package org.neo4j.server.security.enterprise.auth.integration.bolt;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Consumer;
import org.hamcrest.BaseMatcher;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Description;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.neo4j.bolt.v1.messaging.message.InitMessage;
import org.neo4j.bolt.v1.messaging.message.PullAllMessage;
import org.neo4j.bolt.v1.messaging.message.RequestMessage;
import org.neo4j.bolt.v1.messaging.message.ResetMessage;
import org.neo4j.bolt.v1.messaging.message.RunMessage;
import org.neo4j.bolt.v1.messaging.util.MessageMatchers;
import org.neo4j.bolt.v1.runtime.spi.ImmutableRecord;
import org.neo4j.bolt.v1.runtime.spi.Record;
import org.neo4j.bolt.v1.transport.integration.Neo4jWithSocket;
import org.neo4j.bolt.v1.transport.integration.TransportTestUtil;
import org.neo4j.bolt.v1.transport.socket.client.SecureSocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.SecureWebSocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.SocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.TransportConnection;
import org.neo4j.bolt.v1.transport.socket.client.WebSocketConnection;
import org.neo4j.function.Factory;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.test.TestEnterpriseGraphDatabaseFactory;
import org.neo4j.test.TestGraphDatabaseFactory;
import org.neo4j.test.rule.concurrent.ThreadingRule;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/integration/bolt/BoltConnectionManagementIT.class */
public class BoltConnectionManagementIT {

    @Rule
    public Neo4jWithSocket server = new Neo4jWithSocket(getTestGraphDatabaseFactory(), getSettingsFunction());

    @Rule
    public final ThreadingRule threading = new ThreadingRule();

    @Parameterized.Parameter(0)
    public Factory<TransportConnection> cf;

    @Parameterized.Parameter(1)
    public HostnamePort address;
    protected TransportConnection admin;
    protected TransportConnection user;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/integration/bolt/BoltConnectionManagementIT$CollectingMatcher.class */
    public static class CollectingMatcher extends BaseMatcher<Record> {
        Map<String, Long> resultMap = new HashMap();

        CollectingMatcher() {
        }

        public void describeTo(Description description) {
        }

        public boolean matches(Object obj) {
            if (!(obj instanceof ImmutableRecord)) {
                return false;
            }
            Object[] fields = ((ImmutableRecord) obj).fields();
            this.resultMap.put(fields[0].toString(), (Long) fields[1]);
            return true;
        }

        public Map<String, Long> result() {
            return this.resultMap;
        }
    }

    @Before
    public void setup() throws Exception {
        this.admin = (TransportConnection) this.cf.newInstance();
        this.user = (TransportConnection) this.cf.newInstance();
        authenticate(this.admin, "neo4j", "neo4j", "123");
        createNewUser(this.admin, "Igor", "123");
    }

    @After
    public void teardown() throws Exception {
        if (this.admin != null) {
            this.admin.disconnect();
        }
        if (this.user != null) {
            this.user.disconnect();
        }
    }

    protected TestGraphDatabaseFactory getTestGraphDatabaseFactory() {
        return new TestEnterpriseGraphDatabaseFactory();
    }

    protected Consumer<Map<Setting<?>, String>> getSettingsFunction() {
        return map -> {
            map.put(GraphDatabaseSettings.auth_enabled, "true");
            map.put(GraphDatabaseSettings.auth_manager, "enterprise-auth-manager");
        };
    }

    @Parameterized.Parameters
    public static Collection<Object[]> transports() {
        return Arrays.asList(new Object[]{SocketConnection::new, new HostnamePort("localhost:7687")}, new Object[]{WebSocketConnection::new, new HostnamePort("localhost:7687")}, new Object[]{SecureSocketConnection::new, new HostnamePort("localhost:7687")}, new Object[]{SecureWebSocketConnection::new, new HostnamePort("localhost:7687")});
    }

    @Test
    public void shouldListOwnConnection() throws Throwable {
        this.admin.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.listConnections() YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        Map<String, Long> collectConnectionResult = collectConnectionResult(this.admin, 1);
        Assert.assertTrue(collectConnectionResult.containsKey("neo4j"));
        Assert.assertTrue(collectConnectionResult.get("neo4j").longValue() == 1);
    }

    @Test
    public void shouldListAllConnections() throws Throwable {
        authenticate(this.user, "Igor", "123", null);
        this.admin.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.listConnections() YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        Map<String, Long> collectConnectionResult = collectConnectionResult(this.admin, 2);
        Assert.assertTrue(collectConnectionResult.containsKey("neo4j"));
        Assert.assertTrue(collectConnectionResult.get("neo4j").longValue() == 1);
        Assert.assertTrue(collectConnectionResult.containsKey("Igor"));
        Assert.assertTrue(collectConnectionResult.get("Igor").longValue() == 1);
    }

    @Test
    public void shouldNotListConnectionsIfNotAdmin() throws Throwable {
        authenticate(this.user, "Igor", "123", null);
        this.user.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.listConnections() YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.user, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.Forbidden, "Permission denied.")}));
    }

