package org.neo4j.server.security.enterprise.auth;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.neo4j.bolt.v1.messaging.message.InitMessage;
import org.neo4j.bolt.v1.messaging.message.RequestMessage;
import org.neo4j.bolt.v1.messaging.util.MessageMatchers;
import org.neo4j.bolt.v1.transport.integration.Neo4jWithSocket;
import org.neo4j.bolt.v1.transport.integration.TransportTestUtil;
import org.neo4j.bolt.v1.transport.socket.client.SocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.TransportConnection;
import org.neo4j.graphdb.GraphDatabaseService;
import org.neo4j.graphdb.ResourceIterator;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
import org.neo4j.kernel.impl.proc.Procedures;
import org.neo4j.logging.Log;
import org.neo4j.procedure.Context;
import org.neo4j.procedure.Procedure;
import org.neo4j.server.security.enterprise.auth.AuthProcedures;
import org.neo4j.test.DoubleLatch;
import org.neo4j.test.rule.concurrent.ThreadingRule;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase.class */
public abstract class ProcedureInteractionTestBase<S> {
    S adminSubject;
    S schemaSubject;
    S writeSubject;
    S readSubject;
    S pwdSubject;
    S noneSubject;
    EnterpriseUserManager userManager;
    protected NeoInteractionLevel<S> neo;
    protected boolean PWD_CHANGE_CHECK_FIRST = false;
    protected String CHANGE_PWD_ERR_MSG = "Permission denied.";
    private String BOLT_PWD_ERR_MSG = "The credentials you provided were valid, but must be changed before you can use this instance.";
    String READ_OPS_NOT_ALLOWED = "Read operations are not allowed";
    String WRITE_OPS_NOT_ALLOWED = "Write operations are not allowed";
    String SCHEMA_OPS_NOT_ALLOWED = "Schema operations are not allowed";
    protected boolean IS_EMBEDDED = true;
    boolean IS_BOLT = false;
    private final String EMPTY_ROLE = "empty";
    String[] initialUsers = {"adminSubject", "readSubject", "schemaSubject", "writeSubject", "pwdSubject", "noneSubject", "neo4j"};
    String[] initialRoles = {"admin", "architect", "publisher", "reader", "empty"};

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase$ClassWithProcedures.class */
    public static class ClassWithProcedures {

        @Context
        public GraphDatabaseService db;

        @Context
        public Log log;
        private static final AtomicReference<LatchedRunnables> testLatch = new AtomicReference<>();

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase$ClassWithProcedures$LatchedRunnables.class */
        public static class LatchedRunnables implements AutoCloseable {
            DoubleLatch doubleLatch;
            Runnable runBefore;
            Runnable runAfter;

            /* JADX INFO: Access modifiers changed from: package-private */
            public LatchedRunnables(DoubleLatch doubleLatch, Runnable runnable, Runnable runnable2) {
                this.doubleLatch = doubleLatch;
                this.runBefore = runnable;
                this.runAfter = runnable2;
            }

            @Override // java.lang.AutoCloseable
            public void close() throws Exception {
                ClassWithProcedures.testLatch.set(null);
            }
        }

        @Procedure(name = "test.numNodes")
        public Stream<CountResult> numNodes() {
            return Stream.of(new CountResult(Long.valueOf(this.db.getAllNodes().stream().count())));
        }

        @Procedure(name = "test.allowedProcedure1", allowed = {"role1"}, mode = Procedure.Mode.READ)
        public Stream<AuthProcedures.StringResult> allowedProcedure1() {
            this.db.execute("MATCH (:Foo) RETURN 'foo' AS foo");
            return Stream.of(new AuthProcedures.StringResult("foo"));
        }

        @Procedure(name = "test.allowedProcedure2", allowed = {"otherRole", "role1"}, mode = Procedure.Mode.WRITE)
        public Stream<AuthProcedures.StringResult> allowedProcedure2() {
            this.db.execute("CREATE (:VeryUniqueLabel {prop: 'a'})");
            return this.db.execute("MATCH (n:VeryUniqueLabel) RETURN n.prop AS a LIMIT 1").stream().map(map -> {
                return new AuthProcedures.StringResult((String) map.get("a"));
            });
        }

        @Procedure(name = "test.allowedProcedure3", allowed = {"role1"}, mode = Procedure.Mode.SCHEMA)
        public Stream<AuthProcedures.StringResult> allowedProcedure3() {
            this.db.execute("CREATE INDEX ON :VeryUniqueLabel(prop)");
            return Stream.of(new AuthProcedures.StringResult("OK"));
        }

