package org.neo4j.server.security.enterprise.auth;

import java.time.OffsetDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.stream.Collectors;
import org.eclipse.jetty.server.Server;
import org.hamcrest.BaseMatcher;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Description;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.neo4j.bolt.v1.runtime.integration.TransactionIT;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.helpers.collection.Iterables;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.KernelTransaction;
import org.neo4j.server.security.enterprise.auth.ProcedureInteractionTestBase;
import org.neo4j.test.Barrier;
import org.neo4j.test.DoubleLatch;
import org.neo4j.test.matchers.CommonMatchers;
import org.neo4j.test.rule.concurrent.ThreadingRule;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/BuiltInProceduresInteractionTestBase.class */
public abstract class BuiltInProceduresInteractionTestBase<S> extends ProcedureInteractionTestBase<S> {
    public void shouldListSelfTransaction() {
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
    }

    public void shouldNotListTransactionsIfNotAdmin() {
        assertFail(this.noneSubject, "CALL dbms.listTransactions()", "Permission denied.");
        assertFail(this.readSubject, "CALL dbms.listTransactions()", "Permission denied.");
        assertFail(this.writeSubject, "CALL dbms.listTransactions()", "Permission denied.");
        assertFail(this.schemaSubject, "CALL dbms.listTransactions()", "Permission denied.");
    }

    public void shouldListTransactions() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.executeCreateNode(this.threading, this.writeSubject);
        threadedTransaction2.executeCreateNode(this.threading, this.writeSubject);
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1", "writeSubject", "2"}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertSuccess();
        threadedTransaction2.closeAndAssertSuccess();
    }

    public void shouldListRestrictedTransaction() {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ProcedureInteractionTestBase.ClassWithProcedures.setTestLatch(new ProcedureInteractionTestBase.ClassWithProcedures.LatchedRunnables(doubleLatch, () -> {
        }, () -> {
        }));
        new Thread(() -> {
            assertEmpty(this.writeSubject, "CALL test.waitForLatch()");
        }).start();
        doubleLatch.startAndWaitForAllToStart();
        try {
            assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
                assertKeyIsMap(resourceIterator, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1", "writeSubject", "1"}));
            });
        } finally {
            doubleLatch.finishAndWaitForAllToFinish();
        }
    }

    @Test
    public void shouldListAllQueryIncludingMetaData() throws Throwable {
        String str = "MATCH (n) RETURN n";
        String str2 = "CALL dbms.listQueries()";
        DoubleLatch doubleLatch = new DoubleLatch(2);
        OffsetDateTime now = OffsetDateTime.now();
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.execute(this.threading, (ThreadingRule) this.writeSubject, "CALL dbms.setTXMetaData( { realUser: 'MyMan' } )", "MATCH (n) RETURN n");
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(this.adminSubject, "CALL dbms.listQueries()", resourceIterator -> {
            MatcherAssert.assertThat((Set) resourceIterator.stream().collect(Collectors.toSet()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{listedQueryOfInteractionLevel(now, "adminSubject", str2), listedQueryWithMetaData(now, "writeSubject", str, MapUtil.map(new Object[]{"realUser", "MyMan"}))}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertSuccess();
    }

    @Test
    public void shouldListAllQueriesWhenRunningAsAdmin() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3, true);
        OffsetDateTime now = OffsetDateTime.now();
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        String execute = threadedTransaction.execute(this.threading, (ThreadingRule) this.readSubject, "UNWIND [1,2,3] AS x RETURN x");
        String execute2 = threadedTransaction2.execute(this.threading, (ThreadingRule) this.writeSubject, "UNWIND [4,5,6] AS y RETURN y");
        doubleLatch.startAndWaitForAllToStart();
        String str = "CALL dbms.listQueries()";
        assertSuccess(this.adminSubject, "CALL dbms.listQueries()", resourceIterator -> {
            MatcherAssert.assertThat((Set) resourceIterator.stream().collect(Collectors.toSet()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{listedQuery(now, "readSubject", execute), listedQuery(now, "writeSubject", execute2), listedQueryOfInteractionLevel(now, "adminSubject", str)}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertSuccess();
        threadedTransaction2.closeAndAssertSuccess();
    }

