package org.neo4j.commandline.admin.security;

import java.io.IOException;
import java.io.PrintStream;
import java.nio.file.CopyOption;
import java.nio.file.Path;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.neo4j.cli.ExecutionContext;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.server.security.auth.FileUserRepository;
import org.neo4j.string.UTF8;
import org.neo4j.test.extension.EphemeralFileSystemExtension;
import org.neo4j.test.extension.Inject;
import picocli.CommandLine;

@ExtendWith({EphemeralFileSystemExtension.class})
/* loaded from: input_file:org/neo4j/commandline/admin/security/SetInitialPasswordCommandIT.class */
class SetInitialPasswordCommandIT {

    @Inject
    private FileSystemAbstraction fileSystem;
    private Path confDir;
    private Path homeDir;
    private PrintStream out;
    private PrintStream err;

    SetInitialPasswordCommandIT() {
    }

    @BeforeEach
    void setup() {
        Path of = Path.of("neo4j", new String[0]);
        this.confDir = of.resolve("conf");
        this.homeDir = of.resolve("home");
        this.out = (PrintStream) Mockito.mock(PrintStream.class);
        this.err = (PrintStream) Mockito.mock(PrintStream.class);
    }

    @AfterEach
    void tearDown() throws Exception {
        this.fileSystem.close();
    }

    @Test
    void shouldSetPassword() throws Throwable {
        executeCommand("abc");
        assertAuthIniFile("abc", false);
        ((PrintStream) Mockito.verify(this.out)).println("Changed password for user 'neo4j'.");
    }

    @Test
    void shouldSetPasswordWithRequirePasswordChange() throws Throwable {
        executeCommand("abc", "--require-password-change");
        assertAuthIniFile("abc", true);
        ((PrintStream) Mockito.verify(this.out)).println("Changed password for user 'neo4j'.");
    }

    @Test
    void shouldSetPasswordWithRequirePasswordChangeOtherOrder() throws Throwable {
        executeCommand("--require-password-change", "abc");
        assertAuthIniFile("abc", true);
        ((PrintStream) Mockito.verify(this.out)).println("Changed password for user 'neo4j'.");
    }

    @Test
    void shouldOverwriteIfSetPasswordAgain() throws Throwable {
        executeCommand("abc");
        assertAuthIniFile("abc", false);
        executeCommand("muchBetter");
        assertAuthIniFile("muchBetter", false);
        ((PrintStream) Mockito.verify(this.out, Mockito.times(2))).println("Changed password for user 'neo4j'.");
    }

    @Test
    void shouldWorkWithSamePassword() throws Throwable {
        executeCommand("neo4j");
        assertAuthIniFile("neo4j", false);
        executeCommand("neo4j");
        assertAuthIniFile("neo4j", false);
        ((PrintStream) Mockito.verify(this.out, Mockito.times(2))).println("Changed password for user 'neo4j'.");
    }

    @Test
    void shouldErrorIfRealUsersAlreadyExistCommunity() throws Throwable {
        Path authFile = getAuthFile("auth");
        this.fileSystem.mkdirs(authFile.getParent());
        this.fileSystem.write(authFile);
        Assertions.assertThat(((Exception) org.junit.jupiter.api.Assertions.assertThrows(Exception.class, () -> {
            executeCommand("will-be-ignored");
        })).getMessage()).contains(new CharSequence[]{"the provided initial password was not set because existing Neo4j users were detected"});
        assertNoAuthIniFile();
    }

    @Test
    void shouldErrorIfRealUsersAlreadyExistEnterprise() throws Throwable {
        Path authFile = getAuthFile("auth");
        Path authFile2 = getAuthFile("roles");
        this.fileSystem.mkdirs(authFile.getParent());
        this.fileSystem.write(authFile);
        this.fileSystem.write(authFile2);
        Assertions.assertThat(((Exception) org.junit.jupiter.api.Assertions.assertThrows(Exception.class, () -> {
            executeCommand("will-be-ignored");
        })).getMessage()).contains(new CharSequence[]{"the provided initial password was not set because existing Neo4j users were detected"});
        assertNoAuthIniFile();
    }

    @Test
    void shouldErrorIfRealUsersAlreadyExistV2() throws Throwable {
        executeCommand("not-the-default-password");
        Path authFile = getAuthFile("auth");
        this.fileSystem.mkdirs(authFile.getParent());
        this.fileSystem.renameFile(getAuthFile("auth.ini"), authFile, new CopyOption[0]);
        Assertions.assertThat(((Exception) org.junit.jupiter.api.Assertions.assertThrows(Exception.class, () -> {
            executeCommand("will-be-ignored");
        })).getMessage()).contains(new CharSequence[]{"the provided initial password was not set because existing Neo4j users were detected"});
        assertNoAuthIniFile();
        ((PrintStream) Mockito.verify(this.out)).println("Changed password for user 'neo4j'.");
    }

    @Test
    void shouldNotErrorIfOnlyTheUnmodifiedDefaultNeo4jUserAlreadyExists() throws Throwable {
        executeCommand("neo4j");
        Path authFile = getAuthFile("auth");
        this.fileSystem.mkdirs(authFile.getParent());
        this.fileSystem.renameFile(getAuthFile("auth.ini"), authFile, new CopyOption[0]);
        executeCommand("should-not-be-ignored");
        assertAuthIniFile("should-not-be-ignored", false);
        ((PrintStream) Mockito.verify(this.out, Mockito.times(2))).println("Changed password for user 'neo4j'.");
    }

    private void assertAuthIniFile(String str, boolean z) throws Throwable {
        Path authFile = getAuthFile("auth.ini");
        org.junit.jupiter.api.Assertions.assertTrue(this.fileSystem.fileExists(authFile));
        FileUserRepository fileUserRepository = new FileUserRepository(this.fileSystem, authFile, NullLogProvider.getInstance());
        fileUserRepository.start();
        User userByName = fileUserRepository.getUserByName("neo4j");
        org.junit.jupiter.api.Assertions.assertNotNull(userByName);
        org.junit.jupiter.api.Assertions.assertTrue(userByName.credentials().matchesPassword(UTF8.encode(str)));
        Assertions.assertThat(userByName.hasFlag("password_change_required")).isEqualTo(z);
    }

    private void assertNoAuthIniFile() {
        org.junit.jupiter.api.Assertions.assertFalse(this.fileSystem.fileExists(getAuthFile("auth.ini")));
    }

    private Path getAuthFile(String str) {
        return this.homeDir.resolve("data").resolve("dbms").resolve(str);
    }

    private void executeCommand(String... strArr) throws IOException {
        SetInitialPasswordCommand setInitialPasswordCommand = new SetInitialPasswordCommand(new ExecutionContext(this.homeDir, this.confDir, this.out, this.err, this.fileSystem));
        CommandLine.populateCommand(setInitialPasswordCommand, strArr);
        setInitialPasswordCommand.execute();
    }
}
