package org.neo4j.server.security.enterprise.auth;

import java.util.Map;
import java.util.concurrent.ExecutionException;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.neo4j.bolt.v1.messaging.message.Message;
import org.neo4j.bolt.v1.messaging.message.Messages;
import org.neo4j.bolt.v1.messaging.util.MessageMatchers;
import org.neo4j.bolt.v1.transport.integration.TransportTestUtil;
import org.neo4j.bolt.v1.transport.socket.client.Connection;
import org.neo4j.bolt.v1.transport.socket.client.SocketConnection;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
import org.neo4j.test.rule.concurrent.ThreadingRule;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/AuthProceduresTestLogic.class */
public abstract class AuthProceduresTestLogic<S> extends AuthTestBase<S> {
    static final String PWD_CHANGE = AuthenticationResult.PASSWORD_CHANGE_REQUIRED.name().toLowerCase();

    @Rule
    public final ThreadingRule threading = new ThreadingRule();

    @Test
    public void shouldChangeOwnPassword() throws Throwable {
        assertEmpty(this.readSubject, "CALL dbms.changePassword( '321' )");
        this.neo.updateAuthToken(this.readSubject, "readSubject", "321");
        this.neo.assertAuthenticated(this.readSubject);
        testSuccessfulRead(this.readSubject, 3);
    }

    @Test
    public void shouldChangeOwnPasswordEvenIfHasNoAuthorization() throws Throwable {
        this.neo.assertAuthenticated(this.noneSubject);
        assertEmpty(this.noneSubject, "CALL dbms.changePassword( '321' )");
        this.neo.updateAuthToken(this.noneSubject, "noneSubject", "321");
        this.neo.assertAuthenticated(this.noneSubject);
    }

    @Test
    public void shouldNotChangeOwnPasswordIfNewPasswordInvalid() throws Exception {
        assertFail(this.readSubject, "CALL dbms.changePassword( '' )", "Password cannot be empty");
        assertFail(this.readSubject, "CALL dbms.changePassword( '123' )", "Old password and new password cannot be the same");
    }

    @Test
    public void shouldListSelfTransaction() {
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
    }

    @Test
    public void shouldNotListTransactionsIfNotAdmin() {
        assertFail(this.noneSubject, "CALL dbms.listTransactions()", "Permission denied");
        assertFail(this.readSubject, "CALL dbms.listTransactions()", "Permission denied");
        assertFail(this.writeSubject, "CALL dbms.listTransactions()", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.listTransactions()", "Permission denied");
    }

    @Test
    public void shouldListTransactions() throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        ThreadedTransactionCreate threadedTransactionCreate2 = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, this.writeSubject);
        threadedTransactionCreate2.execute(this.threading, this.writeSubject);
        threadedTransactionCreate.barrier.await();
        threadedTransactionCreate2.barrier.await();
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1", "writeSubject", "2"}));
        });
        threadedTransactionCreate.closeAndAssertSuccess();
        threadedTransactionCreate2.closeAndAssertSuccess();
    }

    @Test
    public void shouldTerminateTransactionForUser() throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, this.writeSubject);
        threadedTransactionCreate.barrier.await();
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"writeSubject", "1"}));
        });
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
        threadedTransactionCreate.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    @Test
    public void shouldTerminateOnlyGivenUsersTransaction() throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        ThreadedTransactionCreate threadedTransactionCreate2 = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, this.schemaSubject);
        threadedTransactionCreate2.execute(this.threading, this.writeSubject);
        threadedTransactionCreate.barrier.await();
        threadedTransactionCreate2.barrier.await();
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'schemaSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"schemaSubject", "1"}));
        });
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1", "writeSubject", "1"}));
        });
        threadedTransactionCreate.closeAndAssertTransactionTermination();
        threadedTransactionCreate2.closeAndAssertSuccess();
        assertSuccess(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name", resourceIterator3 -> {
            assertKeyIs(resourceIterator3, "name", "writeSubject-node");
        });
    }

    @Test
    public void shouldTerminateAllTransactionsForGivenUser() throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        ThreadedTransactionCreate threadedTransactionCreate2 = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, this.schemaSubject);
        threadedTransactionCreate2.execute(this.threading, this.schemaSubject);
        threadedTransactionCreate.barrier.await();
        threadedTransactionCreate2.barrier.await();
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'schemaSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"schemaSubject", "2"}));
        });
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
        threadedTransactionCreate.closeAndAssertTransactionTermination();
        threadedTransactionCreate2.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    @Test
    public void shouldNotTerminateTerminationTransaction() throws InterruptedException, ExecutionException {
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'adminSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"adminSubject", "0"}));
        });
        assertSuccess(this.readSubject, "CALL dbms.terminateTransactionsForUser( 'readSubject' )", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "transactionsTerminated", MapUtil.map(new Object[]{"readSubject", "0"}));
        });
    }

