package org.neo4j.server.security.enterprise.auth.integration.bolt;

import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.function.Consumer;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.neo4j.bolt.v1.messaging.message.InitMessage;
import org.neo4j.bolt.v1.messaging.message.PullAllMessage;
import org.neo4j.bolt.v1.messaging.message.RequestMessage;
import org.neo4j.bolt.v1.messaging.message.RunMessage;
import org.neo4j.bolt.v1.messaging.util.MessageMatchers;
import org.neo4j.bolt.v1.runtime.spi.StreamMatchers;
import org.neo4j.bolt.v1.transport.integration.Neo4jWithSocket;
import org.neo4j.bolt.v1.transport.integration.TransportTestUtil;
import org.neo4j.bolt.v1.transport.socket.client.SecureSocketConnection;
import org.neo4j.bolt.v1.transport.socket.client.TransportConnection;
import org.neo4j.function.Factory;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.helpers.HostnamePort;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.test.TestEnterpriseGraphDatabaseFactory;
import org.neo4j.test.TestGraphDatabaseFactory;
import org.parboiled.common.StringUtils;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/integration/bolt/EnterpriseAuthenticationTestBase.class */
public abstract class EnterpriseAuthenticationTestBase extends AbstractLdapTestUnit {
    protected static String createdUserPassword = "nativePassword";
    protected TransportConnection client;

    @Rule
    public Neo4jWithSocket server = new Neo4jWithSocket(getClass(), getTestGraphDatabaseFactory(), asSettings(getSettingsFunction()));
    public Factory<TransportConnection> cf = SecureSocketConnection::new;
    public HostnamePort address = new HostnamePort("localhost:7687");

    /* JADX INFO: Access modifiers changed from: protected */
    public void restartNeo4jServerWithOverriddenSettings(Consumer<Map<Setting<?>, String>> consumer) throws IOException {
        this.server.shutdownDatabase();
        this.server.ensureDatabase(asSettings(consumer));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Consumer<Map<String, String>> asSettings(Consumer<Map<Setting<?>, String>> consumer) {
        return map -> {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            consumer.accept(linkedHashMap);
            for (Setting setting : linkedHashMap.keySet()) {
                map.put(setting.name(), linkedHashMap.get(setting));
            }
        };
    }

    protected TestGraphDatabaseFactory getTestGraphDatabaseFactory() {
        return new TestEnterpriseGraphDatabaseFactory();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Consumer<Map<Setting<?>, String>> getSettingsFunction() {
        return map -> {
        };
    }

    @Before
    public void setup() {
        this.client = (TransportConnection) this.cf.newInstance();
    }

    @After
    public void teardown() throws Exception {
        if (this.client != null) {
            this.client.disconnect();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void reconnect() throws Exception {
        if (this.client != null) {
            this.client.disconnect();
        }
        this.client = (TransportConnection) this.cf.newInstance();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testCreateReaderUser() throws Exception {
        testCreateReaderUser("neo");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testAuthWithReaderUser() throws Exception {
        testAuthWithReaderUser("neo", "abc123", null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testAuthWithPublisherUser() throws Exception {
        testAuthWithPublisherUser("tank", "abc123", null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testCreateReaderUser(String str) throws Exception {
        assertAuthAndChangePassword("neo4j", "abc123", "123");
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.security.createUser( '" + str + "', '" + createdUserPassword + "', false ) CALL dbms.security.addRoleToUser( 'reader', '" + str + "' ) RETURN 0"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgRecord(StreamMatchers.eqRecord(new Matcher[]{Matchers.equalTo(0L)}))}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testAuthWithReaderUser(String str, String str2, String str3) throws Exception {
        assertAuth(str, str2, str3);
        assertReadSucceeds();
        assertWriteFails(str, "reader");
    }

    protected void testAuthWithPublisherUser(String str, String str2, String str3) throws Exception {
        assertAuth(str, str2, str3);
        assertWriteSucceeds();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void testAuthWithNoPermissionUser(String str, String str2) throws Exception {
        assertAuth(str, str2);
        assertReadFails(str, "");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAuth(String str, String str2) throws Exception {
        assertConnectionSucceeds(authToken(str, str2, null));
    }

    protected void assertAuthAndChangePassword(String str, String str2, String str3) throws Exception {
        assertAuth(str, str2);
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run(String.format("CALL dbms.security.changeUserPassword('%s', '%s', false)", str, str3)), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAuth(String str, String str2, String str3) throws Exception {
        assertConnectionSucceeds(authToken(str, str2, str3));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAuthFail(String str, String str2) throws Exception {
        assertConnectionFails(MapUtil.map(new Object[]{"principal", str, "credentials", str2, "scheme", "basic"}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertRoles(String... strArr) throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CALL dbms.showCurrentUser"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgRecord(StreamMatchers.eqRecord(new Matcher[]{Matchers.equalTo("tank"), Matchers.containsInAnyOrder(strArr), Matchers.anything()})), MessageMatchers.msgSuccess()}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertConnectionSucceeds(Map<String, Object> map) throws Exception {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(new RequestMessage[]{InitMessage.init("TestClient/1.1", map)}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess()}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertConnectionFails(Map<String, Object> map) throws Exception {
        this.client.connect(this.address).send(TransportTestUtil.acceptedVersions(1L, 0L, 0L, 0L)).send(TransportTestUtil.chunk(new RequestMessage[]{InitMessage.init("TestClient/1.1", map)}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new byte[]{0, 0, 0, 1}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.Unauthorized, "The client is unauthorized due to authentication failure.")}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyDisconnects());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadSucceeds() throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("MATCH (n) RETURN count(n)"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgRecord(StreamMatchers.eqRecord(new Matcher[]{Matchers.greaterThanOrEqualTo(0L)})), MessageMatchers.msgSuccess()}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadFails(String str, String str2) throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("MATCH (n) RETURN n"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.Forbidden, String.format("Read operations are not allowed for user '%s' with %s.", str, StringUtils.isEmpty(str2) ? "no roles" : "roles [" + str2 + "]"))}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertWriteSucceeds() throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CREATE ()"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertWriteFails(String str, String str2) throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("CREATE ()"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgFailure(Status.Security.Forbidden, String.format("Write operations are not allowed for user '%s' with %s.", str, StringUtils.isEmpty(str2) ? "no roles" : "roles [" + str2 + "]"))}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertBeginTransactionSucceeds() throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("BEGIN"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    protected void assertCommitTransaction() throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run("COMMIT"), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    protected void assertQuerySucceeds(String str) throws Exception {
        this.client.send(TransportTestUtil.chunk(new RequestMessage[]{RunMessage.run(str), PullAllMessage.pullAll()}));
        MatcherAssert.assertThat(this.client, TransportTestUtil.eventuallyReceives(new Matcher[]{MessageMatchers.msgSuccess(), MessageMatchers.msgSuccess()}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Object> authToken(String str, String str2, String str3) {
        return (str3 == null || str3.length() <= 0) ? MapUtil.map(new Object[]{"principal", str, "credentials", str2, "scheme", "basic"}) : MapUtil.map(new Object[]{"principal", str, "credentials", str2, "scheme", "basic", "realm", str3});
    }
}
