository();
        this.initialPassword = new InMemoryUserRepository();
    }

    @AfterEach
    void tearDown() {
        this.dbManager.getManagementService().shutdown();
    }

    @Test
    void shouldCreateDefaultUserIfNoneExist() throws Throwable {
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j", true);
    }

    @Test
    void shouldLoadInitialUserWithInitialPassword() throws Throwable {
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "123", false));
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "123");
    }

    @Test
    void shouldLoadInitialUserWithInitialPasswordOnRestart() throws Throwable {
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j", true);
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "abc", false));
        this.systemGraphInitializer.start();
        BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "neo4j");
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "abc");
    }

    @Test
    void shouldNotLoadInitialUserWithInitialPasswordOnRestartWhenAlreadyChanged() throws Throwable {
        startSystemGraphRealm();
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "neo4j2", false));
        this.systemGraphInitializer.start();
        this.initialPassword.clear();
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "abc", false));
        this.systemGraphInitializer.start();
        BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "neo4j");
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j2");
        BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "abc");
    }

    @Test
    void shouldNotAddInitialUserIfUsersExist() throws Throwable {
        User user;
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "123", false));
        this.oldUsers.create(BasicSystemGraphRealmTestHelper.createUser("oldUser", "321", false));
        startSystemGraphRealm();
        try {
            user = this.realmHelper.getUser("neo4j");
        } catch (InvalidArgumentsException | FormatException e) {
            user = null;
        }
        Assertions.assertNull(user);
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "oldUser", "321");
    }

    @Test
    void shouldNotUpdateUserIfInitialUserExist() throws Throwable {
        this.oldUsers.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "oldPassword", true));
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "newPassword", false));
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "oldPassword", true);
    }

    @Test
    void shouldRateLimitAuthentication() throws Throwable {
        int intValue = ((Integer) Config.defaults().get(GraphDatabaseSettings.auth_max_failed_attempts)).intValue();
        this.oldUsers.create(BasicSystemGraphRealmTestHelper.createUser("alice", "correct", false));
        this.oldUsers.create(BasicSystemGraphRealmTestHelper.createUser("bob", "password", false));
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "alice", "correct");
        BasicSystemGraphRealmTestHelper.assertAuthenticationFailsWithTooManyAttempts(this.realm, "alice", "bad", intValue + 1);
        BasicSystemGraphRealmTestHelper.assertAuthenticationFailsWithTooManyAttempts(this.realm, "bob", "worse", intValue + 1);
    }

    @Test
    void shouldHandleCustomDefaultDatabase() throws Throwable {
        this.defaultConfig.set(GraphDatabaseSettings.default_database, "foo");
        this.oldUsers.create(BasicSystemGraphRealmTestHelper.createUser("alice", "foo", false));
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "alice", "foo");
    }

    @Test
    void shouldHandleSwitchOfDefaultDatabase() throws Throwable {
        this.oldUsers.create(BasicSystemGraphRealmTestHelper.createUser("alice", "bar", false));
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "alice", "bar");
        this.defaultConfig.set(GraphDatabaseSettings.default_database, "foo");
        this.systemGraphInitializer.start();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "alice", "bar");
        this.defaultConfig.set(GraphDatabaseSettings.default_database, "neo4j");
        this.systemGraphInitializer.start();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "alice", "bar");
    }

    private void startSystemGraphRealm() throws Exception {
        Config defaults = Config.defaults(DatabaseManagementSystemSettings.auth_store_directory, this.testDirectory.directory("data/dbms"));
        SystemGraphComponents systemGraphComponents = new SystemGraphComponents();
        systemGraphComponents.register(new DefaultSystemGraphComponent(defaults));
        systemGraphComponents.register(new UserSecurityGraphComponent((AbstractSecurityLog) Mockito.mock(AbstractSecurityLog.class), this.oldUsers, this.initialPassword, defaults));
        this.systemGraphInitializer = new DefaultSystemGraphInitializer(SystemGraphRealmHelper.makeSystemSupplier(this.dbManager), systemGraphComponents);
        this.systemGraphInitializer.start();
        this.realm = new BasicSystemGraphRealm(this.realmHelper, new RateLimitedAuthenticationStrategy(Clock.systemUTC(), defaults));
    }
}
