package org.neo4j.security;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.neo4j.collection.Dependencies;
import org.neo4j.common.DependencyResolver;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseInternalSettings;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.dbms.api.DatabaseManagementService;
import org.neo4j.dbms.database.ComponentVersion;
import org.neo4j.dbms.database.KeepFirstDuplicateBuilder;
import org.neo4j.dbms.database.SystemGraphComponent;
import org.neo4j.dbms.database.SystemGraphComponentWithVersion;
import org.neo4j.dbms.database.SystemGraphComponents;
import org.neo4j.function.ThrowingConsumer;
import org.neo4j.graphdb.GraphDatabaseService;
import org.neo4j.graphdb.Node;
import org.neo4j.graphdb.NotFoundException;
import org.neo4j.graphdb.ResourceIterator;
import org.neo4j.graphdb.Transaction;
import org.neo4j.graphdb.schema.ConstraintDefinition;
import org.neo4j.internal.helpers.collection.Iterables;
import org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo;
import org.neo4j.internal.kernel.api.security.AuthenticationResult;
import org.neo4j.internal.kernel.api.security.CommunitySecurityLog;
import org.neo4j.internal.kernel.api.security.LoginContext;
import org.neo4j.kernel.api.KernelTransaction;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthToken;
import org.neo4j.kernel.impl.coreapi.InternalTransaction;
import org.neo4j.kernel.impl.factory.GraphDatabaseFacade;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.server.security.auth.SecurityTestUtils;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponent;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponentVersion;
import org.neo4j.server.security.systemgraph.versions.KnownCommunitySecurityComponentVersion;
import org.neo4j.test.TestDatabaseManagementServiceBuilder;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.utils.TestDirectory;

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/security/UserSecurityGraphComponentIT.class */
class UserSecurityGraphComponentIT {

    @Inject
    private static TestDirectory directory;
    private static DatabaseManagementService dbms;
    private static GraphDatabaseFacade system;
    private static SystemGraphComponents internalSystemGraphComponents;
    private static UserSecurityGraphComponent userSecurityGraphComponent;
    private static AuthManager authManager;
    private static final SystemGraphComponent.Name testComponent = new SystemGraphComponent.Name("test-component");

    /* loaded from: input_file:org/neo4j/security/UserSecurityGraphComponentIT$StubComponent.class */
    static class StubComponent implements SystemGraphComponentWithVersion {
        private final SystemGraphComponent.Name name;

        public StubComponent(String str) {
            this.name = new SystemGraphComponent.Name(str);
        }

        public SystemGraphComponent.Name componentName() {
            return this.name;
        }

        public int getLatestSupportedVersion() {
            return 0;
        }

        public SystemGraphComponent.Status detect(Transaction transaction) {
            return SystemGraphComponent.Status.CURRENT;
        }

        public void initializeSystemGraph(GraphDatabaseService graphDatabaseService, boolean z) {
        }

        public void upgradeToCurrent(GraphDatabaseService graphDatabaseService) {
        }
    }

    UserSecurityGraphComponentIT() {
    }

    @BeforeAll
    static void setup() {
        Config build = Config.newBuilder().set(GraphDatabaseSettings.auth_enabled, Boolean.TRUE).set(GraphDatabaseInternalSettings.automatic_upgrade_enabled, Boolean.FALSE).build();
        KeepFirstDuplicateBuilder keepFirstDuplicateBuilder = new KeepFirstDuplicateBuilder();
        keepFirstDuplicateBuilder.register(new StubComponent(ComponentVersion.DBMS_RUNTIME_COMPONENT.name()));
        keepFirstDuplicateBuilder.register(new StubComponent(ComponentVersion.SECURITY_USER_COMPONENT.name()));
        dbms = new TestDatabaseManagementServiceBuilder(directory.homePath()).impermanent().setConfig(build).setExternalDependencies(Dependencies.dependenciesOf(keepFirstDuplicateBuilder)).noOpSystemGraphInitializer().build();
        system = dbms.database("system");
        DependencyResolver dependencyResolver = system.getDependencyResolver();
        authManager = (AuthManager) dependencyResolver.resolveDependency(AuthManager.class);
        userSecurityGraphComponent = new UserSecurityGraphComponent(new InMemoryUserRepository(), Config.defaults(), NullLogProvider.getInstance(), CommunitySecurityLog.NULL_LOG);
        internalSystemGraphComponents = (SystemGraphComponents) dependencyResolver.resolveDependency(SystemGraphComponents.class);
    }

