package org.neo4j.server.security.auth;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import junit.framework.TestCase;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.core.IsEqual;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.neo4j.graphdb.GraphDatabaseService;
import org.neo4j.graphdb.ResourceIterator;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.graphdb.mockfs.EphemeralFileSystemAbstraction;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.KernelTransaction;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.kernel.impl.coreapi.InternalTransaction;
import org.neo4j.kernel.internal.GraphDatabaseAPI;
import org.neo4j.test.TestGraphDatabaseFactory;

/* loaded from: input_file:org/neo4j/server/security/auth/AuthProceduresIT.class */
public class AuthProceduresIT {
    private static final String PWD_CHANGE;
    protected GraphDatabaseAPI db;
    private EphemeralFileSystemAbstraction fs;
    private BasicAuthManager authManager;
    private BasicAuthSubject admin;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Test
    public void shouldChangePassword() throws Throwable {
        assertEmpty(this.admin, "CALL dbms.changePassword('abc')");
        if (!$assertionsDisabled && !this.authManager.getUser("neo4j").credentials().matchesPassword("abc")) {
            throw new AssertionError();
        }
    }

    @Test
    public void shouldNotChangeOwnPasswordIfNewPasswordInvalid() throws Exception {
        assertFail(this.admin, "CALL dbms.changePassword( '' )", "A password cannot be empty.");
        assertFail(this.admin, "CALL dbms.changePassword( 'neo4j' )", "Old password and new password cannot be the same.");
    }

    @Test
    public void shouldCreateUser() throws Exception {
        assertEmpty(this.admin, "CALL dbms.security.createUser('andres', '123', true)");
        try {
            MatcherAssert.assertThat(Boolean.valueOf(this.authManager.getUser("andres").passwordChangeRequired()), IsEqual.equalTo(true));
        } catch (Throwable th) {
            TestCase.fail("Expected no exception!");
        }
    }

    @Test
    public void shouldCreateUserWithNoPasswordChange() throws Exception {
        assertEmpty(this.admin, "CALL dbms.security.createUser('andres', '123', false)");
        try {
            MatcherAssert.assertThat(Boolean.valueOf(this.authManager.getUser("andres").passwordChangeRequired()), IsEqual.equalTo(false));
        } catch (Throwable th) {
            TestCase.fail("Expected no exception!");
        }
    }

    @Test
    public void shouldCreateUserWithDefault() throws Exception {
        assertEmpty(this.admin, "CALL dbms.security.createUser('andres', '123')");
        try {
            MatcherAssert.assertThat(Boolean.valueOf(this.authManager.getUser("andres").passwordChangeRequired()), IsEqual.equalTo(true));
        } catch (Throwable th) {
            TestCase.fail("Expected no exception!");
        }
    }

    @Test
    public void shouldNotCreateUserIfInvalidUsername() throws Exception {
        assertFail(this.admin, "CALL dbms.security.createUser('', '1234', true)", "The provided username is empty.");
        assertFail(this.admin, "CALL dbms.security.createUser('&%ss!', '1234', true)", "Username '&%ss!' contains illegal characters.");
        assertFail(this.admin, "CALL dbms.security.createUser('&%ss!', '', true)", "Username '&%ss!' contains illegal characters.");
    }

    @Test
    public void shouldNotCreateUserIfInvalidPassword() throws Exception {
        assertFail(this.admin, "CALL dbms.security.createUser('andres', '', true)", "A password cannot be empty.");
    }

    @Test
    public void shouldNotCreateExistingUser() throws Exception {
        assertFail(this.admin, "CALL dbms.security.createUser('neo4j', '1234', true)", "The specified user 'neo4j' already exists");
        assertFail(this.admin, "CALL dbms.security.createUser('neo4j', '', true)", "A password cannot be empty.");
    }

