package org.neo4j.server.security.enterprise.auth.integration.bolt;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.junit.Test;
import org.neo4j.bolt.v1.messaging.message.PullAllMessage;
import org.neo4j.bolt.v1.messaging.message.RequestMessage;
import org.neo4j.bolt.v1.messaging.message.RunMessage;
import org.neo4j.bolt.v1.messaging.util.MessageMatchers;
import org.neo4j.bolt.v1.transport.integration.TransportTestUtil;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.server.security.enterprise.auth.plugin.TestCacheableAuthPlugin;
import org.neo4j.server.security.enterprise.auth.plugin.TestCacheableAuthenticationPlugin;
import org.neo4j.server.security.enterprise.auth.plugin.TestCustomCacheableAuthenticationPlugin;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/integration/bolt/PluginAuthenticationIT.class */
public class PluginAuthenticationIT extends EnterpriseAuthenticationTestBase {
    private static final List<String> defaultTestPluginRealmList = Arrays.asList("TestAuthenticationPlugin", "TestAuthPlugin", "TestCacheableAdminAuthPlugin", "TestCacheableAuthenticationPlugin", "TestCacheableAuthPlugin", "TestCustomCacheableAuthenticationPlugin", "TestCustomParametersAuthenticationPlugin");
    private static final String DEFAULT_TEST_PLUGIN_REALMS = String.join(", ", (Iterable<? extends CharSequence>) defaultTestPluginRealmList.stream().map(str -> {
        return StringUtils.prependIfMissing(str, "plugin-", new CharSequence[0]);
    }).collect(Collectors.toList()));

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.neo4j.server.security.enterprise.auth.integration.bolt.EnterpriseAuthenticationTestBase
    public Consumer<Map<Setting<?>, String>> getSettingsFunction() {
        return super.getSettingsFunction().andThen(map -> {
        });
    }

    @Test
    public void shouldAuthenticateWithTestAuthenticationPlugin() throws Throwable {
        assertConnectionSucceeds(authToken("neo4j", "neo4j", "plugin-TestAuthenticationPlugin"));
    }

    @Test
    public void shouldAuthenticateWithTestCacheableAuthenticationPlugin() throws Throwable {
        Map<String, Object> authToken = authToken("neo4j", "neo4j", "plugin-TestCacheableAuthenticationPlugin");
        TestCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.set(0);
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.get()), CoreMatchers.equalTo(1));
        reconnect();
        assertConnectionSucceeds(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.get()), CoreMatchers.equalTo(1));
        reconnect();
        authToken.put("credentials", "wrong_password");
        assertConnectionFails(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.get()), CoreMatchers.equalTo(1));
    }

    @Test
    public void shouldAuthenticateWithTestCustomCacheableAuthenticationPlugin() throws Throwable {
        Map<String, Object> authToken = authToken("neo4j", "neo4j", "plugin-TestCustomCacheableAuthenticationPlugin");
        TestCustomCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.set(0);
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCustomCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.get()), CoreMatchers.equalTo(1));
        reconnect();
        assertConnectionSucceeds(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCustomCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.get()), CoreMatchers.equalTo(1));
        reconnect();
        authToken.put("credentials", "wrong_password");
        assertConnectionFails(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCustomCacheableAuthenticationPlugin.getAuthenticationInfoCallCount.get()), CoreMatchers.equalTo(1));
    }

    @Test
    public void shouldAuthenticateAndAuthorizeWithTestAuthPlugin() throws Throwable {
        assertConnectionSucceeds(authToken("neo4j", "neo4j", "plugin-TestAuthPlugin"));
        assertReadSucceeds();
        assertWriteFails("neo4j", "reader");
    }

    @Test
    public void shouldAuthenticateAndAuthorizeWithCacheableTestAuthPlugin() throws Throwable {
        assertConnectionSucceeds(authToken("neo4j", "neo4j", "plugin-TestCacheableAuthPlugin"));
        assertReadSucceeds();
        assertWriteFails("neo4j", "reader");
    }

    @Test
    public void shouldAuthenticateWithTestCacheableAuthPlugin() throws Throwable {
        Map<String, Object> authToken = authToken("neo4j", "neo4j", "plugin-TestCacheableAuthPlugin");
        TestCacheableAuthPlugin.getAuthInfoCallCount.set(0);
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCacheableAuthPlugin.getAuthInfoCallCount.get()), CoreMatchers.equalTo(1));
        assertReadSucceeds();
        assertWriteFails("neo4j", "reader");
        reconnect();
        assertConnectionSucceeds(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCacheableAuthPlugin.getAuthInfoCallCount.get()), CoreMatchers.equalTo(1));
        assertReadSucceeds();
        assertWriteFails("neo4j", "reader");
        reconnect();
        authToken.put("credentials", "wrong_password");
        assertConnectionFails(authToken);
        MatcherAssert.assertThat(Integer.valueOf(TestCacheableAuthPlugin.getAuthInfoCallCount.get()), CoreMatchers.equalTo(1));
    }

    @Test
    public void shouldAuthenticateAndAuthorizeWithTestCombinedAuthPlugin() throws Throwable {
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken("neo4j", "neo4j", "plugin-TestCombinedAuthPlugin"));
        assertReadSucceeds();
        assertWriteFails("neo4j", "reader");
    }

    @Test
    public void shouldAuthenticateAndAuthorizeWithTwoSeparateTestPlugins() throws Throwable {
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken("neo4j", "neo4j", null));
        assertReadSucceeds();
        assertWriteFails("neo4j", "reader");
    }

    @Test
    public void shouldFailIfAuthorizationExpiredWithAuthPlugin() throws Throwable {
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken("neo4j", "neo4j", "plugin-TestCacheableAdminAuthPlugin"));
        assertReadSucceeds();
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.clearAuthCache()"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("MATCH (n) RETURN n"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.AuthorizationExpired, "Plugin 'plugin-TestCacheableAdminAuthPlugin' authorization info expired.")}));
    }

    @Test
    public void shouldSucceedIfAuthorizationExpiredWithinTransactionWithAuthPlugin() throws Throwable {
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken("neo4j", "neo4j", "plugin-TestCacheableAdminAuthPlugin"));
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.clearAuthCache() MATCH (n) RETURN n"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    @Test
    public void shouldAuthenticateWithTestCustomParametersAuthenticationPlugin() throws Throwable {
        assertConnectionSucceeds(MapUtil.map(new Object[]{"scheme", "custom", "principal", "neo4j", "realm", "plugin-TestCustomParametersAuthenticationPlugin", "parameters", MapUtil.map(new Object[]{"my_credentials", Arrays.asList(1L, 2L, 3L, 4L)})}));
    }

    @Test
    public void shouldPassOnAuthorizationExpiredException() throws Throwable {
        restartNeo4jServerWithOverriddenSettings(map -> {
        });
        assertConnectionSucceeds(authToken("authorization_expired_user", "neo4j", null));
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("MATCH (n) RETURN n"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.AuthorizationExpired, "Plugin 'plugin-TestCombinedAuthPlugin' authorization info expired: authorization_expired_user needs to re-authenticate.")}));
    }
}