    @Test
    public void shouldOnlyListOwnQueriesWhenNotRunningAsAdmin() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3, true);
        OffsetDateTime now = OffsetDateTime.now();
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        String execute = threadedTransaction.execute(this.threading, (ThreadingRule) this.readSubject, "UNWIND [1,2,3] AS x RETURN x");
        threadedTransaction2.execute(this.threading, (ThreadingRule) this.writeSubject, "UNWIND [4,5,6] AS y RETURN y");
        doubleLatch.startAndWaitForAllToStart();
        String str = "CALL dbms.listQueries()";
        assertSuccess(this.readSubject, "CALL dbms.listQueries()", resourceIterator -> {
            MatcherAssert.assertThat((Set) resourceIterator.stream().collect(Collectors.toSet()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{listedQuery(now, "readSubject", execute), listedQuery(now, "readSubject", str)}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertSuccess();
        threadedTransaction2.closeAndAssertSuccess();
    }

    @Test
    public void shouldListQueriesEvenIfUsingPeriodicCommit() throws Throwable {
        for (int i = 8; i <= 11; i++) {
            DoubleLatch doubleLatch = new DoubleLatch(3, true);
            Barrier.Control control = new Barrier.Control();
            Server createHttpServer = TransactionIT.createHttpServer(doubleLatch, control, i, 50 - i);
            createHttpServer.start();
            int localPort = getLocalPort(createHttpServer);
            OffsetDateTime now = OffsetDateTime.now();
            ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
            try {
                String executeEarly = threadedTransaction.executeEarly(this.threading, (ThreadingRule) this.writeSubject, KernelTransaction.Type.implicit, String.format("USING PERIODIC COMMIT 10 LOAD CSV FROM 'http://localhost:%d' AS line ", Integer.valueOf(localPort)) + "CREATE (n:A {id: line[0], square: line[1]}) RETURN count(*)");
                doubleLatch.startAndWaitForAllToStart();
                String str = "CALL dbms.listQueries()";
                assertSuccess(this.adminSubject, "CALL dbms.listQueries()", resourceIterator -> {
                    Set set = (Set) resourceIterator.stream().collect(Collectors.toSet());
                    Matcher<Map<String, Object>> listedQuery = listedQuery(now, "adminSubject", str);
                    Matcher<Map<String, Object>> listedQuery2 = listedQuery(now, "writeSubject", executeEarly);
                    MatcherAssert.assertThat(set, CoreMatchers.hasItem(listedQuery));
                    MatcherAssert.assertThat(set, CoreMatchers.hasItem(listedQuery2));
                });
                control.release();
                doubleLatch.finishAndWaitForAllToFinish();
                createHttpServer.stop();
                threadedTransaction.closeAndAssertSuccess();
            } catch (Throwable th) {
                control.release();
                doubleLatch.finishAndWaitForAllToFinish();
                createHttpServer.stop();
                threadedTransaction.closeAndAssertSuccess();
                throw th;
            }
        }
    }

    @Test
    public void shouldListAllQueriesWithAuthDisabled() throws Throwable {
        this.neo.tearDown();
        this.neo = setUpNeoServer(MapUtil.stringMap(new String[]{GraphDatabaseSettings.auth_enabled.name(), "false"}));
        DoubleLatch doubleLatch = new DoubleLatch(2, true);
        OffsetDateTime now = OffsetDateTime.now();
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        String execute = threadedTransaction.execute(this.threading, (ThreadingRule) this.neo.login("user1", ""), "UNWIND [1,2,3] AS x RETURN x");
        doubleLatch.startAndWaitForAllToStart();
        String str = "CALL dbms.listQueries()";
        try {
            assertSuccess(this.neo.login("admin", ""), "CALL dbms.listQueries()", resourceIterator -> {
                MatcherAssert.assertThat((Set) resourceIterator.stream().collect(Collectors.toSet()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{listedQuery(now, "", execute), listedQueryOfInteractionLevel(now, "", str)}));
            });
            doubleLatch.finishAndWaitForAllToFinish();
            threadedTransaction.closeAndAssertSuccess();
        } catch (Throwable th) {
            doubleLatch.finishAndWaitForAllToFinish();
            throw th;
        }
    }