    @Test
    public void shouldDeleteUser() throws Exception {
        this.authManager.newUser("andres", "123", false);
        assertEmpty(this.admin, "CALL dbms.security.deleteUser('andres')");
        try {
            this.authManager.getUser("andres");
            TestCase.fail("Andres should no longer exist, expected exception.");
        } catch (InvalidArgumentsException e) {
            MatcherAssert.assertThat(e.getMessage(), Matchers.containsString("User 'andres' does not exist."));
        } catch (Throwable th) {
            MatcherAssert.assertThat(th.getClass(), IsEqual.equalTo(InvalidArgumentsException.class));
        }
    }

    @Test
    public void shouldNotDeleteNonExistentUser() throws Exception {
        assertFail(this.admin, "CALL dbms.security.deleteUser('nonExistentUser')", "User 'nonExistentUser' does not exist");
    }

    @Test
    public void shouldListUsers() throws Exception {
        this.authManager.newUser("andres", "123", false);
        assertSuccess(this.admin, "CALL dbms.security.listUsers() YIELD username", resourceIterator -> {
            assertKeyIs(resourceIterator, "username", "neo4j", "andres");
        });
    }

    @Test
    public void shouldReturnUsersWithFlags() throws Exception {
        this.authManager.newUser("andres", "123", false);
        Map map = MapUtil.map(new Object[]{"neo4j", listOf(PWD_CHANGE), "andres", listOf(new String[0])});
        assertSuccess(this.admin, "CALL dbms.security.listUsers()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "flags", map);
        });
    }

    @Test
    public void shouldShowCurrentUser() throws Exception {
        assertSuccess(this.admin, "CALL dbms.security.showCurrentUser()", resourceIterator -> {
            assertKeyIsMap(resourceIterator, "username", "flags", MapUtil.map(new Object[]{"neo4j", listOf(PWD_CHANGE)}));
        });
        this.authManager.newUser("andres", "123", false);
        assertSuccess(login("andres", "123"), "CALL dbms.security.showCurrentUser()", resourceIterator2 -> {
            assertKeyIsMap(resourceIterator2, "username", "flags", MapUtil.map(new Object[]{"andres", listOf(new String[0])}));
        });
    }

    @Before
    public void setup() throws InvalidAuthTokenException, IOException {
        this.fs = new EphemeralFileSystemAbstraction();
        this.db = createGraphDatabase(this.fs);
        this.authManager = (BasicAuthManager) this.db.getDependencyResolver().resolveDependency(BasicAuthManager.class);
        this.admin = login("neo4j", "neo4j");
    }

    @After
    public void cleanup() throws Exception {
        this.db.shutdown();
        this.fs.shutdown();
    }

    private GraphDatabaseService createGraphDatabase(EphemeralFileSystemAbstraction ephemeralFileSystemAbstraction) throws IOException {
        removePreviousAuthFile();
        HashMap hashMap = new HashMap();
        hashMap.put(GraphDatabaseSettings.auth_enabled, "true");
        hashMap.put(GraphDatabaseSettings.auth_manager, "basic-auth-manager");
        return new TestGraphDatabaseFactory().setFileSystem(ephemeralFileSystemAbstraction).newImpermanentDatabaseBuilder().setConfig(GraphDatabaseSettings.auth_enabled, "true").setConfig(GraphDatabaseSettings.auth_manager, "basic-auth-manager").newGraphDatabase();
    }

    private void removePreviousAuthFile() throws IOException {
        Path path = Paths.get("target/test-data/impermanent-db/data/dbms/auth", new String[0]);
        if (Files.exists(path, new LinkOption[0])) {
            Files.delete(path);
        }
    }

    private BasicAuthSubject login(String str, String str2) throws InvalidAuthTokenException {
        return this.authManager.login(SecurityTestUtils.authToken(str, str2));
    }

    private void assertEmpty(BasicAuthSubject basicAuthSubject, String str) {
        MatcherAssert.assertThat(execute(basicAuthSubject, str, resourceIterator -> {
            if (!$assertionsDisabled && resourceIterator.hasNext()) {
                throw new AssertionError();
            }
        }), IsEqual.equalTo(""));
    }

