package org.neo4j.server.security.enterprise.auth;

import java.io.CharArrayReader;
import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.nio.charset.Charset;
import java.util.LinkedList;
import java.util.Queue;
import java.util.concurrent.TimeUnit;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.neo4j.graphdb.mockfs.DelegatingFileSystemAbstraction;
import org.neo4j.graphdb.mockfs.EphemeralFileSystemAbstraction;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.impl.scheduler.CentralJobScheduler;
import org.neo4j.logging.LogProvider;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.scheduler.JobScheduler;
import org.neo4j.server.security.auth.BasicPasswordPolicy;
import org.neo4j.server.security.auth.CommunitySecurityModule;
import org.neo4j.server.security.auth.FileUserRepository;
import org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy;
import org.neo4j.time.Clocks;

/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT.class */
public class InternalFlatFileRealmIT {
    File userStoreFile;
    File roleStoreFile;
    TestJobScheduler jobScheduler = new TestJobScheduler();
    LogProvider logProvider = NullLogProvider.getInstance();
    InternalFlatFileRealm realm;
    EvilFileSystem fs;
    private static int LARGE_NUMBER = 123;

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT$EvilFileSystem.class */
    private class EvilFileSystem extends DelegatingFileSystemAbstraction {
        private Queue<String> userStoreVersions;
        private Queue<String> roleStoreVersions;

        EvilFileSystem(FileSystemAbstraction fileSystemAbstraction) {
            super(fileSystemAbstraction);
            this.userStoreVersions = new LinkedList();
            this.roleStoreVersions = new LinkedList();
        }

        void addUserRoleFilePair(String str, String str2) {
            this.userStoreVersions.add(str);
            this.roleStoreVersions.add(str2);
        }

        public Reader openAsReader(File file, Charset charset) throws IOException {
            if (file.equals(InternalFlatFileRealmIT.this.userStoreFile)) {
                return new CharArrayReader(this.userStoreVersions.remove().toCharArray());
            }
            if (!file.equals(InternalFlatFileRealmIT.this.roleStoreFile)) {
                return super.openAsReader(file, charset);
            }
            if (this.userStoreVersions.size() < this.roleStoreVersions.size() - 1) {
                this.roleStoreVersions.remove();
            }
            return new CharArrayReader(this.roleStoreVersions.remove().toCharArray());
        }

        public long lastModifiedTime(File file) {
            return file.equals(InternalFlatFileRealmIT.this.userStoreFile) ? (InternalFlatFileRealmIT.LARGE_NUMBER + 1) - this.userStoreVersions.size() : file.equals(InternalFlatFileRealmIT.this.roleStoreFile) ? (InternalFlatFileRealmIT.LARGE_NUMBER + 1) - this.roleStoreVersions.size() : super.lastModifiedTime(file);
        }
    }

    /* loaded from: input_file:org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT$TestJobScheduler.class */
    static class TestJobScheduler extends CentralJobScheduler {
        Runnable scheduledRunnable;

        public JobScheduler.JobHandle schedule(JobScheduler.Group group, Runnable runnable, long j, TimeUnit timeUnit) {
            this.scheduledRunnable = runnable;
            return null;
        }
    }

    @Before
    public void setup() throws Throwable {
        this.fs = new EvilFileSystem(new EphemeralFileSystemAbstraction());
        this.userStoreFile = new File("dbms", "auth");
        this.roleStoreFile = new File("dbms", "roles");
        this.realm = new InternalFlatFileRealm(new FileUserRepository(this.fs, this.userStoreFile, this.logProvider), new FileRoleRepository(this.fs, this.roleStoreFile, this.logProvider), new BasicPasswordPolicy(), new RateLimitedAuthenticationStrategy(Clocks.systemClock(), Config.defaults()), true, true, this.jobScheduler, CommunitySecurityModule.getInitialUserRepository(Config.defaults(), this.logProvider, this.fs), EnterpriseSecurityModule.getDefaultAdminRepository(Config.defaults(), this.logProvider, this.fs));
        this.realm.init();
        this.realm.start();
    }

