package org.neo4j.security;

import java.time.Clock;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseInternalSettings;
import org.neo4j.cypher.internal.security.SecureHasher;
import org.neo4j.dbms.database.DefaultSystemGraphComponent;
import org.neo4j.dbms.database.DefaultSystemGraphInitializer;
import org.neo4j.dbms.database.SystemGraphComponents;
import org.neo4j.dbms.database.SystemGraphInitializer;
import org.neo4j.graphdb.Transaction;
import org.neo4j.internal.kernel.api.security.CommunitySecurityLog;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.security.BasicSystemGraphRealmTestHelper;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.server.security.auth.UserRepository;
import org.neo4j.server.security.systemgraph.SystemGraphRealmHelper;
import org.neo4j.server.security.systemgraph.UserSecurityGraphComponent;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.TestDirectoryExtension;
import org.neo4j.test.utils.TestDirectory;

@TestDirectoryExtension
/* loaded from: input_file:org/neo4j/security/UserSecurityGraphInitializationIT.class */
class UserSecurityGraphInitializationIT {
    private BasicSystemGraphRealmTestHelper.TestDatabaseContextProvider dbManager;
    private SystemGraphRealmHelper realmHelper;

    @Inject
    private TestDirectory testDirectory;
    private UserRepository initialPassword;
    private SystemGraphInitializer systemGraphInitializer;

    UserSecurityGraphInitializationIT() {
    }

    @BeforeEach
    void setUp() {
        this.dbManager = new BasicSystemGraphRealmTestHelper.TestDatabaseContextProvider(this.testDirectory);
        this.realmHelper = new SystemGraphRealmHelper(SystemGraphRealmHelper.makeSystemSupplier(this.dbManager), new SecureHasher());
        this.initialPassword = new InMemoryUserRepository();
    }

    @AfterEach
    void tearDown() {
        this.dbManager.getManagementService().shutdown();
    }

    @Test
    void shouldCreateDefaultUserIfNoneExist() throws Throwable {
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j", true);
    }

    @Test
    void shouldLoadInitialUserWithInitialPassword() throws Throwable {
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "123", false));
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "123");
    }

    @Test
    void shouldLoadInitialUserWithInitialPasswordOnRestart() throws Throwable {
        startSystemGraphRealm();
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j", true);
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "abc", false));
        this.systemGraphInitializer.start();
        BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "neo4j");
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "abc");
    }

    @Test
    void shouldNotLoadInitialUserWithInitialPasswordOnRestartWhenAlreadyChanged() throws Throwable {
        startSystemGraphRealm();
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "neo4j2", false));
        this.systemGraphInitializer.start();
        this.initialPassword.clear();
        this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "abc", false));
        this.systemGraphInitializer.start();
        BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "neo4j");
        BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j2");
        BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "abc");
    }

    @Test
    void shouldNotLoadInitialUserWithInitialPasswordWhenOtherUsersExist() throws Throwable {
        startSystemGraphRealm();
        Transaction beginTx = this.dbManager.testSystemDb.beginTx();
        try {
            beginTx.execute("CREATE USER Alice SET PASSWORD 'password'");
            beginTx.commit();
            if (beginTx != null) {
                beginTx.close();
            }
            this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "neo4j2password", false));
            this.systemGraphInitializer.start();
            BasicSystemGraphRealmTestHelper.assertAuthenticationSucceeds(this.realmHelper, "neo4j", "neo4j", true);
            BasicSystemGraphRealmTestHelper.assertAuthenticationFails(this.realmHelper, "neo4j", "neo4j2password");
        } catch (Throwable th) {
            if (beginTx != null) {
                try {
                    beginTx.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void shouldNotReCreateInitialUser() throws Throwable {
        startSystemGraphRealm();
        Transaction beginTx = this.dbManager.testSystemDb.beginTx();
        try {
            beginTx.execute(String.format("DROP USER %s", "neo4j"));
            beginTx.commit();
            if (beginTx != null) {
                beginTx.close();
            }
            this.initialPassword.create(BasicSystemGraphRealmTestHelper.createUser("neo4j", "neo4j2", false));
            this.systemGraphInitializer.start();
            Assertions.assertThatThrownBy(() -> {
                this.realmHelper.getUser("neo4j");
            }).isInstanceOf(InvalidArgumentsException.class).hasMessage(String.format("User '%s' does not exist.", "neo4j"));
        } catch (Throwable th) {
            if (beginTx != null) {
                try {
                    beginTx.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void startSystemGraphRealm() throws Exception {
        Config defaults = Config.defaults(GraphDatabaseInternalSettings.auth_store_directory, this.testDirectory.directory("data/dbms"));
        SystemGraphComponents systemGraphComponents = new SystemGraphComponents();
        systemGraphComponents.register(new DefaultSystemGraphComponent(defaults, Clock.systemUTC()));
        systemGraphComponents.register(new UserSecurityGraphComponent(this.initialPassword, defaults, NullLogProvider.getInstance(), CommunitySecurityLog.NULL_LOG));
        this.systemGraphInitializer = new DefaultSystemGraphInitializer(SystemGraphRealmHelper.makeSystemSupplier(this.dbManager), systemGraphComponents);
        this.systemGraphInitializer.start();
    }
}
