package org.neo4j.server.security.enterprise.auth;

import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.neo4j.graphdb.Transaction;
import org.neo4j.graphdb.security.AuthorizationViolationException;
import org.neo4j.kernel.impl.core.ThreadToStatementContextBridge;
import org.neo4j.test.rule.concurrent.ThreadingRule;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/AuthScenariosLogic.class */
public abstract class AuthScenariosLogic<S> extends AuthTestBase<S> {

    @Rule
    public final ThreadingRule threading = new ThreadingRule();

    @Test
    public void readOperationsShouldNotBeAllowedWhenPasswordChangeRequired() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', true)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertPasswordChangeRequired(login);
        testFailRead(login, 3, pwdReqErrMsg(this.READ_OPS_NOT_ALLOWED));
    }

    @Test
    public void passwordChangeShouldEnableRolePermissions() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', true)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertPasswordChangeRequired(login);
        assertPasswordChangeWhenPasswordChangeRequired(login, "foo");
        S login2 = this.neo.login("Henrik", "foo");
        this.neo.assertAuthenticated(login2);
        testFailWrite(login2);
        testSuccessfulRead(login2, 3);
    }

    @Test
    public void loginShouldFailWithIncorrectPassword() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', true)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        this.neo.assertInitFailed(this.neo.login("Henrik", "foo"));
    }

    @Test
    public void userCreation2() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', true)");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertPasswordChangeRequired(login);
        assertPasswordChangeWhenPasswordChangeRequired(login, "foo");
        S login2 = this.neo.login("Henrik", "foo");
        this.neo.assertAuthenticated(login2);
        testFailRead(login2, 3);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        testFailWrite(login2);
        testSuccessfulRead(login2, 3);
    }

    @Test
    public void userCreation3() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailRead(login, 3);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        testSuccessfulWrite(login);
        testSuccessfulRead(login, 4);
        testFailSchema(login);
    }

    @Test
    public void userCreation4() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailRead(login, 3);
        testFailWrite(login);
        testFailSchema(login);
        testFailCreateUser(login, "Permission denied.");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('architect', 'Henrik')");
        testSuccessfulWrite(login);
        testSuccessfulRead(login, 4);
        testSuccessfulSchema(login);
        testFailCreateUser(login, "Permission denied.");
    }

    @Test
    public void userCreation5() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        testFailCreateUser(this.neo.login("Henrik", "bar"), "Permission denied.");
    }

    @Test
    public void userDeletion1() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.deleteUser('Henrik')");
        this.neo.assertInitFailed(this.neo.login("Henrik", "bar"));
    }

    @Test
    public void userDeletion2() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.deleteUser('Henrik')");
        assertFail(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')", "User 'Henrik' does not exist");
    }

    @Test
    public void userDeletion3() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        assertEmpty(this.adminSubject, "CALL dbms.security.deleteUser('Henrik')");
        assertFail(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')", "User 'Henrik' does not exist");
    }

    @Test
    public void userDeletion4() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.deleteUser('Henrik')");
        testSessionKilled(login);
        this.neo.assertInitFailed(this.neo.login("Henrik", "bar"));
    }

    @Test
    public void roleManagement1() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testSuccessfulWrite(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')");
        testFailRead(login, 4);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        testFailWrite(login);
        testSuccessfulRead(login, 4);
    }

    @Test
    public void roleManagement2() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailWrite(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        testSuccessfulWrite(login);
    }

    @Test
    public void roleManagement3() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        testSuccessfulWrite(login);
        testSuccessfulRead(login, 4);
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')");
        testFailWrite(login);
        testSuccessfulRead(login, 4);
    }

    @Test
    public void roleManagement4() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        testSuccessfulWrite(login);
        testSuccessfulRead(login, 4);
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('reader', 'Henrik')");
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')");
        testFailWrite(login);
        testFailRead(login, 4);
    }