    @Test
    public void shouldTerminateSelfTransactionsExceptTerminationTransactionIfAdmin() throws Throwable {
        shouldTerminateSelfTransactionsExceptTerminationTransaction(this.adminSubject);
    }

    @Test
    public void shouldTerminateSelfTransactionsExceptTerminationTransactionIfNotAdmin() throws Throwable {
        shouldTerminateSelfTransactionsExceptTerminationTransaction(this.writeSubject);
    }

    private void shouldTerminateSelfTransactionsExceptTerminationTransaction(S s) throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, s);
        threadedTransactionCreate.barrier.await();
        String nameOf = this.neo.nameOf(s);
        assertSuccess(s, "CALL dbms.terminateTransactionsForUser( '" + nameOf + "' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{nameOf, "1"}));
        });
        threadedTransactionCreate.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    @Test
    public void shouldNotTerminateTransactionsIfNonExistentUser() throws InterruptedException, ExecutionException {
        assertFail(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'Petra' )", "User 'Petra' does not exist");
        assertFail(this.adminSubject, "CALL dbms.terminateTransactionsForUser( '' )", "User '' does not exist");
    }

    @Test
    public void shouldNotTerminateTransactionsIfNotAdmin() throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, this.writeSubject);
        threadedTransactionCreate.barrier.await();
        assertFail(this.noneSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", "Permission denied");
        assertFail(this.pwdSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", this.CHANGE_PWD_ERR_MSG);
        assertFail(this.readSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", "Permission denied");
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIs(resourceIterator, "username", "adminSubject", "writeSubject");
        });
        threadedTransactionCreate.closeAndAssertSuccess();
        assertSuccess(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "name", "writeSubject-node");
        });
    }

    @Test
    public void shouldChangeUserPassword() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.changeUserPassword( 'readSubject', '321' )");
        this.neo.assertUnauthenticated(this.neo.login("readSubject", "123"));
        this.neo.assertAuthenticated(this.neo.login("readSubject", "321"));
    }

    @Test
    public void shouldNotChangeUserPasswordIfNotAdmin() throws Exception {
        assertFail(this.schemaSubject, "CALL dbms.changeUserPassword( 'readSubject', '321' )", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.changeUserPassword( 'jake', '321' )", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.changeUserPassword( 'readSubject', '' )", "Permission denied");
    }

    @Test
    public void shouldChangeUserPasswordIfSameUser() throws Throwable {
        assertEmpty(this.readSubject, "CALL dbms.changeUserPassword( 'readSubject', '321' )");
        this.neo.updateAuthToken(this.readSubject, "readSubject", "321");
        this.neo.assertAuthenticated(this.readSubject);
        testSuccessfulRead(this.readSubject, 3);
        assertEmpty(this.adminSubject, "CALL dbms.changeUserPassword( 'adminSubject', 'cba' )");
        this.neo.updateAuthToken(this.adminSubject, "adminSubject", "cba");
        this.neo.assertAuthenticated(this.adminSubject);
        testSuccessfulRead(this.adminSubject, 3);
    }

    @Test
    public void shouldFailToChangeUserPasswordIfSameUserButInvalidPassword() throws Exception {
        assertFail(this.readSubject, "CALL dbms.changeUserPassword( 'readSubject', '123' )", "Old password and new password cannot be the same");
        assertFail(this.adminSubject, "CALL dbms.changeUserPassword( 'adminSubject', 'abc' )", "Old password and new password cannot be the same");
    }

    @Test
    public void shouldNotChangeUserPasswordIfNonExistentUser() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.changeUserPassword( 'jake', '321' )", "User 'jake' does not exist");
    }

    @Test
    public void shouldNotChangeUserPasswordIfEmptyPassword() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.changeUserPassword( 'readSubject', '' )", "Password cannot be empty");
    }

    @Test
    public void shouldNotChangeUserPasswordIfSamePassword() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.changeUserPassword( 'readSubject', '123' )", "Old password and new password cannot be the same");
    }

    @Test
    public void shouldTerminateTransactionsOnChangeUserPassword() throws Throwable {
        shouldTerminateTransactionsForUser(this.writeSubject, "dbms.changeUserPassword( '%s', 'newPassword' )");
    }

