package org.neo4j.bolt.security.auth;

import java.util.Collections;
import org.hamcrest.Description;
import org.hamcrest.TypeSafeMatcher;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.server.security.auth.BasicAuthManager;
import org.neo4j.server.security.auth.BasicSecurityContext;
import org.neo4j.server.security.auth.PasswordPolicy;
import org.neo4j.server.security.auth.UserRepository;
import org.neo4j.time.FakeClock;

/* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthenticationTest.class */
public class BasicAuthenticationTest {

    @Rule
    public ExpectedException exception = ExpectedException.none();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthenticationTest$HasStatus.class */
    public static class HasStatus extends TypeSafeMatcher<Status.HasStatus> {
        private Status status;

        public HasStatus(Status status) {
            this.status = status;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public boolean matchesSafely(Status.HasStatus hasStatus) {
            return hasStatus.status() == this.status;
        }

        public void describeTo(Description description) {
            description.appendText("expects status ").appendValue(this.status);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void describeMismatchSafely(Status.HasStatus hasStatus, Description description) {
            description.appendText("was ").appendValue(hasStatus.status());
        }
    }

    @Test
    public void shouldNotDoAnythingOnSuccess() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret"}));
    }

    @Test
    public void shouldThrowAndLogOnFailure() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.FAILURE);
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.exception.expectMessage("The client is unauthorized due to authentication failure.");
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret"}));
    }

    @Test
    public void shouldIndicateThatCredentialsExpired() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
        Assert.assertTrue(basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret"})).credentialsExpired());
    }

    @Test
    public void shouldFailWhenTooManyAttempts() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.AuthenticationRateLimit));
        this.exception.expectMessage("The client has provided incorrect authentication details too many times in a row.");
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret"}));
    }

    @Test
    public void shouldBeAbleToUpdateCredentials() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret", "new_credentials", "secret2"}));
    }

    @Test
    public void shouldBeAbleToUpdateExpiredCredentials() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret", "new_credentials", "secret2"}));
    }

    @Test
    public void shouldNotBeAbleToUpdateCredentialsIfOldCredentialsAreInvalid() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicSecurityContext basicSecurityContext = (BasicSecurityContext) Mockito.mock(BasicSecurityContext.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        AuthSubject authSubject = (AuthSubject) Mockito.mock(AuthSubject.class);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenReturn(basicSecurityContext);
        Mockito.when(basicSecurityContext.subject()).thenReturn(authSubject);
        Mockito.when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.FAILURE);
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.exception.expectMessage("The client is unauthorized due to authentication failure.");
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret", "new_credentials", "secret2"}));
    }

    @Test
    public void shouldThrowWithNoScheme() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenThrow(new Throwable[]{new InvalidAuthTokenException("foo")});
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"principal", "bob", "credentials", "secret"}));
    }

    @Test
    public void shouldFailOnInvalidAuthToken() throws Exception {
        BasicAuthManager basicAuthManager = (BasicAuthManager) Mockito.mock(BasicAuthManager.class);
        BasicAuthentication basicAuthentication = new BasicAuthentication(basicAuthManager);
        Mockito.when(basicAuthManager.login(Matchers.anyMap())).thenThrow(new Throwable[]{new InvalidAuthTokenException("foo")});
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"this", "does", "not", "matter", "for", "test"}));
    }

    @Test
    public void shouldFailOnMalformedToken() throws Exception {
        BasicAuthentication basicAuthentication = new BasicAuthentication(new BasicAuthManager((UserRepository) Mockito.mock(UserRepository.class), (PasswordPolicy) Mockito.mock(PasswordPolicy.class), FakeClock.systemUTC(), (UserRepository) Mockito.mock(UserRepository.class)));
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.exception.expectMessage("Unsupported authentication token, the value associated with the key `principal` must be a String but was: SingletonList");
        basicAuthentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", Collections.singletonList("bob"), "credentials", "secret"}));
    }

    private HasStatus hasStatus(Status status) {
        return new HasStatus(status);
    }
}
