package org.neo4j.server.security.auth;

import java.io.File;
import java.io.IOException;
import java.nio.file.CopyOption;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.Future;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.neo4j.graphdb.mockfs.DelegatingFileSystemAbstraction;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.impl.security.Credential;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.AssertableLogProvider;
import org.neo4j.logging.LogProvider;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.security.auth.exception.ConcurrentModificationException;
import org.neo4j.string.UTF8;
import org.neo4j.test.DoubleLatch;
import org.neo4j.test.assertion.Assert;
import org.neo4j.test.rule.TestDirectory;
import org.neo4j.test.rule.concurrent.ThreadingRule;
import org.neo4j.test.rule.fs.DefaultFileSystemRule;

/* loaded from: input_file:org/neo4j/server/security/auth/FileUserRepositoryTest.class */
public class FileUserRepositoryTest {
    private File authFile;
    private FileSystemAbstraction fs;
    private final LogProvider logProvider = NullLogProvider.getInstance();

    @Rule
    public final TestDirectory testDirectory = TestDirectory.testDirectory();

    @Rule
    public final ExpectedException thrown = ExpectedException.none();

    @Rule
    public final ThreadingRule threading = new ThreadingRule();

    @Rule
    public final DefaultFileSystemRule fileSystemRule = new DefaultFileSystemRule();

    /* loaded from: input_file:org/neo4j/server/security/auth/FileUserRepositoryTest$HangingListSnapshot.class */
    class HangingListSnapshot extends ListSnapshot<User> {
        private final DoubleLatch latch;

        HangingListSnapshot(DoubleLatch doubleLatch, long j, List<User> list) {
            super(j, list, true);
            this.latch = doubleLatch;
        }

        public long timestamp() {
            this.latch.start();
            this.latch.finishAndWaitForAllToFinish();
            return super.timestamp();
        }
    }

    @Before
    public void setUp() {
        this.fs = this.fileSystemRule.get();
        this.authFile = new File(this.testDirectory.directory("dbms"), "auth");
    }

    @Test
    public void shouldStoreAndRetrieveUsersByName() throws Exception {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        User build = new User.Builder("jake", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        MatcherAssert.assertThat(fileUserRepository.getUserByName(build.name()), CoreMatchers.equalTo(build));
    }

    @Test
    public void shouldPersistUsers() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        User build = new User.Builder("jake", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        FileUserRepository fileUserRepository2 = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        fileUserRepository2.start();
        MatcherAssert.assertThat(fileUserRepository2.getUserByName(build.name()), CoreMatchers.equalTo(build));
    }

    @Test
    public void shouldNotFindUserAfterDelete() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        User build = new User.Builder("jake", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        fileUserRepository.delete(build);
        MatcherAssert.assertThat(fileUserRepository.getUserByName(build.name()), CoreMatchers.nullValue());
    }

    @Test
    public void shouldNotAllowComplexNames() throws Exception {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        fileUserRepository.assertValidUsername("neo4j");
        fileUserRepository.assertValidUsername("johnosbourne");
        fileUserRepository.assertValidUsername("john_osbourne");
        Assert.assertException(() -> {
            fileUserRepository.assertValidUsername((String) null);
        }, InvalidArgumentsException.class, "The provided username is empty.");
        Assert.assertException(() -> {
            fileUserRepository.assertValidUsername("");
        }, InvalidArgumentsException.class, "The provided username is empty.");
        Assert.assertException(() -> {
            fileUserRepository.assertValidUsername(",");
        }, InvalidArgumentsException.class, "Username ',' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
        Assert.assertException(() -> {
            fileUserRepository.assertValidUsername("with space");
        }, InvalidArgumentsException.class, "Username 'with space' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
        Assert.assertException(() -> {
            fileUserRepository.assertValidUsername("with:colon");
        }, InvalidArgumentsException.class, "Username 'with:colon' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
        Assert.assertException(() -> {
            fileUserRepository.assertValidUsername("withå");
        }, InvalidArgumentsException.class, "Username 'withå' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
    }