    @BeforeEach
    void clear() throws Exception {
        inTx(transaction -> {
            Iterables.forEach(transaction.getAllNodes(), node -> {
                Iterables.forEach(node.getRelationships(), (v0) -> {
                    v0.delete();
                });
                node.delete();
            });
        });
        inTx(transaction2 -> {
            transaction2.schema().getConstraints().forEach((v0) -> {
                v0.drop();
            });
        });
        internalSystemGraphComponents.initializeSystemGraph(system);
    }

    @AfterAll
    static void tearDown() {
        dbms.shutdown();
    }

    @MethodSource({"supportedPreviousVersions"})
    @ParameterizedTest
    void shouldAuthenticate(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        Assertions.assertThat(authManager.login(AuthToken.newBasicAuthToken("neo4j", "neo4j"), ClientConnectionInfo.EMBEDDED_CONNECTION).subject().getAuthenticationResult()).isEqualTo(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    }

    @Test
    void shouldInitializeDefaultVersion() throws Exception {
        userSecurityGraphComponent.initializeSystemGraph(system, true);
        SystemGraphComponents systemGraphComponentsPlus = systemGraphComponentsPlus(internalSystemGraphComponents, userSecurityGraphComponent);
        HashMap hashMap = new HashMap();
        SystemGraphComponent.Name name = new SystemGraphComponent.Name("overall-status");
        inTx(transaction -> {
            systemGraphComponentsPlus.forEach(systemGraphComponent -> {
                hashMap.put(systemGraphComponent.componentName(), systemGraphComponent.detect(transaction));
            });
            hashMap.put(name, systemGraphComponentsPlus.detect(transaction));
        });
        Set of = Set.of(ComponentVersion.DBMS_RUNTIME_COMPONENT, ComponentVersion.MULTI_DATABASE_COMPONENT, ComponentVersion.SECURITY_USER_COMPONENT, ComponentVersion.COMMUNITY_TOPOLOGY_GRAPH_COMPONENT, name);
        Assertions.assertThat(hashMap.keySet()).containsExactlyInAnyOrderElementsOf(of);
        Iterator it = of.iterator();
        while (it.hasNext()) {
            Assertions.assertThat((SystemGraphComponent.Status) hashMap.get((SystemGraphComponent.Name) it.next())).as("Component status should all be current", new Object[0]).isEqualTo(SystemGraphComponent.Status.CURRENT);
        }
    }

    @MethodSource({"versionAndStatusProvider"})
    @ParameterizedTest
    void shouldInitializeAndUpgradeSystemGraph(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion, SystemGraphComponent.Status status) throws Exception {
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        assertCanUpgradeThisVersionAndThenUpgradeIt(status);
    }

    static Stream<Arguments> versionAndStatusProvider() {
        return Stream.of((Object[]) new Arguments[]{Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_40, SystemGraphComponent.Status.REQUIRES_UPGRADE}), Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_41, SystemGraphComponent.Status.REQUIRES_UPGRADE}), Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_43D4, SystemGraphComponent.Status.REQUIRES_UPGRADE}), Arguments.arguments(new Object[]{UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_50, SystemGraphComponent.Status.CURRENT})});
    }

    @MethodSource({"beforeUserId"})
    @ParameterizedTest
    void shouldAddUserIdsOnUpgradeFromOlderSystemDb(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        SystemGraphComponents systemGraphComponentsPlus = systemGraphComponentsPlus(internalSystemGraphComponents, userSecurityGraphComponent);
        createUser(userSecurityGraphComponentVersion, "alice");
        HashMap<String, Object> userNamesAndIds = getUserNamesAndIds();
        Assertions.assertThat(userNamesAndIds.get("neo4j")).isNull();
        Assertions.assertThat(userNamesAndIds.get("alice")).isNull();
        systemGraphComponentsPlus.upgradeToCurrent(system);
        HashMap<String, Object> userNamesAndIds2 = getUserNamesAndIds();
        Assertions.assertThat(userNamesAndIds2.get("neo4j")).isNotNull();
        Assertions.assertThat(userNamesAndIds2.get("alice")).isNotNull();
    }