        @Procedure(name = "test.createNode", mode = Procedure.Mode.WRITE)
        public void createNode() {
            this.db.createNode();
        }

        @Procedure(name = "test.waitForLatch", mode = Procedure.Mode.READ)
        public void waitForLatch() {
            try {
                testLatch.get().runBefore.run();
                testLatch.get().doubleLatch.startAndWaitForAllToStart();
                try {
                    testLatch.get().runAfter.run();
                    testLatch.get().doubleLatch.finishAndWaitForAllToFinish();
                } catch (Throwable th) {
                    testLatch.get().doubleLatch.finishAndWaitForAllToFinish();
                    throw th;
                }
            } catch (Throwable th2) {
                testLatch.get().doubleLatch.startAndWaitForAllToStart();
                throw th2;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static void setTestLatch(LatchedRunnables latchedRunnables) {
            testLatch.set(latchedRunnables);
        }
    }

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase$CountResult.class */
    public static class CountResult {
        public final String count;

        CountResult(Long l) {
            this.count = "" + l;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String pwdReqErrMsg(String str) {
        return this.PWD_CHANGE_CHECK_FIRST ? this.CHANGE_PWD_ERR_MSG : this.IS_EMBEDDED ? str : this.BOLT_PWD_ERR_MSG;
    }

    protected abstract ThreadingRule threading();

    @Before
    public void setUp() throws Throwable {
        Neo4jWithSocket.cleanupTemporaryTestFiles();
        this.neo = setUpNeoServer();
        ((Procedures) this.neo.getLocalGraph().getDependencyResolver().resolveDependency(Procedures.class)).register(ClassWithProcedures.class);
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("noneSubject", "abc", false);
        this.userManager.newUser("pwdSubject", "abc", true);
        this.userManager.newUser("adminSubject", "abc", false);
        this.userManager.newUser("schemaSubject", "abc", false);
        this.userManager.newUser("writeSubject", "abc", false);
        this.userManager.newUser("readSubject", "123", false);
        this.userManager.addRoleToUser("admin", "adminSubject");
        this.userManager.addRoleToUser("architect", "schemaSubject");
        this.userManager.addRoleToUser("publisher", "writeSubject");
        this.userManager.addRoleToUser("reader", "readSubject");
        this.userManager.newRole("empty", new String[0]);
        this.noneSubject = this.neo.login("noneSubject", "abc");
        this.pwdSubject = this.neo.login("pwdSubject", "abc");
        this.readSubject = this.neo.login("readSubject", "123");
        this.writeSubject = this.neo.login("writeSubject", "abc");
        this.schemaSubject = this.neo.login("schemaSubject", "abc");
        this.adminSubject = this.neo.login("adminSubject", "abc");
        executeQuery(this.writeSubject, "UNWIND range(0,2) AS number CREATE (:Node {number:number, name:'node'+number})");
    }

    protected abstract NeoInteractionLevel<S> setUpNeoServer() throws Throwable;

