package org.neo4j.security;

import java.io.IOException;
import java.time.Clock;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.neo4j.common.DependencyResolver;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.dbms.api.DatabaseManagementService;
import org.neo4j.dbms.database.DefaultSystemGraphComponent;
import org.neo4j.dbms.database.SystemGraphComponent;
import org.neo4j.dbms.database.SystemGraphComponents;
import org.neo4j.dbms.systemgraph.CommunityTopologyGraphComponent;
import org.neo4j.function.ThrowingConsumer;
import org.neo4j.graphdb.Node;
import org.neo4j.graphdb.NotFoundException;
import org.neo4j.graphdb.ResourceIterator;
import org.neo4j.graphdb.Transaction;
import org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo;
import org.neo4j.internal.kernel.api.security.AuthenticationResult;
import org.neo4j.internal.kernel.api.security.CommunitySecurityLog;
import org.neo4j.internal.kernel.api.security.LoginContext;
import org.neo4j.kernel.api.KernelTransaction;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthToken;
import org.neo4j.kernel.impl.coreapi.InternalTransaction;
import org.neo4j.kernel.impl.factory.GraphDatabaseFacade;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.server.security.auth.SecurityTestUtils;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponent;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponentVersion;
import org.neo4j.server.security.systemgraph.versions.KnownCommunitySecurityComponentVersion;
import org.neo4j.test.TestDatabaseManagementServiceBuilder;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.utils.TestDirectory;

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/security/UserSecurityGraphComponentTest.class */
class UserSecurityGraphComponentTest {

    @Inject
    private static TestDirectory directory;
    private static DatabaseManagementService dbms;
    private static GraphDatabaseFacade system;
    private static SystemGraphComponents systemGraphComponents;
    private static UserSecurityGraphComponent userSecurityGraphComponent;
    private static AuthManager authManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.security.UserSecurityGraphComponentTest$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/security/UserSecurityGraphComponentTest$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$neo4j$server$security$systemgraph$UserSecurityGraphComponentVersion = new int[UserSecurityGraphComponentVersion.values().length];

        static {
            try {
                $SwitchMap$org$neo4j$server$security$systemgraph$UserSecurityGraphComponentVersion[UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_40.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$neo4j$server$security$systemgraph$UserSecurityGraphComponentVersion[UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_41.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$neo4j$server$security$systemgraph$UserSecurityGraphComponentVersion[UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_43D4.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    UserSecurityGraphComponentTest() {
    }

    @BeforeAll
    static void setup() throws IOException, InvalidArgumentsException {
        dbms = new TestDatabaseManagementServiceBuilder(directory.homePath()).impermanent().setConfig(Config.newBuilder().set(GraphDatabaseSettings.auth_enabled, Boolean.TRUE).set(GraphDatabaseSettings.allow_single_automatic_upgrade, Boolean.FALSE).build()).noOpSystemGraphInitializer().build();
        system = dbms.database("system");
        DependencyResolver dependencyResolver = system.getDependencyResolver();
        systemGraphComponents = (SystemGraphComponents) dependencyResolver.resolveDependency(SystemGraphComponents.class);
        authManager = (AuthManager) dependencyResolver.resolveDependency(AuthManager.class);
        systemGraphComponents.deregister("security-users");
        InMemoryUserRepository inMemoryUserRepository = new InMemoryUserRepository();
        inMemoryUserRepository.create(new User.Builder("alice", SecurityTestUtils.credentialFor("secret")).withRequiredPasswordChange(false).build());
        userSecurityGraphComponent = new UserSecurityGraphComponent(CommunitySecurityLog.NULL_LOG, inMemoryUserRepository, new InMemoryUserRepository(), Config.defaults());
        systemGraphComponents.register(userSecurityGraphComponent);
        systemGraphComponents.deregister("dbms-runtime");
    }

    @BeforeEach
    void clear() throws Exception {
        inTx(transaction -> {
            transaction.getAllNodes().stream().forEach(node -> {
                node.getRelationships().forEach((v0) -> {
                    v0.delete();
                });
                node.delete();
            });
        });
    }

    @AfterAll
    static void tearDown() {
        dbms.shutdown();
    }

    @MethodSource({"supportedPreviousVersions"})
    @ParameterizedTest
    void shouldAuthenticate(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        initializeLatestSystem();
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        Assertions.assertThat(authManager.login(AuthToken.newBasicAuthToken("neo4j", "neo4j"), ClientConnectionInfo.EMBEDDED_CONNECTION).subject().getAuthenticationResult()).isEqualTo(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    }