    @Test
    public void shouldTerminateSessionsOnChangeUserPassword() throws Exception {
        Connection startBoltSession = startBoltSession("writeSubject", "abc");
        assertSuccess(this.adminSubject, "CALL dbms.listSessions() YIELD username, sessionCount WITH username, sessionCount WHERE username = 'writeSubject' RETURN username, sessionCount", resourceIterator -> {
            Object[] objArr = new Object[2];
            objArr[0] = "writeSubject";
            objArr[1] = this.IS_BOLT ? "2" : "1";
            assertKeyIsMap(resourceIterator, "username", "sessionCount", MapUtil.map(objArr));
        });
        assertEmpty(this.adminSubject, "CALL dbms.changeUserPassword( 'writeSubject', 'newPassword' )");
        assertEmpty(this.adminSubject, "CALL dbms.listSessions() YIELD username, sessionCount WITH username, sessionCount WHERE username = 'writeSubject' RETURN username, sessionCount");
        startBoltSession.disconnect();
    }

    @Test
    public void shouldCreateUser() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.createUser('craig', '1234', true)");
        this.userManager.getUser("craig");
    }

    @Test
    public void shouldNotCreateUserIfInvalidUsername() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.createUser('', '1234', true)", "User name contains illegal characters");
        assertFail(this.adminSubject, "CALL dbms.createUser('&%ss!', '1234', true)", "User name contains illegal characters");
        assertFail(this.adminSubject, "CALL dbms.createUser('&%ss!', '', true)", "User name contains illegal characters");
    }

    @Test
    public void shouldNotCreateUserIfInvalidPassword() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.createUser('craig', '', true)", "Password cannot be empty");
    }

    @Test
    public void shouldNotCreateExistingUser() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.createUser('readSubject', '1234', true)", "The specified user already exists");
        assertFail(this.adminSubject, "CALL dbms.createUser('readSubject', '', true)", "Password cannot be empty");
    }

    @Test
    public void shouldNotAllowNonAdminCreateUser() throws Exception {
        testFailCreateUser(this.pwdSubject, this.CHANGE_PWD_ERR_MSG);
        testFailCreateUser(this.readSubject, "Permission denied");
        testFailCreateUser(this.writeSubject, "Permission denied");
        testFailCreateUser(this.schemaSubject, "Permission denied");
    }

    @Test
    public void shouldDeleteUser() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.deleteUser('noneSubject')");
        try {
            this.userManager.getUser("noneSubject");
            Assert.fail("User noneSubject should not exist");
        } catch (InvalidArgumentsException e) {
            Assert.assertTrue("User noneSubject should not exist", e.getMessage().contains("User 'noneSubject' does not exist"));
        }
        this.userManager.addUserToRole("readSubject", "publisher");
        assertEmpty(this.adminSubject, "CALL dbms.deleteUser('readSubject')");
        try {
            this.userManager.getUser("readSubject");
            Assert.fail("User readSubject should not exist");
        } catch (InvalidArgumentsException e2) {
            Assert.assertTrue("User readSubject should not exist", e2.getMessage().contains("User 'readSubject' does not exist"));
        }
        Assert.assertFalse(this.userManager.getUsernamesForRole("reader").contains("readSubject"));
        Assert.assertFalse(this.userManager.getUsernamesForRole("publisher").contains("readSubject"));
    }

    @Test
    public void shouldNotDeleteUserIfNotAdmin() throws Exception {
        testFailDeleteUser(this.pwdSubject, "readSubject", this.CHANGE_PWD_ERR_MSG);
        testFailDeleteUser(this.readSubject, "readSubject", "Permission denied");
        testFailDeleteUser(this.writeSubject, "readSubject", "Permission denied");
        testFailDeleteUser(this.schemaSubject, "readSubject", "Permission denied");
        testFailDeleteUser(this.schemaSubject, "Craig", "Permission denied");
        testFailDeleteUser(this.schemaSubject, "", "Permission denied");
    }

    @Test
    public void shouldNotAllowDeletingNonExistentUser() throws Exception {
        testFailDeleteUser(this.adminSubject, "Craig", "User 'Craig' does not exist");
        testFailDeleteUser(this.adminSubject, "", "User '' does not exist");
    }

    @Test
    public void shouldNotAllowDeletingYourself() throws Exception {
        testFailDeleteUser(this.adminSubject, "adminSubject", "Deleting yourself is not allowed");
    }

    @Test
    public void shouldTerminateTransactionsOnUserDeletion() throws Throwable {
        shouldTerminateTransactionsForUser(this.writeSubject, "dbms.deleteUser( '%s' )");
    }