    @Test
    public void roleManagement5() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo);
        threadedTransactionCreate.execute(this.threading, login);
        threadedTransactionCreate.barrier.await();
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')");
        threadedTransactionCreate.closeAndAssertException(AuthorizationViolationException.class, "Write operations are not allowed for 'Henrik'.");
        testFailWrite(login);
    }

    @Test
    public void roleManagement6() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        long currentTimeMillis = System.currentTimeMillis();
        ThreadedTransactionPeriodicCommit threadedTransactionPeriodicCommit = new ThreadedTransactionPeriodicCommit(this.neo);
        threadedTransactionPeriodicCommit.execute(this.threading, login, 10);
        threadedTransactionPeriodicCommit.barrier.await();
        long j = 3;
        while (j <= 3) {
            if (System.currentTimeMillis() - currentTimeMillis > 2000) {
                Assert.fail("No nodes added from LOAD CSV within 2 seconds");
            }
            Thread.sleep(10L);
            j = pollNumNodes();
        }
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')");
        threadedTransactionPeriodicCommit.closeAndAssertError("Write operations are not allowed for 'Henrik'.");
        testFailWrite(login);
        assertSuccess(login, "MATCH (n) RETURN n.name as name", resourceIterator -> {
            long size = getObjectsAsList(resourceIterator, "name").size();
            MatcherAssert.assertThat(Long.valueOf(size), Matchers.greaterThan(3L));
            MatcherAssert.assertThat(Long.valueOf(size), Matchers.lessThan(13L));
        });
    }

    private long pollNumNodes() {
        long j = 0;
        try {
            Transaction beginTx = this.neo.getGraph().beginTx();
            Throwable th = null;
            try {
                j = ((ThreadToStatementContextBridge) this.neo.getGraph().getDependencyResolver().resolveDependency(ThreadToStatementContextBridge.class)).get().readOperations().countsForNode(-1);
                beginTx.success();
                if (beginTx != null) {
                    if (0 != 0) {
                        try {
                            beginTx.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        beginTx.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
        }
        return j;
    }

    @Test
    public void customRoleWithProcedureAccess() throws Exception {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('mats', 'neo4j', false)");
        S login = this.neo.login("mats", "neo4j");
        testFailTestProcs(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.createRole('role1')");
        testFailTestProcs(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('role1', 'mats')");
        testSuccessfulTestProcs(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.deleteRole('role1')");
        testFailTestProcs(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.createRole('role1')");
        testFailTestProcs(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('architect', 'mats')");
        testSuccessfulTestProcs(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('role1', 'mats')");
        testSuccessfulTestProcs(login);
    }

    @Test
    public void userSuspension1() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        this.neo.logout(login);
        assertEmpty(this.adminSubject, "CALL dbms.security.suspendUser('Henrik')");
        this.neo.assertInitFailed(this.neo.login("Henrik", "bar"));
    }

    @Test
    public void userSuspension2() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testSuccessfulRead(login, 3);
        assertEmpty(this.adminSubject, "CALL dbms.security.suspendUser('Henrik')");
        testSessionKilled(login);
        this.neo.assertInitFailed(this.neo.login("Henrik", "bar"));
    }

    @Test
    public void userActivation1() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.suspendUser('Henrik')");
        this.neo.assertInitFailed(this.neo.login("Henrik", "bar"));
        assertEmpty(this.adminSubject, "CALL dbms.security.activateUser('Henrik', false)");
        this.neo.assertAuthenticated(this.neo.login("Henrik", "bar"));
    }

    @Test
    public void userListing() throws Throwable {
        testSuccessfulListUsers(this.adminSubject, this.initialUsers);
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        testSuccessfulListUsers(this.adminSubject, with(this.initialUsers, "Henrik"));
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailListUsers(login, 6, "Permission denied.");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('admin', 'Henrik')");
        testSuccessfulListUsers(login, with(this.initialUsers, "Henrik"));
    }

    @Test
    public void rolesListing() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailListRoles(login, "Permission denied.");
        testSuccessfulListRoles(this.adminSubject, this.initialRoles);
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('admin', 'Henrik')");
        testSuccessfulListRoles(login, this.initialRoles);
    }