    @Test
    public void shouldRecoverIfCrashedDuringMove() throws Throwable {
        final IOException iOException = new IOException("simulated IO Exception on create");
        DelegatingFileSystemAbstraction delegatingFileSystemAbstraction = new DelegatingFileSystemAbstraction(this.fs) { // from class: org.neo4j.server.security.auth.FileUserRepositoryTest.1
            public void renameFile(File file, File file2, CopyOption... copyOptionArr) throws IOException {
                if (FileUserRepositoryTest.this.authFile.getName().equals(file2.getName())) {
                    throw iOException;
                }
                super.renameFile(file, file2, copyOptionArr);
            }
        };
        FileUserRepository fileUserRepository = new FileUserRepository(delegatingFileSystemAbstraction, this.authFile, this.logProvider);
        fileUserRepository.start();
        try {
            fileUserRepository.create(new User.Builder("jake", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build());
            org.junit.Assert.fail("Expected an IOException");
        } catch (IOException e) {
            org.junit.Assert.assertSame(iOException, e);
        }
        org.junit.Assert.assertFalse(delegatingFileSystemAbstraction.fileExists(this.authFile));
        MatcherAssert.assertThat(Integer.valueOf(delegatingFileSystemAbstraction.listFiles(this.authFile.getParentFile()).length), CoreMatchers.equalTo(0));
    }

    @Test
    public void shouldThrowIfUpdateChangesName() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        User build = new User.Builder("jake", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        try {
            fileUserRepository.update(build, new User.Builder("john", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build());
            org.junit.Assert.fail("expected exception not thrown");
        } catch (IllegalArgumentException e) {
        }
        MatcherAssert.assertThat(fileUserRepository.getUserByName(build.name()), CoreMatchers.equalTo(build));
    }

    @Test
    public void shouldThrowIfExistingUserDoesNotMatch() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        User build = new User.Builder("jake", Credential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        try {
            fileUserRepository.update(build.augment().withCredentials(Credential.forPassword("foo")).build(), build.augment().withCredentials(Credential.forPassword("bar")).build());
            org.junit.Assert.fail("expected exception not thrown");
        } catch (ConcurrentModificationException e) {
        }
    }

    @Test
    public void shouldFailOnReadingInvalidEntries() throws Throwable {
        AssertableLogProvider assertableLogProvider = new AssertableLogProvider();
        this.fs.mkdir(this.authFile.getParentFile());
        FileRepositorySerializer.writeToFile(this.fs, this.authFile, UTF8.encode("admin:SHA-256,A42E541F276CF17036DB7818F8B09B1C229AAD52A17F69F4029617F3A554640F,FB7E8AE08A6A7C741F678AD22217808F:\nneo4j:fc4c600b43ffe4d5857b4439c35df88f:SHA-256,A42E541F276CF17036DB7818F8B09B1C229AAD52A17F69F4029617F3A554640F,FB7E8AE08A6A7C741F678AD22217808F:\n"));
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, assertableLogProvider);
        this.thrown.expect(IllegalStateException.class);
        this.thrown.expectMessage(CoreMatchers.startsWith("Failed to read authentication file: "));
        try {
            fileUserRepository.start();
        } catch (IllegalStateException e) {
            MatcherAssert.assertThat(Integer.valueOf(fileUserRepository.numberOfUsers()), CoreMatchers.equalTo(0));
            assertableLogProvider.assertExactly(new AssertableLogProvider.LogMatcher[]{AssertableLogProvider.inLog(FileUserRepository.class).error("Failed to read authentication file \"%s\" (%s)", new Object[]{this.authFile.getAbsolutePath(), "wrong number of line fields, expected 3, got 4 [line 2]"})});
            throw e;
        }
    }

    @Test
    public void shouldProvideUserByUsernameEvenIfMidSetUsers() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider);
        fileUserRepository.create(new User.Builder("oskar", Credential.forPassword("hidden")).build());
        DoubleLatch doubleLatch = new DoubleLatch(2);
        Future execute = this.threading.execute(obj -> {
            fileUserRepository.setUsers(new HangingListSnapshot(doubleLatch, 10L, Collections.emptyList()));
            return null;
        }, (Object) null);
        doubleLatch.startAndWaitForAllToStart();
        org.junit.Assert.assertNotNull(fileUserRepository.getUserByName("oskar"));
        doubleLatch.finish();
        execute.get();
    }
}