    @Test
    public void shouldTerminateSessionsOnUserDeletion() throws Exception {
        Connection startBoltSession = startBoltSession("writeSubject", "abc");
        assertSuccess(this.adminSubject, "CALL dbms.listSessions() YIELD username, sessionCount WITH username, sessionCount WHERE username = 'writeSubject' RETURN username, sessionCount", resourceIterator -> {
            Object[] objArr = new Object[2];
            objArr[0] = "writeSubject";
            objArr[1] = this.IS_BOLT ? "2" : "1";
            assertKeyIsMap(resourceIterator, "username", "sessionCount", MapUtil.map(objArr));
        });
        assertEmpty(this.adminSubject, "CALL dbms.deleteUser( 'writeSubject' )");
        assertEmpty(this.adminSubject, "CALL dbms.listSessions() YIELD username, sessionCount WITH username, sessionCount WHERE username = 'writeSubject' RETURN username, sessionCount");
        startBoltSession.disconnect();
    }

    @Test
    public void shouldSuspendUser() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.suspendUser('readSubject')");
        Assert.assertTrue(this.userManager.getUser("readSubject").hasFlag("is_suspended"));
    }

    @Test
    public void shouldSuspendSuspendedUser() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.suspendUser('readSubject')");
        assertEmpty(this.adminSubject, "CALL dbms.suspendUser('readSubject')");
        Assert.assertTrue(this.userManager.getUser("readSubject").hasFlag("is_suspended"));
    }

    @Test
    public void shouldFailToSuspendNonExistentUser() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.suspendUser('Craig')", "User 'Craig' does not exist");
    }

    @Test
    public void shouldFailToSuspendIfNotAdmin() throws Exception {
        assertFail(this.schemaSubject, "CALL dbms.suspendUser('readSubject')", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.suspendUser('Craig')", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.suspendUser('')", "Permission denied");
    }

    @Test
    public void shouldFailToSuspendYourself() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.suspendUser('adminSubject')", "Suspending yourself is not allowed");
    }

    @Test
    public void shouldTerminateTransactionsOnUserSuspension() throws Throwable {
        shouldTerminateTransactionsForUser(this.writeSubject, "dbms.suspendUser( '%s' )");
    }

    @Test
    public void shouldTerminateSessionsOnUserSuspension() throws Exception {
        Connection startBoltSession = startBoltSession("writeSubject", "abc");
        assertSuccess(this.adminSubject, "CALL dbms.listSessions() YIELD username, sessionCount WITH username, sessionCount WHERE username = 'writeSubject' RETURN username, sessionCount", resourceIterator -> {
            Object[] objArr = new Object[2];
            objArr[0] = "writeSubject";
            objArr[1] = this.IS_BOLT ? "2" : "1";
            assertKeyIsMap(resourceIterator, "username", "sessionCount", MapUtil.map(objArr));
        });
        assertEmpty(this.adminSubject, "CALL dbms.suspendUser( 'writeSubject' )");
        assertEmpty(this.adminSubject, "CALL dbms.listSessions() YIELD username, sessionCount WITH username, sessionCount WHERE username = 'writeSubject' RETURN username, sessionCount");
        startBoltSession.disconnect();
    }

    @Test
    public void shouldActivateUser() throws Exception {
        this.userManager.suspendUser("readSubject");
        assertEmpty(this.adminSubject, "CALL dbms.activateUser('readSubject')");
        Assert.assertFalse(this.userManager.getUser("readSubject").hasFlag("is_suspended"));
    }

    @Test
    public void shouldActivateActiveUser() throws Exception {
        this.userManager.suspendUser("readSubject");
        assertEmpty(this.adminSubject, "CALL dbms.activateUser('readSubject')");
        assertEmpty(this.adminSubject, "CALL dbms.activateUser('readSubject')");
        Assert.assertFalse(this.userManager.getUser("readSubject").hasFlag("is_suspended"));
    }

    @Test
    public void shouldFailToActivateNonExistentUser() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.activateUser('Craig')", "User 'Craig' does not exist");
    }

    @Test
    public void shouldFailToActivateIfNotAdmin() throws Exception {
        this.userManager.suspendUser("readSubject");
        assertFail(this.schemaSubject, "CALL dbms.activateUser('readSubject')", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.activateUser('Craig')", "Permission denied");
        assertFail(this.schemaSubject, "CALL dbms.activateUser('')", "Permission denied");
    }

    @Test
    public void shouldFailToActivateYourself() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.activateUser('adminSubject')", "Activating yourself is not allowed");
    }

    @Test
    public void shouldAddUserToRole() throws Exception {
        Assert.assertFalse("Should not have role publisher", userHasRole("readSubject", "publisher"));
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('readSubject', 'publisher')");
        Assert.assertTrue("Should have role publisher", userHasRole("readSubject", "publisher"));
    }