    @MethodSource({"beforeUserIdConstraint"})
    @ParameterizedTest
    void shouldAddConstraintForUserIdsOnUpgradeFromOlderSystemDb(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        initUserSecurityComponent(userSecurityGraphComponentVersion);
        SystemGraphComponents systemGraphComponentsPlus = systemGraphComponentsPlus(internalSystemGraphComponents, userSecurityGraphComponent);
        InternalTransaction beginTransaction = system.beginTransaction(KernelTransaction.Type.EXPLICIT, LoginContext.AUTH_DISABLED);
        try {
            Iterator it = beginTransaction.schema().getConstraints(KnownCommunitySecurityComponentVersion.USER_LABEL).iterator();
            while (it.hasNext()) {
                Iterator it2 = ((ConstraintDefinition) it.next()).getPropertyKeys().iterator();
                while (it2.hasNext()) {
                    Assertions.assertThat((String) it2.next()).isIn(new Object[]{"name"});
                }
            }
            beginTransaction.commit();
            if (beginTransaction != null) {
                beginTransaction.close();
            }
            systemGraphComponentsPlus.upgradeToCurrent(system);
            beginTransaction = system.beginTransaction(KernelTransaction.Type.EXPLICIT, LoginContext.AUTH_DISABLED);
            try {
                Iterator it3 = beginTransaction.schema().getConstraints(KnownCommunitySecurityComponentVersion.USER_LABEL).iterator();
                while (it3.hasNext()) {
                    Iterator it4 = ((ConstraintDefinition) it3.next()).getPropertyKeys().iterator();
                    while (it4.hasNext()) {
                        Assertions.assertThat((String) it4.next()).isIn(new Object[]{"name", "id"});
                    }
                }
                beginTransaction.commit();
                if (beginTransaction != null) {
                    beginTransaction.close();
                }
            } finally {
            }
        } finally {
        }
    }

    private static SystemGraphComponents systemGraphComponentsPlus(SystemGraphComponents systemGraphComponents, SystemGraphComponent... systemGraphComponentArr) {
        KeepFirstDuplicateBuilder keepFirstDuplicateBuilder = new KeepFirstDuplicateBuilder();
        for (SystemGraphComponent systemGraphComponent : systemGraphComponentArr) {
            keepFirstDuplicateBuilder.register(systemGraphComponent);
        }
        Objects.requireNonNull(keepFirstDuplicateBuilder);
        systemGraphComponents.forEach(keepFirstDuplicateBuilder::register);
        return keepFirstDuplicateBuilder.build();
    }

    private static Stream<Arguments> supportedPreviousVersions() {
        return Arrays.stream(UserSecurityGraphComponentVersion.values()).filter(userSecurityGraphComponentVersion -> {
            return userSecurityGraphComponentVersion.runtimeSupported() && !userSecurityGraphComponentVersion.isCurrent(Config.defaults());
        }).map(obj -> {
            return Arguments.of(new Object[]{obj});
        });
    }

    private static Stream<Arguments> beforeUserId() {
        return Arrays.stream(UserSecurityGraphComponentVersion.values()).filter(userSecurityGraphComponentVersion -> {
            return userSecurityGraphComponentVersion.runtimeSupported() && userSecurityGraphComponentVersion.getVersion() < UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_43D4.getVersion();
        }).map(obj -> {
            return Arguments.of(new Object[]{obj});
        });
    }

    private static Stream<Arguments> beforeUserIdConstraint() {
        return Arrays.stream(UserSecurityGraphComponentVersion.values()).filter(userSecurityGraphComponentVersion -> {
            return userSecurityGraphComponentVersion.runtimeSupported() && userSecurityGraphComponentVersion.getVersion() < UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_50.getVersion();
        }).map(obj -> {
            return Arguments.of(new Object[]{obj});
        });
    }

    private static void assertCanUpgradeThisVersionAndThenUpgradeIt(SystemGraphComponent.Status status) throws Exception {
        SystemGraphComponents systemGraphComponentsPlus = systemGraphComponentsPlus((SystemGraphComponents) system.getDependencyResolver().resolveDependency(SystemGraphComponents.class), userSecurityGraphComponent);
        assertStatus(systemGraphComponentsPlus, Map.of(ComponentVersion.DBMS_RUNTIME_COMPONENT, SystemGraphComponent.Status.CURRENT, ComponentVersion.MULTI_DATABASE_COMPONENT, SystemGraphComponent.Status.CURRENT, ComponentVersion.SECURITY_USER_COMPONENT, status, ComponentVersion.COMMUNITY_TOPOLOGY_GRAPH_COMPONENT, SystemGraphComponent.Status.CURRENT, testComponent, status));
        systemGraphComponentsPlus.upgradeToCurrent(system);
        assertStatus(systemGraphComponentsPlus, Map.of(ComponentVersion.DBMS_RUNTIME_COMPONENT, SystemGraphComponent.Status.CURRENT, ComponentVersion.MULTI_DATABASE_COMPONENT, SystemGraphComponent.Status.CURRENT, ComponentVersion.SECURITY_USER_COMPONENT, SystemGraphComponent.Status.CURRENT, ComponentVersion.COMMUNITY_TOPOLOGY_GRAPH_COMPONENT, SystemGraphComponent.Status.CURRENT, testComponent, SystemGraphComponent.Status.CURRENT));
    }