    @Test
    void shouldInitializeDefaultVersion() throws Exception {
        systemGraphComponents.initializeSystemGraph(system);
        HashMap hashMap = new HashMap();
        inTx(transaction -> {
            systemGraphComponents.forEach(systemGraphComponent -> {
                hashMap.put(systemGraphComponent.componentName(), systemGraphComponent.detect(transaction));
            });
            hashMap.put("dbms-status", systemGraphComponents.detect(transaction));
        });
        org.junit.jupiter.api.Assertions.assertEquals(hashMap.size(), 4, "Expecting four components");
        org.junit.jupiter.api.Assertions.assertEquals(SystemGraphComponent.Status.CURRENT, hashMap.get("multi-database"), "System graph status");
        org.junit.jupiter.api.Assertions.assertEquals(SystemGraphComponent.Status.CURRENT, hashMap.get("security-users"), "Users status");
        org.junit.jupiter.api.Assertions.assertEquals(SystemGraphComponent.Status.CURRENT, hashMap.get("community-topology-graph"), "Community topology graph status");
        org.junit.jupiter.api.Assertions.assertEquals(SystemGraphComponent.Status.CURRENT, hashMap.get("dbms-status"), "Overall status");
    }

    @MethodSource({"versionAndStatusProvider"})
    @ParameterizedTest
    void shouldInitializeAndUpgradeSystemGraph(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion, SystemGraphComponent.Status status) throws Exception {
        initializeLatestSystem();
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        assertCanUpgradeThisVersionAndThenUpgradeIt(status);
    }

    static Stream<Arguments> versionAndStatusProvider() {
        return Stream.of((Object[]) new Arguments[]{Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_35, SystemGraphComponent.Status.UNSUPPORTED_BUT_CAN_UPGRADE}), Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_40, SystemGraphComponent.Status.REQUIRES_UPGRADE}), Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_41, SystemGraphComponent.Status.REQUIRES_UPGRADE}), Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_43D4, SystemGraphComponent.Status.CURRENT})});
    }

    @Test
    void shouldAddUserOnUpgradeFrom3_5() throws Exception {
        initializeLatestSystem();
        initUserSecurityComponent(UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_35);
        systemGraphComponents.upgradeToCurrent(system);
        Assertions.assertThat(getUserNamesAndIds().get("alice")).isNotNull();
    }

    @MethodSource({"supportedPreviousVersions"})
    @ParameterizedTest
    void shouldAddUserIdsOnUpgradeFromOlderSystemDb(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        initializeLatestSystem();
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        createUser(userSecurityGraphComponentVersion, "alice");
        HashMap<String, Object> userNamesAndIds = getUserNamesAndIds();
        Assertions.assertThat(userNamesAndIds.get("neo4j")).isNull();
        Assertions.assertThat(userNamesAndIds.get("alice")).isNull();
        systemGraphComponents.upgradeToCurrent(system);
        HashMap<String, Object> userNamesAndIds2 = getUserNamesAndIds();
        Assertions.assertThat(userNamesAndIds2.get("neo4j")).isNotNull();
        Assertions.assertThat(userNamesAndIds2.get("alice")).isNotNull();
    }

    private static Stream<Arguments> supportedPreviousVersions() {
        return Arrays.stream(UserSecurityGraphComponentVersion.values()).filter(userSecurityGraphComponentVersion -> {
            return userSecurityGraphComponentVersion.runtimeSupported() && userSecurityGraphComponentVersion.getVersion() < UserSecurityGraphComponentVersion.LATEST_COMMUNITY_SECURITY_COMPONENT_VERSION;
        }).map(obj -> {
            return Arguments.of(new Object[]{obj});
        });
    }

    private static void assertCanUpgradeThisVersionAndThenUpgradeIt(SystemGraphComponent.Status status) throws Exception {
        SystemGraphComponents systemGraphComponents2 = (SystemGraphComponents) system.getDependencyResolver().resolveDependency(SystemGraphComponents.class);
        assertStatus(Map.of("multi-database", SystemGraphComponent.Status.CURRENT, "security-users", status, "community-topology-graph", SystemGraphComponent.Status.CURRENT, "dbms-status", status));
        systemGraphComponents2.upgradeToCurrent(system);
        assertStatus(Map.of("multi-database", SystemGraphComponent.Status.CURRENT, "security-users", SystemGraphComponent.Status.CURRENT, "community-topology-graph", SystemGraphComponent.Status.CURRENT, "dbms-status", SystemGraphComponent.Status.CURRENT));
    }