    @Test
    public void shouldAddRetainUserInRole() throws Exception {
        Assert.assertTrue("Should have role reader", userHasRole("readSubject", "reader"));
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('readSubject', 'reader')");
        Assert.assertTrue("Should have still have role reader", userHasRole("readSubject", "reader"));
    }

    @Test
    public void shouldFailToAddNonExistentUserToRole() throws Exception {
        testFailAddUserToRole(this.adminSubject, "Olivia", "publisher", "User 'Olivia' does not exist");
        testFailAddUserToRole(this.adminSubject, "Olivia", "thisRoleDoesNotExist", "User 'Olivia' does not exist");
        testFailAddUserToRole(this.adminSubject, "Olivia", "", "Role name contains illegal characters");
    }

    @Test
    public void shouldFailToAddUserToNonExistentRole() throws Exception {
        testFailAddUserToRole(this.adminSubject, "readSubject", "thisRoleDoesNotExist", "Role 'thisRoleDoesNotExist' does not exist");
        testFailAddUserToRole(this.adminSubject, "readSubject", "", "Role name contains illegal characters");
    }

    @Test
    public void shouldFailToAddUserToRoleIfNotAdmin() throws Exception {
        testFailAddUserToRole(this.pwdSubject, "readSubject", "publisher", this.CHANGE_PWD_ERR_MSG);
        testFailAddUserToRole(this.readSubject, "readSubject", "publisher", "Permission denied");
        testFailAddUserToRole(this.writeSubject, "readSubject", "publisher", "Permission denied");
        testFailAddUserToRole(this.schemaSubject, "readSubject", "publisher", "Permission denied");
        testFailAddUserToRole(this.schemaSubject, "Olivia", "publisher", "Permission denied");
        testFailAddUserToRole(this.schemaSubject, "Olivia", "thisRoleDoesNotExist", "Permission denied");
    }

    @Test
    public void shouldRemoveUserFromRole() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.removeUserFromRole('readSubject', 'reader')");
        Assert.assertFalse("Should not have role reader", userHasRole("readSubject", "reader"));
    }

    @Test
    public void shouldKeepUserOutOfRole() throws Exception {
        Assert.assertFalse("Should not have role publisher", userHasRole("readSubject", "publisher"));
        assertEmpty(this.adminSubject, "CALL dbms.removeUserFromRole('readSubject', 'publisher')");
        Assert.assertFalse("Should not have role publisher", userHasRole("readSubject", "publisher"));
    }

    @Test
    public void shouldFailToRemoveNonExistentUserFromRole() throws Exception {
        testFailRemoveUserFromRole(this.adminSubject, "Olivia", "publisher", "User 'Olivia' does not exist");
        testFailRemoveUserFromRole(this.adminSubject, "Olivia", "thisRoleDoesNotExist", "User 'Olivia' does not exist");
        testFailRemoveUserFromRole(this.adminSubject, "Olivia", "", "Role name contains illegal characters");
        testFailRemoveUserFromRole(this.adminSubject, "", "", "User name contains illegal characters");
    }

    @Test
    public void shouldFailToRemoveUserFromNonExistentRole() throws Exception {
        testFailRemoveUserFromRole(this.adminSubject, "readSubject", "thisRoleDoesNotExist", "Role 'thisRoleDoesNotExist' does not exist");
        testFailRemoveUserFromRole(this.adminSubject, "readSubject", "", "Role name contains illegal characters");
    }

    @Test
    public void shouldFailToRemoveUserFromRoleIfNotAdmin() throws Exception {
        testFailRemoveUserFromRole(this.pwdSubject, "readSubject", "publisher", this.CHANGE_PWD_ERR_MSG);
        testFailRemoveUserFromRole(this.readSubject, "readSubject", "publisher", "Permission denied");
        testFailRemoveUserFromRole(this.writeSubject, "readSubject", "publisher", "Permission denied");
        testFailRemoveUserFromRole(this.schemaSubject, "readSubject", "reader", "Permission denied");
        testFailRemoveUserFromRole(this.schemaSubject, "Olivia", "reader", "Permission denied");
        testFailRemoveUserFromRole(this.schemaSubject, "Olivia", "thisRoleDoesNotExist", "Permission denied");
    }

    @Test
    public void shouldFailToRemoveYourselfFromAdminRole() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.removeUserFromRole('adminSubject', 'admin')", "Removing yourself from the admin role is not allowed");
    }

