package org.neo4j.server.security.enterprise.auth;

import java.time.Clock;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.subject.PrincipalCollection;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthSubject;
import org.neo4j.server.security.auth.AuthenticationStrategy;
import org.neo4j.server.security.auth.BasicPasswordPolicy;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.server.security.auth.PasswordPolicy;
import org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy;
import org.neo4j.server.security.auth.SecurityTestUtils;
import org.neo4j.server.security.auth.UserRepository;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmTest.class */
public class InternalFlatFileRealmTest {
    private MultiRealmAuthManager authManager;
    private TestRealm testRealm;

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmTest$TestRealm.class */
    private class TestRealm extends InternalFlatFileRealm {
        private boolean authenticationFlag;
        private boolean authorizationFlag;

        boolean takeAuthenticationFlag() {
            boolean z = this.authenticationFlag;
            this.authenticationFlag = false;
            return z;
        }

        boolean takeAuthorizationFlag() {
            boolean z = this.authorizationFlag;
            this.authorizationFlag = false;
            return z;
        }

        TestRealm(UserRepository userRepository, RoleRepository roleRepository, PasswordPolicy passwordPolicy, AuthenticationStrategy authenticationStrategy) {
            super(userRepository, roleRepository, passwordPolicy, authenticationStrategy);
            this.authenticationFlag = false;
            this.authorizationFlag = false;
        }

        public String getName() {
            return "TestRealm wrapping " + super.getName();
        }

        public boolean supports(AuthenticationToken authenticationToken) {
            return super.supports(authenticationToken);
        }

        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            this.authenticationFlag = true;
            return super.doGetAuthenticationInfo(authenticationToken);
        }

        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            this.authorizationFlag = true;
            return super.doGetAuthorizationInfo(principalCollection);
        }
    }

    @Before
    public void setup() throws Throwable {
        this.testRealm = new TestRealm(new InMemoryUserRepository(), new InMemoryRoleRepository(), new BasicPasswordPolicy(), new RateLimitedAuthenticationStrategy(Clock.systemUTC(), 3));
        this.authManager = new MultiRealmAuthManager(this.testRealm, AuthTestUtil.listOf(this.testRealm), new MemoryConstrainedCacheManager());
        this.authManager.init();
        this.authManager.start();
        this.authManager.getUserManager().newUser("mike", "123", false);
    }

    @Test
    public void shouldNotCacheAuthenticationInfo() throws InvalidAuthTokenException {
        this.authManager.login(SecurityTestUtils.authToken("mike", "123"));
        Assert.assertThat("Test realm did not receive a call", Boolean.valueOf(this.testRealm.takeAuthenticationFlag()), Matchers.is(true));
        this.authManager.login(SecurityTestUtils.authToken("mike", "123"));
        Assert.assertThat("Test realm did not receive a call", Boolean.valueOf(this.testRealm.takeAuthenticationFlag()), Matchers.is(true));
    }

    @Test
    public void shouldNotCacheAuthorizationInfo() throws InvalidAuthTokenException {
        EnterpriseAuthSubject login = this.authManager.login(SecurityTestUtils.authToken("mike", "123"));
        login.allowsReads();
        Assert.assertThat("Test realm did not receive a call", Boolean.valueOf(this.testRealm.takeAuthorizationFlag()), Matchers.is(true));
        login.allowsWrites();
        Assert.assertThat("Test realm did not receive a call", Boolean.valueOf(this.testRealm.takeAuthorizationFlag()), Matchers.is(true));
    }
}