    private static void assertStatus(SystemGraphComponents systemGraphComponents, Map<SystemGraphComponent.Name, SystemGraphComponent.Status> map) throws Exception {
        HashMap hashMap = new HashMap();
        inTx(transaction -> {
            systemGraphComponents.forEach(systemGraphComponent -> {
                hashMap.put(systemGraphComponent.componentName(), systemGraphComponent.detect(transaction));
            });
            hashMap.put(testComponent, systemGraphComponents.detect(transaction));
        });
        Assertions.assertThat(hashMap).isEqualTo(map);
    }

    private HashMap<String, Object> getUserNamesAndIds() {
        Object obj;
        HashMap<String, Object> hashMap = new HashMap<>();
        InternalTransaction beginTransaction = system.beginTransaction(KernelTransaction.Type.EXPLICIT, LoginContext.AUTH_DISABLED);
        try {
            ResourceIterator findNodes = beginTransaction.findNodes(KnownCommunitySecurityComponentVersion.USER_LABEL);
            while (findNodes.hasNext()) {
                try {
                    Node node = (Node) findNodes.next();
                    String obj2 = node.getProperty("name").toString();
                    try {
                        obj = node.getProperty("id");
                    } catch (NotFoundException e) {
                        obj = null;
                    }
                    hashMap.put(obj2, obj);
                } finally {
                }
            }
            if (findNodes != null) {
                findNodes.close();
            }
            if (beginTransaction != null) {
                beginTransaction.close();
            }
            return hashMap;
        } catch (Throwable th) {
            if (beginTransaction != null) {
                try {
                    beginTransaction.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void createUser(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion, String str) {
        KnownCommunitySecurityComponentVersion findSecurityGraphComponentVersion = userSecurityGraphComponent.findSecurityGraphComponentVersion(userSecurityGraphComponentVersion);
        InternalTransaction beginTransaction = system.beginTransaction(KernelTransaction.Type.EXPLICIT, LoginContext.AUTH_DISABLED);
        try {
            findSecurityGraphComponentVersion.addUser(beginTransaction, str, SecurityTestUtils.credentialFor("abc123"), false, false);
            beginTransaction.commit();
            if (beginTransaction != null) {
                beginTransaction.close();
            }
        } catch (Throwable th) {
            if (beginTransaction != null) {
                try {
                    beginTransaction.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void initUserSecurityComponent(UserSecurityGraphComponentVersion userSecurityGraphComponentVersion) throws Exception {
        KnownCommunitySecurityComponentVersion findSecurityGraphComponentVersion = userSecurityGraphComponent.findSecurityGraphComponentVersion(userSecurityGraphComponentVersion);
        inTx(transaction -> {
            transaction.schema().constraintFor(KnownCommunitySecurityComponentVersion.USER_LABEL).assertPropertyIsUnique("name").create();
        });
        Objects.requireNonNull(findSecurityGraphComponentVersion);
        inTx(findSecurityGraphComponentVersion::setupUsers);
        if (userSecurityGraphComponentVersion != UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_40) {
            inTx(transaction2 -> {
                findSecurityGraphComponentVersion.setVersionProperty(transaction2, userSecurityGraphComponentVersion.getVersion());
            });
        }
        if (userSecurityGraphComponentVersion.getVersion() >= UserSecurityGraphComponentVersion.COMMUNITY_SECURITY_50.getVersion()) {
            inTx(transaction3 -> {
                transaction3.schema().constraintFor(KnownCommunitySecurityComponentVersion.USER_LABEL).assertPropertyIsUnique("id").create();
            });
        }
        userSecurityGraphComponent.postInitialization(system, true);
    }

    private static void inTx(ThrowingConsumer<Transaction, Exception> throwingConsumer) throws Exception {
        Transaction beginTx = system.beginTx();
        try {
            throwingConsumer.accept(beginTx);
            beginTx.commit();
            if (beginTx != null) {
                beginTx.close();
            }
        } catch (Throwable th) {
            if (beginTx != null) {
                try {
                    beginTx.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