    @Test
    public void listingUserRoles() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Craig', 'foo', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Craig')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailListUserRoles(login, "Craig", "Permission denied.");
        assertSuccess(this.adminSubject, "CALL dbms.security.listRolesForUser('Craig') YIELD value as roles RETURN roles", resourceIterator -> {
            assertKeyIs(resourceIterator, "roles", "publisher");
        });
        assertSuccess(this.neo.login("Craig", "foo"), "CALL dbms.security.listRolesForUser('Craig') YIELD value as roles RETURN roles", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "roles", "publisher");
        });
    }

    @Test
    public void listingRoleUsers() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Craig', 'foo', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Craig')");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        testFailListRoleUsers(login, "publisher", "Permission denied.");
        assertSuccess(this.adminSubject, "CALL dbms.security.listUsersForRole('publisher') YIELD value as users RETURN users", resourceIterator -> {
            assertKeyIs(resourceIterator, "users", "Henrik", "Craig", "writeSubject");
        });
    }

    @Test
    public void callProcedures1() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'bar', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('publisher', 'Henrik')");
        S login = this.neo.login("Henrik", "bar");
        this.neo.assertAuthenticated(login);
        assertEmpty(login, "CALL test.createNode()");
        assertSuccess(login, "CALL test.numNodes() YIELD count as count RETURN count", resourceIterator -> {
            assertKeyIs(resourceIterator, "count", "4");
        });
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        assertEmpty(login, "CALL test.createNode()");
        assertSuccess(login, "CALL test.numNodes() YIELD count as count RETURN count", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "count", "5");
        });
        assertEmpty(this.adminSubject, "CALL dbms.security.removeRoleFromUser('publisher', 'Henrik')");
        assertFail(login, "CALL test.createNode()", "Write operations are not allowed for 'Henrik'.");
    }

    @Test
    public void changeUserPassword1() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'abc', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        S login = this.neo.login("Henrik", "abc");
        this.neo.assertAuthenticated(login);
        testSuccessfulRead(login, 3);
        assertEmpty(login, "CALL dbms.security.changeUserPassword('Henrik', '123', false)");
        this.neo.updateAuthToken(login, "Henrik", "123");
        testSuccessfulRead(login, 3);
        this.neo.logout(login);
        this.neo.assertInitFailed(this.neo.login("Henrik", "abc"));
        S login2 = this.neo.login("Henrik", "123");
        this.neo.assertAuthenticated(login2);
        testSuccessfulRead(login2, 3);
    }

    @Test
    public void changeUserPassword2() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'abc', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        S login = this.neo.login("Henrik", "abc");
        this.neo.assertAuthenticated(login);
        testSuccessfulRead(login, 3);
        assertEmpty(this.adminSubject, "CALL dbms.security.changeUserPassword('Henrik', '123', false)");
        this.neo.logout(login);
        this.neo.assertInitFailed(this.neo.login("Henrik", "abc"));
        S login2 = this.neo.login("Henrik", "123");
        this.neo.assertAuthenticated(login2);
        testSuccessfulRead(login2, 3);
    }

    @Test
    public void changeUserPassword3() throws Throwable {
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Craig', 'abc', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.createUser('Henrik', 'abc', false)");
        assertEmpty(this.adminSubject, "CALL dbms.security.addRoleToUser('reader', 'Henrik')");
        S login = this.neo.login("Henrik", "abc");
        this.neo.assertAuthenticated(login);
        testSuccessfulRead(login, 3);
        assertFail(login, "CALL dbms.security.changeUserPassword('Craig', '123')", "Permission denied.");
    }

    @Override // org.neo4j.server.security.enterprise.auth.AuthTestBase
    @After
    public /* bridge */ /* synthetic */ void tearDown() throws Throwable {
        super.tearDown();
    }

    @Override // org.neo4j.server.security.enterprise.auth.AuthTestBase
    @Before
    public /* bridge */ /* synthetic */ void setUp() throws Throwable {
        super.setUp();
    }
}