    @Test
    public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception {
        Assert.assertFalse("Should not have role publisher", userHasRole("readSubject", "publisher"));
        Assert.assertFalse("Should not have role architect", userHasRole("readSubject", "architect"));
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('readSubject', 'publisher')");
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('readSubject', 'architect')");
        Assert.assertTrue("Should have role publisher", userHasRole("readSubject", "publisher"));
        Assert.assertTrue("Should have role architect", userHasRole("readSubject", "architect"));
        assertEmpty(this.adminSubject, "CALL dbms.removeUserFromRole('readSubject', 'publisher')");
        assertEmpty(this.adminSubject, "CALL dbms.removeUserFromRole('readSubject', 'architect')");
        Assert.assertFalse("Should not have role publisher", userHasRole("readSubject", "publisher"));
        Assert.assertFalse("Should not have role architect", userHasRole("readSubject", "architect"));
    }

    @Test
    public void shouldListUsers() throws Exception {
        assertSuccess(this.adminSubject, "CALL dbms.listUsers() YIELD username", resourceIterator -> {
            assertKeyIs(resourceIterator, "username", this.initialUsers);
        });
    }

    @Test
    public void shouldReturnUsersWithRoles() throws Exception {
        Map map = MapUtil.map(new Object[]{"adminSubject", listOf("admin"), "readSubject", listOf("reader"), "schemaSubject", listOf("architect"), "writeSubject", listOf("reader", "publisher"), "pwdSubject", listOf(new String[0]), "noneSubject", listOf(new String[0]), "neo4j", listOf("admin")});
        this.userManager.addUserToRole("writeSubject", "reader");
        assertSuccess(this.adminSubject, "CALL dbms.listUsers()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "roles", map);
        });
    }

    @Test
    public void shouldReturnUsersWithFlags() throws Exception {
        Map map = MapUtil.map(new Object[]{"adminSubject", listOf(new String[0]), "readSubject", listOf(new String[0]), "schemaSubject", listOf(new String[0]), "writeSubject", listOf("is_suspended"), "pwdSubject", listOf(PWD_CHANGE, "is_suspended"), "noneSubject", listOf(new String[0]), "neo4j", listOf(PWD_CHANGE.toLowerCase())});
        this.userManager.suspendUser("writeSubject");
        this.userManager.suspendUser("pwdSubject");
        assertSuccess(this.adminSubject, "CALL dbms.listUsers()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "flags", map);
        });
    }

    @Test
    public void shouldShowCurrentUser() throws Exception {
        this.userManager.addUserToRole("writeSubject", "reader");
        assertSuccess(this.adminSubject, "CALL dbms.showCurrentUser()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "roles", MapUtil.map(new Object[]{"adminSubject", listOf("admin")}));
        });
        assertSuccess(this.readSubject, "CALL dbms.showCurrentUser()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "roles", MapUtil.map(new Object[]{"readSubject", listOf("reader")}));
        });
        assertSuccess(this.schemaSubject, "CALL dbms.showCurrentUser()", resourceIterator3 -> {
            assertKeyIsMap(resourceIterator3, "username", "roles", MapUtil.map(new Object[]{"schemaSubject", listOf("architect")}));
        });
        assertSuccess(this.writeSubject, "CALL dbms.showCurrentUser()", resourceIterator4 -> {
            assertKeyIsMap(resourceIterator4, "username", "roles", MapUtil.map(new Object[]{"writeSubject", listOf("reader", "publisher")}));
        });
        assertSuccess(this.noneSubject, "CALL dbms.showCurrentUser()", resourceIterator5 -> {
            assertKeyIsMap(resourceIterator5, "username", "roles", MapUtil.map(new Object[]{"noneSubject", listOf(new String[0])}));
        });
    }

    @Test
    public void shouldNotAllowNonAdminListUsers() throws Exception {
        testFailListUsers(this.pwdSubject, 5, this.CHANGE_PWD_ERR_MSG);
        testFailListUsers(this.readSubject, 5, "Permission denied");
        testFailListUsers(this.writeSubject, 5, "Permission denied");
        testFailListUsers(this.schemaSubject, 5, "Permission denied");
    }

    @Test
    public void shouldListRoles() throws Exception {
        assertSuccess(this.adminSubject, "CALL dbms.listRoles() YIELD role", resourceIterator -> {
            assertKeyIs(resourceIterator, "role", this.initialRoles);
        });
    }

    @Test
    public void shouldReturnRolesWithUsers() throws Exception {
        Map map = MapUtil.map(new Object[]{"admin", listOf("adminSubject", "neo4j"), "reader", listOf("readSubject"), "architect", listOf("schemaSubject"), "publisher", listOf("writeSubject"), "empty", listOf(new String[0])});
        assertSuccess(this.adminSubject, "CALL dbms.listRoles()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "role", "users", map);
        });
    }