    @Test
    public void queryWaitingForLocksShouldBeKilledBeforeLocksAreReleased() throws Throwable {
        assertEmpty(this.adminSubject, "CREATE (:MyNode {prop: 2})");
        ProcedureInteractionTestBase.ClassWithProcedures.doubleLatch = new DoubleLatch(2);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, new DoubleLatch());
        threadedTransaction.executeEarly(this.threading, (ThreadingRule) this.writeSubject, KernelTransaction.Type.explicit, "MATCH (n:MyNode) SET n.prop = 5 WITH * CALL test.neverEnding() RETURN 1");
        ProcedureInteractionTestBase.ClassWithProcedures.doubleLatch.startAndWaitForAllToStart();
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, new DoubleLatch());
        threadedTransaction2.executeEarly(this.threading, (ThreadingRule) this.writeSubject, KernelTransaction.Type.explicit, "MATCH (n:MyNode) SET n.prop = 10 RETURN 1");
        assertSuccess(this.adminSubject, "CALL dbms.listQueries() YIELD query, queryId WITH query, queryId WHERE query = 'MATCH (n:MyNode) SET n.prop = 10 RETURN 1'CALL dbms.killQuery(queryId) YIELD queryId AS killedId RETURN 1", resourceIterator -> {
            MatcherAssert.assertThat(Boolean.valueOf(resourceIterator.hasNext()), Matchers.equalTo(true));
        });
        threadedTransaction2.closeAndAssertQueryKilled();
        ProcedureInteractionTestBase.ClassWithProcedures.doubleLatch.finish();
        threadedTransaction.closeAndAssertSuccess();
    }

    @Test
    public void shouldKillQueryAsAdmin() throws Throwable {
        executeTwoQueriesAndKillTheFirst(this.readSubject, this.readSubject, this.adminSubject);
    }

    @Test
    public void shouldKillQueryAsUser() throws Throwable {
        executeTwoQueriesAndKillTheFirst(this.readSubject, this.writeSubject, this.readSubject);
    }

    private void executeTwoQueriesAndKillTheFirst(S s, S s2, S s3) throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        String execute = threadedTransaction.execute(this.threading, (ThreadingRule) s, "UNWIND [1,2,3] AS x RETURN x");
        threadedTransaction2.execute(this.threading, (ThreadingRule) s2, "UNWIND [4,5,6] AS y RETURN y");
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(s3, "CALL dbms.killQuery('" + extractQueryId(execute) + "') YIELD username RETURN count(username) AS count, username", resourceIterator -> {
            MatcherAssert.assertThat((List) resourceIterator.stream().collect(Collectors.toList()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{Matchers.allOf(Matchers.hasEntry(Matchers.equalTo("count"), Matchers.anyOf(Matchers.equalTo(1), Matchers.equalTo(1L))), Matchers.hasEntry(Matchers.equalTo("username"), Matchers.equalTo("readSubject")))}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertTransactionTermination();
        threadedTransaction2.closeAndAssertSuccess();
        assertEmpty(this.adminSubject, "CALL dbms.listQueries() YIELD query WITH * WHERE NOT query CONTAINS 'listQueries' RETURN *");
    }

    @Test
    public void shouldSelfKillQuery() throws Throwable {
        MatcherAssert.assertThat(this.neo.executeQuery(this.readSubject, "WITH 'Hello' AS marker CALL dbms.listQueries() YIELD queryId AS id, query WITH * WHERE query CONTAINS 'Hello' CALL dbms.killQuery(id) YIELD username RETURN count(username) AS count, username", Collections.emptyMap(), resourceIterator -> {
        }), CoreMatchers.containsString("Explicitly terminated by the user."));
        assertEmpty(this.adminSubject, "CALL dbms.listQueries() YIELD query WITH * WHERE NOT query CONTAINS 'listQueries' RETURN *");
    }