    @After
    public void tearDown() throws Throwable {
        this.realm.shutdown();
        this.fs.close();
    }

    @Test
    public void shouldReloadAuthFiles() throws Exception {
        this.fs.addUserRoleFilePair("Hanna:SHA-256,FE0056C37E,A543:\nCarol:SHA-256,FE0056C37E,A543:\nMia:SHA-256,0E1FFFC23E,34A4:password_change_required\n", "admin:Mia\npublisher:Hanna,Carol\n");
        this.jobScheduler.scheduledRunnable.run();
        MatcherAssert.assertThat(this.realm.getAllUsernames(), Matchers.containsInAnyOrder(new String[]{"Hanna", "Carol", "Mia"}));
        MatcherAssert.assertThat(this.realm.getUsernamesForRole("admin"), Matchers.containsInAnyOrder(new String[]{"Mia"}));
        MatcherAssert.assertThat(this.realm.getUsernamesForRole("publisher"), Matchers.containsInAnyOrder(new String[]{"Hanna", "Carol"}));
    }

    @Test
    public void shouldReloadAuthFilesUntilValid() throws Exception {
        this.fs.addUserRoleFilePair("Hanna:SHA-256,FE0056C37E,A543:\nCarol:SHA-256,FE0056C37E,A543:\nMia:SHA-256,0E1FFFC23E,34", "THIS_WILL_NOT_BE_READ");
        this.fs.addUserRoleFilePair("Hanna:SHA-256,FE0056C37E,A543:\nCarol:SHA-256,FE0056C37E,A543:\nMia:SHA-256,0E1FFFC23E,34A4:password_change_required\n", "admin:neo4j,Mao\npublisher:Hanna\n");
        this.fs.addUserRoleFilePair("Hanna:SHA-256,FE0056C37E,A543:\nCarol:SHA-256,FE0056C37E,A543:\nMia:SHA-256,0E1FFFC23E,34A4:password_change_required\n", "admin:Mia\npublisher:Hanna,Carol\n");
        this.jobScheduler.scheduledRunnable.run();
        MatcherAssert.assertThat(this.realm.getAllUsernames(), Matchers.containsInAnyOrder(new String[]{"Hanna", "Carol", "Mia"}));
        MatcherAssert.assertThat(this.realm.getUsernamesForRole("admin"), Matchers.containsInAnyOrder(new String[]{"Mia"}));
        MatcherAssert.assertThat(this.realm.getUsernamesForRole("publisher"), Matchers.containsInAnyOrder(new String[]{"Hanna", "Carol"}));
    }

    @Test
    public void shouldEventuallyFailReloadAttempts() {
        this.fs.addUserRoleFilePair("Hanna:SHA-256,FE0056C37E,A543:\nCarol:SHA-256,FE0056C37E,A543:\nMia:SHA-256,0E1FFFC23E,34A4:password_change_required\n", "admin:neo4j,Mao\npublisher:Hanna\n");
        for (int i = 0; i < LARGE_NUMBER - 1; i++) {
            this.fs.addUserRoleFilePair("Hanna:SHA-256,FE0056C37E,A543:\nCarol:SHA-256,FE0056C37E,A543:\nMia:SHA-256,0E1FFFC23E,34", "admin:Mia\npublisher:Hanna,Carol\n");
        }
        try {
            this.jobScheduler.scheduledRunnable.run();
            Assert.fail("Expected exception due to invalid auth file combo.");
        } catch (Exception e) {
            MatcherAssert.assertThat(e.getMessage(), Matchers.containsString("Unable to load valid flat file repositories! Attempts failed with:"));
            MatcherAssert.assertThat(e.getMessage(), Matchers.containsString("Failed to read authentication file: " + new File("dbms/auth")));
            MatcherAssert.assertThat(e.getMessage(), Matchers.containsString("Role-auth file combination not valid"));
        }
    }
}