    @Test
    public void shouldNotAllowNonAdminListRoles() throws Exception {
        testFailListRoles(this.pwdSubject, this.CHANGE_PWD_ERR_MSG);
        testFailListRoles(this.readSubject, "Permission denied");
        testFailListRoles(this.writeSubject, "Permission denied");
        testFailListRoles(this.schemaSubject, "Permission denied");
    }

    @Test
    public void shouldListRolesForUser() throws Exception {
        assertSuccess(this.adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", resourceIterator -> {
            assertKeyIs(resourceIterator, "roles", "admin");
        });
        assertSuccess(this.adminSubject, "CALL dbms.listRolesForUser('readSubject') YIELD value as roles RETURN roles", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "roles", "reader");
        });
    }

    @Test
    public void shouldListNoRolesForUserWithNoRoles() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.listRolesForUser('Henrik') YIELD value as roles RETURN roles");
    }

    @Test
    public void shouldNotListRolesForNonExistentUser() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.listRolesForUser('Petra') YIELD value as roles RETURN roles", "User 'Petra' does not exist");
        assertFail(this.adminSubject, "CALL dbms.listRolesForUser('') YIELD value as roles RETURN roles", "User '' does not exist");
    }

    @Test
    public void shouldListOwnRolesRoles() throws Exception {
        assertSuccess(this.adminSubject, "CALL dbms.listRolesForUser('adminSubject') YIELD value as roles RETURN roles", resourceIterator -> {
            assertKeyIs(resourceIterator, "roles", "admin");
        });
        assertSuccess(this.readSubject, "CALL dbms.listRolesForUser('readSubject') YIELD value as roles RETURN roles", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "roles", "reader");
        });
    }

    @Test
    public void shouldNotAllowNonAdminListUserRoles() throws Exception {
        testFailListUserRoles(this.pwdSubject, "adminSubject", this.CHANGE_PWD_ERR_MSG);
        testFailListUserRoles(this.readSubject, "adminSubject", "Permission denied");
        testFailListUserRoles(this.writeSubject, "adminSubject", "Permission denied");
        testFailListUserRoles(this.schemaSubject, "adminSubject", "Permission denied");
    }

    @Test
    public void shouldListUsersForRole() throws Exception {
        assertSuccess(this.adminSubject, "CALL dbms.listUsersForRole('admin') YIELD value as users RETURN users", resourceIterator -> {
            assertKeyIs(resourceIterator, "users", "adminSubject", "neo4j");
        });
    }

    @Test
    public void shouldListNoUsersForRoleWithNoUsers() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.listUsersForRole('empty') YIELD value as users RETURN users");
    }

    @Test
    public void shouldNotListUsersForNonExistentRole() throws Exception {
        assertFail(this.adminSubject, "CALL dbms.listUsersForRole('poodle') YIELD value as users RETURN users", "Role 'poodle' does not exist");
        assertFail(this.adminSubject, "CALL dbms.listUsersForRole('') YIELD value as users RETURN users", "Role '' does not exist");
    }

    @Test
    public void shouldNotListUsersForRoleIfNotAdmin() throws Exception {
        testFailListRoleUsers(this.pwdSubject, "admin", this.CHANGE_PWD_ERR_MSG);
        testFailListRoleUsers(this.readSubject, "admin", "Permission denied");
        testFailListRoleUsers(this.writeSubject, "admin", "Permission denied");
        testFailListRoleUsers(this.schemaSubject, "admin", "Permission denied");
    }

    @Test
    public void shouldSetCorrectPasswordChangeRequiredPermissions() throws Throwable {
        testFailRead(this.pwdSubject, 3, pwdReqErrMsg(this.READ_OPS_NOT_ALLOWED));
        testFailWrite(this.pwdSubject, pwdReqErrMsg(this.WRITE_OPS_NOT_ALLOWED));
        testFailSchema(this.pwdSubject, pwdReqErrMsg(this.SCHEMA_OPS_NOT_ALLOWED));
        assertPasswordChangeWhenPasswordChangeRequired(this.pwdSubject, "321");
        assertEmpty(this.adminSubject, "CALL dbms.createUser('Henrik', 'bar', true)");
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('Henrik', 'architect')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertPasswordChangeRequired(login);
        testFailRead(login, 3, pwdReqErrMsg(this.READ_OPS_NOT_ALLOWED));
        testFailWrite(login, pwdReqErrMsg(this.WRITE_OPS_NOT_ALLOWED));
        testFailSchema(login, pwdReqErrMsg(this.SCHEMA_OPS_NOT_ALLOWED));
        assertPasswordChangeWhenPasswordChangeRequired(login, "321");
        assertEmpty(this.adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)");
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('Olivia', 'admin')");
        S login2 = this.neo.login("Olivia", "bar");
        this.neo.assertPasswordChangeRequired(login2);
        testFailRead(login2, 3, pwdReqErrMsg(this.READ_OPS_NOT_ALLOWED));
        testFailWrite(login2, pwdReqErrMsg(this.WRITE_OPS_NOT_ALLOWED));
        testFailSchema(login2, pwdReqErrMsg(this.SCHEMA_OPS_NOT_ALLOWED));
        assertFail(login2, "CALL dbms.createUser('OliviasFriend', 'bar', false)", this.CHANGE_PWD_ERR_MSG);
        assertPasswordChangeWhenPasswordChangeRequired(login2, "321");
    }