    private void assertFail(BasicAuthSubject basicAuthSubject, String str, String str2) {
        MatcherAssert.assertThat(execute(basicAuthSubject, str, resourceIterator -> {
            if (!$assertionsDisabled && resourceIterator.hasNext()) {
                throw new AssertionError();
            }
        }), Matchers.containsString(str2));
    }

    private void assertSuccess(BasicAuthSubject basicAuthSubject, String str, Consumer<ResourceIterator<Map<String, Object>>> consumer) {
        MatcherAssert.assertThat(execute(basicAuthSubject, str, consumer), IsEqual.equalTo(""));
    }

    private String execute(BasicAuthSubject basicAuthSubject, String str, Consumer<ResourceIterator<Map<String, Object>>> consumer) {
        try {
            InternalTransaction beginTransaction = this.db.beginTransaction(KernelTransaction.Type.implicit, basicAuthSubject);
            Throwable th = null;
            try {
                consumer.accept(this.db.execute(str));
                beginTransaction.success();
                if (beginTransaction != null) {
                    if (0 != 0) {
                        try {
                            beginTransaction.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        beginTransaction.close();
                    }
                }
                return "";
            } finally {
            }
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    private List<Object> getObjectsAsList(ResourceIterator<Map<String, Object>> resourceIterator, String str) {
        return (List) resourceIterator.stream().map(map -> {
            return map.get(str);
        }).collect(Collectors.toList());
    }

    private void assertKeyIs(ResourceIterator<Map<String, Object>> resourceIterator, String str, String... strArr) {
        assertKeyIsArray(resourceIterator, str, strArr);
    }

    private void assertKeyIsArray(ResourceIterator<Map<String, Object>> resourceIterator, String str, String[] strArr) {
        List<Object> objectsAsList = getObjectsAsList(resourceIterator, str);
        Assert.assertEquals(Arrays.asList(strArr).size(), objectsAsList.size());
        Assert.assertThat(objectsAsList, Matchers.containsInAnyOrder(strArr));
    }

    protected String[] with(String[] strArr, String... strArr2) {
        return (String[]) Stream.concat(Arrays.stream(strArr), Arrays.stream(strArr2)).toArray(i -> {
            return new String[i];
        });
    }

    private List<String> listOf(String... strArr) {
        return (List) Stream.of((Object[]) strArr).collect(Collectors.toList());
    }

    public static void assertKeyIsMap(ResourceIterator<Map<String, Object>> resourceIterator, String str, String str2, Map<String, Object> map) {
        List<Map> list = (List) resourceIterator.stream().collect(Collectors.toList());
        Assert.assertEquals("Results for should have size " + map.size() + " but was " + list.size(), map.size(), list.size());
        for (Map map2 : list) {
            String str3 = (String) map2.get(str);
            Assert.assertTrue("Unexpected key '" + str3 + "'", map.containsKey(str3));
            Assert.assertTrue("Value key '" + str2 + "' not found in results", map2.containsKey(str2));
            Object obj = map2.get(str2);
            if (obj instanceof List) {
                List list2 = (List) obj;
                List list3 = (List) map.get(str3);
                Assert.assertEquals("Results for '" + str3 + "' should have size " + list3.size() + " but was " + list2.size(), list2.size(), list3.size());
                MatcherAssert.assertThat(list2, Matchers.containsInAnyOrder(list3.toArray()));
            } else {
                String obj2 = obj.toString();
                String obj3 = map.get(str3).toString();
                Assert.assertTrue(String.format("Wrong value for '%s', expected '%s', got '%s'", str3, obj3, obj2), obj2.equals(obj3));
            }
        }
    }

    static {
        $assertionsDisabled = !AuthProceduresIT.class.desiredAssertionStatus();
        PWD_CHANGE = AuthenticationResult.PASSWORD_CHANGE_REQUIRED.name().toLowerCase();
    }
}