    @Test
    public void shouldFailToTerminateOtherUsersQuery() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3, true);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        String execute = threadedTransaction.execute(this.threading, (ThreadingRule) this.readSubject, "UNWIND [1,2,3] AS x RETURN x");
        threadedTransaction2.execute(this.threading, (ThreadingRule) this.writeSubject, "UNWIND [4,5,6] AS y RETURN y");
        doubleLatch.startAndWaitForAllToStart();
        try {
            assertFail(this.writeSubject, "CALL dbms.killQuery('" + extractQueryId(execute) + "') YIELD username RETURN *", "Permission denied.");
            doubleLatch.finishAndWaitForAllToFinish();
            threadedTransaction.closeAndAssertSuccess();
            threadedTransaction2.closeAndAssertSuccess();
            assertEmpty(this.adminSubject, "CALL dbms.listQueries() YIELD query WITH * WHERE NOT query CONTAINS 'listQueries' RETURN *");
        } catch (Throwable th) {
            doubleLatch.finishAndWaitForAllToFinish();
            throw th;
        }
    }

    @Test
    public void shouldTerminateQueriesEvenIfUsingPeriodicCommit() throws Throwable {
        for (int i = 8; i <= 11; i++) {
            DoubleLatch doubleLatch = new DoubleLatch(3, true);
            Barrier.Control control = new Barrier.Control();
            Server createHttpServer = TransactionIT.createHttpServer(doubleLatch, control, i, 50 - i);
            createHttpServer.start();
            int localPort = getLocalPort(createHttpServer);
            ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
            try {
                String executeEarly = threadedTransaction.executeEarly(this.threading, (ThreadingRule) this.writeSubject, KernelTransaction.Type.implicit, String.format("USING PERIODIC COMMIT 10 LOAD CSV FROM 'http://localhost:%d' AS line ", Integer.valueOf(localPort)) + "CREATE (n:A {id: line[0], square: line[1]}) RETURN count(*)");
                doubleLatch.startAndWaitForAllToStart();
                assertSuccess(this.adminSubject, "CALL dbms.killQuery('" + extractQueryId(executeEarly) + "') YIELD username RETURN count(username) AS count, username", resourceIterator -> {
                    MatcherAssert.assertThat((List) resourceIterator.stream().collect(Collectors.toList()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{Matchers.allOf(Matchers.hasEntry(Matchers.equalTo("count"), Matchers.anyOf(Matchers.equalTo(1), Matchers.equalTo(1L))), Matchers.hasEntry(Matchers.equalTo("username"), Matchers.equalTo("writeSubject")))}));
                });
                control.release();
                doubleLatch.finishAndWaitForAllToFinish();
                createHttpServer.stop();
                threadedTransaction.closeAndAssertTransactionTermination();
            } catch (Throwable th) {
                control.release();
                doubleLatch.finishAndWaitForAllToFinish();
                createHttpServer.stop();
                threadedTransaction.closeAndAssertTransactionTermination();
                throw th;
            }
        }
    }

