package org.neo4j.server.security.enterprise.auth.integration.bolt;

import java.util.Map;
import java.util.function.Consumer;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.annotations.LoadSchema;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.server.security.enterprise.configuration.SecuritySettings;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port = 10389, address = "0.0.0.0"), @CreateTransport(protocol = "LDAPS", port = 10636, address = "0.0.0.0", ssl = true)}, saslMechanisms = {@SaslMechanism(name = "DIGEST-MD5", implClass = DigestMd5MechanismHandler.class), @SaslMechanism(name = "CRAM-MD5", implClass = CramMd5MechanismHandler.class)}, saslHost = "0.0.0.0", extendedOpHandlers = {StartTlsHandler.class}, keyStore = "target/test-classes/neo4j_ldap_test_keystore.jks", certificatePassword = "secret")
@RunWith(FrameworkRunner.class)
@CreateDS(name = "Test", partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif = "dn: dc=example,dc=com\ndc: example\no: example\nobjectClass: top\nobjectClass: dcObject\nobjectClass: organization\n\n"))}, loadedSchemas = {@LoadSchema(name = "nis")})
@ApplyLdifFiles({"ad_schema.ldif", "ad_test_data.ldif"})
/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/integration/bolt/ADAuthIT.class */
public class ADAuthIT extends EnterpriseAuthenticationTestBase {
    @Override // org.neo4j.server.security.enterprise.auth.integration.bolt.EnterpriseAuthenticationTestBase
    @Before
    public void setup() {
        super.setup();
        getLdapServer().setConfidentialityRequired(false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.neo4j.server.security.enterprise.auth.integration.bolt.EnterpriseAuthenticationTestBase
    public Consumer<Map<Setting<?>, String>> getSettingsFunction() {
        return super.getSettingsFunction().andThen(map -> {
            map.put(SecuritySettings.auth_provider, "ldap");
            map.put(SecuritySettings.native_authentication_enabled, "false");
            map.put(SecuritySettings.native_authorization_enabled, "false");
            map.put(SecuritySettings.ldap_authentication_enabled, "true");
            map.put(SecuritySettings.ldap_authorization_enabled, "true");
            map.put(SecuritySettings.ldap_server, "0.0.0.0:10389");
            map.put(SecuritySettings.ldap_authentication_user_dn_template, "cn={0},ou=users,dc=example,dc=com");
            map.put(SecuritySettings.ldap_authentication_cache_enabled, "true");
            map.put(SecuritySettings.ldap_authorization_system_username, "uid=admin,ou=system");
            map.put(SecuritySettings.ldap_authorization_system_password, "secret");
            map.put(SecuritySettings.ldap_authorization_use_system_account, "true");
            map.put(SecuritySettings.ldap_authorization_user_search_base, "dc=example,dc=com");
            map.put(SecuritySettings.ldap_authorization_user_search_filter, "(&(objectClass=*)(samaccountname={0}))");
            map.put(SecuritySettings.ldap_authorization_group_membership_attribute_names, "memberOf");
            map.put(SecuritySettings.ldap_authorization_group_to_role_mapping, "cn=reader,ou=groups,dc=example,dc=com=reader;cn=publisher,ou=groups,dc=example,dc=com=publisher;cn=architect,ou=groups,dc=example,dc=com=architect;cn=admin,ou=groups,dc=example,dc=com=admin");
            map.put(SecuritySettings.procedure_roles, "test.allowedReadProcedure:role1");
            map.put(SecuritySettings.ldap_read_timeout, "1s");
            map.put(SecuritySettings.ldap_authentication_use_samaccountname, "true");
        });
    }

    @Test
    public void shouldLoginWithSamAccountName() throws Throwable {
        assertAuth("neo4j", "abc123");
        reconnect();
        assertAuth("neo4j", "abc123");
    }

    @Test
    public void shouldFailLoginSamAccountNameWrongPassword() throws Throwable {
        assertAuthFail("neo4j", "wrong");
    }

    @Test
    public void shouldFailLoginSamAccountNameWithDN() throws Throwable {
        assertAuthFail("n.neo4j", "abc123");
    }

    @Test
    public void shouldReadWithSamAccountName() throws Throwable {
        assertAuth("neo4j", "abc123");
        assertReadSucceeds();
    }
}
