package org.neo4j.server.security.auth;

import java.time.Clock;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.concurrent.ThreadLocalRandom;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.neo4j.graphdb.factory.GraphDatabaseSettings;
import org.neo4j.internal.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.kernel.impl.security.LegacyCredential;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.time.Clocks;
import org.neo4j.time.FakeClock;

/* loaded from: input_file:org/neo4j/server/security/auth/RateLimitedAuthenticationStrategyTest.class */
public class RateLimitedAuthenticationStrategyTest {
    @Test
    public void shouldReturnSuccessForValidAttempt() {
        Assert.assertThat(newAuthStrategy(getFakeClock(), 3).authenticate(new User.Builder("user", LegacyCredential.forPassword("right")).build(), "right"), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldReturnFailureForInvalidAttempt() {
        Assert.assertThat(newAuthStrategy(getFakeClock(), 3).authenticate(new User.Builder("user", LegacyCredential.forPassword("right")).build(), "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    @Test
    public void shouldNotSlowRequestRateOnLessThanMaxFailedAttempts() {
        RateLimitedAuthenticationStrategy newAuthStrategy = newAuthStrategy(getFakeClock(), 3);
        User build = new User.Builder("user", LegacyCredential.forPassword("right")).build();
        Assert.assertThat(newAuthStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(newAuthStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        Assert.assertThat(newAuthStrategy.authenticate(build, "right"), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldSlowRequestRateOnMultipleFailedAttempts() {
        testSlowRequestRateOnMultipleFailedAttempts(3, Duration.ofSeconds(5L));
        testSlowRequestRateOnMultipleFailedAttempts(1, Duration.ofSeconds(10L));
        testSlowRequestRateOnMultipleFailedAttempts(6, Duration.ofMinutes(1L));
        testSlowRequestRateOnMultipleFailedAttempts(42, Duration.ofMinutes(2L));
    }

    @Test
    public void shouldSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid() {
        testSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(3, Duration.ofSeconds(5L));
        testSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(1, Duration.ofSeconds(11L));
        testSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(22, Duration.ofMinutes(2L));
        testSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(42, Duration.ofDays(4L));
    }

    private void testSlowRequestRateOnMultipleFailedAttempts(int i, Duration duration) {
        FakeClock fakeClock = getFakeClock();
        RateLimitedAuthenticationStrategy newAuthStrategy = newAuthStrategy(fakeClock, i, duration);
        User build = new User.Builder("user", LegacyCredential.forPassword("right")).build();
        for (int i2 = 0; i2 < i; i2++) {
            Assert.assertThat(newAuthStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        }
        Assert.assertThat(newAuthStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
        fakeClock.forward(duration.plus(1L, ChronoUnit.SECONDS));
        Assert.assertThat(newAuthStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
    }

    private void testSlowRequestRateOnMultipleFailedAttemptsWhereAttemptIsValid(int i, Duration duration) {
        FakeClock fakeClock = getFakeClock();
        RateLimitedAuthenticationStrategy newAuthStrategy = newAuthStrategy(fakeClock, i, duration);
        User build = new User.Builder("user", LegacyCredential.forPassword("right")).build();
        for (int i2 = 0; i2 < i; i2++) {
            Assert.assertThat(newAuthStrategy.authenticate(build, "wrong"), Matchers.equalTo(AuthenticationResult.FAILURE));
        }
        Assert.assertThat(newAuthStrategy.authenticate(build, "right"), Matchers.equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
        fakeClock.forward(duration.plus(1L, ChronoUnit.SECONDS));
        Assert.assertThat(newAuthStrategy.authenticate(build, "right"), Matchers.equalTo(AuthenticationResult.SUCCESS));
    }

    @Test
    public void shouldAllowUnlimitedFailedAttemptsWhenMaxFailedAttemptsIsZero() {
        testUnlimitedFailedAuthAttempts(0);
    }

    @Test
    public void shouldAllowUnlimitedFailedAttemptsWhenMaxFailedAttemptsIsNegative() {
        testUnlimitedFailedAuthAttempts(-42);
    }

    private void testUnlimitedFailedAuthAttempts(int i) {
        RateLimitedAuthenticationStrategy newAuthStrategy = newAuthStrategy(getFakeClock(), i);
        User build = new User.Builder("user", LegacyCredential.forPassword("right")).build();
        int nextInt = ThreadLocalRandom.current().nextInt(5, 100);
        for (int i2 = 0; i2 < nextInt; i2++) {
            Assert.assertEquals(AuthenticationResult.FAILURE, newAuthStrategy.authenticate(build, "wrong"));
        }
    }

    private FakeClock getFakeClock() {
        return Clocks.fakeClock();
    }

    private static RateLimitedAuthenticationStrategy newAuthStrategy(Clock clock, int i) {
        return newAuthStrategy(clock, i, (Duration) Config.defaults().get(GraphDatabaseSettings.auth_lock_time));
    }

    private static RateLimitedAuthenticationStrategy newAuthStrategy(Clock clock, int i, Duration duration) {
        return new RateLimitedAuthenticationStrategy(clock, duration, i);
    }
}