    @Test
    public void shouldKillMultipleUserQueries() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(5);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction3 = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction4 = new ThreadedTransaction(this.neo, doubleLatch);
        String execute = threadedTransaction.execute(this.threading, (ThreadingRule) this.readSubject, "UNWIND [1,2,3] AS x RETURN x");
        String execute2 = threadedTransaction2.execute(this.threading, (ThreadingRule) this.readSubject, "UNWIND [4,5,6] AS y RETURN y");
        threadedTransaction3.execute(this.threading, (ThreadingRule) this.readSubject, "UNWIND [7,8,9] AS z RETURN z");
        threadedTransaction4.execute(this.threading, (ThreadingRule) this.writeSubject, "UNWIND [11,12,13] AS q RETURN q");
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(this.adminSubject, "CALL dbms.killQueries(" + ("['" + extractQueryId(execute) + "', '" + extractQueryId(execute2) + "']") + ") YIELD username RETURN count(username) AS count, username", resourceIterator -> {
            MatcherAssert.assertThat((List) resourceIterator.stream().collect(Collectors.toList()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{Matchers.allOf(Matchers.hasEntry(Matchers.equalTo("count"), Matchers.anyOf(Matchers.equalTo(2), Matchers.equalTo(2L))), Matchers.hasEntry(Matchers.equalTo("username"), Matchers.equalTo("readSubject")))}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertTransactionTermination();
        threadedTransaction2.closeAndAssertTransactionTermination();
        threadedTransaction3.closeAndAssertSuccess();
        threadedTransaction4.closeAndAssertSuccess();
        assertEmpty(this.adminSubject, "CALL dbms.listQueries() YIELD query WITH * WHERE NOT query CONTAINS 'listQueries' RETURN *");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String extractQueryId(String str) {
        return ((Map) Iterables.single((Iterable) collectSuccessResult(this.adminSubject, "CALL dbms.listQueries()").stream().filter(map -> {
            return map.get("query").equals(str);
        }).collect(Collectors.toList()))).get("queryId").toString();
    }

    @Test
    public void shouldHaveSetTXMetaDataProcedure() throws Throwable {
        assertEmpty(this.writeSubject, "CALL dbms.setTXMetaData( { aKey: 'aValue' } )");
    }

    @Test
    public void shouldFailOnTooLargeTXMetaData() throws Throwable {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 200; i++) {
            arrayList.add(String.format("key%d: '0123456789'", Integer.valueOf(i)));
        }
        assertFail(this.writeSubject, "CALL dbms.setTXMetaData( " + ("{" + String.join(", ", arrayList) + "}") + " )", "Invalid transaction meta-data, expected the total number of chars for keys and values to be less than 2048, got 3090");
    }

    @Test
    public void shouldTerminateLongRunningProcedureThatChecksTheGuardRegularlyIfKilled() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ProcedureInteractionTestBase.ClassWithProcedures.volatileLatch = doubleLatch;
        String str = "CALL test.loop";
        new Thread(() -> {
            assertFail(this.readSubject, str, "Explicitly terminated by the user.");
        }).start();
        doubleLatch.startAndWaitForAllToStart();
        try {
            assertSuccess(this.adminSubject, "CALL dbms.killQuery('" + extractQueryId("CALL test.loop") + "') YIELD username RETURN count(username) AS count, username", resourceIterator -> {
                MatcherAssert.assertThat((List) resourceIterator.stream().collect(Collectors.toList()), CommonMatchers.matchesOneToOneInAnyOrder(new Matcher[]{Matchers.allOf(Matchers.hasEntry(Matchers.equalTo("count"), Matchers.anyOf(Matchers.equalTo(1), Matchers.equalTo(1L))), Matchers.hasEntry(Matchers.equalTo("username"), Matchers.equalTo("readSubject")))}));
            });
            doubleLatch.finishAndWaitForAllToFinish();
            assertEmpty(this.adminSubject, "CALL dbms.listQueries() YIELD query WITH * WHERE NOT query CONTAINS 'listQueries' RETURN *");
        } catch (Throwable th) {
            doubleLatch.finishAndWaitForAllToFinish();
            throw th;
        }
    }

    @Test
    public void shouldHandleWriteAfterAllowedReadProcedureForWriteUser() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        this.userManager.addRoleToUser("publisher", "role1Subject");
        assertEmpty(this.neo.login("role1Subject", "abc"), "CALL test.allowedReadProcedure() YIELD value CREATE (:NEWNODE {name:value})");
    }

