package org.neo4j.server.security.auth;

import java.util.concurrent.TimeUnit;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.impl.security.Credential;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.time.Clocks;
import org.neo4j.time.FakeClock;

/* loaded from: input_file:org/neo4j/server/security/auth/RateLimitedAuthenticationStrategyTest.class */
public class RateLimitedAuthenticationStrategyTest {
    @Test
    public void shouldReturnSuccessForValidAttempt() throws Exception {
        Assert.assertThat(new RateLimitedAuthenticationStrategy(getFakeClock(), 3).authenticate(new User.Builder("user", Credential.forPassword("right")).build(), "right"), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldReturnFailureForInvalidAttempt() throws Exception {
        Assert.assertThat(new RateLimitedAuthenticationStrategy(getFakeClock(), 3).authenticate(new User.Builder("user", Credential.forPassword("right")).build(), "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldNotSlowRequestRateOnLessThanMaxFailedAttempts() throws Exception {
        RateLimitedAuthenticationStrategy rateLimitedAuthenticationStrategy = new RateLimitedAuthenticationStrategy(getFakeClock(), 3);
        User build = new User.Builder("user", Credential.forPassword("right")).build();
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "right"), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldSlowRequestRateOnMultipleFailedAttempts() throws Exception {
        FakeClock fakeClock = getFakeClock();
        RateLimitedAuthenticationStrategy rateLimitedAuthenticationStrategy = new RateLimitedAuthenticationStrategy(fakeClock, 3);
        User build = new User.Builder("user", Credential.forPassword("right")).build();
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
        fakeClock.forward(5L, TimeUnit.SECONDS);
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid() throws Exception {
        FakeClock fakeClock = getFakeClock();
        RateLimitedAuthenticationStrategy rateLimitedAuthenticationStrategy = new RateLimitedAuthenticationStrategy(fakeClock, 3);
        User build = new User.Builder("user", Credential.forPassword("right")).build();
        rateLimitedAuthenticationStrategy.authenticate(build, "wrong");
        rateLimitedAuthenticationStrategy.authenticate(build, "wrong");
        rateLimitedAuthenticationStrategy.authenticate(build, "wrong");
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "right"), Matchers.equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
        fakeClock.forward(5L, TimeUnit.SECONDS);
        Assert.assertThat(rateLimitedAuthenticationStrategy.authenticate(build, "right"), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    private FakeClock getFakeClock() {
        return Clocks.fakeClock();
    }
}
