package org.neo4j.server.security.enterprise.auth;

import com.google.common.jimfs.Configuration;
import com.google.common.jimfs.Jimfs;
import java.io.File;
import java.io.IOException;
import java.nio.file.CopyOption;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.Future;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.neo4j.graphdb.mockfs.DelegatingFileSystemAbstraction;
import org.neo4j.io.fs.DelegateFileSystemAbstraction;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.logging.AssertableLogProvider;
import org.neo4j.logging.LogProvider;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.security.auth.FileRepositorySerializer;
import org.neo4j.server.security.auth.ListSnapshot;
import org.neo4j.server.security.auth.exception.ConcurrentModificationException;
import org.neo4j.string.UTF8;
import org.neo4j.test.DoubleLatch;
import org.neo4j.test.assertion.Assert;
import org.neo4j.test.rule.concurrent.ThreadingRule;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/FileRoleRepositoryTest.class */
public class FileRoleRepositoryTest {
    private FileSystemAbstraction fs;
    private RoleRepository roleRepository;
    private File roleFile = new File("dbms", "roles");
    private LogProvider logProvider = NullLogProvider.getInstance();

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @Rule
    public ThreadingRule threading = new ThreadingRule();

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/FileRoleRepositoryTest$HangingListSnapshot.class */
    class HangingListSnapshot extends ListSnapshot<RoleRecord> {
        private final DoubleLatch latch;

        public HangingListSnapshot(DoubleLatch doubleLatch, long j, List<RoleRecord> list) {
            super(j, list, true);
            this.latch = doubleLatch;
        }

        public long timestamp() {
            this.latch.start();
            this.latch.finishAndWaitForAllToFinish();
            return super.timestamp();
        }
    }

    @Parameterized.Parameters(name = "{1} filesystem")
    public static Collection<Object[]> data() {
        return Arrays.asList(new Object[]{Configuration.unix(), "unix"}, new Object[]{Configuration.osX(), "osX"}, new Object[]{Configuration.windows(), "windows"});
    }

    public FileRoleRepositoryTest(Configuration configuration, String str) {
        this.fs = new DelegateFileSystemAbstraction(Jimfs.newFileSystem(configuration));
    }

    @Before
    public void setup() {
        this.roleRepository = new FileRoleRepository(this.fs, this.roleFile, this.logProvider);
    }

    @Test
    public void shouldStoreAndRetrieveRolesByName() throws Exception {
        RoleRecord roleRecord = new RoleRecord("admin", new String[]{"petra", "olivia"});
        this.roleRepository.create(roleRecord);
        MatcherAssert.assertThat(this.roleRepository.getRoleByName(roleRecord.name()), CoreMatchers.equalTo(roleRecord));
    }

    @Test
    public void shouldPersistRoles() throws Throwable {
        RoleRecord roleRecord = new RoleRecord("admin", new String[]{"craig", "karl"});
        this.roleRepository.create(roleRecord);
        this.roleRepository = new FileRoleRepository(this.fs, this.roleFile, this.logProvider);
        this.roleRepository.start();
        MatcherAssert.assertThat(this.roleRepository.getRoleByName(roleRecord.name()), CoreMatchers.equalTo(roleRecord));
    }

    @Test
    public void shouldNotFindRoleAfterDelete() throws Throwable {
        RoleRecord roleRecord = new RoleRecord("jake", new String[]{"admin"});
        this.roleRepository.create(roleRecord);
        this.roleRepository.delete(roleRecord);
        MatcherAssert.assertThat(this.roleRepository.getRoleByName(roleRecord.name()), CoreMatchers.nullValue());
    }

    @Test
    public void shouldNotAllowComplexNames() throws Exception {
        this.roleRepository.assertValidRoleName("neo4j");
        this.roleRepository.assertValidRoleName("johnosbourne");
        this.roleRepository.assertValidRoleName("john_osbourne");
        Assert.assertException(() -> {
            this.roleRepository.assertValidRoleName((String) null);
        }, InvalidArgumentsException.class, "The provided role name is empty.");
        Assert.assertException(() -> {
            this.roleRepository.assertValidRoleName("");
        }, InvalidArgumentsException.class, "The provided role name is empty.");
        Assert.assertException(() -> {
            this.roleRepository.assertValidRoleName(":");
        }, InvalidArgumentsException.class, "Role name ':' contains illegal characters. Use simple ascii characters and numbers.");
        Assert.assertException(() -> {
            this.roleRepository.assertValidRoleName("john osbourne");
        }, InvalidArgumentsException.class, "Role name 'john osbourne' contains illegal characters. Use simple ascii characters and numbers.");
        Assert.assertException(() -> {
            this.roleRepository.assertValidRoleName("john:osbourne");
        }, InvalidArgumentsException.class, "Role name 'john:osbourne' contains illegal characters. Use simple ascii characters and numbers.");
    }

