package org.neo4j.commandline.admin.security;

import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.nio.file.Path;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.neo4j.cli.ExecutionContext;
import org.neo4j.commandline.admin.security.exception.InvalidPasswordException;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.memory.EmptyMemoryTracker;
import org.neo4j.server.security.auth.CommunitySecurityModule;
import org.neo4j.server.security.auth.FileUserRepository;
import org.neo4j.string.UTF8;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.EphemeralTestDirectoryExtension;
import org.neo4j.test.utils.TestDirectory;
import picocli.CommandLine;

@EphemeralTestDirectoryExtension
/* loaded from: input_file:org/neo4j/commandline/admin/security/SetInitialPasswordCommandTest.class */
class SetInitialPasswordCommandTest {

    @Inject
    private FileSystemAbstraction fileSystem;

    @Inject
    private TestDirectory testDir;
    private SetInitialPasswordCommand command;
    private Path authInitFile;

    SetInitialPasswordCommandTest() {
    }

    @BeforeEach
    void setup() {
        this.command = new SetInitialPasswordCommand(new ExecutionContext(this.testDir.directory("home"), this.testDir.directory("conf"), (PrintStream) Mockito.mock(PrintStream.class), (PrintStream) Mockito.mock(PrintStream.class), this.fileSystem));
        this.authInitFile = CommunitySecurityModule.getInitialUserRepositoryFile(this.command.loadNeo4jConfig());
    }

    @Test
    void printUsageHelp() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        try {
            CommandLine.usage(this.command, new PrintStream(printStream), CommandLine.Help.Ansi.OFF);
            printStream.close();
            Assertions.assertThat(byteArrayOutputStream.toString().trim()).isEqualToIgnoringNewLines("USAGE\n\nset-initial-password [-h] [--expand-commands] [--verbose]\n                     [--require-password-change[=true|false]]\n                     [--additional-config=<file>] <password>\n\nDESCRIPTION\n\nSets the initial password of the initial admin user ('neo4j'). And removes the\nrequirement to change password on first login. IMPORTANT: this change will only\ntake effect if performed before the database is started for the first time.\n\nPARAMETERS\n\n      <password>\n\nOPTIONS\n\n      --additional-config=<file>\n                          Configuration file with additional configuration.\n      --expand-commands   Allow command expansion in config value evaluation.\n  -h, --help              Show this help message and exit.\n      --require-password-change[=true|false]\n                          Require the user to change their password on first\n                            login.\n                            Default: false\n      --verbose           Enable verbose output.");
        } catch (Throwable th) {
            try {
                printStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void shouldSetInitialPassword() throws Throwable {
        org.junit.jupiter.api.Assertions.assertFalse(this.fileSystem.fileExists(this.authInitFile));
        CommandLine.populateCommand(this.command, new String[]{"12345678"});
        this.command.execute();
        assertAuthIniFile("12345678");
    }

    @Test
    void shouldFailToSetShortInitialPassword() {
        org.junit.jupiter.api.Assertions.assertFalse(this.fileSystem.fileExists(this.authInitFile));
        CommandLine.populateCommand(this.command, new String[]{"123"});
        Assertions.assertThat(((Exception) org.junit.jupiter.api.Assertions.assertThrows(InvalidPasswordException.class, () -> {
            this.command.execute();
        })).getStackTrace().length).isEqualTo(0);
    }

    @Test
    void shouldFailToSetShortInitialPasswordOneCharUseTwoBytes() {
        org.junit.jupiter.api.Assertions.assertFalse(this.fileSystem.fileExists(this.authInitFile));
        CommandLine.populateCommand(this.command, new String[]{"neo4j*£"});
        Assertions.assertThat(((Exception) org.junit.jupiter.api.Assertions.assertThrows(InvalidPasswordException.class, () -> {
            this.command.execute();
        })).getStackTrace().length).isEqualTo(0);
    }

    @Test
    void shouldFailToSetShortInitialPasswordCharactersUsingFourBytesEach() {
        org.junit.jupiter.api.Assertions.assertFalse(this.fileSystem.fileExists(this.authInitFile));
        CommandLine.populateCommand(this.command, new String[]{"��������"});
        Assertions.assertThat(((Exception) org.junit.jupiter.api.Assertions.assertThrows(InvalidPasswordException.class, () -> {
            this.command.execute();
        })).getStackTrace().length).isEqualTo(0);
    }

    @Test
    void shouldOverwriteInitialPasswordFileIfExists() throws Throwable {
        this.fileSystem.mkdirs(this.authInitFile.getParent());
        this.fileSystem.write(this.authInitFile);
        CommandLine.populateCommand(this.command, new String[]{"12345678"});
        this.command.execute();
        assertAuthIniFile("12345678");
    }

    @Test
    void shouldNotWorkWithSamePassword() {
        CommandLine.populateCommand(this.command, new String[]{"neo4j"});
        org.junit.jupiter.api.Assertions.assertThrows(InvalidPasswordException.class, () -> {
            this.command.execute();
        });
    }

    private void assertAuthIniFile(String str) throws Throwable {
        org.junit.jupiter.api.Assertions.assertTrue(this.fileSystem.fileExists(this.authInitFile));
        FileUserRepository fileUserRepository = new FileUserRepository(this.fileSystem, this.authInitFile, NullLogProvider.getInstance(), EmptyMemoryTracker.INSTANCE);
        fileUserRepository.start();
        User userByName = fileUserRepository.getUserByName("neo4j");
        org.junit.jupiter.api.Assertions.assertNotNull(userByName);
        org.junit.jupiter.api.Assertions.assertTrue(userByName.credential().value().matchesPassword(UTF8.encode(str)));
        org.junit.jupiter.api.Assertions.assertFalse(userByName.passwordChangeRequired());
    }
}