    @Test
    public void shouldNotAllowNonWriterToWriteAfterCallingAllowedWriteProc() throws Exception {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("nopermission", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "nopermission");
        assertSuccess(this.neo.login("nopermission", "abc"), "CALL test.allowedWriteProcedure()", resourceIterator -> {
            Assert.assertEquals(((List) resourceIterator.stream().collect(Collectors.toList())).size(), 2L);
        });
        assertFail(this.neo.login("nopermission", "abc"), "CALL test.allowedWriteProcedure() YIELD value CREATE (:NEWNODE {name:value})", this.WRITE_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldNotAllowUnauthorizedAccessToProcedure() throws Exception {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("nopermission", "abc", false);
        assertFail(this.neo.login("nopermission", "abc"), "CALL test.staticReadProcedure()", this.READ_OPS_NOT_ALLOWED);
        assertFail(this.neo.login("nopermission", "abc"), "CALL test.staticWriteProcedure()", this.WRITE_OPS_NOT_ALLOWED);
        assertFail(this.neo.login("nopermission", "abc"), "CALL test.staticSchemaProcedure()", this.SCHEMA_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldNotAllowNonReaderToReadAfterCallingAllowedReadProc() throws Exception {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("nopermission", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "nopermission");
        assertSuccess(this.neo.login("nopermission", "abc"), "CALL test.allowedReadProcedure()", resourceIterator -> {
            Assert.assertEquals(((List) resourceIterator.stream().collect(Collectors.toList())).size(), 1L);
        });
        assertFail(this.neo.login("nopermission", "abc"), "CALL test.allowedReadProcedure() YIELD value MATCH (n:Secret) RETURN n.pass", this.READ_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldHandleNestedReadProcedures() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertSuccess(this.neo.login("role1Subject", "abc"), "CALL test.nestedAllowedProcedure('test.allowedReadProcedure') YIELD value", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
    }

    @Test
    public void shouldHandleDoubleNestedReadProcedures() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertSuccess(this.neo.login("role1Subject", "abc"), "CALL test.doubleNestedAllowedProcedure YIELD value", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
    }

    @Test
    public void shouldFailNestedAllowedWriteProcedureFromAllowedReadProcedure() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertFail(this.neo.login("role1Subject", "abc"), "CALL test.nestedAllowedProcedure('test.allowedWriteProcedure') YIELD value", this.WRITE_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldFailNestedAllowedWriteProcedureFromAllowedReadProcedureEvenIfAdmin() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        this.userManager.addRoleToUser("admin", "role1Subject");
        assertFail(this.neo.login("role1Subject", "abc"), "CALL test.nestedAllowedProcedure('test.allowedWriteProcedure') YIELD value", this.WRITE_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldRestrictNestedReadProcedureFromAllowedWriteProcedures() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertFail(this.neo.login("role1Subject", "abc"), "CALL test.failingNestedAllowedWriteProcedure YIELD value", this.WRITE_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldHandleNestedReadProcedureWithDifferentAllowedRole() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertSuccess(this.neo.login("role1Subject", "abc"), "CALL test.nestedAllowedProcedure('test.otherAllowedReadProcedure') YIELD value", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
    }

    @Test
    public void shouldFailNestedAllowedWriteProcedureFromNormalReadProcedure() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        this.userManager.addRoleToUser("publisher", "role1Subject");
        assertFail(this.neo.login("role1Subject", "abc"), "CALL test.nestedReadProcedure('test.allowedWriteProcedure') YIELD value", this.WRITE_OPS_NOT_ALLOWED);
    }

    @Test
    public void shouldHandleFunctionWithAllowed() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertSuccess(this.neo.login("role1Subject", "abc"), "RETURN test.allowedFunction1() AS value", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
    }

    @Test
    public void shouldHandleNestedFunctionsWithAllowed() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertSuccess(this.neo.login("role1Subject", "abc"), "RETURN test.nestedAllowedFunction('test.allowedFunction1()') AS value", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
    }