    private static void assertStatus(Map<String, SystemGraphComponent.Status> map) throws Exception {
        HashMap hashMap = new HashMap();
        inTx(transaction -> {
            systemGraphComponents.forEach(systemGraphComponent -> {
                hashMap.put(systemGraphComponent.componentName(), systemGraphComponent.detect(transaction));
            });
            hashMap.put("dbms-status", systemGraphComponents.detect(transaction));
        });
        for (Map.Entry<String, SystemGraphComponent.Status> entry : map.entrySet()) {
            org.junit.jupiter.api.Assertions.assertEquals(entry.getValue(), hashMap.get(entry.getKey()), entry.getKey());
        }
    }

    private HashMap<String, Object> getUserNamesAndIds() {
        Object obj;
        HashMap<String, Object> hashMap = new HashMap<>();
        InternalTransaction beginTransaction = system.beginTransaction(KernelTransaction.Type.EXPLICIT, LoginContext.AUTH_DISABLED);
        try {
            ResourceIterator findNodes = beginTransaction.findNodes(KnownCommunitySecurityComponentVersion.USER_LABEL);
            while (findNodes.hasNext()) {
                Node node = (Node) findNodes.next();
                String obj2 = node.getProperty("name").toString();
                try {
                    obj = node.getProperty("id");
                } catch (NotFoundException e) {
                    obj = null;
                }
                hashMap.put(obj2, obj);
            }
            if (beginTransaction != null) {
                beginTransaction.close();
            }
            return hashMap;
        } catch (Throwable th) {
            if (beginTransaction != null) {
                try {
                    beginTransaction.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void createUser(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion, String str) {
        KnownCommunitySecurityComponentVersion findSecurityGraphComponentVersion = userSecurityGraphComponent.findSecurityGraphComponentVersion(userSecurityGraphComponentVersion);
        InternalTransaction beginTransaction = system.beginTransaction(KernelTransaction.Type.EXPLICIT, LoginContext.AUTH_DISABLED);
        try {
            findSecurityGraphComponentVersion.addUser(beginTransaction, str, SecurityTestUtils.credentialFor("abc123"), false, false);
            beginTransaction.commit();
            if (beginTransaction != null) {
                beginTransaction.close();
            }
        } catch (Throwable th) {
            if (beginTransaction != null) {
                try {
                    beginTransaction.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void initializeLatestSystem() throws Exception {
        new DefaultSystemGraphComponent(Config.defaults(), Clock.systemUTC()).initializeSystemGraph(system, true);
        new CommunityTopologyGraphComponent(Config.defaults(), NullLogProvider.getInstance()).initializeSystemGraph(system, true);
    }

    private static void initUserSecurityComponent(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        KnownCommunitySecurityComponentVersion findSecurityGraphComponentVersion = userSecurityGraphComponent.findSecurityGraphComponentVersion(userSecurityGraphComponentVersion);
        inTx(transaction -> {
            userSecurityGraphComponent.initializeSystemGraphConstraints(transaction);
        });
        switch (AnonymousClass1.$SwitchMap$org$neo4j$server$security$systemgraph$UserSecurityGraphComponentVersion[userSecurityGraphComponentVersion.ordinal()]) {
            case 1:
                Objects.requireNonNull(findSecurityGraphComponentVersion);
                inTx(findSecurityGraphComponentVersion::setupUsers);
                return;
            case 2:
            case 3:
                Objects.requireNonNull(findSecurityGraphComponentVersion);
                inTx(findSecurityGraphComponentVersion::setupUsers);
                inTx(transaction2 -> {
                    findSecurityGraphComponentVersion.setVersionProperty(transaction2, userSecurityGraphComponentVersion.getVersion());
                });
                return;
            default:
                return;
        }
    }

    private static void inTx(ThrowingConsumer<Transaction, Exception> throwingConsumer) throws Exception {
        Transaction beginTx = system.beginTx();
        try {
            throwingConsumer.accept(beginTx);
            beginTx.commit();
            if (beginTx != null) {
                beginTx.close();
            }
        } catch (Throwable th) {
            if (beginTx != null) {
                try {
                    beginTx.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