    @After
    public void tearDown() throws Throwable {
        this.neo.tearDown();
        Neo4jWithSocket.cleanupTemporaryTestFiles();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] with(String[] strArr, String... strArr2) {
        return (String[]) Stream.concat(Arrays.stream(strArr), Arrays.stream(strArr2)).toArray(i -> {
            return new String[i];
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> listOf(String... strArr) {
        return (List) Stream.of((Object[]) strArr).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSuccessfulRead(S s, int i) {
        assertSuccess(s, "MATCH (n) RETURN count(n) as count", resourceIterator -> {
            List list = (List) resourceIterator.stream().map(map -> {
                return map.get("count");
            }).collect(Collectors.toList());
            MatcherAssert.assertThat(Integer.valueOf(list.size()), Matchers.equalTo(1));
            MatcherAssert.assertThat(String.valueOf(list.get(0)), Matchers.equalTo(String.valueOf(i)));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailRead(S s, int i) {
        testFailRead(s, i, this.READ_OPS_NOT_ALLOWED);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailRead(S s, int i, String str) {
        assertFail(s, "MATCH (n) RETURN count(n)", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSuccessfulWrite(S s) {
        assertEmpty(s, "CREATE (:Node)");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailWrite(S s) {
        testFailWrite(s, this.WRITE_OPS_NOT_ALLOWED);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailWrite(S s, String str) {
        assertFail(s, "CREATE (:Node)", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSuccessfulSchema(S s) {
        assertEmpty(s, "CREATE INDEX ON :Node(number)");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailSchema(S s) {
        testFailSchema(s, this.SCHEMA_OPS_NOT_ALLOWED);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailSchema(S s, String str) {
        assertFail(s, "CREATE INDEX ON :Node(number)", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailCreateUser(S s, String str) {
        assertFail(s, "CALL dbms.security.createUser('Craig', 'foo', false)", str);
        assertFail(s, "CALL dbms.security.createUser('Craig', '', false)", str);
        assertFail(s, "CALL dbms.security.createUser('', 'foo', false)", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailCreateRole(S s, String str) {
        assertFail(s, "CALL dbms.security.createRole('RealAdmins')", str);
        assertFail(s, "CALL dbms.security.createRole('RealAdmins')", str);
        assertFail(s, "CALL dbms.security.createRole('RealAdmins')", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailAddRoleToUser(S s, String str, String str2, String str3) {
        assertFail(s, "CALL dbms.security.addRoleToUser('" + str + "', '" + str2 + "')", str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailRemoveRoleFromUser(S s, String str, String str2, String str3) {
        assertFail(s, "CALL dbms.security.removeRoleFromUser('" + str + "', '" + str2 + "')", str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailDeleteUser(S s, String str, String str2) {
        assertFail(s, "CALL dbms.security.deleteUser('" + str + "')", str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailDeleteRole(S s, String str, String str2) {
        assertFail(s, "CALL dbms.security.deleteRole('" + str + "')", str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSuccessfulListUsers(S s, String[] strArr) {
        assertSuccess(s, "CALL dbms.security.listUsers() YIELD username", resourceIterator -> {
            assertKeyIsArray(resourceIterator, "username", strArr);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailListUsers(S s, int i, String str) {
        assertFail(s, "CALL dbms.security.listUsers() YIELD username", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSuccessfulListRoles(S s, String[] strArr) {
        assertSuccess(s, "CALL dbms.security.listRoles() YIELD role", resourceIterator -> {
            assertKeyIsArray(resourceIterator, "role", strArr);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailListRoles(S s, String str) {
        assertFail(s, "CALL dbms.security.listRoles() YIELD role", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailListUserRoles(S s, String str, String str2) {
        assertFail(s, "CALL dbms.security.listRolesForUser('" + str + "') YIELD value AS roles RETURN count(roles)", str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailListRoleUsers(S s, String str, String str2) {
        assertFail(s, "CALL dbms.security.listUsersForRole('" + str + "') YIELD value AS users RETURN count(users)", str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testFailTestProcs(S s) {
        assertFail(s, "CALL test.allowedProcedure1()", this.READ_OPS_NOT_ALLOWED);
        assertFail(s, "CALL test.allowedProcedure2()", this.WRITE_OPS_NOT_ALLOWED);
        assertFail(s, "CALL test.allowedProcedure3()", this.SCHEMA_OPS_NOT_ALLOWED);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSuccessfulTestProcs(S s) {
        assertSuccess(s, "CALL test.allowedProcedure1()", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
        assertSuccess(s, "CALL test.allowedProcedure2()", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "value", "a");
        });
        assertSuccess(s, "CALL test.allowedProcedure3()", resourceIterator3 -> {
            assertKeyIs(resourceIterator3, "value", "OK");
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testSessionKilled(S s) {
        if (this.IS_BOLT) {
            assertFail(s, "MATCH (n:Node) RETURN count(n)", "Failed to read 2 bytes, missing 2 bytes. Buffer: 00 00", "Software caused connection abort: recv failed");
        } else if (this.IS_EMBEDDED) {
            assertFail(s, "MATCH (n:Node) RETURN count(n)", "Read operations are not allowed");
        } else {
            assertFail(s, "MATCH (n:Node) RETURN count(n)", "Invalid username or password");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertPasswordChangeWhenPasswordChangeRequired(S s, String str) {
        S s2;
        StringBuilder sb = new StringBuilder(128);
        if (this.IS_EMBEDDED) {
            s2 = s;
            sb.append("CALL dbms.security.changePassword('");
            sb.append(str);
            sb.append("')");
        } else {
            s2 = this.adminSubject;
            sb.append("CALL dbms.security.changeUserPassword('");
            sb.append(this.neo.nameOf(s));
            sb.append("', '");
            sb.append(str);
            sb.append("', false)");
        }
        assertEmpty(s2, sb.toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertFail(S s, String str, String str2) {
        String assertCallEmpty = assertCallEmpty(s, str);
        MatcherAssert.assertThat(assertCallEmpty, Matchers.not(Matchers.equalTo("")));
        MatcherAssert.assertThat(assertCallEmpty, CoreMatchers.containsString(str2));
    }