    @Test
    public void shouldHandleNestedFunctionWithDifferentAllowedRole() throws Throwable {
        this.userManager = this.neo.getLocalUserManager();
        this.userManager.newUser("role1Subject", "abc", false);
        this.userManager.newRole("role1", new String[0]);
        this.userManager.addRoleToUser("role1", "role1Subject");
        assertSuccess(this.neo.login("role1Subject", "abc"), "RETURN test.nestedAllowedFunction('test.allowedFunction2()') AS value", resourceIterator -> {
            assertKeyIs(resourceIterator, "value", "foo");
        });
    }

    public void shouldTerminateTransactionForUser() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.executeCreateNode(this.threading, this.writeSubject);
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"writeSubject", "1"}));
        });
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    public void shouldTerminateOnlyGivenUsersTransaction() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.executeCreateNode(this.threading, this.schemaSubject);
        threadedTransaction2.executeCreateNode(this.threading, this.writeSubject);
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'schemaSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"schemaSubject", "1"}));
        });
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1", "writeSubject", "1"}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertTransactionTermination();
        threadedTransaction2.closeAndAssertSuccess();
        assertSuccess(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name", resourceIterator3 -> {
            assertKeyIs(resourceIterator3, "name", "writeSubject-node");
        });
    }

    public void shouldTerminateAllTransactionsForGivenUser() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(3);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        ThreadedTransaction threadedTransaction2 = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.executeCreateNode(this.threading, this.schemaSubject);
        threadedTransaction2.executeCreateNode(this.threading, this.schemaSubject);
        doubleLatch.startAndWaitForAllToStart();
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'schemaSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"schemaSubject", "2"}));
        });
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "activeTransactions", MapUtil.map(new Object[]{"adminSubject", "1"}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertTransactionTermination();
        threadedTransaction2.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    public void shouldNotTerminateTerminationTransaction() throws InterruptedException, ExecutionException {
        assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'adminSubject' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"adminSubject", "0"}));
        });
        assertSuccess(this.readSubject, "CALL dbms.terminateTransactionsForUser( 'readSubject' )", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "transactionsTerminated", MapUtil.map(new Object[]{"readSubject", "0"}));
        });
    }

    public void shouldTerminateSelfTransactionsExceptTerminationTransactionIfAdmin() throws Throwable {
        shouldTerminateSelfTransactionsExceptTerminationTransaction(this.adminSubject);
    }

    public void shouldTerminateSelfTransactionsExceptTerminationTransactionIfNotAdmin() throws Throwable {
        shouldTerminateSelfTransactionsExceptTerminationTransaction(this.writeSubject);
    }

    private void shouldTerminateSelfTransactionsExceptTerminationTransaction(S s) throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.executeCreateNode(this.threading, s);
        doubleLatch.startAndWaitForAllToStart();
        String nameOf = this.neo.nameOf(s);
        assertSuccess(s, "CALL dbms.terminateTransactionsForUser( '" + nameOf + "' )", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{nameOf, "1"}));
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertTransactionTermination();
        assertEmpty(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name");
    }

    public void shouldNotTerminateTransactionsIfNonExistentUser() throws InterruptedException, ExecutionException {
        assertFail(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'Petra' )", "User 'Petra' does not exist");
        assertFail(this.adminSubject, "CALL dbms.terminateTransactionsForUser( '' )", "User '' does not exist");
    }

    public void shouldNotTerminateTransactionsIfNotAdmin() throws Throwable {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ThreadedTransaction threadedTransaction = new ThreadedTransaction(this.neo, doubleLatch);
        threadedTransaction.executeCreateNode(this.threading, this.writeSubject);
        doubleLatch.startAndWaitForAllToStart();
        assertFail(this.noneSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", "Permission denied.");
        assertFail(this.pwdSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", this.CHANGE_PWD_ERR_MSG);
        assertFail(this.readSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", "Permission denied.");
        assertFail(this.schemaSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", "Permission denied.");
        assertSuccess(this.adminSubject, "CALL dbms.listTransactions()", resourceIterator -> {
            assertKeyIs(resourceIterator, "username", "adminSubject", "writeSubject");
        });
        doubleLatch.finishAndWaitForAllToFinish();
        threadedTransaction.closeAndAssertSuccess();
        assertSuccess(this.adminSubject, "MATCH (n:Test) RETURN n.name AS name", resourceIterator2 -> {
            assertKeyIs(resourceIterator2, "name", "writeSubject-node");
        });
    }