    @Test
    public void shouldRecoverIfCrashedDuringMove() throws Throwable {
        final IOException iOException = new IOException("simulated IO Exception on create");
        DelegatingFileSystemAbstraction delegatingFileSystemAbstraction = new DelegatingFileSystemAbstraction(this.fs) { // from class: org.neo4j.server.security.enterprise.auth.FileRoleRepositoryTest.1
            public void renameFile(File file, File file2, CopyOption... copyOptionArr) throws IOException {
                if (FileRoleRepositoryTest.this.roleFile.getName().equals(file2.getName())) {
                    throw iOException;
                }
                super.renameFile(file, file2, copyOptionArr);
            }
        };
        this.roleRepository = new FileRoleRepository(delegatingFileSystemAbstraction, this.roleFile, this.logProvider);
        this.roleRepository.start();
        try {
            this.roleRepository.create(new RoleRecord("admin", new String[]{"jake"}));
            org.junit.Assert.fail("Expected an IOException");
        } catch (IOException e) {
            org.junit.Assert.assertSame(iOException, e);
        }
        org.junit.Assert.assertFalse(delegatingFileSystemAbstraction.fileExists(this.roleFile));
        MatcherAssert.assertThat(Integer.valueOf(delegatingFileSystemAbstraction.listFiles(this.roleFile.getParentFile()).length), CoreMatchers.equalTo(0));
    }

    @Test
    public void shouldThrowIfUpdateChangesName() throws Throwable {
        RoleRecord roleRecord = new RoleRecord("admin", new String[]{"steve", "bob"});
        this.roleRepository.create(roleRecord);
        try {
            this.roleRepository.update(roleRecord, new RoleRecord("admins", new String[]{"steve", "bob"}));
            org.junit.Assert.fail("expected exception not thrown");
        } catch (IllegalArgumentException e) {
        }
        MatcherAssert.assertThat(this.roleRepository.getRoleByName(roleRecord.name()), CoreMatchers.equalTo(roleRecord));
    }

    @Test
    public void shouldThrowIfExistingRoleDoesNotMatch() throws Throwable {
        this.roleRepository.create(new RoleRecord("admin", new String[]{"jake"}));
        try {
            this.roleRepository.update(new RoleRecord("admin", new String[]{"jake", "john"}), new RoleRecord("admin", new String[]{"john"}));
            org.junit.Assert.fail("expected exception not thrown");
        } catch (ConcurrentModificationException e) {
        }
    }

    @Test
    public void shouldFailOnReadingInvalidEntries() throws Throwable {
        AssertableLogProvider assertableLogProvider = new AssertableLogProvider();
        this.fs.mkdirs(this.roleFile.getParentFile());
        FileRepositorySerializer.writeToFile(this.fs, this.roleFile, UTF8.encode("neo4j:admin\nadmin:admin:\n"));
        this.roleRepository = new FileRoleRepository(this.fs, this.roleFile, assertableLogProvider);
        this.thrown.expect(IllegalStateException.class);
        this.thrown.expectMessage(CoreMatchers.startsWith("Failed to read role file '"));
        try {
            this.roleRepository.start();
        } catch (IllegalStateException e) {
            MatcherAssert.assertThat(Integer.valueOf(this.roleRepository.numberOfRoles()), CoreMatchers.equalTo(0));
            assertableLogProvider.assertExactly(new AssertableLogProvider.LogMatcher[]{AssertableLogProvider.inLog(FileRoleRepository.class).error("Failed to read role file \"%s\" (%s)", new Object[]{this.roleFile.getAbsolutePath(), "wrong number of line fields [line 2]"})});
            throw e;
        }
    }

    @Test
    public void shouldNotAddEmptyUserToRole() throws Throwable {
        this.fs.mkdirs(this.roleFile.getParentFile());
        FileRepositorySerializer.writeToFile(this.fs, this.roleFile, UTF8.encode("admin:neo4j\nreader:\n"));
        this.roleRepository = new FileRoleRepository(this.fs, this.roleFile, this.logProvider);
        this.roleRepository.start();
        RoleRecord roleByName = this.roleRepository.getRoleByName("admin");
        org.junit.Assert.assertTrue("neo4j should be assigned to 'admin'", roleByName.users().contains("neo4j"));
        org.junit.Assert.assertTrue("only one admin should exist", roleByName.users().size() == 1);
        org.junit.Assert.assertTrue("no users should be assigned to 'reader'", this.roleRepository.getRoleByName("reader").users().isEmpty());
    }

    @Test
    public void shouldProvideRolesByUsernameEvenIfMidSetRoles() throws Throwable {
        this.roleRepository = new FileRoleRepository(this.fs, this.roleFile, this.logProvider);
        this.roleRepository.create(new RoleRecord("admin", new String[]{"oskar"}));
        DoubleLatch doubleLatch = new DoubleLatch(2);
        Future execute = this.threading.execute(obj -> {
            this.roleRepository.setRoles(new HangingListSnapshot(doubleLatch, 10L, Collections.emptyList()));
            return null;
        }, (Object) null);
        doubleLatch.startAndWaitForAllToStart();
        MatcherAssert.assertThat(this.roleRepository.getRoleNamesByUsername("oskar"), Matchers.containsInAnyOrder(new String[]{"admin"}));
        doubleLatch.finish();
        execute.get();
    }
}