    private void assertFail(S s, String str, String str2, String str3) {
        String assertCallEmpty = assertCallEmpty(s, str);
        MatcherAssert.assertThat(assertCallEmpty, Matchers.not(Matchers.equalTo("")));
        MatcherAssert.assertThat(assertCallEmpty, CoreMatchers.either(CoreMatchers.containsString(str2)).or(CoreMatchers.containsString(str3)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertEmpty(S s, String str) {
        MatcherAssert.assertThat(assertCallEmpty(s, str), Matchers.equalTo(""));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertSuccess(S s, String str, Consumer<ResourceIterator<Map<String, Object>>> consumer) {
        MatcherAssert.assertThat(this.neo.executeQuery(s, str, null, consumer), Matchers.equalTo(""));
    }

    private String assertCallEmpty(S s, String str) {
        return this.neo.executeQuery(s, str, null, resourceIterator -> {
            Assert.assertFalse("Expected no results", resourceIterator.hasNext());
        });
    }

    private void executeQuery(S s, String str) {
        this.neo.executeQuery(s, str, null, resourceIterator -> {
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean userHasRole(String str, String str2) throws InvalidArgumentsException {
        return this.userManager.getRoleNamesForUser(str).contains(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Object> getObjectsAsList(ResourceIterator<Map<String, Object>> resourceIterator, String str) {
        return (List) resourceIterator.stream().map(map -> {
            return map.get(str);
        }).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertKeyIs(ResourceIterator<Map<String, Object>> resourceIterator, String str, String... strArr) {
        assertKeyIsArray(resourceIterator, str, strArr);
    }

    private void assertKeyIsArray(ResourceIterator<Map<String, Object>> resourceIterator, String str, String[] strArr) {
        List<Object> objectsAsList = getObjectsAsList(resourceIterator, str);
        Assert.assertEquals(Arrays.asList(strArr).size(), objectsAsList.size());
        Assert.assertThat(objectsAsList, Matchers.containsInAnyOrder(strArr));
    }

    public static void assertKeyIsMap(ResourceIterator<Map<String, Object>> resourceIterator, String str, String str2, Map<String, Object> map) {
        List<Map> list = (List) resourceIterator.stream().collect(Collectors.toList());
        Assert.assertEquals("Results for should have size " + map.size() + " but was " + list.size(), map.size(), list.size());
        for (Map map2 : list) {
            String str3 = (String) map2.get(str);
            MatcherAssert.assertThat(map, Matchers.hasKey(str3));
            MatcherAssert.assertThat(map2, Matchers.hasKey(str2));
            Object obj = map2.get(str2);
            if (obj instanceof List) {
                List list2 = (List) obj;
                List list3 = (List) map.get(str3);
                Assert.assertEquals("sizes", list2.size(), list3.size());
                MatcherAssert.assertThat(list2, Matchers.containsInAnyOrder(list3.toArray()));
            } else {
                MatcherAssert.assertThat(obj.toString(), Matchers.equalTo(map.get(str3).toString()));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void shouldTerminateTransactionsForUser(S s, String str) throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ThreadedTransactionCreate threadedTransactionCreate = new ThreadedTransactionCreate(this.neo, doubleLatch);
        threadedTransactionCreate.execute(threading(), s);
        doubleLatch.startAndWaitForAllToStart();
        assertEmpty(this.adminSubject, "CALL " + String.format(str, this.neo.nameOf(s)));
        assertSuccess(this.adminSubject, "CALL dbms.security.listTransactions()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransactionCreate.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TransportConnection startBoltSession(String str, String str2) throws Exception {
        SocketConnection socketConnection = new SocketConnection();
        socketConnection.connect(new HostnamePort("localhost:7687")).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(new RequestMessage[]{InitMessage.init("TestClient/1.1", MapUtil.map(new Object[]{"principal", str, "credentials", str2, "scheme", "basic"}))}));
        MatcherAssert.assertThat(socketConnection, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(socketConnection, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess()}));
        return socketConnection;
    }
}