    public void shouldTerminateRestrictedTransaction() {
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ProcedureInteractionTestBase.ClassWithProcedures.setTestLatch(new ProcedureInteractionTestBase.ClassWithProcedures.LatchedRunnables(doubleLatch, () -> {
        }, () -> {
        }));
        new Thread(() -> {
            assertFail(this.writeSubject, "CALL test.waitForLatch()", "Explicitly terminated by the user.");
        }).start();
        doubleLatch.startAndWaitForAllToStart();
        try {
            assertSuccess(this.adminSubject, "CALL dbms.terminateTransactionsForUser( 'writeSubject' )", resourceIterator -> {
                assertKeyIsMap(resourceIterator, "username", "transactionsTerminated", MapUtil.map(new Object[]{"writeSubject", "1"}));
            });
        } finally {
            doubleLatch.finishAndWaitForAllToFinish();
        }
    }

    private int getLocalPort(Server server) {
        return server.getConnectors()[0].getLocalPort();
    }

    private Matcher<Map<String, Object>> listedQuery(OffsetDateTime offsetDateTime, String str, String str2) {
        return Matchers.allOf(hasQuery(str2), hasUsername(str), hasQueryId(), hasStartTimeAfter(offsetDateTime), hasNoParameters());
    }

    private Matcher<Map<String, Object>> listedQueryOfInteractionLevel(OffsetDateTime offsetDateTime, String str, String str2) {
        return Matchers.allOf(hasQuery(str2), hasUsername(str), hasQueryId(), hasStartTimeAfter(offsetDateTime), hasNoParameters(), hasConnectionDetails(this.neo.getConnectionDetails()));
    }

    private Matcher<Map<String, Object>> listedQueryWithMetaData(OffsetDateTime offsetDateTime, String str, String str2, Map<String, Object> map) {
        return Matchers.allOf(hasQuery(str2), hasUsername(str), hasQueryId(), hasStartTimeAfter(offsetDateTime), hasNoParameters(), hasMetaData(map));
    }

    private Matcher<Map<String, Object>> hasQuery(String str) {
        return Matchers.hasEntry(Matchers.equalTo("query"), Matchers.equalTo(str));
    }

    private Matcher<Map<String, Object>> hasUsername(String str) {
        return Matchers.hasEntry(Matchers.equalTo("username"), Matchers.equalTo(str));
    }

    private Matcher<Map<String, Object>> hasQueryId() {
        return Matchers.hasEntry(Matchers.equalTo("queryId"), Matchers.allOf(Matchers.isA(String.class), CoreMatchers.containsString("query-")));
    }

    private Matcher<Map<String, Object>> hasStartTimeAfter(final OffsetDateTime offsetDateTime) {
        return Matchers.hasEntry(Matchers.equalTo("startTime"), new BaseMatcher<String>() { // from class: org.neo4j.server.security.enterprise.auth.BuiltInProceduresInteractionTestBase.1
            public void describeTo(Description description) {
                description.appendText("should be after " + offsetDateTime.toString());
            }

            public boolean matches(Object obj) {
                return offsetDateTime.compareTo(OffsetDateTime.from(DateTimeFormatter.ISO_OFFSET_DATE_TIME.parse(obj.toString()))) <= 0;
            }
        });
    }

    private Matcher<Map<String, Object>> hasNoParameters() {
        return Matchers.hasEntry(Matchers.equalTo("parameters"), Matchers.equalTo(Collections.emptyMap()));
    }

    private Matcher<Map<String, Object>> hasConnectionDetails(String str) {
        return Matchers.hasEntry(Matchers.equalTo("connectionDetails"), CoreMatchers.containsString(str));
    }

    private Matcher<Map<String, Object>> hasMetaData(Map<String, Object> map) {
        return Matchers.hasEntry(Matchers.equalTo("metaData"), Matchers.allOf((Iterable) map.entrySet().stream().map(entry -> {
            return Matchers.hasEntry(Matchers.equalTo(entry.getKey()), Matchers.equalTo(entry.getValue()));
        }).collect(Collectors.toList())));
    }
}