    @Test
    public void shouldSetCorrectNoRolePermissions() throws Exception {
        testFailRead(this.noneSubject, 3);
        testFailWrite(this.noneSubject);
        testFailSchema(this.noneSubject);
        testFailCreateUser(this.noneSubject, "Permission denied");
        assertEmpty(this.noneSubject, "CALL dbms.changePassword( '321' )");
    }

    @Test
    public void shouldSetCorrectReaderPermissions() throws Exception {
        testSuccessfulRead(this.readSubject, 3);
        testFailWrite(this.readSubject);
        testFailSchema(this.readSubject);
        testFailCreateUser(this.readSubject, "Permission denied");
        assertEmpty(this.readSubject, "CALL dbms.changePassword( '321' )");
    }

    @Test
    public void shouldSetCorrectPublisherPermissions() throws Exception {
        testSuccessfulRead(this.writeSubject, 3);
        testSuccessfulWrite(this.writeSubject);
        testFailSchema(this.writeSubject);
        testFailCreateUser(this.writeSubject, "Permission denied");
        assertEmpty(this.writeSubject, "CALL dbms.changePassword( '321' )");
    }

    @Test
    public void shouldSetCorrectSchemaPermissions() throws Exception {
        testSuccessfulRead(this.schemaSubject, 3);
        testSuccessfulWrite(this.schemaSubject);
        testSuccessfulSchema(this.schemaSubject);
        testFailCreateUser(this.schemaSubject, "Permission denied");
        assertEmpty(this.schemaSubject, "CALL dbms.changePassword( '321' )");
    }

    @Test
    public void shouldSetCorrectAdminPermissions() throws Exception {
        testSuccessfulRead(this.adminSubject, 3);
        testSuccessfulWrite(this.adminSubject);
        testSuccessfulSchema(this.adminSubject);
        assertEmpty(this.adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)");
        assertEmpty(this.adminSubject, "CALL dbms.changePassword( '321' )");
    }

    @Test
    public void shouldSetCorrectMultiRolePermissions() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.addUserToRole('schemaSubject', 'reader')");
        testSuccessfulRead(this.schemaSubject, 3);
        testSuccessfulWrite(this.schemaSubject);
        testSuccessfulSchema(this.schemaSubject);
        testFailCreateUser(this.schemaSubject, "Permission denied");
        assertEmpty(this.schemaSubject, "CALL dbms.changePassword( '321' )");
    }

    private void shouldTerminateTransactionsForUser(S s, String str) throws Throwable {
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, s);
        threadedTransactionCreate.barrier.await();
        assertEmpty(this.adminSubject, "CALL " + String.format(str, this.neo.nameOf(s)));
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
        threadedTransactionCreate.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    private Connection startBoltSession(String str, String str2) throws Exception {
        SocketConnection socketConnection = new SocketConnection();
        socketConnection.connect(new HostnamePort("localhost:7687")).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(new Message[]{Messages.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", str, "credentials", str2, "scheme", "basic"}))}));
        MatcherAssert.assertThat(socketConnection, TransportTestUtil.eventuallyRecieves(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(socketConnection, TransportTestUtil.eventuallyRecieves(new Matcher[]{MessageMatchers.msgSuccess()}));
        return socketConnection;
    }

    @Override // org.neo4j.server.security.enterprise.auth.AuthTestBase
    @After
    public /* bridge */ /* synthetic */ void tearDown() throws Throwable {
        super.tearDown();
    }

    @Override // org.neo4j.server.security.enterprise.auth.AuthTestBase
    @Before
    public /* bridge */ /* synthetic */ void setUp() throws Throwable {
        super.setUp();
    }
}
