package org.neo4j.bolt.security.auth;

import java.util.Collections;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Description;
import org.hamcrest.MatcherAssert;
import org.hamcrest.TypeSafeMatcher;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.neo4j.helpers.collection.MapUtil;
import org.neo4j.kernel.api.exceptions.Status;
import org.neo4j.kernel.api.security.AccessMode;
import org.neo4j.kernel.api.security.PasswordPolicy;
import org.neo4j.server.security.auth.BasicAuthManager;
import org.neo4j.server.security.auth.InMemoryUserRepository;
import org.neo4j.time.Clocks;

/* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthenticationTest.class */
public class BasicAuthenticationTest {

    @Rule
    public ExpectedException exception = ExpectedException.none();
    private Authentication authentication;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/bolt/security/auth/BasicAuthenticationTest$HasStatus.class */
    public static class HasStatus extends TypeSafeMatcher<Status.HasStatus> {
        private Status status;

        HasStatus(Status status) {
            this.status = status;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public boolean matchesSafely(Status.HasStatus hasStatus) {
            return hasStatus.status() == this.status;
        }

        public void describeTo(Description description) {
            description.appendText("expects status ").appendValue(this.status);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void describeMismatchSafely(Status.HasStatus hasStatus, Description description) {
            description.appendText("was ").appendValue(hasStatus.status());
        }
    }

    @Test
    public void shouldNotDoAnythingOnSuccess() throws Exception {
        AuthenticationResult authenticate = this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "mike", "credentials", "secret2"}));
        MatcherAssert.assertThat(authenticate.getSecurityContext().mode(), CoreMatchers.equalTo(AccessMode.Static.FULL));
        MatcherAssert.assertThat(authenticate.getSecurityContext().subject().username(), CoreMatchers.equalTo("mike"));
    }

    @Test
    public void shouldThrowAndLogOnFailure() throws Exception {
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.exception.expectMessage("The client is unauthorized due to authentication failure.");
        this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "banana"}));
    }

    @Test
    public void shouldIndicateThatCredentialsExpired() throws Exception {
        Assert.assertTrue(this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret"})).credentialsExpired());
    }

    @Test
    public void shouldFailWhenTooManyAttempts() throws Exception {
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.AuthenticationRateLimit));
        this.exception.expectMessage("The client has provided incorrect authentication details too many times in a row.");
        for (int i = 0; i < 3; i++) {
            try {
                this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "gelato"}));
            } catch (AuthenticationException e) {
                MatcherAssert.assertThat(e.status(), CoreMatchers.equalTo(Status.Security.Unauthorized));
            }
        }
        this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "gelato"}));
    }

    @Test
    public void shouldBeAbleToUpdateCredentials() throws Exception {
        this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "mike", "credentials", "secret2", "new_credentials", "secret"}));
        this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "mike", "credentials", "secret"}));
    }

    @Test
    public void shouldBeAbleToUpdateExpiredCredentials() throws Exception {
        MatcherAssert.assertThat(Boolean.valueOf(this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "secret", "new_credentials", "secret2"})).credentialsExpired()), CoreMatchers.equalTo(false));
    }

    @Test
    public void shouldNotBeAbleToUpdateCredentialsIfOldCredentialsAreInvalid() throws Exception {
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.exception.expectMessage("The client is unauthorized due to authentication failure.");
        this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", "bob", "credentials", "gelato", "new_credentials", "secret2"}));
    }

    @Test
    public void shouldThrowWithNoScheme() throws Exception {
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.authentication.authenticate(MapUtil.map(new Object[]{"principal", "bob", "credentials", "secret"}));
    }

    @Test
    public void shouldFailOnInvalidAuthToken() throws Exception {
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.authentication.authenticate(MapUtil.map(new Object[]{"this", "does", "not", "matter", "for", "test"}));
    }

    @Test
    public void shouldFailOnMalformedToken() throws Exception {
        this.exception.expect(AuthenticationException.class);
        this.exception.expect(hasStatus(Status.Security.Unauthorized));
        this.exception.expectMessage("Unsupported authentication token, the value associated with the key `principal` must be a String but was: SingletonList");
        this.authentication.authenticate(MapUtil.map(new Object[]{"scheme", "basic", "principal", Collections.singletonList("bob"), "credentials", "secret"}));
    }

    @Before
    public void setup() throws Throwable {
        InMemoryUserRepository inMemoryUserRepository = new InMemoryUserRepository();
        BasicAuthManager basicAuthManager = new BasicAuthManager(inMemoryUserRepository, (PasswordPolicy) Mockito.mock(PasswordPolicy.class), Clocks.systemClock(), inMemoryUserRepository);
        this.authentication = new BasicAuthentication(basicAuthManager, basicAuthManager);
        basicAuthManager.newUser("bob", "secret", true);
        basicAuthManager.newUser("mike", "secret2", false);
    }

    private HasStatus hasStatus(Status status) {
        return new HasStatus(status);
    }
}