    @Test
    public void shouldTerminateConnectionForUser() throws Throwable {
        authenticate(this.user, "Igor", "123", null);
        this.admin.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.terminateConnectionsForUser( 'Igor' ) YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        Map<String, Long> collectConnectionResult = collectConnectionResult(this.admin, 1);
        Assert.assertTrue(collectConnectionResult.containsKey("Igor"));
        Assert.assertTrue(collectConnectionResult.get("Igor").longValue() == 1);
        this.admin.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.listConnections() YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        Map<String, Long> collectConnectionResult2 = collectConnectionResult(this.admin, 1);
        Assert.assertTrue(collectConnectionResult2.containsKey("neo4j"));
        Assert.assertTrue(collectConnectionResult2.get("neo4j").longValue() == 1);
        verifyConnectionHasTerminated(this.user);
    }

    @Test
    public void shouldNotFailWhenTerminatingConnectionsForUserWithNoConnections() throws Throwable {
        this.admin.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.terminateConnectionsForUser( 'Igor' ) YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        Map<String, Long> collectConnectionResult = collectConnectionResult(this.admin, 1);
        Assert.assertTrue(collectConnectionResult.containsKey("Igor"));
        Assert.assertTrue(collectConnectionResult.get("Igor").longValue() == 0);
    }

    @Test
    public void shouldFailWhenTerminatingConnectionsForNonExistentUser() throws Throwable {
        this.admin.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.terminateConnectionsForUser( 'NonExistentUser' ) YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.admin, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.InvalidArguments, "User 'NonExistentUser' does not exist.")}));
    }

    @Test
    public void shouldFailWhenTerminatingConnectionsByNonAdmin() throws Throwable {
        authenticate(this.user, "Igor", "123", null);
        assertFailTerminateConnectionForUser(this.user, "neo4j");
        assertFailTerminateConnectionForUser(this.user, "NonExistentUser");
        assertFailTerminateConnectionForUser(this.user, "");
    }

    @Test
    public void shouldTerminateOwnConnectionIfAdmin() throws Throwable {
        assertTerminateOwnConnection(this.admin, "neo4j");
    }

    @Test
    public void shouldTerminateOwnConnectionsIfAdmin() throws Throwable {
        authenticate(this.user, "neo4j", "123", null);
        assertTerminateOwnConnections(this.admin, this.user, "neo4j");
    }

    @Test
    public void shouldTerminateOwnConnectionIfNonAdmin() throws Throwable {
        authenticate(this.user, "Igor", "123", null);
        assertTerminateOwnConnection(this.user, "Igor");
    }

    @Test
    public void shouldTerminateOwnConnectionsIfNonAdmin() throws Throwable {
        TransportConnection transportConnection = (TransportConnection) this.cf.newInstance();
        authenticate(this.user, "Igor", "123", null);
        authenticate(transportConnection, "Igor", "123", null);
        assertTerminateOwnConnections(this.user, transportConnection, "Igor");
    }

    private static void verifyConnectionHasTerminated(TransportConnection transportConnection) throws Exception {
        try {
            transportConnection.recv(1);
            Assert.fail("Connection should have terminated");
        } catch (IOException e) {
        }
    }

    private static void assertTerminateOwnConnection(TransportConnection transportConnection, String str) throws Exception {
        transportConnection.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.terminateConnectionsForUser( '" + str + "' ) YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        verifyConnectionHasTerminated(transportConnection);
    }

    private static void assertTerminateOwnConnections(TransportConnection transportConnection, TransportConnection transportConnection2, String str) throws Exception {
        transportConnection.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.terminateConnectionsForUser( '" + str + "' ) YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        verifyConnectionHasTerminated(transportConnection);
        verifyConnectionHasTerminated(transportConnection2);
    }

    private static void assertFailTerminateConnectionForUser(TransportConnection transportConnection, String str) throws Exception {
        transportConnection.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.terminateConnectionsForUser( '" + str + "' ) YIELD username, connectionCount"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.Forbidden, "Permission denied."), MessageMatchers.msgIgnored()}));
        transportConnection.send(TransportTestUtil.chunk(new RequestMessage[]{ResetMessage.reset()}));
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess()}));
    }

    private void authenticate(TransportConnection transportConnection, String str, String str2, String str3) throws Exception {
        Map map = MapUtil.map(new Object[]{"principal", str, "credentials", str2, "scheme", "basic"});
        if (str3 != null) {
            map.put("new_credentials", str3);
        }
        transportConnection.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(new RequestMessage[]{InitMessage.init("TestClient/1.1", map)}));
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess()}));
    }

    private static void createNewUser(TransportConnection transportConnection, String str, String str2) throws Exception {
        transportConnection.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.createUser( '" + str + "', '" + str2 + "', false )"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    private static Map<String, Long> collectConnectionResult(TransportConnection transportConnection, int i) {
        CollectingMatcher collectingMatcher = new CollectingMatcher();
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(CoreMatchers.allOf(Matchers.hasEntry(CoreMatchers.is("fields"), CoreMatchers.equalTo(Arrays.asList("username", "connectionCount"))), Matchers.hasKey("result_available_after")))}));
        for (int i2 = 0; i2 < i; i2++) {
            MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgRecord(collectingMatcher)}));
        }
        MatcherAssert.assertThat(transportConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess()}));
        return collectingMatcher.result();
    }
}
